The Obama administration on Friday formally accused North Korea's government of being responsible for the dramatic hacker break-in at Sony Pictures Entertainment Inc. but offered few hints about how or whether it would retaliate. Its proof: The U.S. detected communications between computer Internet addresses known to be operated by North Korea and hacking tools left behind at the crime scene, which the FBI also said contained subtle clues linking them to that country's government.
The decision to openly blame North Korea — which involved the State Department and U.S. intelligence agencies — escalated an intriguing global game of brinkmanship that included the disclosure of confidential Sony emails and business files and threats of terror attacks against U.S. movie theaters until Sony agreed to cancel the Christmas Day release of its comedy, "The Interview," which the hackers had demanded partly over a scene depicting the assassination of North Korea's leader.
Continue Reading Below
The FBI described the Sony hacking as unusual because of "the destructive nature of this attack, coupled with its coercive nature."
"The FBI now has enough information to conclude that the North Korean government is responsible for these actions," said the U.S. statement, which was not attributed to any official by name. It added: "North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves."
The statement did not suggest how or whether the Obama administration would respond but included a general promise to impose "costs and consequences" against any person, group or government using cyberattacks to threaten the U.S. or its interests.
North Korea has denied it was involved but praised the hacking as a "righteous deed." On Friday, a North Korean diplomat to the United Nations, Kim Un Chol, declined to comment on the American accusations.
In a taunting new email the hackers sent to Sony, they told the Hollywood studio that executives were "very wise" to cancel the movie's release and said they planned no further disclosures of Sony's confidential materials "as long as you make no more trouble." The message warned "never" to release the film "in any form," including on DVD. The email was sent to several employees. It was confirmed Friday by a person close to the studio who requested anonymity because the person wasn't authorized to speak publicly about the matter.
In Hollywood, actor George Clooney said the entertainment industry should take action now by pushing for the immediate release of "The Interview" online. In an interview with the trade site Deadline, Clooney urged Sony to "stick it online. Do whatever you can to get this movie out. Not because everybody has to see the movie, but because I'm not going to be told we can't see the movie. That's the most important part."
President Barack Obama was expected to be asked about the hacking at a news conference later Friday.
The evidence implicating North Korea previously was described as largely circumstantial, including unspecified clues in the hacking tools left behind and the involvement of at least one computer in Bolivia previously traced to other attacks blamed on North Korea. Now, the FBI said those clues included similarities with other tools previously developed by North Korea in specific lines of computer code, encryption algorithms and data deletion methods. More significantly, the FBI discovered that computer Internet addresses known to be operated by North Korea were communicating directly with other computers used to deploy and control the hacking tools and collect the stolen Sony files.
The FBI noted in its statement that it worked closely on the investigation with "other U.S. government departments and agencies." Those included the National Security Agency, a person familiar with the case said on condition of anonymity because some of the information NSA was providing in the case was highly classified.
An internal FBI investigative document obtained by The Associated Press identified the computers in the Sony hacking as operating in New York, Thailand, Poland, Italy, Bolivia, Singapore and Cypress. At least three were still functioning Friday, responding online to Internet test signals transmitted by the AP. The hackers previously published some of the stolen materials with a message that included five addresses using an anonymous email service in France.
U.S. options for acting against North Korea are limited. The U.S. already has a trade embargo in place, and there is no appetite for military action. Even if investigators could identify and prosecute the individual hackers believed responsible, there's no guarantee that any located are overseas would ever see a U.S. courtroom. Hacking back at North Korean targets by U.S. government experts could encourage further attacks against American targets.
Evans Revere, a former State Department official and specialist on Korea, said if U.S. officials connect North Korea not only to the hacking attack but to the threats to carry out 9/11-style attacks against movie theaters, a case could be made to put North Korea again on a list of state sponsors of terrorism. That designation now is held by Iran, Sudan, Syria and Cuba. North Korea was on the list for 20 years until it was taken off in 2008 by the Bush administration during nuclear negotiations..
Rep. Ed Royce, R-Calif., chairman of the House Foreign Affairs Committee, said putting Pyongyang back on the list would be warranted and that he did not doubt North Korea was involved. He called for tougher U.S. sanctions to cut Pyongyang's access to hard currency by excluding from the U.S. financial system banks in other countries that hold North Korean funds.
"This is not a just a corporate security issue," Royce told the AP. "It is an act of aggression against the United States by a foreign government."
Associated Press Writers Jake Coyle in New York and Cara Anna at the United Nations contributed to this report.