North Korea was responsible for a “destructive” cyber attack on Sony Pictures, the US Federal Bureau of Investigation said Friday, warning it would hunt down the perpetrators and make them pay.
The November attack prompted the movie giant to cancel the Christmas Day release of “The Interview,” a madcap satire about a fictional CIA plot to kill North Korean leader Kim Jong-Un.
The anonymous hackers invoked the memory of September 11, 2001 in threatening attacks on cinemas screening the film, prompting major theater chains to say they would not screen it.
In addition to the threats, Sony has seen the release of a trove of embarrassing emails, scripts and other internal communications, including information about salaries and employee health records.
“The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the agency said in a statement.
“Such acts of intimidation fall outside the bounds of acceptable state behavior.”
The attack involves the use of malware and rendered thousands of Sony Pictures computers “inoperable,” forcing the company to take its entire network offline, the FBI said.
“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there,” the FBI said.
The accusation came shortly before President Barack Obama was due to hold his last press conference of the year at 1830 GMT — virtually ensuring that he would be asked to address it.
A Sony source had told AFP that the studio also believes Pyongyang was behind the attack.
“We don’t know, but it appears so,” said the source.
‘Costs and consequences’
Pyongyang has so far denied involvement in the brazen November 24 cyber attack, but nevertheless hailed it as a “righteous deed.”
The North’s top military body, the National Defense Commission, slammed Sony for “abetting a terrorist act while hurting the dignity of the supreme leadership,” according to the state-run KCNA news agency.
The FBI nevertheless warned the attack would not go unpunished.
It said it would “identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or US interests.”
Senior Republican lawmaker John McCain — the incoming chairman of the Senate Armed Services Committee — on Friday called the cyber attack an “act of war.”
But the FBI statement appeared to indicate the US government was treating the incident as more of a criminal act.
“We follow the facts and evidence wherever they lead, to identify the fingers at the keyboards that threaten our people, our companies, and our national security,” said John Carlin, assistant US attorney general for national security.
“Identifying those responsible for these attacks is only the first step, and we will continue to do our part to protect and defend our nation from the asymmetric threats posed through cyberspace.”
Free speech advocates and foreign policy hawks slammed Sony’s decision to pull “The Interview” as cowardice in the face of a hidden enemy.
McCain said it set a “troubling precedent that will only empower and embolden bad actors to use cyber as an offensive weapon even more aggressively in the future.”
But Sony defended its decision, saying the safety of theater patrons was at risk.
“This was a terrorist act, and you don’t take that lightly,” the company source said. “This is much bigger than us … it’s a whole new world, now warfare is on the cyber level.”
Related: Why You Should Demand Proof Before Believing The U.S. Government On North Korea and Sony