The FBI on Friday said that North Korea was responsible for the massive hack of Sony Pictures Entertainment. The hack leaked personal employee information, embarrassing emails and after a series of threats ultimately led to the cancelation of the comedy film, The Interview.

The FBI's official statement offered insight into how it believes the intrusion into Sony Pictures Entertainment (SPE) took place.

Malware at large

The FBI says that the SPE attack consisted of "the deployment of destructive malware." In other words, the hacking group infected SPE systems with malware that not only provided access to thousands of systems but destroyed the data on those systems after the data sieve was complete. Its investigation, as well as its collaboration with other government agencies, gave it "enough information to conclude that the North Korean government is responsible for these actions."

The FBI is basing this conclusion in part on technical analysis of the data deletion malware used in the attack. The FBI says the malware "revealed links to other malware that the FBI knows North Korean actors previously developed." The bureau says it found similarities in specific lines of code as well as encryption algorithms and and compromised networks.

Moreover, the FBI said it "observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea." The FBI says that it discovered several IP addresses that were already "associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack."

In other words, the malware used in the attack was written to communicate directly with computers already associated with North Korea.

The FBI also confirmed that the tools and the method of attack were similar to an attack on South Korean banks and media outlets in March 2013. That attack has been linked back to North Korea.

Although the FBI's statement itself is short on specific details and evidence, the fact that the agency is willing to name North Korea as the responsible party says a lot.

As computer researcher Nicholas Weaver pointed out on Twitter, there is a tricky balance between acting on intelligence and providing too much detail about that intelligence that might make it worthless.

The SIGINT conundrum: Acting on SIGINT weakens the value of future SIGINT. Revealing SIGINT destroys much of the value of future SIGINT.— Nicholas Weaver (@ncweaver) December 19, 2014

Weaver also believes that the lack of evidence presented thus far by the FBI is probably balanced by information it has from other sources, including the NSA.

@declanm IMO, probably is. Here's how the NSA probably knows: http://t.co/y2eigezcSc But can't say because its SIGINT.— Nicholas Weaver (@ncweaver) December 19, 2014

Skepticism still abounds

Still, not all security researchers and experts are convinced that the link to North Korea — specifically, the North Korean government — is accurate, especially in the absence of more concrete evidence.

Jeffrey Carr, cybersecurity expert and CEO of Taia Global, is one of the skeptics. He told Mashable that "one of the biggest mistakes is that because an attack can be traced to the North Korean Internet that somehow means it's the North Korean government. That's a false assumption, because the North Korean Internet is basically provided by outside companies, in this case a Thai company. Nothing presented excludes alternate scenarios, so why jump to the most serious one?"

Carr notes that it appears the FBI is getting most of its intelligence from private security companies, without vetting or verifying that information. He added: "The White House is now getting ready to take some kind of action, as if it's a sure thing that the North Korean government is involved. Meanwhile you have the hackers who actually are responsible laughing because this is the most epic false flag ever."

Robert Graham, a cybersecurity expert and the head of Errata Security, is also dubious of the North Korean government connection. On the Errata Security blog, Graham called the FBI's North Korea evidence "nonsense:"

Here's the thing with computer evidence: you don't need to keep it secret. The FBI can simply publish this North Korean malware. It wouldn't harm Sony and wouldn't harm the investigation. It would help anti-virus and security vendors develop signatures to stop it. It would crowd source analysis, to see who it really points to. We don't need to take the FBI's word for it, we should be able to see the evidence ourselves.

Damning historical precedent

As with the South Korean bank and media attacks in 2013, the Sony attacks are not unprecedented. CrowdStrike, a security company that works with businesses and governments on protecting against cyber attacks, has been doing its own investigation into the Sony hack.

According to a blog post on the company's website, CrowdStrike has been tracking the group behind these attacks and says it is the same group responsible for attacks against South Korea and other places going back to 2006.

Although CrowdStrike says this group, which goes by the cryptonym Silent Chollima, has launched DDoS attacks against websites in the U.S. in the past, it says "[the Sony hack] is the first time we have observed them launching a data destructive attack against a U.S.-based organization."

CrowdStrike seems to believe and agree with the FBI's asseessment that this group has ties to North Korea.

Adam Meyers, CrowdStrike's vice president of intelligence, said that attribution is all about which scenario is more likely. "We would assess in our analytic judgment with a high degree of confidence that this most recent activity is consistent with other activity that we have attributed to North Korea," he told Mashable.

HP also published a security briefing that provides a good overview of the timeline of this attack, as well as the difficulty in assigning conclusive blame to North Korea. HP previously issued a useful security briefing that looks at North Korea's cyber threat.

Even security professionals that aren't convinced by the FBI's evidence still don't necessarily dispute the agency's claims:

I'll accept the Feeb's answer, I just don't believe they've shown their work. Mostly because it's not their work, they just copied from NSA.— the grugq (@thegrugq) December 19, 2014

We're still learning

More information about this attack and who is behind it will continue to drip out in the days and weeks ahead, especially as its perpetrators are still at large.

For now, it appears that not releasing the film The Interview has appeased the group. That said, if Sony changes its plans — or if the group decides to continue to release information anyway — the damaging and costly information leaks could continue.

Lorenzo Franceschi-Bicchiera contributed to this article