Guardians of Peace (GOP), the hackers who infiltrated Sony Pictures Entertainment’s computer systems, are now threatening US news media organizations, according to a recent Joint Intelligence Bulletin issued by the FBI and Department of Homeland Security (DHS).
The bulletin, which referred to Sony as "USPER1"and an unnamed news organization as "USPER2," indicates that the threats to USPER1 and related threats concerning the planned release of the movie “The Interview” have now extended to other organizations.
“These threats have extended to USPER2—a news media organization—and may extend to other such organizations in the near future,” the bulletin stated.
Although the bulletin does not contain any specific evidence of a threat to news organizations, given the destructive nature of the malware, DHS and FBI are warning businesses to exercise caution.
“The FBI and DHS are not aware of any specific credible information indicating a physical threat related to these postings,” the bulletin stated. “However, the potential remains for GOP or copycat actors to make renewed cyber and/or implied physical threats, to identify new targets, or execute physical attack is the movie is again scheduled for release.”
The bulletin continued, “Despite a lack of credible physical threat reporting, mass gatherings have historically been attractive targets, and threat actors could view screenings as potentially attractive targets due to the growing media attention. We encourage facility owners and operators, security personnel, and first responders to remain vigilant and report suspicious activities and behaviors that may indicate a potential attack.”
US security officials indicated that in late November 2014, GOP claimed responsibility for the cyber intrusion on USPER1 and subsequently issued threats to its employees, as well as theaters planning to show the movie, “The Interview.” The intrusion compromised employees’ personally identifiable information and sensitive business communications.
In addition to a number of threats targeting movie theaters planning to show “The Interview,” on December 20, GOP issued a threat specifically taunting the FBI and USPER2 for the ‘quality’ of their investigations and implied an additional threat, the nature of which is unclear.
“The GOP’s attack on USPER I indicates the increasing willingness of malicious cyber actors to conduct offensive cyber operations against US entities based on perceived injustices or provocations,” the bulletin stated. “Though we have seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack—coupled with its coercive nature—sets it apart.”
Homeland Security Today reported last month the FBI believes North Korea is behind the cyber attack on Sony. Consequently, the Obama administration indicated that it was considering putting North Korea back on the list of state sponsors of terrorism.
“Nation-state actors are increasingly hacking into US companies and government networks to steal intellectual property and secrets without consequence,” said House Committee on Homeland Security Chairman Rep. Michael McCaul (R-Texas).
McCaul added, “Former Director of the National Security Agency Gen. Keith Alexander described this loss of IP as ‘the greatest transfer of wealth in history.’ However, the Sony attack was more than just theft – it was destructive. If North Korea has these capabilities, imagine what damage nation-states like Russia, Chinaor Iran can cause to our nation’s vital networks that control our power grid, energy and water supplies or other critical infrastructure. We must do more to ensure our nation is able to prevent, detect and respond to the growing cyber threat.”
An alternate theory put forth by cyber intelligence firm Norse is that the cyberattack was carried out by disgruntled former Sony employees.
“We think we see indicators of those two groups of people getting together,” said Kurt Stammberger, SVP at Norse, in a blog post.
However, the FBI stands by their original conclusion that North Korea is behind the hack.
"The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment," the FBI said in a statement. "Attribution to North Korea is based on intelligence from the FBI, the US Intelligence Community, DHS, foreign partners and the private sector."
"There is no credible information to indicate that any other individual is responsible for this cyber incident,” the FBI added.
Trevor Timm, executive director of the Freedom of the Press Foundation, believes the threat on news organizations should not be taken lightly.
“While it’s hard to tell how legitimate the threat is, if a news organization is attacked in the same manner Sony was, it could put countless sensitive sources in danger of being exposed—or worse,” he told The Intercept.
But Timm also pointed out that media are already considered a common target by state-sponsored attackers. “This FBI bulletin is just the latest example that digital security is now a critical press freedom issue, and why news organizations need to make ubiquitous encryption a high priority,” he said.