Just like Sabu —

FBI Director says Sony hackers “got sloppy,” exposed North Korea connection [Updated]

Comey again expresses concern about digital communications "going dark" with encryption.

FBI Director James Comey speaks at the International Conference on Cyber Security at Fordham University on January 7.
FBI Director James Comey speaks at the International Conference on Cyber Security at Fordham University on January 7.
FBI

In a speech at the International Conference on Cyber Security (ICCS) today in New York, FBI Director James Comey reiterated the bureau's confidence that North Korea was involved in the cyber attack on Sony Pictures Entertainment. "There's not much I have high confidence about," Comey said, as reported by the FBI New York field office's official Twitter feed. "I have very high confidence... on North Korea." And he downplayed suggestions by outsiders that others might be responsible, saying that critics “don’t have the facts that I have, they don’t see what I see.”

In a separate speech today at the ICCS, Director of National Intelligence James Clapper said that the attack on Sony demonstrated a new type of threat posed by North Korea. During a meeting last year with a North Korean general to negotiate the release of two American prisoners in North Korea, Clapper said that the general told him the regime is "deadly serious" about perceived insults by the US to its "supreme leader" and that North Koreans feel that the US has put their country under siege.

While the Sony attackers had largely concealed their identity by using proxy servers, Comey said that on several occasions they "got sloppy" and connected directly, revealing their own IP address. It was those slip-ups, he said, that provided evidence linking North Korea to the attack on Sony's network. Comey also said that analysts at the FBI found the patterns of writing and other identifying data from the attack matched previous attacks attributed to North Korea. Additionally, there was other evidence, Comey said, that he could not share publicly.

Still missing from the equation is how the attackers penetrated Sony's network. Comey said that FBI was still investigating how the attackers got in, but noted that the company had been targeted by  "spear phishing" campaigns—including one that occurred in September.

Comey's speech at the ICCS, an event hosted by the FBI and Fordham University, comes after a year full of big data breaches at major retailers and concluded with the reverberations of the cyber attack on Sony Pictures. Comey said that "traditional notions of space and time are blown away by a threat that moves at the speed of light," making it difficult for law enforcement to react. To adapt, he said, the FBI would "try to focus on nation-state actors and the most dangerous criminal syndicates" with its cybercrime unit.

The director also reiterated his concerns about the spreading use of encryption on mobile devices, which would allow individuals to "go dark" and avoid law enforcement surveillance. "There are significant public safety issues here (and) we need to talk about it," Comey said.

Channel Ars Technica