We Don’t Know if North Korea is the Sony Hacker

HackerI find hacking fascinating. Because I know a great deal about computers at the very lowest level, people often think that I know a lot about hacking. I really don’t. Over my life, I’ve found this or that bit of information. Of course, it was always because someone had made a change to a major piece of software because it had previously had some security hole. But the ways people find to circumvent security are often amazingly clever. If I had many lives to lead, I would dedicate one of them to understanding all this stuff. Unfortunately, I don’t and there are too many other things to do with my time.

Recently, I’ve been very interested in this Sony hack. The hack itself doesn’t seem all that interesting. Over three years ago, Sony was the victim of a major hack — the so called PlayStation Network outage. At that time, Sony decided that it really had to get serious security. But it would seem that they never did. I think it is rather typical of film companies (games are just an extension of film) where nothing really matters but what they do. “We don’t need no stinkin’ security experts!”

What bothers me is why everyone is so convinced this is an attack from North Korea. When I first saw the note the perpetrators sent, I was skeptical, “We will clearly show it to you at the very time and places ‘The Interview’ be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.” Really?! I suppose it is possible. But it reads more like a really racist SNL skit than what hackers would write.

I’m not alone in wondering about this. Michael Hiltzik has written a couple of articles highlighting some of the dissent. It isn’t that anyone is saying that North Korea didn’t do it. It is just that the information we have thus far doesn’t indicate that they did. Instead, it looks like the US government just wants it to be North Korea and the perpetrators want it to appear as though it is North Korea, and so everyone assumes it is North Korea. But other than that, there really is nothing.

Hacker Grugq makes an excellent point that laying this on North Korea is incredibly convenient, Lets Blame Our Perennial Adversary! He points out that we know how North Korea does this kind of stuff, and this is very different. “This is a media blitz campaign by a group that is steeped in Internet culture and knows how to play to it. They can manipulate it to maximum effect. This is definitely far more sophisticated than the usual rhetoric from North Korea.” And Jericho lays out a detailed case that nothing anyone has said comes anywhere near to convincing us that this was North Korea, Anatomy of a NYT Piece on the Sony Hack and Attribution. (Leave it to a hacker to do a better job capitalizing headlines than The Washington Post.)

In Hiltzik’s newest article yesterday, he talked to security expert Marc Rogers, who noted that the key element of the indictment is that the same tools used in this attack were used in two previous attacks. But no one has ever shown that those attacks were by North Korea. He wrote, “Lastly, it’s pretty weak in my books to claim that the newest piece of malware is the act of a nation state because other possible related pieces of malware were rumored to be the work of a nation state.”

Further, the FBI claimed that IP addresses of the hackers used were known to be used by North Korea. But that’s just silly. To start, hackers almost never attack from their own machines. Or rather, there is a Darwinian aspect here: hackers who attack from their own machines get arrested. Dr Krypt3ia took on the whole issue in some depth, FAUXTRIBUTION?

There are a couple of things to keep in mind. One is that the hacker community hates the government and so they will be skeptical of anything the FBI says. The other is that no one is saying that the attack was not from North Korea. It is just that the information that the FBI has made available does not make the case. And given that we know the FBI and the CIA are more than willing to tell the government whatever it wants to hear, we need to question this. Of course we won’t. The United States has never found the truth necessary when a falsehood was so nice to believe.

Leave a Reply

Your email address will not be published. Required fields are marked *