Few info can be shared, this will happen again

Jan 8, 2015 00:05 GMT  ·  By
FBI Director James Comey speaking at the International Conference on Cyber Security at Fordham University
   FBI Director James Comey speaking at the International Conference on Cyber Security at Fordham University

The hackers who attacked Sony Pictures Entertainment in November 2014 failed on multiple occasions to mask their location through proxy connections and revealed their real IP addresses, FBI Director James Comey said on Wednesday.

Comey delivered a keynote speech at the annual International Conference on Cyber Security (ICCS) in New York, at Fordham University, and revealed some of the details of the investigation on the Sony hack incident.

Authors of the attack did not hide their IPs properly

He said that Guardians of Peace (GoP), the hackers that claimed the attack on Sony, relied on proxy connections to hide their real IP address each time they sent emails or made statements; but on some occasions, either because the service was malfunctioning or because they simply forgot to route their connection, the traffic came directly from their real addresses, which were used exclusively by North Korean actors.

It is unclear, though, which particular emails and online posts the FBI boss was referring to, since many of the statements were published anonymously online, mostly on Pastebin, and GoP was not responsible for all of them.

The same goes for the email communication, since the addresses of Sony bosses were divulged by GoP in their Sony leaks. One message claiming to be from the hackers threatened Sony employees and left as contact a disposable email address from YOPMail (Your Own Protection Mail), which could be accessed by anyone.

FBI Director has very high confidence in the current attribution

In a Joint Intelligence Bulletin dated December 24, the FBI informed that GoP also made a threat to a media organization, which turned out to be CNN, and pursued this inquiry avenue, based on a Pastebin post.

Later, it was uncovered that the message had been published as a joke, in order to point out the poor quality of CNN’s investigation of the incident, on account of unverified sources.

David Garret, a writer from Knoxville who penned the message, never expected the FBI to follow this trail, especially since the threat consisted in delivering CNN journalist Wolf Blitzer.

At ICCS, Comey added that more could not be disclosed at the moment as the agency has to protect its sources from the bad guys because it believes that such incidents will happen again.

Although the director added another piece to the Sony hack attribution puzzle, the security community may have expected more information about the evidence the FBI had in support of a North Korean actor being the one behind the attack.

“Not much I have high confidence about. I have very high confidence…on North Korea,” FBI New York quoted the director in a tweet on Wednesday.