After numerousexperts disputed the FBI’s assertion that North Korea was behind the notorious Sony hack, which revealed sensitive internal information and resulted in the partial canceling of The Interview’s release, FBI Director James Comey elaborated on the evidence that led the agency to its conclusion.
Speaking at a cybersecurity conference at Fordham Law School in New York on Wednesday, Comey told the audience that the Guardians of Peace—the name the hackers who attacked Sony gave themselves—“got sloppy” when masking their IP addresses. By sometimes failing to conceal their IP addresses with proxy servers, Comey said the FBI was able uncover that the attack had originated from computers in North Korea.
“Several times, either because they forgot or because of a technical problem, they connected directly, and we could see that the IPs they were using…were exclusively used by the North Koreans,” Comey told the audience. “They shut it off very quickly once they saw the mistake, but not before we saw where it was coming from.”
This may not be enough to quell doubts, however. While it is possible to hijack an IP address, the limited nature of North Korea’s Internet and the fact it is government-run makes it unlikely in this case, but not impossible.
But Comey seems sure.“There is not much in this life that I have high confidence about,” he said.“I have very high confidence in this attribution, as does the entire intelligence community.”
When the FBI initially attributed the hack to North Korea last month, it cited similarities to previous attacks, such as “specific lines of code, encryption algorithms, data deletion methods and compromised networks,” as well as other clues that could not be made public.
The lack of public evidence prompted a deluge of naysayers. Additionally, while North Korea described the hack as a “righteous deed” (the movie depicts the assassination of the country’s leader), it denied responsibility.
In response to the mounting doubt, Comey told the crowd, “They don’t have the facts that I have. They don’t see what I see.”
He added that for security reasons, he cannot reveal more. “I want to show you, the American people, as much as I can about the why, but show the bad guys as little as possible about the how,” he said.
Since the initial accusation, the U.S. has imposed new sanctions on North Korea for its alleged role in the attack (it already has tough sanctions in place over the country’s nuclear program). The new penalty marks the first time the U.S. has used sanctions in direct retaliation for a cyberattack.
During the same conference, James Clapper, the director of National Intelligence called the hack "the most serious cyberattack ever made against U.S. interests."
“We have to push back,” Clapper told the audience. “If they get global recognition with no consequence, they’ll do it again and again.”