Note: Since this post was originally published, an individual has come forward to claim credit for authoring a message on Pastebin that was previously legitimized by the FBI in its intelligence bulletin. For more on this update, click here.
An American news organization was recently threatened by a group of hackers who wreaked havoc on the computer network of Sony Pictures Entertainment in retaliation to a once-forthcoming film on North Korea, according to federal investigators.
A Christmas Eve bulletin written by the FBI that was later obtained and published by The Intercept’s Jana Winter claimed the hacking group Guardians of Peace threatened a “news media organization” and warned that such threats “may extend to other such organizations in the near future.” The threats were part of a series of messages posted online that included links to a trove of data purportedly stolen from Sony’s computer network, the bulletin said.
The memo, called a Joint Intelligence Bulletin, said the messages were posted to a website called Pastebin, a text repository that allows people to upload and share messages and other information anonymously. The FBI did not identify the news organization in its intelligence bulletin, referring to the company only as “USPER 2.”
The Desk is identifying the news organization as CNN based on copies of messages posted to Pastebin on December 20. The message were not available for viewing through conventional search means at the time of this posting.
In one message, the group mockingly praised CNN for its “investigation” into the attack on Sony’s computer network and offered a “gift” in the form of a YouTube video titled “You are an idiot.” The message closed with a demand that CNN “give us the Wolf,” a likely reference to CNN news anchor Wolf Blitzer.
A second message similar in tone was addressed to the FBI. It is unclear how the FBI authenticated the messages posted to Pastebin.
Sony Pictures found itself in the crosshairs of hackers identifying with the Guardians of Peace over its planned release of “The Interview,” a film that depicts a fictitious assassination plot against North Korean leader Kim Jong-un. A large amount of sensitive data allegedly stolen from Sony’s computer network started appearing online late last month. The data included sensitive personnel and business information, including employee medical records and e-mail messages sent back and forth between high-ranking executives at Sony.
Earlier this month, the FBI announced it believed North Korea was the chief instigator behind the Sony compromise, although federal investigators offered little evidence to support their theory. Some security experts say a more-plausible scenario involves an insider at Sony colluding with hackers to compromise the company’s computer systems.
A federal law enforcement source speaking on condition of anonymity told The Desk two weeks ago that investigators are examining the likelihood that an insider aided hackers in the attack.
“This was not the kind of attack where hackers grab whatever they can find,” the law enforcement source said. “All indications so far is that the person or group behind the attack had a general sense of what they wanted and a pretty good idea on where to find it. And so, for that reason, we’re exploring the possibility that someone [at Sony] may have helped out here.”
The Intercept: FBI bulletin says Sony hackers threatened news organization
[Update: Since this post was originally published, a freelance writer has come forward as the author of the message directed at CNN that was referenced in the FBI’s intelligence memo.
In addition to claiming credit, Knoxville-based writer David Garrett, Jr. published several images on his Twitter profile Wednesday afternoon that he asserted proved himself to be the author of the taunting message to CNN.
Garrett explained in a series of tweets to The Desk that he didn’t intend for the message to be taken as a threat — instead, he sought to highlight what he considered to be a weakness in CNN’s reporting, in that the news agency was relying heavily upon Pastebin as a source for a report on the Sony computer intrusion.
“Pastebin is an anonymous (platform),” Garrett wrote. “It shouldn’t be used as a news source. And I thought that maybe CNN would think it was real, but it turned out that everyone but CNN thought it was real.”
Though the evidence Garrett published online is convincing, it’s still hard to know with 100 percent certainty that he is the author of the post. And it remains unknown how the FBI came to authenticate the message to CNN in the first place.
Update 2: An earlier version of this story stated a PasteBin message directed at CNN had been “deleted” from the service. The message was unavailable for viewing through conventional means when this article was first published; attempts to load a page where the note was published returned an error message saying the post had been removed. The message has since been apparently restored since this article was published.]