Evidence In Sony Hack Attack Suggests Possible Involvement By Iran, China Or Russia, Intel Source Says
December 18, 2014
By Catherine Herridge
The U.S. investigation into the recent hacking attack at Sony Pictures Entertainment has turned up evidence that
does notpoint to North Korea as the "sole entity" in the case, but rather, raises the possibility that Iran, China or Russia may have been involved, an intelligence source told Fox News on Thursday.
Earlier Thursday, Fox News confirmed that the FBI is pointing a digital finger at North Korea for the attack.
The source pointed to the sophistication of malware “modules or packets” that destroyed the Sony systems -- on a level that has not been seen from North Korea in the past -- but has been seen from Iran, China and Russia.
There is no evidence of a forced entry into the Sony systems, pointing to an insider threat or stolen credentials. And the first emails sent to Sony, described as blackmail or extortion, included demands unrelated to the movie.
The malware had two destructive threads, the source said: it overwrites data and it interrupts execution processes, such as a computer's start-up functions. After the initial attack, the FBI warned the industry that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve. The intelligence source added that the forensic evidence suggests that the final stage of the attack was launched outside North Korea's borders -- creating some plausible deniability.
“Given the destructive efforts or effects of this attack, we're treating this as a national security matter, and as such, members of the president's national security team have been in regular meetings regarding this attack,” State Department Spokeswoman Jen Psaki said.
Also, Fox News has learned that U.S. security firms were first notified Monday by the U.S. government that they planned to publicly blame North Korea, which is inconsistent with past practice, as the U.S. government often has chosen to work behind the scenes in similar instances.
The White House declined earlier Thursday to directly blame North Korea for the attack, though Press Secretary Josh Earnest referred to the incident as a "serious national security matter."
The case is "being treated as seriously as you'd expect," Earnest told reporters at an afternoon briefing. He added that the White House would allow the investigation to move forward before speculating about a response.
"There is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor," Earnest said. "And it is being treated by those investigative agencies both at the FBI and the Department of Justice as seriously as you would expect."
The North Korean link came shortly after Sony canceled plans for its Dec. 25 release of “The Interview,” a comedy about the fictional assassination of North Korean leader Kim Jong-un. Getting Sony to pull the release of the movie had been one of the hackers’ public demands.
Officials, speaking on condition of anonymity, said the attack originated outside North Korea, but believe the individuals behind it were acting on orders from the North Korean government.
While the U.S. government is unlikely to issue formal charges against North Korea or its leadership, a formal announcement of North Korea’s involvement is likely to come Thursday.
The Sony hack attack is “deeply worrying” to the intelligence community because it is believed to be the first time destructive malware has targeted a U.S. firm, according to the Fox News source, who added that the cyber assault is seen as “retribution” for “The Interview.”
Fox News is told that the malware used in the Sony hack attack has two destructive threads: it overwrites data and it interrupts execution processes, such as a computer's start-up functions. The FBI warns that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve.
It is not clear how long the malware needs to be in the system before it brings on an almost complete paralysis. In the case of Sony, support functions -- including emails --were knocked off-line, seen as a distraction while the more destructive attack was launching.
This week North Korea’s state-run media KCNA endorsed the Sony hacking, saying it was done by “sympathizers.” Andrei Lankov, an expert on North Korea who writes a column for The Korea Times, says this is as close to an endorsement as possible.
Another expert noted “ambiguity of attribution and guerilla-warfare approach” are the tactics of North Korea. The expert concluded it will be seen that America is vulnerable to blackmail and North Korea will try it again.
Fox News has also been told, however, there was “zero” chance there would have been any actual attacks on theaters.”
"Sony was stupid to make a movie about killing Kim Jung-un," Lankov said, "but it was even more stupid to cave in to pressure."
A Steve Carell "paranoid" thriller "that was to be set in North Korea" also has been scrapped, sources say. The project from director Gore Verbinski and writer Steve Conrad wasn't yet titled, though industry outlets said the working title was "Pyongyang," which is the North Korean capital.
