Many security researchers in the United States remain skeptical about the degree of North Korea’s involvement in the hacking of Sony Pictures computer systems early January, in which sensitive corporate data were compromised, The Diplomat wrote in an article.
The Washington Post ran a story this week on why the Sony hack prompted an unprecedented response by the US government, targeting North Korea. The article cites the blocking of Sony’s freedom of expression as the principle reason behind Washington’s “naming and shaming” of North Korea. Another reason was the nature of the attack: Rather than merely extracting data for over three weeks, the hacker group “Guardians of Peace” also launched a more aggressive cyberattack on November 24, 2014, destroying data and disabling computers.
Washington’s swift and resolute response to the attack was meant to signal North Korea that a line had been crossed, and that the US will consider such attacks – even on non-critical assets like the movie industry – a severe threat to national security that will be met by reprisals.
FBI Decision
However, within the United States, a debate is still raging between the FBI and security researchers over whether North Korea was in fact behind the attacks and whether FBI’s decision to accuse North Korea of the attack was justified.
On January 7, FBI Director James Comey spoke at a cybersecurity conference trying to responds to the skepticism of many experts. Comey said that, “I know … some serious folks have suggested we have it wrong. I would suggest – not suggesting, I’m saying – that they don’t have the facts I have – don’t see what I see – but there are a couple things I have urged the intelligence community to declassify that I am going to tell you right now. The Guardians of Peace would send emails threatening Sony employees and would post online various statements explaining their work. And in nearly every case they used proxy servers to disguise where they were coming from [but] several times they got sloppy.”
Security researcher Marc Rogers responds to the statement above: “I would hope that the FBI has access to a lot more information than me. However, what many of us are saying is that if you are going to accuse a foreign country of an egregious crime, and have the US respond in a punitive way to that country, the evidence should be clear, of a good standard, and handled in a transparent way. If the FBI is sitting on a smoking gun then they should tell us about it because so far all they have presented is flimsy, at best circumstantial, evidence.”
Jeffrey Carr, President and CEO of Taia Global, Inc. states that, “It simply isn’t enough for the FBI director to say ‘We know who hacked Sony. It was the North Koreans’ in a protected environment where no questions were permitted.
The necessity of proof always lies with the person who lays the charges. As of today, the US government is in the uniquely embarrassing position of being tricked by a hacker crew into charging another foreign government with a crime it didn’t commit. I predict that these hackers, and others, will escalate their attacks until the US figures out what it’s doing wrong in incident attribution and fixes it.”
This debate will continue until the FBI releases more definitive evidence. Yet, the FBI’s conclusions and new sanctions imposed on North Korea signal that the US government is ready to progress up the escalation ladder from “naming and shaming” alleged state-sponsored hackers via the US private sector and media to a more direct approach. And that could spell trouble for certain other countries.
