The New York Times is reporting that the White House is pointing the finger of blame at North Korea for the hack of Sony Pictures.
So far, at least, there has been no official confirmation from the United States government and all the NYT has are sources that won't go on the record. Meanwhile, Sony has officially cancelled the release of the controversial Seth Rogan movie "The Interview"
As regular readers will know, I have been somewhat skeptical of the claims that North Korea is involved. It just doesn't feel right.
The truth is, as has been shown time and time again, trying to determine the location of internet hackers can be as hard as nailing jelly to the ceiling.
Attributing internet attacks to a particular country is extremely difficult, as it's so easy for hackers to cover their tracks or point investigators in the wrong direction. It's not uncommon at all for attackers to use compromised computers in other countries as part of their attack to throw investigators off the scent, and allegations of where hackers might be based is often founded on the flimsiest of "evidence".
Here's what we do know:
- The hackers initially emailed Sony executives days before the "skull attack", and demanded money. No mention of "The Interview", no mention of North Korea.
- The hackers then plastered grisly skull images over Sony computers, and threatened to release the company's data unless their demands were not met. No mention of "The Interview", no mention of North Korea.
- Suddenly the media, following the Re/code report, starts linking the attack to "The Interview" and North Korea.
- We also know that state-sponsored attacks don't tend to put skull images on the computers they're targeting (it makes the attack kinda obvious!) or demand money.
- If it was all a plot by North Korea (or N Korean sympathisers) to attack Sony because of the movie, why didn't the initial demands or the malware mention this?
- Similarities have been drawn between the Sony Pictures attack and the DarkSeoul malware that hit South Korean broadcasters in 2013. That attack wasn't shy of using skull imagery either.
And, if unnamed White House sources are now pointing an accusatory finger at North Korea we need to ask ourselves:
- Why are they unnamed sources? Why won't they go on the record? What do they hope to gain by making the claims anonymously?
- What proof do the US authorities have that North Korea is behind the attack?
- How do the US authorities explain the malware and the demands not making a reference to the movie or N Korea? Yes, we know that a later anonymous PasteBin post started ranting about the movie and made 9/11 threats.
So, consider me a skeptic. I would like to have answers to a few more questions, and hear some of the evidence, before falling behind the claim that North Korea has orchestrated the attack against Sony.
If I were a betting man, I would agree that whoever is responsible for the attack has a big grudge against Sony and its executives (not that that narrows down the list of suspects much!). One avenue for investigation should definitely be to explore whether a disgruntled (possible former) employee played a part in this hack.
One final thought. If Sony Pictures' network security was as poor as it appears - is it possible that more than hacking gang have had access to its information?