Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

FBI calls Sony hack 'organized' but declines to name source or finger North Korea

Gregg Keizer | Dec. 12, 2014
Even though much of the focus has been on North Korea, some security professionals have said it's unlikely the rogue nation's fingerprints are on the attack.

The FBI declined to name the source of the Sony Pictures hack during a U.S. Senate hearing on Wednesday.

"I won't touch on the attribution piece because we're still working very hard on that," said Joseph Demarest, assistant director of the FBI's cyber division. Demarest's comment was in reply to questions from Sen. Charles Schumer (D-NY) during a hearing of the Senate Banking Committee.

"I think most of us were shocked at the sophistication of the breach of Sony," Schumer said. "Fingers are pointing to North Korea. It's sort of surprising that a country like North Korea, which is sophisticated in a few areas but not very sophisticated in most, would have such an amazing ability to turn a large company into a knot."

Schumer was referring to the speculation that North Korea was behind the Sony hack, which crippled its employees' computers and has leaked gigabytes of internal documents, many of them embarrassing revelations. Much of that speculation, although not all, has been based on North Korea's vehement denunciation of an upcoming Sony film, The Interview, a comedy whose plot revolves around an assassination attempt against that country's dictator, Kim Jong Un.

The North Korean government has denied responsibility. But it still applauded the hack, calling it "a righteous deed" of its supporters and sympathizers in a statement from the National Defense Commission, the group that controls the country's huge military. The statement was released by the Korean Central News Agency mouthpiece on Sunday.

Demarest reiterated what some other security experts have said about the hack, characterizing it as out of the ordinary. "The level of sophistication is extremely high and we can tell...that they are organized and certainly persistent," Demarest said of the attackers.

He went further. "In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably gotten past 90% of Net defenses that are out there today in private industry and [likely] challenged even state government," Demarest asserted.

Sony hired Mandiant to help it analyze the attack and research the source.

Even though much of the focus has been on North Korea, some security professionals have said it's unlikely the rogue nation's fingerprints are on the attack.

"Their capabilities are just not that great," said Tom Chapman, director of cyber operations at Edgewave, a San Diego-based security firm, in an interview earlier this week. Chapman is a former U.S. Navy cyber-warfare commander. "Of the hacks we know [launched by North Korea], almost all were denial-of-service attacks."

Unit 121, as the North Korean military's cyber warfare group is known, certainly has the capabilities to conduct denial-of-service attacks, said Chapman. But he was dubious it could do more than that. "We haven't seen [Unit 121] do this before, we haven't seen it do a crippling attack."


1  2  Next Page 

Sign up for Computerworld eNewsletters.