To the surprise of practically no one, the Federal Bureau of Investigation has officially announced the involvement of the North Korean government in last month’s hack on Sony Pictures Entertainment. While the FBI announcement stated it could not list all of the reasons for the link due to the need to protect “sensitive sources and methods” it listed several links that will be familiar to regular readers of this blog.
- Infrastructure associated with IP addresses known to be used by the North Korean government communicated with computers with IP addresses written directly into the malware used in the attack.
- The malware had significant similarities with malware employed in previous attacks linked to North Korea.
- The tools used in the Sony hack were similar to an attack on South Korean banks and media organizations in March of last year that was traced back to North Korea.
The FBI report also expressed concern that the attack was aimed at a private entity not connected to government activity, since most officially sanctioned hacking is limited to targeting foreign governments or their contractors.
While the North Korean government continues to maintain it is not behind the attack, in a press conference on Friday President Obama stated, “We’ve got no indication that North Korea was acting in conjunction with another country.”
Even though North Korea is a nation of poverty with very limited Internet access and the citizens are practically isolated from the rest of the world, the government maintains a cyber-espionage department called Bureau 121. According to North Korean defectors, positions in Bureau 121 are highly sought after, and the people admitted are hand-picked and trained at an age as young as 17. This gives the North Korean government the ability to wage cyber-warfare at a level far beyond what most third-world countries are capable of. In fact, North Korea considers cyber-attacks an effective method of making up for its lack of traditional military strength.
Unlike most countries that engage in cyber-espionage, Bureau 121 will target any public or private entity that raises the ire of the North Korean government. The most likely reason for the attack on Sony Pictures was the upcoming (and now cancelled) release of The Interview, an action-comedy movie based around a fictional plot to assassinate leader Kim Jong-Un. The state-controlled media called the film “an act of war” and messages from the hackers who claimed responsibility for the attack lauded Sony’s decision to pull the film.
While the United States government has promised a response to the attack, it’s not clear what it will be. A military response is unlikely, and severe trade restrictions against North Korea are already in place. This situation definitely bears watching.