clock menu more-arrow no yes mobile

Filed under:

FBI: "Sloppy" Sony Hacking Pointed to North Korea Servers

National intelligence director says attack gave North Korea "global recognition at a low cost with no consequences."

FBI Director James Comey said on Wednesday that hackers behind the cyber attack on Sony Pictures Entertainment provided key clues to their identity by sometimes posting material from IP addresses used exclusively by the North Korean government.

The hackers, who called themselves “Guardians of Peace,” sometimes “got sloppy” and failed to use proxy servers that would hide their identity, Comey said at the International Conference on Cyber Security in New York.

“The Guardians of Peace would send emails threatening Sony employees and post online various statements explaining their work. In nearly every case they would use proxy servers in sending those emails and posting those statements,” Comey said.

“But several times they got sloppy. Several times, either because they forgot or they had a technical problem, they connected directly and we could see it,” Comey said.

“We could see that the IP addresses they used … were IPs that were exclusively used by the North Koreans. It was a mistake by them. It was a very clear indication of who was doing this. They would shut it off very quickly once they realized the mistake, but not before we saw them and knew where it was coming from,” he added.

Sony’s network was crippled by hackers in November as the company prepared to release “The Interview,” a comedy about a fictional plot to assassinate North Korean leader Kim Jong-un. The attack was followed by online leaks of unreleased movies and emails that caused embarrassment to executives and Hollywood personalities.

Comey urged the U.S. intelligence community to declassify information that showed the hackers used such servers. Critics of the FBI and spy agencies have accused the government of failing to back up assertions that North Korea was responsible.

Comey said investigators still do not know how hackers got into Sony’s systems. But he said technical analysis of the malware used showed strong similarities to malware developed by North Korea and used last year in attacks on South Korean banks.

He said language used by Guardians of Peace also matches language used in other hack attacks attributed to North Korea.

Comey said the FBI would deploy more cyber security experts to work in the offices of its foreign partners in order to “shrink the world” the way hackers have done.

U.S. officials familiar with investigations into the attack say while U.S. agencies believe North Korea initiated it, they are also looking into whether Pyongyang hired outside help.

One of the officials said investigators believe the North Koreans could either have hired foreign hackers to help with the attack or got help from disgruntled Sony insiders. They do not believe North Korea had help from any other government.

In earlier remarks at the conference, Director of National Intelligence James Clapper called the Sony hack the most serious such attack ever against U.S. interests. The attack offered North Korea “global recognition at a low cost with no consequences,” Clapper said, and that recognition will make the North Koreans more likely to commit similar acts in the future.

Clapper added that over the weekend, he had watched “The Interview,” and “it’s obvious to me that the North Koreans don’t have a sense of humor.”

CNBC and NBC News contributed to this report.

This article originally appeared on

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.