This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.nytimes.com/2015/01/08/business/chief-says-fbi-has-no-doubt-that-north-korea-attacked-sony.html
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
Version 0 | Version 1 |
---|---|
F.B.I. Says Little Doubt North Korea Hit Sony | F.B.I. Says Little Doubt North Korea Hit Sony |
(35 minutes later) | |
WASHINGTON — The F.B.I.’s director, James B. Comey, said on Wednesday that the United States had concluded that North Korea was behind the destructive attacks on Sony Pictures partly because the hackers failed to mask their location when they broke into the company’s servers. | WASHINGTON — The F.B.I.’s director, James B. Comey, said on Wednesday that the United States had concluded that North Korea was behind the destructive attacks on Sony Pictures partly because the hackers failed to mask their location when they broke into the company’s servers. |
Mr. Comey said that instead of routing some of the attacks and messages through decoy servers, the hackers had sent them directly from known North Korean Internet addresses. | |
Though Mr. Comey did not offer more details about the government’s evidence in a speech in New York, senior government officials said that F.B.I.’s analysts discovered that the hackers made a critical error by logging into both their Facebook account and Sony’s servers from North Korean Internet addresses. It was clear, the officials said, that hackers quickly recognized their mistake. In several cases, after mistakenly logging in directly, they quickly backtracked and rerouted their attacks and messages through decoy computers abroad. | |
Before the attacks in November, Sony Pictures was threatened in a series of messages posted to a Facebook account set up by a group calling itself “Guardians of Peace.” After Facebook closed that account in November, the group changed its messaging platform and began sending threats in emails to Sony and on the anonymous posting site Pastebin. As far back as last June, North Korean officials wrote in a letter to the United Nations that “The Interview,” a Sony comedy about two journalists hired to assassinate its leader, Kim Jong-un, was an act of terrorism. | Before the attacks in November, Sony Pictures was threatened in a series of messages posted to a Facebook account set up by a group calling itself “Guardians of Peace.” After Facebook closed that account in November, the group changed its messaging platform and began sending threats in emails to Sony and on the anonymous posting site Pastebin. As far back as last June, North Korean officials wrote in a letter to the United Nations that “The Interview,” a Sony comedy about two journalists hired to assassinate its leader, Kim Jong-un, was an act of terrorism. |
Responding to critics who have questioned why the United States thinks North Korea was the source of the attacks, Mr. Comey said on Wednesday that the hackers became “sloppy” as they tried to cover their tracks. He acknowledged that the North Koreans had used decoys but did not elaborate about the specific mistakes the hackers made that gave him “high confidence” the country was behind the attack. | Responding to critics who have questioned why the United States thinks North Korea was the source of the attacks, Mr. Comey said on Wednesday that the hackers became “sloppy” as they tried to cover their tracks. He acknowledged that the North Koreans had used decoys but did not elaborate about the specific mistakes the hackers made that gave him “high confidence” the country was behind the attack. |
Mr. Comey urged the United States intelligence community to declassify all the information that showed that the hackers had used such servers, something that could take months | Mr. Comey urged the United States intelligence community to declassify all the information that showed that the hackers had used such servers, something that could take months |
Mr. Comey’s remarks came a little more than three weeks after President Obama took the unusual step of publicly naming the North Koreans as the culprit. Last week, American officials imposed a series of sanctions on senior North Korean officials as retaliation for the attack. | Mr. Comey’s remarks came a little more than three weeks after President Obama took the unusual step of publicly naming the North Koreans as the culprit. Last week, American officials imposed a series of sanctions on senior North Korean officials as retaliation for the attack. |
The slip-up by the North Koreans was similar to one two years ago that led American officials to conclude that hackers inside the Chinese military’s Unit 61398 was behind attacks on thousands of companies and government agencies abroad. In that case, the Chinese hackers logged into their Facebook and Twitter accounts from the same infrastructure they used for their attacks. | The slip-up by the North Koreans was similar to one two years ago that led American officials to conclude that hackers inside the Chinese military’s Unit 61398 was behind attacks on thousands of companies and government agencies abroad. In that case, the Chinese hackers logged into their Facebook and Twitter accounts from the same infrastructure they used for their attacks. |
Facebook closed the Guardians of Peace Facebook account in November. A Facebook spokesman said the company could not comment on specific accounts or law enforcement requests. In the past, the F.B.I. has compelled companies like Facebook to provide it with specific information about user accounts, including logs of user activity and Internet protocol addresses, through court orders. | Facebook closed the Guardians of Peace Facebook account in November. A Facebook spokesman said the company could not comment on specific accounts or law enforcement requests. In the past, the F.B.I. has compelled companies like Facebook to provide it with specific information about user accounts, including logs of user activity and Internet protocol addresses, through court orders. |
The Sony breach has become a focal point for the F.B.I. and other officials because it was one of the rare attacks on a big corporation that the United States has attributed to a foreign government. | The Sony breach has become a focal point for the F.B.I. and other officials because it was one of the rare attacks on a big corporation that the United States has attributed to a foreign government. |
