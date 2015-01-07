(Adds Comey and Clapper remarks and details of continuing
investigation)
By Emily Flitter and Mark Hosenball
NEW YORK/WASHINGTON Jan 7 FBI Director James
Comey said on Wednesday that hackers behind the cyberattack on
Sony Pictures Entertainment provided key clues to their
identity by sometimes posting material from IP addresses used
exclusively by the North Korean government.
The hackers, who called themselves "Guardians of Peace,"
sometimes "got sloppy" and failed to use proxy servers that
would hide their identity, Comey said at the International
Conference on Cyber Security in New York.
"The Guardians of Peace would send emails threatening Sony
employees and post online various statements explaining their
work. In nearly every case they would use proxy servers in
sending those emails and posting those statements," Comey said.
"But several times they got sloppy. Several times, either
because they forgot or they had a technical problem, they
connected directly and we could see it," Comey said.
"We could see that the IP addresses they used ... were IPs
that were exclusively used by the North Koreans. It was a
mistake by them. It was a very clear indication of who was doing
this. They would shut it off very quickly once they realized the
mistake, but not before we saw them and knew where it was coming
from," he added.
Sony's network was crippled by hackers in November as the
company prepared to release "The Interview," a comedy about a
fictional plot to assassinate North Korean leader Kim Jong Un.
The attack was followed by online leaks of unreleased movies and
emails that caused embarrassment to executives and Hollywood
personalities.
Comey urged the U.S. intelligence community to declassify
information that showed the hackers used such servers. Critics
of the FBI and spy agencies have accused the government of
failing to back up assertions that North Korea was responsible.
Comey said investigators still do not know how hackers got
into Sony's systems. But he said technical analysis of the
malware used showed strong similarities to malware developed by
North Korea and used last year in attacks on South Korean banks.
He said language used by Guardians of Peace also matches
language used in other hack attacks attributed to North Korea.
Comey said the FBI would deploy more cybersecurity experts
to work in the offices of its foreign partners in order to
"shrink the world" the way hackers have done.
U.S. officials familiar with investigations into the attack
say while U.S. agencies believe North Korea initiated it, they
are also looking into whether Pyongyang hired outside help.
One of the officials said investigators believe the North
Koreans could either have hired foreign hackers to help with the
attack or got help from disgruntled Sony insiders. They do not
believe North Korea had help from any other government.
Speaking before Comey at the cyber conference, James
Clapper, the U.S. Director of National Intelligence, said the
Sony hack was the most serious cyberattack ever targeting U.S.
interests.
Clapper said cyberattacks offered the North Koreans "global
recognition at a low cost with no consequences."
He added that he had watched "The Interview" over the past
weekend. "It's very clear to me that the North Koreans don't
have a sense of humor," he said.
(Reporting by Emily Flitter in New York; Writing by Julia
Edwards in Washington; Editing by David Storey, James Dalgleish
and Tom Brown)