At the International Conference on Cyber Security at Fordham University on Tuesday, Comey said, "There is not much in this life that I have high confidence about—I have very high confidence about this attribution as does the entire intelligence community," in remarks reprinted by Fortune magazine.
Comey went on to give detailed information about the reasoning behind the accusations against North Korea, describing "clear links to other malware that we know the North Koreans previously developed," and noting that the hackers "got sloppy," making mistakes when not covering their IP addresses. "We could see that the IP addresses being used to post and to send the e-mails were those that that were exclusively used by the North Koreans," he disclosed.
The FBI first blamed North Korea for the Sony hack in December, and US President Barack Obama said "We will respond proportionately," to the attacks. On January 2 the US announced the imposition of sanctions against the isolated regime, according to which ten individuals and three organizations are to be denied "access to the US financial system." North Korea, in response, continued to deny responsibility for the attack, calling the sanctions part of the US government’s "inveterate repugnancy and hostility toward the DPRK."
Comey’s comments come after cyber-crime specialists expressed doubts that North Korea was in fact behind the attack. In December, security expert Marc Rogers wrote on the Daily Beast that the evidence against Sony was "flimsy," adding that "calling out a foreign nation over a cybercrime of this magnitude should never have been undertaken on such weak evidence," while Politico.com reported that cyber intelligence company Norse had briefed the FBI that their research pointed to laid-off Sony staff as being responsible for the hack, not North Korea.
