FBI Director Releases New Info To Show North Korea Hacked Sony

01/07/2015 03:10 pm ET | Updated Jan 07, 2015
Alex Wong via Getty Images

NEW YORK -- FBI Director James Comey unveiled information on Wednesday that he said provides a "very clear indication" that North Korea perpetrated the massive cyberattack against Sony that began in November.

Comey also shot back against prominent cybersecurity experts who have questioned whether the hermit state was really behind the massive hack, stating, "They don't have the facts that I have." One previously undisclosed piece of information, Comey said, was that the the FBI has traced the origin of threats against Sony back to North Korean Internet addresses because the hackers "got sloppy."

"There is not much in this life that I have high confidence about. I have very high confidence about this attribution, as does the entire intelligence community," said Comey.

One of the few pieces of information about the attacks that seems clear is that the shadowy Guardians of Peace group was somehow involved. The group sent Sony employees threats and posted online boasts after the attacks.

Most of the time, Comey said, the Guardians of Peace used proxy addresses to hide their true location. "But several times they got sloppy," said Comey. "They connected directly, and we could see that the [Internet Protocol] addresses to post and send the emails were coming from [Internet Protocol addresses] that were exclusively used by the North Koreans."

Comey said that "mistake" provided the FBI with "a very clear indication of who's doing this. They would shut it off very quickly once they realized their mistake."

Comey also said the FBI believes the hackers likely gained access to Sony's internal files via a so-called spearfishing attack, a kind of cyber-attack in which a hacker seeks to gain unauthorized entry through a spoof email. Spearfishing messages were sent to Sony as late as September, Comey said.

The bureau's Behavioral Analysis Unit -- the profilers made famous in The Silence of the Lambs -- was also tasked to compare statements made by the Sony hackers with statements linked to previous North Korean hacks. The profilers concluded that the statements came from the same actors.

The FBI publicly announced last month that North Korea was the sole actor responsible for hacking Sony in November. President Barack Obama was confident enough in the FBI's conclusion to impose sanctions on North Korean companies and officials last week.

The information provided by Comey on Wednesday is unlikely to appease cybersecurity researchers, who have remained skeptical about the attribution of the hack, given what little evidence has been released by the FBI.

On Tuesday, Norse, a Silicon Valley cybersecurity firm that has met briefly with the FBI, doubled down on its claim that at least one former Sony employee was involved in the hack. Marc Rogers, head of security at the hacker conference DefCon, told HuffPost that Comey's new evidence "just raises more questions" for him, such as how the FBI knows the emails are "genuine." "

"It's very easy to bounce emails through other networks, or even forge their origin," he said in an email. "Spammers have been doing this for decades."

Before the new evidence was released, he told HuffPost he thought the FBI "is in a really tough position."

"I think they are under immense political pressure to close this one down, and that now they have named North Korea and the administration has come out with sanctions, a U-Turn is unlikely," Rogers said. He added, "For me it's a shame, because I think we should be considering the more likely scenarios before settling on the exotic ones."

Comey said that the FBI brought in a "red team" from the rest of the intelligence community to try to ask what might be missing from the agency's investigation, but, "We end up in the same place."

"Some serious folks have suggested that we have it wrong. I would suggest -- I'm not suggesting but I'm saying -- they don't have the facts that I have," he added.

This story has been updated with additional comment from Rogers.

Also on HuffPost:

"The Interview" Premiere
Suggest a correction