Report: Sony Hackers Revealed Themselves By Logging Into Facebook

Before the attacks in November, Sony Pictures was threatened in a series of messages posted to a Facebook account set up by a group calling itself “Guardians of Peace.” After Facebook closed that account in November, the group changed its messaging platform and began sending threats in emails to Sony and on the anonymous posting site Pastebin. As far back as last June, North Korean officials wrote in a letter to the United Nations that “The Interview,” a Sony comedy about two journalists hired to assassinate its leader, Kim Jong-un, was an act of terrorism.

The slip-up by the North Koreans was similar to one two years ago that led American officials to conclude that hackers inside the Chinese military’s Unit 61398 was behind attacks on thousands of companies and government agencies abroad. In that case, the Chinese hackers logged into their Facebook and Twitter accounts from the same infrastructure they used for their attacks.
Facebook closed the Guardians of Peace Facebook account in November. A Facebook spokesman said the company could not comment on specific accounts or law enforcement requests. In the past, the F.B.I. has compelled companies like Facebook to provide it with specific information about user accounts, including logs of user activity and Internet protocol addresses, through court orders.
The Sony breach has become a focal point for the F.B.I. and other officials because it was one of the rare attacks on a big corporation that the United States has attributed to a foreign government.