FBI Director Says 'Sloppy' North Korean Hackers Gave Themselves Away

Bureau chief says hackers occasionally forgot to use proxy servers, while the Director of National Intelligence says North Koreans have no sense of humor.

Sara Peters, Senior Editor

January 8, 2015

2 Min Read

FBI Director James Comey, today, said that the hackers who compromised Sony Pictures Entertainment usually used proxy servers to obfuscate their identity, but "several times they got sloppy."

Speaking today at an event at Fordham University in New York, Comey said, "Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using ... were exclusively used by the North Koreans.

"They shut it off very quickly once they saw the mistake, but not before we saw where it was coming from."

It is perhaps possible that the servers in North Korea were not the original source, but were themselves proxy servers. The FBI has other reasons to attribute the attack to North Korea, Comey said -- including psychological profiles the Bureau's behavioral analysis unit developed about the attackers and the results of red team simulations.

“There is not much in this life that I have high confidence about,” said Comey. “I have very high confidence in this attribution, as does the entire intelligence community.”

Director of National Intelligence James Clapper also spoke, quite bluntly relating tales of a tense dinner meeting he had in North Korea in November with "General Kim," a North Korean government official he believes was central to the Sony attack. Presumably he was referring to General Kim Yong-Chol, director of Unit 586, which includes Unit 121 -- the country's center of cyber-attack operations, recently estimated to be 6,000-troop strong.

Clapper said that Kim kept "pointing his finger at my chest and saying the US and South Korean exercise was a provocation to war and of course not being a diplomat, my reaction was to lean back across the table and point my finger at his chest."

"They really do believe they are under siege from all directions," said Clapper, "and painting us as an enemy that is about to invade their country every day is one of the chief propaganda elements that's held North Korea together."

"They are deadly, deadly serious," he said, "about affronts to the supreme leader, whom they consider to be a deity."

As for The Interview, the new Sony comedy about assassinating Kim Jong-Un, Clapper said he watched it over the weekend "and it's obvious to me that North Koreans don't have a sense of humor."

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights