The New York Times says yes
, North Korea did launch the hack attack against Sony...
American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.
Here's my problem: Remember when John Kerry assured us that there was no doubt that Bashar Assad launched those chemical weapons attacks in Damascus? And then those damnable doubts crept in...
While intelligence officials have concluded that the cyberattack was both state-sponsored and far more destructive than any seen before on American soil, there are still differences of opinion over whether North Korea was aided by Sony insiders with knowledge of the company’s computer systems, senior administration officials said.
“This is of a different nature than past attacks,” one official said.
Why would Sony insiders help Kim Jong-un's hired guns? That's
suspicious. (If true.)
By contrast, Wired says that the evidence against North Korea is weak
It’s easy for attackers to plant false flags that point to North Korea or another nation as the culprit. And even when an attack appears to be nation-state, it can be difficult to know if the hackers are mercenaries acting alone or with state sponsorship—some hackers work freelance and get paid by a state only when they get access to an important system or useful intelligence; others work directly for a state or military. Then there are hacktivists, who can be confused with state actors because their geopolitical interests and motives jibe with a state’s interests.
Nation-state attacks aren’t generally as noisy, or announce themselves with an image of a blazing skeleton posted to infected computers, as occurred in the Sony hack. Nor do they use a catchy nom-de-hack like Guardians of Peace to identify themselves. Nation-state attackers also generally don’t chastise their victims for having poor security, as purported members of GOP have done in media interviews. Nor do such attacks involve posts of stolen data to Pastebin—the unofficial cloud repository of hackers—where sensitive company files belonging to Sony have been leaked. These are all hallmarks of hacktivists—groups like Anonymous and LulzSec, who thrive on targeting large corporations for ideological reasons or just the lulz, or by hackers sympathetic to a political cause.
There's an argument against this: Kim Jon-Un is really just a potato-shaped spoiled kid, as are many hackers. Maybe he told his
hackers to behave like the ones he has read about.
Wired goes on to posit that the threat against "places" showing The Interview
could be a red herring, designed to make the Norks into the fall guys. The real perpetrators could be someone pissed off at Sony for other reasons.
Or maybe there is another political agenda at work here. Guardians Of Peace? One can derive a very amusing set of initials from that name.
Let's ignore, for the moment, those threats against The Interview, which may or may not have been mere window dressing. The evidence against North Korea comes to this:
Four files that researchers have examined, which appear to be connected to the hack, seem to have been compiled on a machine that was using the Korean language.
But a computer can, of course, be set to any
language. By this standard, one might launch a "North Korean" attack from Columbus, Ohio.
2. Wiping software.
The hackers used an app called RawDisk to wipe away data on Sony's computers. The same app was used in previous attacks against Saudi Arabia and South Korea. But were
state actors involved in those attacks...?
The 2012 attack in Saudi Arabia, dubbed Shamoon, wiped data from about 30,000 computers belonging to Saudi Aramco, the state-owned oil conglomerate. Although U.S. officials blamed Iran for it, researchers found that malware used in the attack contained sloppy code riddled with errors and attributed it to hacktivists with political motives rather than a nation-state.
And really, that's it.
That's the evidence.
At least, that's the evidence available to the public right now (according to Wired). Maybe the government insiders who spoke to the NYT have some actual proof. I certainly hope so.
I don't want to be one of those screwballs who screech "False flag! False flag!" every time something unpleasant happens. And yet...just because North Korea is one majorly screwed-up country doesn't mean that they are the perps in this case. Both good people and bad people can be framed, although it's a lot easier to frame bad people.
Here's another obvious point: Making The Interview unavailable for release tells every would-be cyber terrorist (maybe a state actor, maybe a snotty kid in his uncle's basement) that powerful people will do whatever they are told to do. We have just witnessed the biggest buckle since the heyday of pilgrim headgear.