FBI boss: Sony hack was DEFINITELY North Korea, haters gonna hate
Claims Nork IP addresses tell the tale
The director of the FBI has defended his bureau's claim that the hacking attack against Sony Pictures was the work of the North Korean government – saying skeptics "don't have the facts that I have."
Speaking at a cybersecurity conference at Fordham University in New York City on Wednesday, FBI boss James Comey said he has "very high confidence" that Pyongyang was responsible for the comprehensive ransacking of the movie studio's servers.
When asked why security experts favor a different explanation – that the attack was probably the work of disgruntled insiders or former employees – Comey said, "They don't have the facts that I have, don't see what I see."
That's true, because the FBI has remained tight-lipped as to the exact evidence that it believes links the Sony incident to North Korea. But on Wednesday, Comey offered the most detailed explanation yet of the government's reasoning.
When the group calling itself Guardians of Peace sent threatening emails and made other online statements, Comey said, it mostly used proxy servers to disguise the messages' origins. "But several times, they got sloppy," he claimed.
On those occasions, he said, the group sent messages from servers with IP addresses "that were exclusively used by the North Koreans," giving law enforcement a "very clear indication of who was doing this."
It certainly isn't hard to narrow down IP addresses belonging to North Korea: the country has a block of 1,024 IPv4 addresses allocated to it, namely 126.96.36.199/22. It's trivial to scan. (According to a survey by the Washington Post, the embattled country has fewer IP addresses than any other non-island nation, with just one address for every 24,000 people. By comparison, South Korea has two addresses per person, and the US has five per person.)
Public IP network addresses, by themselves, are a poor indicator of the true origin of internet attacks, due to the ease with which traffic can be spoofed or routed through multiple networks. For this reason, infosec professionals remain skeptical the Kim government is responsible for the Sony Pictures hack.
Also, in 2012, a US judge rubbished claims that IP addresses can be used to identify culprits in online crime, saying "it is no more likely that the subscriber to an IP address carried out a particular computer function ... than to say an individual who pays the telephone bill made a specific telephone call."
Nonetheless, Comey maintained that he was certain that North Korea was to blame for the Sony attack, saying there was other evidence to corroborate the claim that he could not disclose.
"There is not much in life I have high confidence about," he said. "I have very high confidence in that attribution." ®