Two say N. Korea mark on Sony hit
Breach is similar to attacks in 2013
A digital attack against Sony Pictures that used destructive malware to disable systems and destroy data contained Korean language code, according to two people with knowledge of the investigation.
Other aspects of the breach bear important similarities to attacks that wiped out the computers of South Korean banks and broadcasters in March 2013, said the people, who weren’t authorized to speak publicly and asked not to be identified.
The FBI sent a flash alert to U.S. companies about the malware Monday afternoon, mentioning the use of Korean language but not linking it directly to the Nov. 25 attack on Sony Corp.’s Culver City, Calif.-based entertainment unit. One of the people confirmed the alert refers to malware in the Sony case.
“We consider that the theories regarding the attribution to North Korea are credible,” said John Hultquist at iSight Partners, a Dallas-based cybersecurity company.
ISight isn’t involved in the Sony investigation. It has analyzed other destructive attacks linked to North Ko-
rean hackers, Hultquist said.
The malware, designed by unknown operators, has the ability to overwrite data files, including what’s called the master boot record, making computers unusable, the FBI said in its five-page alert to companies.
The use of destructive malware has been a hallmark of North Korean attacks, including devastating attacks last year against some of South Korea’s largest banks and at least two major television broadcasters.
The attack on Sony crippled its computer systems, forcing some employees to communicate by text message.
The attackers also were able to obtain copies of recent and imminent motion-picture releases that were then posted on the Internet for download.
The breach occurred a month before the scheduled release of The Interview, a comedy about a CIA plot to kill North Korea’s leader, Kim Jong-Un.
The Seth Rogen film, currently advertised for release on Christmas Day, features Rogen and James Franco as TV producers who are recruited by the CIA to assassinate Kim. Plans for the film drew a rebuke from the country, with a Foreign Ministry spokesman saying in state media that the release would be an “act of war,” according to the BBC.
“In furtherance of publicprivate partnerships, the FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations,” Joshua Campbell, a bureau spokesman, said in an email. “This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”
The leak of films will hurt Sony’s box-office sales, industry analysts said.
The World War II drama Fury was downloaded 500,000 times since the cyberattack, according to the news site TorrentFreak. The leaks, which include the coming Still Alice and Mr. Turner, will draw viewers from a unit that has been one of Sony’s most reliable profit-makers, with gross ticket revenue up 13 percent this year, according to Box Office Mojo.
“There will be an impact on Sony Pictures’ box office revenue for this year due to hacking and the leaks,” said Hideki Yasuda, a Tokyo-based analyst for Ace Research Institute. “It will be a one-time impact and won’t drag on too long.”
The illegal downloads of Fury illustrate the economic damage hackers can inflict. The scourge facing Hollywood, Silicon Valley and investors costs the global economy as much as $575 billion annually, according to a study published in June by the Center for Strategic and International Studies and McAfee, a security-software maker owned by Intel Corp.