Federal investigators on Friday accused North Korea of carrying out a damaging computer attack against Sony Pictures Entertainment, blaming the Stalinist government for an intrusion that exposed corporate e-mails, wiped out computer data and underlined the cyber capabilities of one of the United States’ top adversaries.
American officials had privately said that they believed North Korea was behind the hacking incident discovered last month. But the new claim marks a significant escalation — the first time that the United States has openly laid blame on a foreign government for a destructive cyberattack against an American corporation.
“The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the bureau said in a statement, adding that the conclusion was based in part on a “technical analysis” of the malicious software used in the attack, which “revealed links to other malware that the FBI knows North Korean actors previously developed.” The FBI also said the attack was linked to several Internet protocol addresses “associated with known North Korean infrastructure.”
The attack came in apparent retaliation for Sony’s planned Christmas Day release of “The Interview,” a comedy built around the assassination of North Korean leader Kim Jong Un. The company decided earlier this week to cancel the movie’s release in the face of hackers’ threats.
President Obama, during an end-of-year news conference Friday, criticized Sony for that decision, saying he believed it was a “mistake.”
“We cannot have a society in which some dictator someplace can start imposing censorship here in the United States,” Obama said. “Because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don’t like or news reports that they don’t like.”
The Sony hack marked the first known intrusion by North Korea into private U.S. computer networks. And unlike the vast majority of intrusions into U.S. company networks, aimed at stealing data for commercial benefit or intelligence purposes, the Sony attack was intended to strong-arm the company into pulling the movie.
North Korea’s actions were “intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said.
“Though we have seen many different types of intrusions targeting U.S. networks, the destructive nature of this attack, coupled with its coercive nature, sets it apart from typical cyber incidents,” a senior administration official said.
The FBI said technical analysis of the data-deletion malware used in the attack revealed links to other malware the FBI had linked to North Korean hackers. It found similarities in specific lines of code, encryption algorithms, data-deletion methods and compromised networks.
The bureau said it saw “significant overlap” between the servers used in this attack and servers used in other attacks that the U.S. government has linked to North Korea. For example, the FBI found that malware used in the Sony attack was communicating with control servers known to be used by North Korean hackers.
The FBI noted that the tools used in the attack bear similarities to a cyberattack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
The authorities in Pyongyang have publicly denied involvement. On Friday, the group that has claimed credit for the attack, calling itself the Guardians of Peace, was said to have sent Sony executives a new message praising them for canceling the release of “The Interview” but warning them to “never” let the movie be “released, distributed or leaked,” according to CNN.
Obama said his advisers are preparing a “range of options” to respond to North Korea’s attack. “We will respond proportionally,” Obama said, “and we will respond at a place and time that we choose.”
Sen. Robert Menendez (D-N.J.), the outgoing chairman of the Foreign Relations Committee, sent Secretary of State John F. Kerry a letter urging him to consider redesignating North Korea a state sponsor of terrorism in the wake of the cyberattack.
Although officials said the attack against Sony was of a “destructive” nature, it did not meet the traditional definition of a “destructive attack” under international law, which involves death, injury, or damage or destruction of physical objects, such as computers.
At the same time, experts said, the intrusion appears to have violated U.S. sovereignty.
“International law permits all sorts of responses” in such a case, said Michael Schmitt, director of the Stockton Center at the U.S. Naval War College.
“Could we hack back at another state? Strike back at them in cyberspace, shutting down their command-and-control? Absolutely,” he said. “It could be actions that otherwise violate international law in order to force the other state to resume compliance with international law.”
The Sony hack has raised North Korea’s profile as a country capable of launching a malicious cyberattack. In terms of U.S. adversaries, its capabilities are still below those of Russia and China, and, analysts say, about even with those of Iran, but this case shows that a country’s cyber operators need not be in the top tier to carry out a highly damaging attack.
The public attribution of the attack to North Korea is a watershed moment, said Dmitri Alperovitch, co-founder of CrowdStrike, a cybersecurity firm that has investigated cyberattacks by North Korea against South Korea. Traditionally, government officials have resisted naming nations behind cyberattacks for fear of compromising sources and methods. “Today, the ceiling was broken,” he said. “No significant damage has been done. It will put more pressure on the government to [name culprits] in the future.”
Alperovitch offered a suggestion to officials weighing a response to North Korea. “Release the movie online for free,” he said. “That would send a signal that the whole world can watch the movie and free speech will not be suppressed.’’
Sony Pictures said in a statement Friday that it is looking for “alternatives to enable us to release the movie on a different platform. It is still our hope that anyone who wants to see this movie will get the opportunity to do so.”
Cecilia Kang contributed to this report.