Menu
Menu
Think North Korea hacked Sony? Think about this

Think North Korea hacked Sony? Think about this

There's a lot of circumstantial evidence, but very little actual information on the hack against Sony

North Korea or not? There's still a lot we don't know about the attack on Sony Pictures and those behind it.

After two weeks of investigations, anonymous government officials told some reporters and politicians on Wednesday that North Korea was behind the attacks. But on Thursday, U.S. officials resisted making the same allegations in public and didn't release any evidence to back up the anonymous claims.

North Korean involvement is certainly possible. After all, defectors have spoken about North Korea's cyber attack force and training. But it also plays into a popular and easy-to-believe narrative about the country.

There certainly appears to be circumstantial evidence, but it could be just that. So before calling case closed, here are some reasons to be wary, at least until some evidence is made public.

It's unlike any hack attributed to North Korea in the past

North Korea has been blamed for a string of hacks in the past, and it's generally accepted that the country has the capability to hack and attack companies. But no previous attack attributed to North Korea -- or any nation-state -- has been so public and so noisy. In the past, attacks happened, North Korea was suspected, and then sometimes the country was later blamed. It rarely said anything, except for an initial denial. This time around, the hacker group has posted messages online taunting Sony and telling the FBI they cannot be caught. Early on, they were also interacting with reporters.

It is, however, very similar to plenty of hacker activist attacks made against major corporations and governments and -- it's worth noting -- against North Korean Internet sites in May 2013. In those attacks, thousands of user names and passwords for North Korean news site "Uriminzokkiri" were leaked by hackers operating under the "Anonymous" banner.

The hackers didn't mention "The Interview" at first

If the hack was all about stopping the release of "The Interview," why didn't that come up earlier? For the first couple of weeks, the messages that accompanied leaked data didn't mention the movie at all. It was much more about Sony and its executives -- something underlined by the vindictiveness of the leaks.

Here's a key paragraph from a message sent on Nov. 30 to an IDG News Service reporter from the same e-mail address used to leak the first cache of Sony data:

"Sony and Sony Pictures have made terrible racial discrimination and human rights violation, indiscriminate tyranny and restructuring in recent years. It has brought damage to a lot of people, some of whom are among us. Nowadays Sony Pictures is about to prey on the weak with a plan of another indiscriminate restructuring for their own benefits. This became a decisive motive of our action. We required Sony Pictures to stop this and pay proper monetary compensation to the victims."

The movie wasn't mentioned until a message on Dec. 8, and then it was in addition to previous demands made by the group.

"Do carry out our demand if you want to escape us. And, Stop immediately showing the movie of terrorism which can break the regional peace and cause the War!"

The movie wasn't mentioned by name until Dec. 10, when the hackers also issued their threat to movie theaters.

North Korea issues threats all the time

The country expressed outrage at "The Interview" on June 25 when, without mentioning it by name, it promised "Those who defamed our supreme leadership and committed the hostile acts against the DPRK can never escape the stern punishment to be meted out according to a law wherever they might be in the world."

If you don't follow North Korea closely -- and few do -- you'd be forgiven for thinking that's a pretty damning statement of intention. But such threats are business as usual for North Korea.

On the same day, the state-run news agency hit out at regional U.S. military actions, saying the situation was so grave "that a nuclear war may break out any moment." In the same article, it said "Only merciless punishment and fist, not word, will work on the U.S." And a day later, it lashed out at South Korea, saying its own soldiers were awaiting "the order to be given by the Supreme Command to strike the provocateurs."

It's easy to believe

Because not a lot is known about North Korea, things that really should be questioned are sometimes taken as fact because they neatly fit into the box where many people place North Korean behavior: weird with a touch of crazy.

Take the death of Jang Song Thaek, Kim Jong Un's uncle, who was removed in a purge a year ago. A report, eventually traced back to a Chinese satirical website, said he had been killed by being stripped naked and fed to a pack of ravenous dogs. Newspapers jumped on the story without questioning its source, and it made global headlines for a day until cooler minds noted he was probably killed by a firing squad.

And then there was Kim Jong Un's former girlfriend, Hyon Song Wol, who, according to newspaper headlines in late 2013, had also been purged and killed by firing squad. In May this year she appeared on North Korean television speaking at an event in Pyongyang and looking very much alive.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the CIO newsletter!

Error: Please check your email address.

Tags Criminalsecuritydata breachlegalSony Picturescybercrime

More about FBIIDGNewsSony

Show Comments

Market Place

Computerworld
ARN
Techworld
CMO