U.S. investigators have evidence that hackers stole the computer credentials of a system administrator to get access to Sony’s computer system, allowing them broad access, U.S. officials briefed on the investigation tell CNN. The finding is one reason why U.S. investigators do not believe the attack on Sony was aided by someone on the inside, the officials tell CNN.
The revelation is part of what is behind the government’s conclusion that hackers operating on behalf of North Korea were responsible. The government is expected to publicly blame the reclusive regime as early as Friday. The hackers ability to gain access to the passwords of a top-level information technology employee allowed them to have “keys to the entire building,” one official said.
The access has led to some suspicion of perhaps an inside job. It’s a common tactic that hackers use, and cyber-attacks often look like inside jobs, the officials say. U.S. used signal intelligence and other means to trace the attack to North Korea, finding digital footprints that pointed to North Korea. The statement to be issued as early as Friday morning will provide some of the evidence behind the U.S. government’s conclusion, but not all.
Though officials say they are planning to lay blame on Friday, they haven’t yet decided how to respond to the attack.
The White House and other agencies are holding a series of high-level meetings to discuss the United States’ range of options, a senior official in President Barack Obama’s administration said.
“We do think it’s appropriate to respond,” the official said.
Those options could include new sanctions against North Korea, another source said.
White House press secretary Josh Earnest wouldn’t confirm that the Obama administration has pinned the hack on North Korea, saying it’s still being investigated by the FBI and the Justice Department.
He said the investigation is “being treated as a serious national security matter.”
“There is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor,” Earnest said.
He said the United States’ response would need to be “proportional,” and that national security officials considering how to respond are “also mindful of the fact that sophisticated actors when they carry out actions like this are oftentimes, not always, but often seeking to provoke a response from the United States.”
A senior administration official said the White House did not pressure Sony to make the decision it announced Wednesday to pull the movie “The Interview” — which depicts the assassination of North Korean leader Kim Jong Un — from theaters.
“There was no pressure. Absolutely not,” the official said, adding that consultations with Sony happened primarily in phone calls between the company and the FBI which were relayed to the White House.
For all the restrictions the United States has already placed on North Korea, administration officials say there’s a lot further those penalties could go. The toughest option: The United States could restrict North Korea’s dollar-denominated trade by hitting Chinese banks that do business with Pyongyang — a tactic used against Iran and, less comprehensively, against Russia after its incursion into Ukraine’s Crimea region.
Other economic sanctions could also be considered, and the United States could finger North Korean individuals involved in the hack for criminal charges — though that option, while still being considered, appears unlikely, an administration official said.
“At this point we are not prepared to official say who we believe was behind this attack,” Homeland Security Jeh Johnson told MSNBC on Thursday. “I will say this: We do regard the attack on Sony as very serious.”
Johnson described it as a “serious attack not only on individuals and a company but basic freedoms we enjoy in this country,” but did not want to label it terrorism. The administration is still discussing how to characterize the hack, sources said.
Sources say it’s unlikely there will be an indictment right now, as was the case in the Chinese military hacking case early this year. One law enforcement source said “in order to indict you have to have an idea of who the players are,” and at this point the investigation hasn’t yet revealed those details.
The law enforcement source said the United States’ cyber investigation is moving at a speed that’s unheard of amid mounting pressure for the U.S. government to publicly point the finger at North Korea.
The source said the Sony hack was similar to a cyber attack against South Korean banks last year, and that the coding was in Korean.
A source familiar with the investigation says “the tactics, techniques and procedures were right out of the North Korean playbook.”
Sources with first-hand knowledge of the investigation said officials haven’t ruled out the possibility that a Sony insider or former employee aided in the attack.