FBI Officially Pins Sony Cyberattack On North Korea

Dec 19, 2014
Originally published on December 19, 2014 5:58 pm
Copyright 2017 NPR. To see more, visit http://www.npr.org/.

MELISSA BLOCK, HOST:

When President Obama held his year-end news conference today, cyber security jumped to the top of the agenda, a result of the recent cyber attack on Sony Pictures.

(SOUNDBITE OF PRESS CONFERENCE)

PRESIDENT BARACK OBAMA: If we don't put in place the kind of architecture that can prevent these attacks from taking place, this is not just going to be affecting movies, this is going to be affecting our entire economy in ways that are extraordinarily significant.

BLOCK: The president said that North Korea is responsible for the attack. He also had tough words for Sony Pictures, something we'll ask the company's CEO about in just a few minutes. First, NPR's Aarti Shahani has more on the evidence in this case and the prospects that the U.S. might respond.

AARTI SHAHANI, BYLINE: President Obama says the U.S. cannot ignore the attack against Sony by North Korea.

OBAMA: They caused a lot of damage and we will respond. We will respond proportionally, and we'll respond in a place and time and manner that we choose.

SHAHANI: Asked if the proportional response could include a physical attack or hacking back, the president declined to comment. Earlier today, the FBI laid out its rationale for attributing the attack to North Korea. The FBI knows that North Korea had previously used the malicious software, or malware, employed by hackers to delete Sony data. That malware could also be traced back to unique computer addresses in North Korea. And finally, the attack resembles one in March of 2013 against South Korean banks and media outlets, which the FBI says was also carried out by North Korea.

(SOUNDBITE OF ARCHIVED RECORDING)

TOM BRANDL: So the information the FBI put out is convincing, you know, they paint a good picture.

SHAHANI: Tom Brandl is with the network security firm DocuSign.

BRANDL: They basically have done their due diligence and it appears, based on what they're telling me, that their assessment is accurate.

SHAHANI: But Brandl and other security experts NPR interviewed are not 100 percent convinced that it must be the North Korean government. You can spoof an IP address, make it look like it's coming from a country it's not.

BRANDL: Because short of actually having your hands on a system or systems that were involved in a given cyber attack, there's no way to definitively conclude that a specific entity or individual is responsible.

SHAHANI: Still, Brandl says, the FBI's investigation looks rigorous and they've likely got even more evidence they can't publicly share. The FBI announcement does signal a shift. The U.S. is treating the attack against Sony as a matter of national security, not as a crime. This type of hack - breaking into a company - we have seen before. Udi Mokady, with the security firm CyberArk, says it happens to Fortune 500 companies every day.

UDI MOKADY: That is the part of the, I would say, a regular advanced attack chain - get through, search for credentials and try to get privileged access in order to take controls of IT systems.

SHAHANI: But the difference here is the scale of the damage and that it was political rather than financial. Hackers are usually after money, not shaming their target. In Sony's case, hackers embarrassed the company by making the stolen data public. And then, public threats compelled Sony to pull its movie "The Interview" from theaters. President Obama today criticized Sony for caving.

OBAMA: Again, I'm sympathetic that Sony as a private company was worried about liabilities and this and that and the other. I wish they had spoken to me first. I would've told them do not get into a pattern in which you're intimidated by these kinds of criminal attacks.

SHAHANI: The Department of Homeland Security issued a statement today urging CEOs of companies to take this opportunity to assess their own defenses. And Obama says he's going to work with Congress and other nations on coordinated responses to cyber attacks. Aarti Shahani, NPR News. Transcript provided by NPR, Copyright NPR.