FBI: North Korean government behind Sony Pictures hack

How the FBI traced Sony hack to North Korea

The FBI formally blamed North Korea for the recent cyberattack on Sony Pictures Entertainment in a statement released Friday, saying the bureau "now has enough information to conclude that the North Korean government is responsible for these actions."

The FBI said it based its conclusion, in part, on similarities between "the infrastructure used in this attack and other malicious cyber activity the U.S. Government has previously linked directly to North Korea." It also cited a "technical analysis of the data deletion malware used in this attack" that "revealed links to other malware that the FBI knows North Korean actors previously developed." The FBI's statement cited "similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks."

Evidence in Sony hack continues to point to North Korea

"We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there," the FBI's statement explained. "Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior."

President Obama's administration is mulling a variety of retaliatory steps, though the FBI did not indicate on Friday what form that retaliation might take. The White House has emphasized the importance of a "proportional" response. "Sophisticated actors, when they carry out actions like this, are...often seeking to provoke a response from the United States of America," White House spokesman Josh Earnest said Thursday. "They may believe that a response from us in one fashion or another would be advantageous so them. And so we want to be mindful of that."

President Obama's administration had been grappling throughout the week with the question of whether to formally accuse North Korea of involvement in the cyberattack, which exposed a raft of embarrassing emails between producers and Sony executives and was blamed for scuttling a movie premiere.

On Thursday, Earnest stopped short of directly blaming the North Koreans, but FBI sources told CBS News Homeland Security Correspondent Bob Orr the trail points pretty clearly to the rogue regime's involvement in some manner.

The attack on Sony was conducted by a group calling itself the Guardians of Peace. The group said it was targeting Sony because of its film "The Interview," a comedy about a pair of American journalists sent to assassinate North Korean dictator Kim Jong Un.

At a White House press briefing earlier on Thursday, Earnest declined to blame North Korea outright, but he said the investigation was "progressing," and the available evidence indicates the attack was "initiated by a sophisticated actor."

"They did carry out a destructive activity with malicious intent, and that is something that this administration takes very seriously," he said. "We view it as a legitimate national security matter."

The threat of additional attacks scuttled "The Interview's" planned Christmas Day release. Major movie theater chains like Regal and AMC announced Wednesday that they would not show the movie, prompting Sony to announce it would not move forward with the debut.

A U.S. official tells CBS News that Sony executives received an email from the purported hacking group overnight praising Sony's decision to shelve the movie.

CBS News Justice Department Reporter Paula Reid contributed to this report.

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.