Mr. Comey made his remarks about the Sony breach in a speech at the International Conference on Cyber Security in New York. The four-day event, coordinated by the F.B.I., brings together law enforcement officials and Internet security experts from around the world to discuss and analyze techniques hackers use to breach corporate computer networks. | Mr. Comey made his remarks about the Sony breach in a speech at the International Conference on Cyber Security in New York. The four-day event, coordinated by the F.B.I., brings together law enforcement officials and Internet security experts from around the world to discuss and analyze techniques hackers use to breach corporate computer networks. |
Shortly after the F.B.I. blamed the North Korean government for the Sony attack, some digital security experts began to raise doubts about the government’s claim. Working off a sliver of the digital evidence from the attack — samples of malware that were distributed to security researchers — several security researchers said they were skeptical of government claims that the attackers were North Korean. | Shortly after the F.B.I. blamed the North Korean government for the Sony attack, some digital security experts began to raise doubts about the government’s claim. Working off a sliver of the digital evidence from the attack — samples of malware that were distributed to security researchers — several security researchers said they were skeptical of government claims that the attackers were North Korean. |
Critics noted that an extortion letter posted by the attackers suggested that they may have been criminals or embittered employees, not a nation state. They suggested that the fact that the attackers coded malware off computers with Korean language settings could have been faked, and they said that the I.P. addresses used in the attack were also used in other attacks. Some at Taia Global, a organizer of cybersecurity conferences, said a linguistic analysis of 2,000 words that the attackers had posted online persuaded them that the attackers could have been North Korean but were more likely Russian. | Critics noted that an extortion letter posted by the attackers suggested that they may have been criminals or embittered employees, not a nation state. They suggested that the fact that the attackers coded malware off computers with Korean language settings could have been faked, and they said that the I.P. addresses used in the attack were also used in other attacks. Some at Taia Global, a organizer of cybersecurity conferences, said a linguistic analysis of 2,000 words that the attackers had posted online persuaded them that the attackers could have been North Korean but were more likely Russian. |
But the F.B.I. and other security experts say those critics have had access to only some of the evidence from the attack. They say the accumulation of the evidence collected by the F.B.I., Sony and Mandiant, a security firm hired by Sony, makes clear that North Korea was the culprit. | But the F.B.I. and other security experts say those critics have had access to only some of the evidence from the attack. They say the accumulation of the evidence collected by the F.B.I., Sony and Mandiant, a security firm hired by Sony, makes clear that North Korea was the culprit. |
Just before Mr. Comey made his statements, a leading cybersecurity expert took those critics to task. | Just before Mr. Comey made his statements, a leading cybersecurity expert took those critics to task. |
“One of the joys of the Internet is that anyone with a keyboard and a connection can be an expert,“ James A. Lewis, a director and senior fellow at the Center for Strategic and International Studies in Washington, wrote in an essay posted online on Wednesday. “Opinion substitutes for research. The uninformed debate over the Sony cyberincident is the most recent example of the Internet’s limitations.” | “One of the joys of the Internet is that anyone with a keyboard and a connection can be an expert,“ James A. Lewis, a director and senior fellow at the Center for Strategic and International Studies in Washington, wrote in an essay posted online on Wednesday. “Opinion substitutes for research. The uninformed debate over the Sony cyberincident is the most recent example of the Internet’s limitations.” |
Mr. Lewis said a close reading of classified documents leaked last year by Edward J. Snowden, the former National Security Agency contractor, made clear that American intelligence officials maintained deep access in North Korea’s networks. | Mr. Lewis said a close reading of classified documents leaked last year by Edward J. Snowden, the former National Security Agency contractor, made clear that American intelligence officials maintained deep access in North Korea’s networks. |
The real debate, Mr. Lewis said, was one of government mistrust by the cybersecurity community, particularly after the revelations by Mr. Snowden. | The real debate, Mr. Lewis said, was one of government mistrust by the cybersecurity community, particularly after the revelations by Mr. Snowden. |
On Wednesday, some skeptics of the government’s claims, like Sean Sullivan, a cybersecurity adviser at F-Secure, a security firm based in Helsinki, said the government should release evidence it collected from the Facebook account of Sony’s attackers. | |
“Revealing what Facebook knows about that account and how it was used can’t be something the F.B.I. needs to keep classified. Just can’t,” Mr. Sullivan said. “It is a very simple request to ask what was discovered when investigated. Very.” | “Revealing what Facebook knows about that account and how it was used can’t be something the F.B.I. needs to keep classified. Just can’t,” Mr. Sullivan said. “It is a very simple request to ask what was discovered when investigated. Very.” |
But some of the most vocal critics of the government’s claims, like Marc Rogers, a security researcher at CloudFlare, said they were still not convinced. “If the government had laid out its attribution in the beginning, that may have quelled the criticism, but the evidence that’s been put before me and many of my colleagues is flimsy.” | But some of the most vocal critics of the government’s claims, like Marc Rogers, a security researcher at CloudFlare, said they were still not convinced. “If the government had laid out its attribution in the beginning, that may have quelled the criticism, but the evidence that’s been put before me and many of my colleagues is flimsy.” |
Previous version
1
Next version