North Korea Hacked Sony. No, They Didn’t. Wait, Yes, They Did. Wait …


Let’s look at the details of the November Sony #GOP hack, threats related to The Interview, and the issue of North Korea’s involvement:

  • CloudFlare & Security Skeptics: North Korea is a Decoy
  • Slate & US Government: North Korea is the Duck
  • TechCrunch: Anonymous Goes Duck Hunting

CloudFlare & Security Skeptics: North Korea is a Decoy

We’ve previously discussed the Sony hack. The previous article focused on the idea that North Korea was responsible for the hacks, in contrast to what was being presented by various security professionals at the time – the latter of which is the general focus of this article.

Initially everyone was pointing their fingers at North Korea (aka the Democratic People’s Republic of Korea or DPRK – a name that represents the, uh, profoundly democratic ideals of a nation that publicly executes people for watching Hollywood films). North Korea professed innocence, and many in the security field – skeptical of an intelligence community that has driven us blindly toward military conflict in the past – thought the United States adversary might actually be telling the truth, as covered by Paul Wagenseil in Tom’s Guide.

President Barack Obama came out and said on Decembert 19 that the Federal Bureau of Investigation’s identification of North Korea as the perpetrator of the attack was correct.

The explanation provided by the FBI was too thin to satisfy security experts, though.

Brett Thomas, CTO of Silicon Valley SaaS company Vindicia, tweeted that hackers could be trying to push blame toward North Korea so that they (the true attackers) would remain unsuspected; and that it would not be difficult to fulfill the characteristics that the FBI referenced “if a hacker was trying to misdirect attention to DPRK.”

Sean Sullivan of F-Secure, apparently wary of US announcements after having seen overconfident behavior in the past, said that the American government and security industry were “incapable of saying ‘we don’t know.'”

Rob Graham of Errata Security, headquartered in Atlanta, blogged boldly that the statements of the FBI were “complete nonsense.” He argued that the investigative agency immediately identified their suspect (DPRK) without consideration of the facts, then crafted a reasonable explanation to establish the suspect’s guilt.

Brian Krebs, an investigative reporter who has been focused on cybercrime since an Internet worm crashed his PC in 2001, was more moderate in his comments, while still defending doubters. He said that the feds constructed their understanding of the event through “technical analysis and intelligence sources,” but that the position of others in the security community – that the government was selling a laughable open-and-shut case – was valid in light of the unconvincing evidence provided by the FBI.

Marc W. Rogers, an analyst for security and CDN company CloudFlare, said on his own website that he thought the breach was retaliatory. The intruder could have alternately asked for money, but they clearly opted to punish the movie studio. Marc wagered on an inside job: “My money is on a disgruntled (possibly ex) employee of Sony.”

Slate & US Government: North Korea is the Duck

Not everyone has come to believe that the position of the FBI is fraudulent or ignorant. Needless to say, the agency seems to believe its own story. Although Thomas and others say that their proof is thin, the FBI has commented that it cannot lay everything on the table due to “the need to protect sensitive sources and methods.”

Brandon Valeriano of Slate, author and political science instructor at the University of Glasgow, argued against the increasingly popular opinion among security professionals that North Korea could not be identified as the perpetrator beyond a reasonable doubt. In fact, Brandon stated emphatically that the attack was carried out either by North Korea or its allies. The thrust of his opinion is that the skeptics are not looking at the hack within context, which he says is typical of how we tend to view data breaches: “Engagement of cybersecurity issues often is done completely devoid of knowledge of the wider international security processes of the time.”

One especially interesting point that Brandon makes is that South Korea believes its northern neighbor to have just shy of 6000 computer professionals within its military. With a hacking force that sizable, it’s reasonable to go after just about any business and gradually figure out how to penetrate it. The North Koreans would have had plenty of time, it seems, with Japanese security software firm Trend Micro estimating that the attackers spent months inside the Sony network – compiling passwords, mapping, and preparing for their climactic assault.

TechCrunch: Anonymous goes Duck Hunting

The Internet was disabled three times in North Korea during the week of December 21. The nation was convinced that the outages were a counterattack by the United States, comparing Obama’s foreign-policy to the actions of “a monkey in a tropical forest,” falling just shy of calling him the N-word (“nancy-boy”).

An offshoot of Anonymous tweeted that it was responsible for bringing the robust North Korean Web infrastructure to its knees. Matthew Prince, CEO of Cloud Flare, agreed that the United States was probably not the aggressor, suspecting instead that the defender of freedom was “a 15-year-old in a Guy Fawkes mask.”

Regardless who is responsible for either of these hacks, no one – whether a business or a nation – wants to see their systems go down. That’s why all our datacenters meet the internationally recognized SSAE 16 Type II standard.

By Kent Roberts