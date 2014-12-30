(Adds interview with FireEye, background)
By Mark Hosenball and Jim Finkle
WASHINGTON/BOSTON Dec 29 U.S. investigators
believe that North Korea likely hired hackers from outside the
country to help with last month's massive cyberattack against
Sony Pictures, an official close to the investigation said on
Monday.
As North Korea lacks the capability to conduct some elements
of the sophisticated campaign by itself, the official said, U.S.
investigators are looking at the possibility that Pyongyang
"contracted out" some of the cyber work. The official was not
authorized to speak on the record about the investigation.
The attack on Sony Pictures is regarded to be the most
destructive against a company on U.S. soil because the hackers
not only stole huge quantities of data, but also wiped hard
drives and brought down much of the studio's network for more
than a week.
While U.S. officials investigate whether North Korea
enlisted help from outside contractors, the FBI stood by its
previous statement that Pyongyang was the prime author of the
attack against the Sony Corp unit.
"The FBI has concluded the Government of North Korea is
responsible for the theft and destruction of data on the network
of Sony Pictures Entertainment," the Federal Bureau of
Investigation said in a statement to Reuters.
North Korea has denied that it was behind the Sony attack
and has vowed to hit back against any U.S. retaliation.
The people who claimed responsibility for the hack have said
on Internet postings that they were incensed by the Sony
Pictures film "The Interview," a comedy about a fictional
assassination of North Korean leader Kim Jong Un.
Because of the hackers' threats, major U.S. cinema chains
refused to show the film. Last week, Sony struck deals with some
320 independent theaters to distribute "The Interview" and also
made the film available online.
BLAMING NORTH KOREA
Some private security experts have begun to question whether
Pyongyang was behind the Sony cyberattack at all.
For instance, consulting firm Taia Global said the results
of a linguistic analysis of communications from the suspected
hackers suggest they were more likely from Russia than North
Korea. Cybersecurity firm Norse said it suspects a Sony insider
might have helped launch the attack.
"I think the government acted prematurely in announcing
unequivocally that it was North Korea before the investigation
was complete," said Mark Rasch, a former federal cybercrimes
prosecutor. "There are many theories about who did it and how
they did it. The government has to be pursuing all of them."
The FBI said its determination that North Korea was behind
the hack was based on information from a variety of sources,
including intelligence sources, the U.S. Department of Homeland
Security, foreign partners and the private sector.
"There is no credible information to indicate that any other
individual is responsible for this cyber incident," the agency
said.
Kevin Mandia, whose security firm was hired by Sony to
investigate the attack, said the only way to know who the
culprits are is to trace the network traffic from the infected
machines back to the hackers' machines. Only the government and
Internet service providers have that kind of visibility, he
added.
"I don't have the data that they have to come up with that
conclusion," Mandia, chief operating officer of FireEye Inc
, said in a video interview with Reuters.
"Every attack loops through numerous machines," he said.
"You have to peel that onion all the way back. It isn't an easy
thing to do."
Mandia, who has supervised investigations into some of the
world's biggest cyberattacks, said the Sony case was
unprecedented.
"Nobody expected when somebody breaks in to absolutely
destroy all your data, or try to anyway, and that's just
something that no one else has seen," he said.
(Reporting by Mark Hosenball in Washington and Jim Finkle in
Boston; Editing by Tiffany Wu and Warren Strobel)