The Director of the FBI, James Comey, revealed in a speech today how the US government managed to tie the hack of Sony Pictures to North Korea.
Speaking at the International Conference on Security, Comey explained how investigators at the FBI uncovered who was behind the cyberattack.
Comey told the conference that the hackers "got sloppy," accidentally revealing their real IP addresses in the emails they sent to Sony Pictures executives. He explained that the IP addresses are "exclusively used by the North Koreans."
Hackers use technology like VPN survives to try and hide their IP addresses, which tie internet users to real-world locations. By using VPNs, they can mask where in the world they really are. Comey claims that Guardians of Peace used VPNs to try and hide their real identities, but they slipped up.
Elsewhere in his speech, Comey addressed the many cybersecurity experts who have cast doubt on the FBI's claim that North Korea was behind the hack. "Some serious folks suggested we have it wrong," he said. "They don't have the facts that I have, they don't see what I see." He went on to say that "there's not much I have high confidence about - I have very high confidence in this attribution."
The US government has formally accused North Korea of hacking American-based Sony Entertainment, a cyberattack which reportedly destroyed about three-quarters of the computers and servers at the studio’s main operations.
The hack is the second major attack in which hackers targeted American corporate infrastructure on a large scale with the primary goal of destroying it (as opposed to stealing from it or spying on it).
Dozens of terabytes of information was taken, revealing information including scripts, unreleased movies, actor compensation, and off-the-cuff conversations among high-level Sony executives.
After the hack surfaced on November 24, all hell broke loose in the entertainment world as news organizations scrambled to cover every possible angle. Threats of violence against movie theaters led to Sony canceling the Dec. 25 theatrical release of "The Interview" before releasing it online.
The evidence against Pyongyang, much of which is classified, is reportedly substantial. Shane Harris of The Daily Beast, citing sources familiar with the investigation, reports that "the most damning evidence against the Sony hackers was obtained in a secret, and years earlier, during previous intelligence-gathering efforts. "
Another potential indication of North Korean meddling, beyond the IP addresses, is that the malware that wiped Sony's systems bears resemblance to malware previously linked to North Korean hackers.
A North Korean defector who took classes with the hackers that are now in Bureau 121 told Business Insider that the hackers are taught "to develop its own hacking programs and computer viruses without having to rely on programs already built in the outside world."
SEE ALSO: Defector: Elite North Korean Hackers Work In This Chinese City