The hacking attack on Sony Pictures Entertainment, blamed on North Korea by the FBI but about which many experts remain uncertain, was the worst operation of its kind, according to America’s most senior intelligence official.
James Clapper, the Director of National Intelligence, said in New York he believed the North Korean General Bureau of Reconnaissance supervised the hacking attack and that it may have caused “potentially hundreds of millions of dollars in damage”.
“They are deadly serious about affronts to the Supreme Leader,” said Mr Clapper, speaking on Wednesday at a cyber security conference. “They will keep doing it again and again until we push back.”
The November hacking of Sony saw thousands of private emails and documents distributed by a group calling itself Guardians of Peace. The group claimed to have acted in retaliation over the release of the Sony Pictures movie The Interview, which features a fictional CIA plot to assassinate the North Korean dictator, Kim Jong-un.
In December, the hacking group released a statement threatening cinemas with terrorist violence if they showed film. After several major chains decided not to run the film, Sony announced it was delaying its release of the movie in cinemas, a move that was criticised by President Barack Obama.
The US has claimed the attack was carried out by North Korea, which Mr Clapper said “was driven by an entirely different philosophy”.
“They really do believe they are under siege from all directions, and painting us as an enemy that’s about to invade their country every day is one of the chief propaganda elements that’s held North Korea together for the past 60 years,” he said, according to Bloomberg News. “I watched The Interview over the weekend and it’s obvious to me the North Korean’s don’t have a sense of humour.”
Despite the assertions of the US, many experts have said they have seen no evidence that North Korea was behind the attack. While the internet addresses of the apparent hackers may have appeared to be from North Korea, many commentators have said it is a simple task to fake such identities.
“North Korea has never before demonstrated any advanced hacking capabilities,” Scott Borg, director of the US Cyber Consequences Unit wrote in a recent online post. “More importantly, it has hardly any way of acquiring those capabilities. It has no high-tech business sector or local hacker community from which it can recruit talent. It doesn't let its people attend courses and conferences outside its borders, where they could learn the necessary skills.”
Some commentators have suggested the attack was an inside job. Kurt Stammberger of Norse, company that provides cyber intelligence to customers in financial services, told the Huffington Post he was “pretty confident” that at least one ex-employee was involved in the action.
The attack on Sony rendered thousands of computers inoperable and forced Sony to take its entire computer network offline.
Sony’s CEO, Kaz Hirai, said this week that his company had been the victim of one of “the most vicious and malicious cyber attacks that we’ve known in recent history”. Speaking at the Consumer Electronics Show in Las Vegas on Monday, he added: “Freedom of speech, freedom of expression, freedom of association – those are very important lifelines of Sony and our entertainment business.”