For outgoing House Intelligence Committee Chairman Mike RogersMichael (Mike) Dennis RogersSenior-level engagement with Russia is good — if it's realistic It's time to overhaul the antiquated and unbalanced military justice system China triggers growing fears for US military MORE (R-Mich.), the public evidence in the Sony Pictures hacking case is clear.
A nation-state was behind it, he said, and it was likely North Korea.
Pyongyang has denied responsibility for the hack — which took down Sony’s computer system, destroyed files and leaked troves of internal documents — but praised the action as a “righteous deed.”
The country suggested the cyber criminals were retaliating against Sony for its upcoming comedy, “The Interview,” about a plot to assassinate North Korean leader Kim Jong Un.
“I would argue as a former FBI guy, that when a nation state says that this group who doesn’t know who we are but did this on behalf of the North Korean people … and we appreciate it,” Rogers said, before pausing.
“As we would say in the FBI, ‘That is a clue,’ ” he said, speaking at a Christian Science Monitor breakfast on Friday.
Rogers said he's "fairly confident" that North Korea is responsible "given the public information," but declined to comment on what he had learned in confidential briefings.
A Bloomberg Businessweek report on Thursday night reported that FireEye, a security firm Sony hired to investigate the hit, had prepared a blog post linking the attack to an ongoing North Korean cyber campaign. But Sony’s general counsel reportedly put the kibosh on the post, perhaps fearing further retribution.
Rogers said the Sony attack resembled the campaign, DarkSeoul, which hit banks and media companies across South Korea last year, but added new techniques. For instance, he thinks Sony hackers have maintained a backdoor into the computer network.
“So, by the time you get it back up, they can whack you again,” Rogers said.
“Sony is a game changer when it comes to cyber in the United States,” he added.
But it wasn’t enough to push through Rogers’s central piece of cybersecurity legislation, the Cyber Intelligence Sharing and Protection Act (CISPA), he said.
The measure would have provided legal protections for companies sharing cyber threat information with the National Security Agency (NSA). Privacy advocates have resisted the bill because of fears it doesn’t limit the NSA from collecting personal information on Americans.
Although CISPA passed the House earlier this year, the Senate version officially died a week ago, Rogers said.
“Unfortunately, I don’t think [Sony] had an impact on the negotiations,” he said. “I wish it would have.”