WASHINGTON — Investigators say a crippling cyberattack against Sony Pictures Entertainment likely is the work of North Korea, in what would be the first known case of the reclusive nation using its growing hacking capability to cause major disruptions to a company in the United States.
The attack brought Sony, one of Hollywood’s biggest studios, to a near-standstill last week, forcing employees to use paper and pens instead of their computers. Hackers also deleted files from hard drives, uploaded several unreleased films to the Internet and leaked sensitive personal information regarding thousands of Sony employees.
The cyberattack might have come in retaliation for Sony’s upcoming release, the “Interview,” a comedy built around a fictional CIA plot to kill North Korea’s 31-year-old supreme leader, Kim Jong Un, say people familiar with the probe who spoke on the condition of anonymity because the investigation is not yet complete.
North Korean officials have repeatedly complained about the movie — which is due to open in theaters on Christmas — warning of “stern” and “merciless” retaliation. On Tuesday, a North Korean government spokesman declined to comment on whether it was behind the Sony incident, according to a report by BBC News, which quoted the spokesman as saying, “Wait and see.”
If investigators’ beliefs turn out to be true, the hack on Sony would mark a troubling new development at the intersection of international relations, commerce and cyberspace.
“This is a step beyond what they’ve done in the past, but it’s a logical trajectory for them,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
He said that he did not have definitive knowledge that North Korea was responsible for the hack but noted that it shared characteristics of previous cyberattacks by North Korea against South Korean companies.
Banks in South Korea were hit last year by a virus that deleted data from hard drives in a cyber campaign that investigators dubbed Dark Seoul.
Jaime Blasco, labs director of security firm AlienVault, said analysis of the malicious software used in that attack and the one against Sony show similarities. “The techniques and code are similar in both,” he said.
Dark Seoul was attributed to North Korea by the cybersecurity firm, CrowdStrike, which dubbed the hacker group Silent Chollima.
Foreign government hackers for years have stolen information from U.S. companies and in some cases disrupted online operations, but the cyberattack against Sony Pictures has been unusually intrusive and seemingly vengeful.
Disruptions to computer systems began in the days before Thanksgiving. This week, private company records were made available online, according to various media reports. They have included employee salaries, evaluations by their managers and Social Security numbers, the website has reported.
Sony, a U.S.-based subsidiary of a Japanese conglomerate, is the studio behind movies such as “The Amazing Spider-Man” and “Fury.”
It did not comment directly on reports of possible North Korean responsibility for the cyberattack but issued a statement saying, “Sony Pictures continues to work through issues related to what was clearly a cyber attack last week. The company has restored a number of important services to ensure ongoing business continuity and is working closely with law enforcement officials to investigate the matter.”
The FBI declined to comment on who was behind the hack. On Monday, the bureau issued a flash warning to businesses about “destructive malware” following the attack, though it did not link it to Sony.
The alert noted that the malware was written in the Korean language and was capable of overriding data on hard drives and erasing data files stored on machines.
In the “Interview” film, Seth Rogen and James Franco play a producer and talk-show host headed to North Korea for an exclusive interview with Kim and are then tasked by the CIA to kill him. North Korean officials also complained to the United Nations and the United States about the film.
A State Department official, speaking on condition of anonymity, declined to comment on allegations about North Korea but said, “We are of course aware of reports about North Korean concerns about this movie. While it may be difficult for [North Korea] to understand the concept, in the United States entertainers are free to make movies of their choosing.”
The investigation into the attack could take months, and some media outlets have pointed to the possibility that a current or former employee could be responsible for the leaked information. But a person familiar with the investigation said that is not likely.
The hack “sounds like one of Sony’s own movie plots,” said Jason Healey, director of the Atlantic Council’s cyber statecraft initiative. “As crazy as the North Koreans are, most of us would have completely dismissed this as a ridiculous plot for a Hollywood movie.”
Healey said the U.S. government should speak up, if North Korea is proven to be behind the attack, and establish the norm that civilian targets should not be subject to cyberattack. “If we’re saying it’s OK to hack companies that are saying things you don’t like, is Twitter going to be next? Is Facebook going to be next?”
