Federal investigators on Friday accused North Korea of carrying out a computer attack against Sony Pictures Entertainment, blaming the Stalinist government for an intrusion that exposed corporate e-mails, wiped out computer data and underlined the cyber capabilities of one of the United States’ top adversaries.
American officials have privately said that they believe North Korea was behind the hacking incident. But the new claim marks a significant escalation — the first time that the United States has openly laid blame on a foreign government for a destructive cyberattack against an American corporation.
“The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the bureau said in a statement.
The statement said the conclusion was based in part on a “technical analysis” of the malware used in the attack, which “revealed links to other malware that the FBI knows North Korean actors previously developed.” The FBI said the attack was also linked to several Internet protocol addresses “associated with known North Korean infrastructure.”
North Korea’s actions were “intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said.
President Obama, scheduled to hold an end-of-year news conference later Friday, was expected to address the issue. The White House earlier this week described the attack against Sony as a “serious national security matter.”
“Though we have seen many different types of intrusions targeting U.S. networks, the destructive nature of this attack, coupled with its coercive nature, sets it apart from typical cyber incidents,” a senior administration official said.
The attack came in apparent retaliation for Sony’s planned Christmas Day release of “The Interview,” a comedy built around the assassination of North Korean leader Kim Jong Un.
It marked the first known intrusion by North Korea into private U.S. computer networks and was improbably effective: Not only were the hackers able to penetrate Sony’s system and expose internal e-mails, but they cowed one of Hollywood’s biggest entertainment firms into pulling the movie.
Intelligence officials “know very specifically who the attackers are,” said one individual familiar with the investigation, who like others spoke on condition of anonymity because the case is ongoing.
North Korea has publicly denied involvement. On Friday, the group that has claimed credit for the attack, calling itself the Guardians of Peace, was said to have sent Sony executives a new message praising them for canceling the release of “The Interview” but warning them to “never” let the movie be “released, distributed or leaked,” according to CNN.
The administration is weighing a “proportional” response to the attack, but has not specified the options it is considering.
“Identifying those responsible for these attacks is only the first step, and we will continue to do our part to protect and defend our nation from the asymmetric threats posed through cyberspace,” John Carlin, assistant attorney general for national security, said in a statement Friday.
U.S. officials have made clear for several years that they have a range of diplomatic, economic, legal and military options at their disposal in response to cyberattacks. Those steps might include indicting individuals believed to be behind the attack, asking like-minded states to join in condemning the intrusion, and if North Korea persists, undertaking a covert action to dismantle the computer systems used in the operation.
Although officials said the attack against Sony was of a “destructive” nature, it did not meet the traditional definition of a “destructive attack” under international law, which involves death, injury or damage or destruction of physical objects, such as computers.
At the same time, experts said, the intrusion appears to have violated U.S. sovereignty.
“International law permits all sorts of responses” in such a case, said Michael Schmitt, director of the Stockton Center at the U.S. Naval War College.
“Could we hack back at another state? Strike back at them in cyberspace, shutting down their command and control? Absolutely,” he said. “It could be actions that otherwise violate international law in order to force the other state to resume compliance with international law.”
The hack against Sony has thrown into relief North Korea’s burgeoning cyberwarfare capabilities and its increased willingness to use a tool that can be wielded to disproportionate effect against countries with much larger and more powerful militaries and economies.
North Korea had fledgling computer attack capabilities in the late 1980s but did not begin to develop those capabilities until the late 1990s, when Kim Jong Il’s oldest son, Kim Jong Nam, was given the responsibility of developing a computer center in Pyongyang. Experts say North Korea sees cyberattacks as a way to help close the gap in military capability with countries such as the United States and its ally South Korea.
North Korea has nearly doubled its number of elite hackers over the past two years and has set up bases in outside countries, mainly China, in an effort to boost its capacity to conduct cyberattacks, South Korea’s Yonhap News Agency reported recently, citing military sources.