Federal investigators connect Sony hacking to North Korea

Kevin Johnson, Oren Dorell and Elizabeth Weise, USA TODAY

WASHINGTON — U.S. authorities determined that North Korea is behind the recent cyber-attack on Sony Pictures, a federal law enforcement official said Wednesday.

The official, who is not authorized to comment publicly, said a formal announcement of attribution by the U.S. government could come as soon as Thursday.

U.S. investigators moved quickly toward a determination in recent days, indicating this week that attribution was imminent.

Addressing the matter last week, FBI Director James Comey said the attack was very “complicated” and the government wanted to be sure “before we make an attribution that we have high confidence in it.”

Sony was hit by hackers Nov. 24. A glowing red skeleton appeared on screens throughout the Culver City, Calif.-based Sony subsidiary.

The hack apparently was in response to the planned release of The Interview, a comedy that features James Franco and Seth Rogen as tabloid TV journalists who score an interview with North Korean dictator Kim Jong Un.

As they prepare to travel to the secretive nation, they’re recruited by the CIA to assassinate Kim.

Tuesday, the hackers, who call themselves the Guardians of Peace, posted a message threatening a 9/11 type attack on theaters that showed the movie.

Sony announced Wednesday that it was canceling release of the movie because of the threats.

While making the film, Sony representatives met with Assistant Secretary Daniel Russell of the Bureau of East Asian and Pacific Affairs and other State Department officials to discuss U.S. policy in Asia, State Department spokeswoman Jen Psaki said. She did not detail their conversations.

Psaki would not confirm reports that Robert King, the U.S. special envoy for North Korean human rights, relayed messages to Sony about the movie. King “did not view the movie and did not have any contact directly with Sony,” she said. Psaki said the department had no “credible information to support these threats” against theaters showing the film.

The hacking has had other, massive repercussions for the media giant. Almost 38 million files were stolen and doled out on file-sharing websites.

Files included the screening versions of five Sony films, the script to the most recent James Bond movie, embarrassing e-mails between studio executives, salary data and personal information about Sony staff.

During the three weeks since the attack, an ongoing question has been “Why?”

Historically, hackers have either stolen intellectual property as part of an industrial espionage campaign or grabbed personal data to sell.

An attack that merely posted material, much of which could have been sold for large amounts of money on the black market, is unprecedented.

After entering and copying much of the Sony network, the hackers released malicious software, or malware, that infected Sony’s computers and was extremely destructive.

“Its job was not just to erase files but to destroy them,” said Tom Kellermann, a computer security expert with Trend Micro.

This sort of behavior hadn’t been seen much since the 1990s, when “script kiddies” copied computer programs they didn’t actually understand and used them merely to wreak havoc.

“Back then, we saw this a lot, people jumping in, messing up a network and jumping out, but there was no financial gain. It was just ‘Ha ha, look what I did!’ ” Kellermann said.

North Korea has been suspected of employing hacking attacks against groups it disagreed with, including South Korean media outlets and banks.