FBI Director James Comey on Wednesday adamantly defended his bureau’s conclusion that North Korea was behind the cyber-attack against Sony Pictures Entertainment, revealing new evidence and claiming those questioning the North Korea connection “don’t have the facts that I have.”
The U.S. government for weeks has faced skepticism from private-sector cybersecurity analysts, many of whom say the attack may have been an inside job by a former Sony employee.
In what amounted to the U.S. government’s most detailed explanation to date of the evidence it has linking North Korea to the hack, Comey said he has “very high confidence” Pyongyang was behind it and disclosed new details.
He said U.S. investigators were able to trace emails and Internet posts sent by the Guardians of Peace, the group behind the attack, and link them to North Korea.
Comey said most of the time, the group sent emails threatening Sony employees and made various other statements online using proxy servers to disguise where the messages were coming from.
“But several times, they got sloppy,” he said.
Comey said on occasion, they connected “directly,” and in turn the U.S. “could see them and we could see that the IP addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans.”
He said this was a “mistake” by the attackers, but was a “very clear indication of who was doing this.” Comey spoke at a cybersecurity conference at Fordham University in New York City.
The evidence had not been previously disclosed. When the FBI first implicated North Korea, the bureau pointed to, among others things, malware that had links to other malware developed by the North Koreans, and similarities between this and an attack in March 2013 by North Korea against South Korean companies.
Cybersecurity analysts in the private sector described this evidence as circumstantial.
One firm, Norse, last week briefed the FBI on evidence it claims could support the theory that the hack was an inside job, involving former Sony staff.
Kurt Stammberger, senior vice president for market development at the company, told FoxNews.com last week that Norse has data about the malware samples that point to "super, super detailed insider information" that only a Sony insider would have.
Comey said he’s aware of the accusations that the FBI might have it wrong. To them, he said, “They don’t have the facts that I have, don’t see what I see.”
Comey said the FBI even brought in a team of people from across the intelligence community to look at other explanations, and “we end up in the same place.” He said they have a “range” of other sources and methods that they will continue to protect.
Comey’s comments come after the Obama administration on Friday imposed new sanctions against the North Korean government, in retaliation for the attack.