Federal investigators are getting closer to confirming that North Korea was behind the embarrassing cyberattack on Sony Pictures Entertainment’s computer systems, the head of the House Intelligence Committee said Friday.
Rep. Mike Rogers (R-Mich.), chairman of the committee, said a “clue” indicates North Korea was probably behind the attacks, either acting on its own or through a criminal organization.
Rogers, a former FBI agent, pointed to statements from Pyongyang in which North Korea denied responsibility but did not condemn the attacks.
"I would argue as a former FBI agent that, when a nation state says that 'This group ... did this on behalf of the North Korean people ... and we appreciate it,' as we would say in the FBI: that is a clue," Rogers said.
Rogers stopped short of saying that U.S. officials have definitively confirmed the source of the attack, although he said the investigation was making headway.
"I do believe our attribution is getting much, much better," Rogers said.
Rogers said his statements were based on publicly available information.
The North Korean government publicly threatened Sony Pictures over the summer that its planned release of “The Interview,” a comedy that depicts a fictional assassination attempt on North Korean leader Kim Jong Un, would be considered an act of war.
In recent weeks, the still-unsolved cyberattack on Sony computer systems has led to leaks on the Internet of confidential Sony emails, salary figures, thousands of Social Security numbers and footage from unreleased films.
The breach damaged critical files on the company’s computers and is expected to cost the studio tens of millions of dollars, officials have said.
North Korean officials might have tried to stop the release of film, which stars Seth Rogen and James Franco, “because they thought it would be damaging to the leader in North Korea,” Rogers said.
“Obviously they missed the boat on what makes America tick: They may have done more sales for that movie than ever before,” Rogers told reporters at a breakfast sponsored by the Christian Science Monitor.
Rogers said the latest digital attack on a major American company should be a wake-up call for other businesses with intellectual property or other sensitive information to erect stronger cyberdefenses.
“Sony showed now there is a destructive part of these cyberattacks that are very, very dangerous,” he said. “Imagine you are a financial institution getting its data destroyed -- that has economic consequences that should keep us all up at night."
Congress passed cybersecurity legislation this month. It did not include a provision that Rogers supported, and privacy groups opposed, to allow the National Security Agency to directly share source code of malicious attacks with American businesses and vice versa.
Civil liberties groups said the NSA could not be trusted to have direct access to the computer networks of U.S. companies.
The legislation that passed is a “long way” from what is needed, Rogers said.
“It’s not going to get at our ability to stop bad guys from doing bad things, but it starts to build our foundation” for more protections, Rogers said.