FBI director James Comey has explained new details of the Sony hack at a cybersecurity conference at Fordham University in New York City. "Several times they got sloppy," he told the audience, referring to the hackers.
In more technical terms, the hackers revealed IP addresses in North Korea that they "exclusively used". That's how the FBI knows it was North Korea—or so says the director.
It's worth noting that several security experts have pointed out that IP addresses that appear to be in North Korea aren't necessarily in North Korea. As Mark Rogers explains, "It isn't the IP address that the FBI should be paying attention to. Rather it's the server or service that's behind it."
Regardless, this is Comey's full explanation, courtesy of Andy Greenberg at Wired:
In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy. Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using… were exclusively used by the North Koreans.
They shut it off very quickly once they saw the mistake. But not before we saw where it was coming from.
One of the biggest questions that Comey addressed relates to the many security experts who maintain that blaming North Korea for the attack makes no sense. There are some signs that suggest North Korean involvement, but it's hardly conclusive, many security experts say. Bruce Schneier, for instance, has written a couple of columns to that effect at The Atlantic. "However you read it, this sort of evidence is circumstantial at best," said Schneier a couple weeks ago. "It's easy to fake, and it's even easier to interpret it wrong."
To the sceptics, Comey simply said, "They don't have the facts I have."
Comey's remarks came flooding in through Twitter as he gave them. We called the FBI to confirm the claims, but the press office wasn't able to confirm specific quotes as Comey often speaks "off-the-cuff". For confirmation, the FBI told us to look on Twitter. So we did.
Here's Mashable's Lorenzo Franceshci:
This is apparently the FBI's smoking gun: Sony hackers made mistakes in hiding their tracks, exposed IPs "exclusively used" by North Korea
— Lorenzo Franceschi B (@lorenzoFB) January 7, 2015
Wired's Andy Greenberg:
FBI director Comey speaking at Fordham: NK Sony hackers failed to use proxies on multiple occasions, revealing IPs they "exclusively used"
— Andy Greenberg (@a_greenberg) January 7, 2015
And CNBC's Eamon Javers:
FBI Director Comey: "I thought it was very very important that we as a government said we know who hacked Sony, it was the North Koreans."
— Eamon Javers (@EamonJavers) January 7, 2015
And finally the FBI itself:
Speaking about #Sony hack, FBI Director Comey: Not much I have high confidence about. I have very high confidence…on North Korea.
— FBI New York (@NewYorkFBI) January 7, 2015