FBI: North Korean Hackers Were ‘Sloppy’, Left Clues Following Sony Breach

There are plenty in the cybersecurity industry that contend that North Korea couldn’t have possibly orchestrated the devastating hack on Sony in retaliation for the comedic film The Interview. In mid-December, cybersecurity analyst Marc Rogers dismissed the FBI’s assertion that North Korea was behind the attacks, stating, “The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in ‘Konglish’. i.e it reads to me like an English speaker pretending to be bad at writing English.”

Rogers went on to add; “The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden.”

Kurt Stammberger, Senior Vice President at Norse, also expressed doubts, remarking in late December, “When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack.” Other experts like Bruce Schneier offered similar reservations.

James Comey
FBI Director James Comey with President Barack Obama

The FBI remains committed to the narrative that singles out North Korea as the bad guy, and FBI Director James Comey says that a mountain of evidence can’t be ignored. Comey says that Guardians of Peace, or #GOP, simply “got sloppy” when it came to covering their tracks, leading U.S. intelligence agencies straight to the source.

"The Guardians of Peace would send emails threatening Sony employees and post online various statements explaining their work. In nearly every case they would use proxy servers in sending those emails and posting those statements," said Comey. “Several times, either because they forgot or they had a technical problem, they connected directly and we could see it.”

Comey went to add that this lack of commitment to covering their trail made it easy to pinpoint the exact origin of the attack. "We could see that the IP addresses they used ... were IPs that were exclusively used by the North Koreans,” Comey added. “It was a mistake by them. It was a very clear indication of who was doing this. They would shut it off very quickly once they realized the mistake, but not before we saw them and knew where it was coming from.”

Comey says that U.S. intelligence officials are still trying to ascertain how exactly the hackers were able to infiltrate Sony’s network, but there have already been a number of possibilities tossed around. Mark Rogers suggested that it was possibly an inside job, with a scorned employee sparking the whole incident. “It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords,” Rogers surmised. “Occam’s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as.”


In another twist, a member of Lizard Squad in a late December interview with The Washington Post claimed that its actions helped initiate the hack; “We handed over some Sony employee logins to them. For the initial hack.”

The Sony hack resulted in personal data leaks, threats against Sony employees and family members, and threats on movie theaters. Sony would later cave due to pressure from large U.S. movie theater chains, announcing that it would no longer release The Interview on Christmas Day. A few days later, it backtracked, announcing that it would show the film in a limited number of independent theaters and make the movie available online for purchase/rental.

The online release of The Interview has turned out to be one of the surprise triumphs of this whole ordeal. As of this week, The Interview has already raked in over $31 million in streaming revenue.