"Sloppy" North Korean hackers left a trail, FBI director says
NEW YORK - There is strong evidence that North Korea was behind the cyberattack on Sony and that the leadership there will orchestrate further strikes against American targets, top U.S. officials said Wednesday.
An ongoing investigation has found that North Korea had sought to use proxy servers to conceal the Sony hack, FBI Director James Comey said at a cybersecurity conference in Manhattan. But the hackers sometimes "got sloppy" and sent messages that could be traced to IP addresses used exclusively by the North Korean government, he said.
"I have very high confidence about this attribution to North Korea, as does the entire intelligence community," Comey said.
The Sony attack also had "clear links" to malware developed by North Korea, Comey said. The same tools were used in an attack last year on South Korean banks, he said.
Comey said he was hesitant to reveal more about how U.S. officials learned that North Korea was the source "because it will happen again, and we have to preserve our methods and sources."
Earlier Wednesday, Director of National Intelligence James Clapper said North Korea will continue the attacks against American interests unless the United States "pushes back."
Last month, cybersecurity experts cast doubt on the FBI's claim of North Korea's responsibility for the hack.
Kurt Stammberger, a senior vice president with cybersecurity firm Norse, told CBS News correspondent Ben Tracy: ""We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history."
He says Norse data is pointing towards a woman who calls herself "Lena" and claims to be connected with the so-called "Guardians of Peace" hacking group. Norse believes it's identified this woman as someone who worked at Sony in Los Angeles for ten years until leaving the company this past May.
After the doubts were first reported, an FBI official conceded to CBS News' Andy Triay that the agency's statement holding North Korea responsible is a big-picture assessment, and it does not assign individual blame. This leaves open the possibility that the North Koreans may have "outsourced" the hack to a third party operating in another country or countries.