"Sad day for creative expression," Carell tweeted Wednesday evening, adding "#fear eats the soul" as a hashtag.
In an interview with ABC News aired Wednesday, President Obama encouraged Americans to go to the movies.
The Sony hacking saga took a sinister turn on Tuesday when hackers sent a message threatening to target theaters showing “The Interview” in a 9/11-type attack.
Sony then told theaters they will not be penalized should they choose not to show it.
A representative for the FBI Los Angeles Field Office told FOX411 that the bureau is “aware of the recent threats and continues to work collaboratively with our partners to investigate.”
Security experts told Fox that in the wake of the Sydney siege and the release of the CIA enhanced interrogation report last week, it was crucial the threat be taken seriously by authorities.
“This threatening statement obviously has some foundation and may be linked to current global hostilities toward the West and predominantly the U.S.,” said Lee Oughton, global security and risk management expert. “We are still unaware how deep the hackers were able to penetrate into the Sony systems. Only time will tell how much information they were able to ascertain and what price Sony will pay in the international market.”
Actors James Franco and Seth Rogen already canceled all media appearances promoting their film.
Sony Hacked Again: How Not to Do Network Security
LulzSec, the hacker collective responsible for the Wikileaks hacktivism attack and fake Tupac resurrection story on the PBS site last week, made it clear that Sony was the next target on its radar. Now it has made good on that threat with a hack of the Sony Pictures network, and claims to have compromised the account details of a million users.
Reply With Quote
Originally Posted by Peterle Matteo
Pictures Entertainment’s headquarters in Culver City, a typical week begins. The first sign of a digital break-in comes early that morning, when the image of a stylized skull with long skeletal fingers flashes on every employee’s computer screen at the same time, accompanied by a threatening message warning that “This is just the beginning.” The hackers say “we’ve obtained all your internal data,” and warn that if Sony doesn’t “obey” their demands, they will release the company’s “top secrets.” 
First reports surface that Sony suspects that North Korea may be responsible for the attack in retaliation for 
FBI SealMandiant, a cyber-security firm, to help investigate the attack. The FBI confirms that it has launched its own investigation. FBI spokeswoman Laura Eimiller says that “The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment. The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.”
One week and two days after the breach, Sony chiefs 
hosting Saturday Night Live, mocks the Sony hackers during his opening monologue. “Something pretty crazy happened this week. I have this movie called The Interview coming out at Sony and this week Sony Studios got all their computers hacked. This is true. These hackers have leaked real personal information about everybody that works at Sony. Social security numbers, e-mails, and I know eventually they’re going to start leaking out stuff about me. So before you hear it from someone else, I thought it would be better if you hear it from me. Soon you’ll know that my e-mail is 
The Interview premieres amid tight security at the Ace Hotel’s theater in downtown Los Angeles. Before the film begins, Seth Rogen takes the stage and thanks Amy Pascal “for having the balls to make this movie.”
issues its first public statement on the cyber attack: “Obviously this is a very difficult time for Sony. Sony is not just a valued member of our association family, but they are friends and colleagues and we feel for them personally. From the highest levels of our organization working with the highest levels of theirs, we are doing anything and everything that Sony believes could be helpful and will continue to do so.”
People watch a TV news program showing President Barack Obama, at the Seoul Railway Station in Seoul, South Korea, Dec. 22, 2014. 
Sony Still Hopes to Release Film About Killing Kim Jong Un
Sony Stock Prices Oct. 1 – Dec. 19, 2014
Add Comment
9 People Commenting
ChosenLyric
17 hours
Dennis Rodman perhaps told Kim about the" American cultural sensitivities "
Quixote (@Quixote34)
19 hours
The Sony hacking controversy goes to the core of what the Internet is about, and of why...
juju
1 day
Sony deserves everything there getting.