North Korean Sony Pictures hackers 'got sloppy' when trying to hide their location, says FBI
The US has again insisted that North Korea was behind the massive cyber-attack on Sony Pictures late last year, and accuses the hackers of getting "sloppy" when trying to conceal their location.
FBI director James Comey said the hackers posted material from servers used exclusively by North Korea, dismissing claims from the cyber-security community that an insider, such as a disgruntled former employee, is to blame.
The November attack on Sony Pictures saw its global computer systems crippled, sensitive employee data leaked, and The Interview, a comedy featuring the fictional assassination of North Korean leader Kim Jong-un, briefly shelved.
North Korea has denied any involvement with the hack, but has described it as a "righteous deed".
Comey explained how the hackers, a group calling themselves The Guardians of Peace, didn't always use proxy servers to hide their location.
"The Guardians of Peace would send emails threatening Sony employees and post online various statements, explaining their work. In nearly every case they would use proxy servers in sending those emails and posting those statements" Comey explained.
"But several times they got sloppy. Several times, either because they forgot or they had a technical problem, they connected directly and we could see it. We could see that the IP addresses they used...were IPs that were exclusively used by the North Koreans. It was a mistake by them. It was a very clear indication of who was doing this."
Comey said the hackers would quickly shut down the connection after realising their mistake, but "not before we saw them and knew where it was coming from."
The FBI says it does not yet know how North Korea broke into Sony's servers, but said technical analysis of the malware used showed strong similarities to that developed by North Korea and used in attacks against South Korea last year.
But cyber-security experts remain unconvinced. Researcher Brian Honan told the BBC: "To be frank, director Comey has not revealed anything new. Various IP addresses have been associated with this attack, from a hotel in Taiwan to IP addresses in Japan. Any IP addresses connected to the internet can be compromised and used by attackers."
© Copyright IBTimes 2024. All rights reserved.