Stop Saying North Korea Didn't Hack Sony
At this point, anyone who doubts that North Korea helped hack Sony is disagreeing with several top cybersecurity firms and the US intelligence community.
Nevertheless, many smart people are highly skeptical that a tinpot dictatorship with almost no internet connectivity could compromise an American-based subsidiary of a multinational corporation.
The prevailing alternative theories - detailed by oft-cited security researcher Bruce Schneier - include that independent North Korean nationals hacked Sony, that a Sony insider ("Sony's Snowden") did it on their own, or that hacktivist pranksters did it for the lulz (ie, for a good bit of sadistic fun).
While all are possibilities, there is no conclusive evidence corroborating any of these theories.
On the other hand, there is a lot of evidence suggesting North Korean involvement.
What We Know
On Nov. 24, computer screens of Sony employees flashed a warning indicating the company's computer systems had been compromised and data had been stolen.
Sony's systems were subsequently crippled. A unknown group calling itself GOP claimed credit for the hack.
Over the next few weeks, all hell broke loose in the entertainment world. Hackers dumped information online and news organizations scrambled to cover every possible angle. Threats of violence against movie theaters led to Sony canceling the Dec. 25 theatrical release of "The Interview," a film in which Seth Rogen and James Franco play talk show hosts enlisted by the CIA to assassinate North Korean leader Kim Jong Un.
American officials concluded that North Korea was "centrally involved," and intelligence officials told The New York Times that the US intelligence community "concluded that the cyberattack was both state-sponsored and far more destructive than any seen before on American soil."
The FBI's public assessment, undertaken with assistance from other intelligence services such as the NSA, cited technical analysis of the code and overlap of techniques used in previous attacks of this kind.
Immediately after the attack, cybersecurity experts began looking at the code and techniques involved in the breach. Kaspersky Lab and other cyber security firms found that the malware involved in the Sony incident is capable of wiping disk drives and other data. Kaspersky dubbed the malware "Destover," noting that similar malware had been used in previous attacks.
Computer researcher Kurt Baumgartner, drawing on Kaspersky's initial investigation, detailed how the Destover malware used in the Sony hack looks a lot like two previous "wiper" attacks: One called "Shamoon," which targeted 30,000 Saudi Aramco workstations in 2012, and another called "Dark Seoul," which targeted South Korean banks and two of the country's top broadcasters the following year.
Furthermore, Kaspersky notes that the defacement placed on Sony employee computers is similar to the warning message in the "Dark Seoul" attack, even down to the skull icons.
An assessment by HP published on Dec. 19 detailed how "several factors support that North Korea played a role in the attacks."
HP noted that "it is difficult to discern whether the regime acted alone. It is plausible that the actors responsible for this attack relied on the assistance of an insider."
Jason Lancaster, senior threat intelligence analyst at HP, noted to Business Insider that "the system that was used by the author of the malware use in the Sony case was compiled on a windows system with a Korean language set, specifying its keyboard. ... So the keyboard for the system that was used to compile this malware ... was done in the same way as other malware associated to it."
Investigative journalists at Krebs on Security noted that like DarkSeoul, "the Destover wiper executables were compiled somewhere between 48 hours prior to the attack and the actual day of attack."
And CrowdStrike, a security firm that focuses heavily on identifying attribution and actors behind major cybercrime attacks, had independently concluded that North Korea orchestrated the hack before the FBI officially blamed Pyongyang.
"We have a high-confidence that this is a North Korean operator based on the profiles seen dating back to 2006, including prior espionage against the South Korean and US government and military institutions," said Dmitri Alperovitch, chief technology officer and co-founder at CrowdStrike.
"These events are all connected, through both the infrastructure overlap and the malware analysis, and they are connected to the Sony attack," Alperovitch added. "We haven't seen the skeptics produce any evidence that it wasn't North Korea, because there is pretty good technical attribution here."
Despite these assertions from experts and officials in the know, the frank skepticism persists:
One day media analysts are going to look at Obama's Friday press conference as one of the greatest presidential snookerings in US history.- Tim Shorrock (@TimothyS) December 24, 2014
"I worry that this case echoes the 'we have evidence - trust us' story that the Bush administration told in the run-up to the Iraq invasion," Schneier writes.
As skeptics come to terms with the evidence pointing to North Korea, which may have had help from other groups, statements like these will not age well.
Armin Rosen contributed to this report.
- More than $100,000 raised for loyal Burger King employee of 27 years in GoFundMe campaign after video shows him getting 'goody' bag as reward
- 'Get your boy Elon in line:' Former NASA official says she was ridiculed for supporting SpaceX in new memoir
- India is betting on casinos, online games and horse races to fill its coffers
- Best voltage stabilizers for home in India
- Asus teases the ROG Phone 6 gaming phone — confirmed to feature IPX4 splash-resistance
- Supercomputers are faster and more powerful — but need to be more energy-efficient
- Best hair removal cream for women in India
- Sensex, Nifty maintain 3-day streak, rally by nearly 1%