How the Sony hack was traced back to North Korea

The FBI statement was definitive: "The North Korean government is responsible" for the cyberattack on Sony.

The attack was routed through servers in countries all over the world in an effort to hide its origin, but President Obama said North Korea is the sole culprit.

"We've got no indication that North Korea was acting in conjunction with another country," Mr. Obama said Friday.

The FBI cited some of its evidence tying the hack to North Korea:

  • Internet addresses used by the North Korean government communicated with addresses embedded in the malware used against Sony.
  • The Sony malware used lines of code similar to other malware "the FBI knows North Korean actors previously developed."
  • The Sony attack resembled the March 2013 attack against South Korean banks which "was carried out by North Korea."

Law enforcement sources said North Korea hacked into the Sony network by stealing the login credentials of one of the company's computer system administrators. Once logged in, the hackers wiped out hard drives, stole personal data and revealed embarrassing e-mails.

Even though Sony pulled "The Interview" from distribution, the company remains vulnerable to follow-up attacks.

Overnight, the hackers sent another e-mail telling Sony it was "very wise" to cancel "The Interview" but warning in broken English, "We want you never let the movie released" or else they will expose more of the data they stole.

"We ensure the purity of your data... as long as you make no more trouble."

U.S. corporations as well as government agencies get hacked every day, but the FBI said, "The destructive nature of this attack, coupled with its coercive nature, sets it apart" from anything that's happened before.

  • David Martin

    David Martin is CBS News' National Security Correspondent.