A Sony Pictures internal investigation has identified North Korea as the source of a devastating computer attack, and the studio is deliberating whether to announce the findings publicly, according to a person familiar with the discussions.
The company’s investigation has linked the hackers who stole a major holiday film release and unleashed a destructive computer worm to a North Korean group known as DarkSeoul, which was responsible for similar attacks on South Korean banks and television studios last year, a second person familiar with the investigation said.
Sony Corp. (6758) lawyers are discussing with company executives and officials at FireEye Inc., a security firm specializing in cyber-espionage that was hired to investigate the attack, whether to announce the link to North Korea, the first person said. No decision has been made, the person said.
Technology website Re/code reported yesterday that Sony was going to make an announcement about the perpetrators of the attack.
“The investigation continues into this very sophisticated cyber attack. The Re/code story is not accurate,” Sony said in a statement. No announcement is currently planned, according to another person familiar with the discussions. Joshua Campbell, a spokesman for the FBI in Washington, declined to comment. North Korea’s United Nations mission didn’t respond to an e-mailed request for comment.
The DarkSeoul gang has been linked by security experts to a series of high profile attacks against South Korea since 2009, including a devastating series of hacks in March 2013 that wiped numerous computers at major banks and television broadcasters.
Some of the computers used to launch those attacks were located in China, but private security researchers and U.S. officials believe that the North Korean government was behind them, possibly using hackers hired for the job.
The attack last week crippled computer systems at Sony Pictures, and gave the perpetrators access to confidential employee information including executive salaries. It also put unreleased films including “Annie,” set for theaters on Dec. 19, on file-sharing sites. The studio has used cease-and-desist letters to force the sites to remove the films. Sony’s computer systems were still recovering, a person with knowledge of the matter said Dec. 2.
The FBI sent a flash alert to U.S. companies about the malware on Dec. 1, mentioning the use of Korean language, while not linking it directly to the attack on Sony’s entertainment unit. One of the people confirmed the alert refers to malware in the Sony case.
North Korean leader Kim Jong Un, right, claps during the unveiling ceremony of two statues of former leaders Kim Il-Sung and Kim Jong-Il in Pyongyang, North Korea, on April 13, 2012.
When asked about the attack, a spokesman for North Korea’s UN mission told the BBC: “The hostile forces are relating everything to the DPRK (North Korea). I kindly advise you to just wait and see.”
In June, North Korea promised to “mercilessly destroy” anyone associated with an action-comedy movie that depicts an attempt to assassinate leader Kim Jong Un.
The breach occurred a month before the scheduled release of “The Interview,” a comedy about a CIA plot to kill the North Korea’s leader.
The Seth Rogen film, due in theaters on Dec. 25, features Rogen and James Franco as TV producers who are recruited by the Central Intelligence Agency to assassinate Kim. Plans for the film drew a rebuke from the country, with a foreign ministry spokesman saying in state media that the release would be an “act of war,” according to the BBC.
“It is now apparent that a large amount of confidential Sony Pictures (SNE) Entertainment data has been stolen by the cyber attackers, including personnel information and business documents,” Sony Entertainment Chairman and Chief Executive Officer Michael Lynton and Amy Pascal, co-chairman of Sony Pictures Entertainment, said in a memo to staff Dec. 2. Sony is working closely with law enforcement, the memo said.
Some of the hacking damage was inflicted by a so-called wiper virus, which overwrites hard drives and can make computers and servers unusable, two people familiar with the matter told Bloomberg News Dec. 2. Sony is assessing whether the damage is permanent, one of the people said, adding that the attackers haven’t made any demands. Sony’s television production arm, part of the Culver City, California-based entertainment division, has been largely unaffected.
“Annie,” a remake of the 1982 film, is the biggest unreleased movie among those that were stolen and leaked. “Still Alice” and “Mr. Turner,” two Oscar hopefuls planned for limited release, also turned up on file-sharing sites, along with “Fury,” a Brad Pitt war drama that was in cinemas in October, and “To Write Love on Her Arms.”
As of early this week, “Fury” has been downloaded more than 500,000 times from one service alone since the Sony attack, according to TorrentFreak, a news site that tracks copyright, privacy and related issues.