FBI Director James Comey stated at a New York cybersecurity conference that North Korea “got sloppy” when it attempted to use proxy servers that would mask where the attacks were originating from.
Director Comey states that the hackers in the attack failed on multiple occasions to use the proxy servers that bounce their Internet connection through an obfuscating computer somewhere else in the world, revealing IP addresses that tied them to North Koreans.
“In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy,” Comey said. “Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using…were exclusively used by the North Koreans.”
“They shut it off very quickly once they saw the mistake,” he added. “But not before we saw where it was coming from.”
The Sony data breach is also linked to North Korean-developed malware, which the isolated nation supposedly used to break into South Korean banks last year, he said.
