Sony hack: it was North Korea, says FBI
Security experts have been sceptical of North Korean involvement, despite US assertions
Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
An FBI investigation into the hack of Sony Pictures' computers has concluded that North Korea was behind the cyber-attack, which might have a Chinese link.
The FBI said that "Technical analysis of the data deletion malware used" showed links to other malware that the FBI knows North Korean actors previously developed", in a statement released today. It also said that there was overlap between the infrastructure, such as IP addresses, used in previous attacks and attempted attacks on the US and South Korea.
Federal authorities are set to formally announce the conclusion later today, according to an anonymous source.
While the attack was carried out by North Korea, it might have been done with with help from Chinese actors or using Chinese servers so that the origin of the hack could be hidden.
The Chinese Embassy in Washington urged the US to share the evidence in the case, reported Reuters, and says that it does not support "cyber illegalities" committed in the country.
Fox News said that an intelligence source had told it that Iran, Russia or China could also have been involved in the attack, it reported yesterday.
Sony Cyber Attack: The Worst Affected In Hollywood
Show all 13But security experts have been sceptical of rushing to place the blame on North Korea.
Marc Rogers, a researcher at website security firm Cloudflare, wrote yesterday that the hack was unlikely to have been the work of North Korea.
The US and Sony has revealed little about the actual details of the hack, despite anonymous sources placing the blame on North Korea. But some of the key reasons for blaming the country appear to have problems, according to Rogers.
One argument is that some of the code used in the hack was written on a PC with a Korean language and locale — but that makes it less likely to be North Korean given that traditional Korean is forbidden in the country, and the location of a computer is easily changed before the code is sent out, Rogers wrote.
Even if North Korea was involved, the public details of the hack seem to indicate that a person inside the company or its buildings was likely to have helped them.
Additional reporting by Reuters
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies