Evidence in Sony hack attack suggests possible involvement by Iran, China or Russia, intel source says
WASHINGTON – The U.S. investigation into the recent hacking attack at Sony Pictures Entertainment has turned up evidence that does not point to North Korea as the "sole entity" in the case, but rather, raises the possibility that Iran, China or Russia may have been involved, an intelligence source told Fox News on Thursday.
Earlier Thursday, Fox News confirmed that the FBI is pointing a digital finger at North Korea for the attack.
The source pointed to the sophistication of malware “modules or packets” that destroyed the Sony systems -- on a level that has not been seen from North Korea in the past -- but has been seen from Iran, China and Russia.
There is no evidence of a forced entry into the Sony systems, pointing to an insider threat or stolen credentials. And the first emails sent to Sony, described as blackmail or extortion, included demands unrelated to the movie.
The malware had two destructive threads, the source said: it overwrites data and it interrupts execution processes, such as a computer's start-up functions. After the initial attack, the FBI warned the industry that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve. The intelligence source added that the forensic evidence suggests that the final stage of the attack was launched outside North Korea's borders -- creating some plausible deniability.
“Given the destructive efforts or effects of this attack, we're treating this as a national security matter, and as such, members of the president's national security team have been in regular meetings regarding this attack,” State Department Spokeswoman Jen Psaki said.
Also, Fox News has learned that U.S. security firms were first notified Monday by the U.S. government that they planned to publicly blame North Korea, which is inconsistent with past practice, as the U.S. government often has chosen to work behind the scenes in similar instances.
The White House declined earlier Thursday to directly blame North Korea for the attack, though Press Secretary Josh Earnest referred to the incident as a "serious national security matter."
The case is "being treated as seriously as you'd expect," Earnest told reporters at an afternoon briefing. He added that the White House would allow the investigation to move forward before speculating about a response.
"There is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor," Earnest said. "And it is being treated by those investigative agencies both at the FBI and the Department of Justice as seriously as you would expect."
The North Korean link came shortly after Sony canceled plans for its Dec. 25 release of “The Interview,” a comedy about the fictional assassination of North Korean leader Kim Jong-un. Getting Sony to pull the release of the movie had been one of the hackers’ public demands.
Officials, speaking on condition of anonymity, said the attack originated outside North Korea, but believe the individuals behind it were acting on orders from the North Korean government.
While the U.S. government is unlikely to issue formal charges against North Korea or its leadership, a formal announcement of North Korea’s involvement is likely to come Thursday.
The Sony hack attack is “deeply worrying” to the intelligence community because it is believed to be the first time destructive malware has targeted a U.S. firm, according to the Fox News source, who added that the cyber assault is seen as “retribution” for “The Interview.”
Fox News is told that the malware used in the Sony hack attack has two destructive threads: it overwrites data and it interrupts execution processes, such as a computer's start-up functions. The FBI warns that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve.
It is not clear how long the malware needs to be in the system before it brings on an almost complete paralysis. In the case of Sony, support functions -- including emails --were knocked off-line, seen as a distraction while the more destructive attack was launching.
This week North Korea’s state-run media KCNA endorsed the Sony hacking, saying it was done by “sympathizers.” Andrei Lankov, an expert on North Korea who writes a column for The Korea Times, says this is as close to an endorsement as possible.
Another expert noted “ambiguity of attribution and guerilla-warfare approach” are the tactics of North Korea. The expert concluded it will be seen that America is vulnerable to blackmail and North Korea will try it again.
Fox News has also been told, however, there was “zero” chance there would have been any actual attacks on theaters.”
"Sony was stupid to make a movie about killing Kim Jung-un," Lankov said, "but it was even more stupid to cave in to pressure."
A Steve Carell "paranoid" thriller "that was to be set in North Korea" also has been scrapped, sources say. The project from director Gore Verbinski and writer Steve Conrad wasn't yet titled, though industry outlets said the working title was "Pyongyang," which is the North Korean capital.
"Sad day for creative expression," Carell tweeted Wednesday evening, adding "#fear eats the soul" as a hashtag.
In an interview with ABC News aired Wednesday, President Obama encouraged Americans to go to the movies.
The Sony hacking saga took a sinister turn on Tuesday when hackers sent a message threatening to target theaters showing “The Interview” in a 9/11-type attack.
Sony then told theaters they will not be penalized should they choose not to show it.
A representative for the FBI Los Angeles Field Office told FOX411 that the bureau is “aware of the recent threats and continues to work collaboratively with our partners to investigate.”
Security experts told Fox that in the wake of the Sydney siege and the release of the CIA enhanced interrogation report last week, it was crucial the threat be taken seriously by authorities.
“This threatening statement obviously has some foundation and may be linked to current global hostilities toward the West and predominantly the U.S.,” said Lee Oughton, global security and risk management expert. “We are still unaware how deep the hackers were able to penetrate into the Sony systems. Only time will tell how much information they were able to ascertain and what price Sony will pay in the international market.”
Actors James Franco and Seth Rogen already canceled all media appearances promoting their film.
Fox News' Greg Palkot, Lucas Tomlinson, Hollie McKay and The Associated Press contributed to this report.