FBI “has very high confidence” that Sony Pictures Entertainment recent hack was perpetrated by North Korea, through malware that that country has used to attack South Korean banks and media outlets, according to Director James Comey.
Comey spoke recently at the International Conference on Cyber Security in New York, where he also detailed a five-point strategy the FBI will pursue to counter cyber-attacks.
North Koreans “MO” revealed by slip-ups
Regarding the Sony hack, Comey said, “Several times they got sloppy. Several times, either because they forgot or because they had a technical problem, they connected directly and we could see them. And we could see that the IP addresses that were being used to post and to send the e-mails were coming from IPs that were exclusively used by the North Koreans.”
In addition, he said that the bureau has “a range of other sources and methods,” which he declined to describe, that leads him to believe “not with just high confidence, but very high confidence that the North Koreans perpetrated this attack.”
Comey used this example as a way to lead in to a description of how the government plans to address cyber crime as billions of people worldwide become more closely connected through the internet.
Detailing the strategy: public-private partnership
Here’s how Comey summed up the strategy:
“We’re going to try to focus ourselves; we’re going to try to shrink the world; we’re going to try to impose real costs on bad actors; we’re going to improve our relationships with state and local law enforcement; and, most important of all, we’re going to try to improve our relationship, our battle rhythm, our working relationship with private-sector partners.”
Regarding this last point, Comey said he understands the frustration private companies have when dealing with the government, mentioning that he had been general counsel at two companies before coming back into government service.
“I’ve been in lots of conversations that went like this: ʻWhy doesn’t the government tell us something?’…ʻWhat are they going to do with what we tell them?’ ʻWhat if it leaks?’ ʻWhat if it gets used against us in a competition?’ ʻWhat if we get accused of lying to somebody?’ ʻWhat if we get sued?’ ʻWhat are our shareholders going to think?’ ʻWhat’s the board going to think?’ ʻWhy can’t the government tell us things that we can actually do something about?’” Comey said.
Still, Comey pointed out, the great majority of harm perpetrated by cyber criminals manifests itself in the private sector.
“All of it is in your world, private-sector partners,” Comey said. “Invariably, that’s where the victims are. That’s where the information is that we need in order to be able to respond to actions by nation states, by terrorists, by hacktivists … If we can’t find a way to effectively share that information to those of us with the enforcement powers, we’re sunk.”
Finding more ways to cooperate will be difficult, Comey acknowledged.
“I think we need clearer rules for the private sector, to offer clear rules of the road for what will happen to what you share and what we need you to share,” Comey explained. “We need better technology and to be able to share information both ways more effectively and more quickly.”
Comey added: “You need protection. You need guidance. I [law enforcement] need information.”
Four more points for doing battle
The other parts of FBI’s five-point strategy include:
• Focus—Concentrate resources to go after the nation-state actors and the most dangerous criminal syndicates and international operations; designate a single FBI field office to take the lead in dealing with cyberthreats, assisted by a team of up to four other designated field offices.
• Shrink the world—Forward-deploy more cyber special agents of the FBI in foreign partners’ offices, as well as coordinating domestic agency efforts through the National Cyber Joint Investigative Task Force.
• Impose costs on criminals—Catch perpetrators and bring them to justice or, as in the case of North Korea, expose their actions as publicly as possible.
• Coordinate with state and local law enforcement—Equip partners to be digitally literate and to conduct investigations at state and local levels; work with the Secret Service to offer training to such organizations around the country.