By Andrew Grossman
NEW YORK--Federal Bureau of Investigation Director James Comey
on Wednesday said the U.S. is confident about North Korea's
involvement in the December threats against Sony Pictures because
the people involved at times slipped up and didn't properly use
tactics designed to obscure the source of the messages.
When that happened, investigators were able to see clearly that
they came from Internet addresses used solely by North Korea, Mr.
Comey said.
"There is not much in this life that I have high confidence
about," Mr. Comey said. "I have very high confidence about this
attribution."
Mr. Comey also highlighted other evidence, such as analysis by
FBI personnel that matched patterns of writing and other signatures
to those found in other attacks launched by North Korea.
"They say: 'easy for us,' " Mr. Comey said of the bureau's
analysts. "It's the same actors."
The Wall Street Journal has previously reported investigators
had discovered an instance when malicious software tried to contact
an address in North Korea.
Mr. Comey said the bureau is still trying to figure out how the
hackers got into Sony's systems, and noted there had been attempts
at "spearphishing" launched against the company as late as
September. Spearphishing refers to efforts by hackers to gain
access to systems by sending targeted messages to specific people
designed to get them to do something that would compromise
security, such as share their credentials or click a link that
installs malicious software.
Mr. Comey said the U.S. has more evidence that North Korea was
behind the attack that it can't release publicly. He said those who
have questioned the conclusion North Korea was involved "don't have
the facts that I have, they don't see what I see."
Write to Andrew Grossman at andrew.grossman@wsj.com
Access Investor Kit for Sony Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=JP3435000009
Access Investor Kit for Sony Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US8356993076
Subscribe to WSJ: http://online.wsj.com?mod=djnwires