According to FBI director James Comey, the Guardians of Peace got a little sloppy during the network breach.
Update: Earlier speculation about the NSA assisting in the government’s Sony Pictures hack investigation has turned out to be correct.
While speaking at a cybersecurity conference yesterday at Fordham University, NSA director Admiral Michael Rogers confirmed what many had suspected all along. “…we were asked to provide our technical expertise,” said Admiral Rogers during the FBI’s International Conference on Cyber Security. “We were asked to take a look at the malware, we were asked to take a look at not just the data that was being generated from Sony but also what data could we bring to the table.
“We were part of a broad interagency effort, not in the lead role-the Federal Bureau of Investigation was the overall lead.”
Admiral Rogers went on to agree with FBI director James Comey, saying “…I remain very confident-that this was North Korea.”
Based on some of your comments, I’m not sure that any of this latest revelation comes as a surprise. With the amount of network monitoring, signals intelligence, and data analysis done by the National Security Agency, it would be more of a surprise if they weren’t involved. [Source: The Intercept]
While speaking at a cybersecurity conference in New York City today, Comey said that the Guardians of Peace, the hacker group that breached Sony’s network, did a poor job of masking IP addresses, which allowed the FBI to trace Internet connections used during the attack back to North Korea. Internet access in North Korea is tightly regulated, and controlled by the government with near-total exclusivity, so the involvement of private citizens (or rather, hackers who are not working for the North Korean government) is seen as unlikely by the FBI.
“We know who hacked Sony. It was the North Koreans,” said director Comey to the audience, according to The Verge. “I have very high confidence about this attribution.”
The IP address masking, which (if true) is the FBI’s strongest evidence yet, was not included in the government’s initial report on the investigation. That report, among other findings, pointed to malware and other tools used in the Sony Pictures hack that “the FBI knows North Korean actors previously developed.”
There is also speculation that classified NSA tools like Xkeyscore helped the government trace the attack back to North Korea. Given the shadowy nature of such tools, that part of the investigation might never be clarified.
Since the hack went public, and both media and political focus on North Korea’s suspected involvement intensified, there has been doubt from security experts on the country’s role in the hack, if any. Norse security revealed an “inside job” theory of its own (with no apparent link to North Korea), and other theories have been covered as well.
North Korea’s involvement is linked to The Interview, the Sony Pictures film about a TV personality (James Franco) and his producer (Seth Rogen) who are tasked with assassinating North Korean leader Kim Jong-un. After the Sony Pictures hack, The Interview went from a Christmas release, to cancelled, to a limited release, to widely available online (via YouTube and iTunes).