Stop Saying North Korea Didn't Hack Sony
At this point, anyone who doubts that North Korea helped hack Sony is disagreeing with several top cybersecurity firms and the US intelligence community.
Nevertheless, many smart people are highly skeptical that a tinpot dictatorship with almost no internet connectivity could compromise an American-based subsidiary of a multinational corporation.The prevailing alternative theories - detailed by oft-cited security researcher Bruce Schneier - include that independent North Korean nationals hacked Sony, that a Sony insider ("Sony's Snowden") did it on their own, or that hacktivist pranksters did it for the lulz (ie, for a good bit of sadistic fun).Advertisement
While all are possibilities, there is no conclusive evidence corroborating any of these theories.
On the other hand, there is a lot of evidence suggesting North Korean involvement.
What We KnowOn Nov. 24, computer screens of Sony employees flashed a warning indicating the company's computer systems had been compromised and data had been stolen.
Sony's systems were subsequently crippled. A unknown group calling itself GOP claimed credit for the hack.
American officials concluded that North Korea was "centrally involved," and intelligence officials told The New York Times that the US intelligence community "concluded that the cyberattack was both state-sponsored and far more destructive than any seen before on American soil."
The FBI's public assessment, undertaken with assistance from other intelligence services such as the NSA, cited technical analysis of the code and overlap of techniques used in previous attacks of this kind.Immediately after the attack, cybersecurity experts began looking at the code and techniques involved in the breach. Kaspersky Lab and other cyber security firms found that the malware involved in the Sony incident is capable of wiping disk drives and other data. Kaspersky dubbed the malware "Destover," noting that similar malware had been used in previous attacks.Advertisement
Computer researcher Kurt Baumgartner, drawing on Kaspersky's initial investigation, detailed how the Destover malware used in the Sony hack looks a lot like two previous "wiper" attacks: One called "Shamoon," which targeted 30,000 Saudi Aramco workstations in 2012, and another called "Dark Seoul," which targeted South Korean banks and two of the country's top broadcasters the following year.
Furthermore, Kaspersky notes that the defacement placed on Sony employee computers is similar to the warning message in the "Dark Seoul" attack, even down to the skull icons.An assessment by HP published on Dec. 19 detailed how "several factors support that North Korea played a role in the attacks." Advertisement
HP noted that "it is difficult to discern whether the regime acted alone. It is plausible that the actors responsible for this attack relied on the assistance of an insider."
Jason Lancaster, senior threat intelligence analyst at HP, noted to Business Insider that "the system that was used by the author of the malware use in the Sony case was compiled on a windows system with a Korean language set, specifying its keyboard. ... So the keyboard for the system that was used to compile this malware ... was done in the same way as other malware associated to it."Investigative journalists at Krebs on Security noted that like DarkSeoul, "the Destover wiper executables were compiled somewhere between 48 hours prior to the attack and the actual day of attack."Advertisement
And CrowdStrike, a security firm that focuses heavily on identifying attribution and actors behind major cybercrime attacks, had independently concluded that North Korea orchestrated the hack before the FBI officially blamed Pyongyang."We have a high-confidence that this is a North Korean operator based on the profiles seen dating back to 2006, including prior espionage against the South Korean and US government and military institutions," said Dmitri Alperovitch, chief technology officer and co-founder at CrowdStrike. "These events are all connected, through both the infrastructure overlap and the malware analysis, and they are connected to the Sony attack," Alperovitch added. "We haven't seen the skeptics produce any evidence that it wasn't North Korea, because there is pretty good technical attribution here."Advertisement
Despite these assertions from experts and officials in the know, the frank skepticism persists:
One day media analysts are going to look at Obama's Friday press conference as one of the greatest presidential snookerings in US history.- Tim Shorrock (@TimothyS) December 24, 2014
"I worry that this case echoes the 'we have evidence - trust us' story that the Bush administration told in the run-up to the Iraq invasion," Schneier writes.As skeptics come to terms with the evidence pointing to North Korea, which may have had help from other groups, statements like these will not age well.Advertisement
Armin Rosen contributed to this report.
- Twitter plans 'Undo Send' button with paid subscription service
- India's new guidelines for gyms and yoga institutes that want to reopen
- DGCA asks SpiceJet to stop ticket sale offer as govt-imposed fare limits are in place
- Chinese hackers claim Apple's Secure Enclave chip has a new 'unfixable vulnerability'
- National Education Policy: Tamil Nadu Chief Minister writes to Modi opposing the shift to three languages