U.S. accuses N. Korea of Sony cyberattack

WASHINGTON - Federal investigators on Friday accused North Korea of carrying out a damaging computer attack against Sony Pictures Entertainment, blaming the Stalinist government for an intrusion that exposed corporate e-mails, wiped out computer data and underlined the cyber capabilities of one of the United States' top adversaries.

American officials had privately said that they believed North Korea was behind the hacking incident discovered last month. But the new claim marks a significant escalation - the first time that the United States has openly laid blame on a foreign government for a destructive cyberattack against an American corporation.

The attack came in apparent retaliation for Sony's planned Christmas Day release of The Interview, a comedy built around the assassination of North Korean leader Kim Jong Un. The company decided this week to cancel the movie's release.

President Obama, during an end-of-year news conference Friday, criticized Sony for that decision, saying he believed it was a "mistake."

"We cannot have a society in which some dictator someplace can start imposing censorship here in the United States," Obama said. "Because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don't like or news reports that they don't like."

Sony Pictures chief executive Michael Lynton said it was the president who was mistaken, noting that Sony canceled the release only after all major theater chains decided not to show the movie. But the Homeland Security Department concluded those threats were not credible, and the top multiplex chains in North America dropped The Interview only after Sony informed them it would not protest if the theaters pulled the film.

"The president, the press, and the public are mistaken as to what actually happened," Lynton told CNN. "We do not own movie theaters. We cannot determine whether or not a movie will be played in movie theaters."

Lynton did not indicate whether Sony planned to release the movie on DVD or through video-on-demand services, which are not controlled by theaters, but the company suggested that was an option in a statement late Friday.

The Sony hack marked the first known intrusion by North Korea into private U.S. computer networks. And unlike the vast majority of intrusions into U.S. company networks, aimed at stealing data for commercial benefit or intelligence purposes, the Sony attack was intended to strong-arm the company into pulling the movie.

North Korea's actions were "intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves," the FBI said.

"The FBI now has enough information to conclude that the North Korean government is responsible for these actions," the bureau said in a statement, adding that the conclusion was based in part on a "technical analysis" of the malicious software used in the attack, which "revealed links to other malware that the FBI knows North Korean actors previously developed." The FBI also said the attack was linked to several Internet protocol addresses "associated with known North Korean infrastructure."

"Though we have seen many different types of intrusions targeting U.S. networks, the destructive nature of this attack, coupled with its coercive nature, sets it apart from typical cyber incidents," a senior administration official said.

The FBI said technical analysis of the data deletion malware used in the attack revealed links to other malware the FBI had linked to North Korean hackers.

The bureau said it saw "significant overlap" between the servers used in this attack and servers used in other attacks that the U.S. government has linked to North Korea. For example, the FBI found that malware used in the Sony attack was communicating with control servers known to be used by North Korean hackers.

The FBI noted that the tools used in the attack bear similarities to a cyberattack in March 2013 against South Korean banks and media outlets, which was carried out by North Korea.

The authorities in Pyongyang have publicly denied involvement. On Friday, the group that has claimed credit for the attack, calling itself the Guardians of Peace, was said to have sent Sony executives a new message praising them for canceling the release of The Interview but warning them to "never" let the movie be "released, distributed or leaked," according to CNN.

Obama said his advisers are preparing a "range of options" to respond to North Korea's attack. "We will respond proportionally," Obama said, "and we will respond at a place and time that we choose."

Sen. Robert Menendez (D., N.J.), the outgoing chairman of the Foreign Relations Committee, sent Secretary of State John Kerry a letter urging him to consider redesignating North Korea a state sponsor of terrorism in the wake of the cyberattack.