Was North Korea behind the Sony hack? Not all experts agree.

Some cyber specialists aren't convinced that North Korea was the culprit. One critic calls the the FBI’s evidence 'weak' and 'at best, speculation.' Others back the FBI claims.

Damian Dovarganes/AP
An exterior view of the Sony Pictures Plaza building is seen in Culver City, Calif., on Dec. 19. President Obama declared Friday that Sony 'made a mistake' in shelving the satirical film, 'The Interview,' about a plot to assassinate North Korea's leader. He pledged the US would respond 'in a place and manner and time that we choose' to the hacking attack on Sony that led to the withdrawal.

The outrage over the hack of Sony Pictures, and the widespread difference of professional opinion about who actually did it has neatly illustrated one of the biggest challenges for US military officials who spend their days thinking about cyberwarfare and its implications: How do you figure out who, precisely, is responsible for an attack and, equally important, what is the appropriate response?

The FBI released a statement Friday saying that the North Koreans were definitely the ones responsible for the Sony hack, because the agency “now has enough information” to make its case.

“Though the FBI has seen a wide variety and increasing number of cyber intrusions,” the “destructive nature” of the attack made it particularly egregious, the agency statement said. 

North Korea’s actions were intended to “suppress the right of American citizens to express themselves,” the statement notes. “Such acts of intimidation fall outside the bounds of acceptable state behavior.” 

On Monday, the Internet-monitoring group Dyn Research reported broad Internet outages across North Korea, though the cause was not immediately known.

Interestingly, many cyber specialists still weren’t convinced that North Korea was the culprit in the Sony hack.

North Korea denied the attack, and yet they normally revel in poking the US in the eye, many cyber analysts point out.

Mark Rogers, who is part of a jury that decides who gets to present papers at DEF CON, the premier hacking conference, calls the FBI’s evidence “weak” and “at best, speculation.” 

The FBI cites IP addresses matching those used in the past by North Korea, but proxy addresses “could be used by just about anyone” to hide their location, Mr. Rogers notes in a blog post.

This is a point that Pentagon officials, too, grapple with in the cyberwarfare realm. Former Deputy Secretary of Defense William Lynn noted as far back as 2010, for example, that “traditional arms control agreements would likely fail to deter cyber attacks because of the challenges of attribution, which make the verification of compliance almost impossible.” 

In other words, “If you don’t know who to attribute an attack to, you can’t retaliate against that attack,” he said. “You can’t deter through punishment, you can’t deter by retaliating against the attack.”

The complexities of cyberwarfare even caused Mr. Lynn to lament the good old days of “nuclear missiles, which of course come with a return address.”

But in the several years since then, the Pentagon and the FBI have learned a few things, says James Lewis, a cyber expert and director of the Strategic Technologies Program at the Center for Strategic and International Studies in Washington.

“The United States realized that figuring out who was doing an attack was going to be crucial to a defensive response and put immense capabilities into it,” he says. When it comes to attribution, North Korea, Iran, and China have become particular areas of focus for the US intelligence community, he adds. 

This likely helped them determine that North Korea was the culprit in the Sony hack, Lewis says – a determination with which he concurs. 

“You have people who have no trouble believing everything [former National Security Agency-employed leaker Edward] Snowden says about NSA surveillance of the American people, and yet they question” the FBI’s statements about North Korea carrying out the Sony attack.

“The USA spies on some people all of the time,” Lewis says. “North Korea is a place that gets lots of attention.”

But the threats that prompted theaters to refuse to release the Sony film that sparked the hack – namely, that North Korea would carry out a 9/11-style attack as a punishment for those who did – are more ridiculous, Lewis says.

“You can turn out lights and erase data, but no one can do a ‘cyber-9/11’ – not even us,” he says. 

“The North Koreans are famous for making these bombastic threats – you can see them on YouTube – threatening to blow up L.A., New York, the White House,” he adds. “They love making these threats.” 

The proper response to the hack, and these sorts of bombastic threats, is not a military or even an equivalent response, Lewis argues. 

“I don’t think the Pentagon has a role here, but we need to send a message to North Korea that they can’t get away with it," he says. Pentagon officials tend to feel the same way. 

“I mean, clearly if you take down significant portions of our economy we would probably consider that an attack,” Lynn said. “But an intrusion stealing data, on the other hand, probably isn’t an attack. And there are [an] enormous number of steps in between.”

To this end, US law enforcement agencies could bore into the front companies and criminal networks that support North Korean leadership by their funneling of hard currency into the country, he adds.

This might also involve pumping information into the country by decidedly less high-tech means. In a country so notoriously cut off from the Internet, it might involve DVDs smuggled in from China or “Voice of America” style broadcasts, letting North Koreans know that there is a movement from the rest of the world, through the United Nations, to bring their leadership to trial for war crimes.

“The fact that they respond so violently to attacks on their ‘dear leader,’ ” Lewis says, “also tells us exactly where we should be pushing."

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Was North Korea behind the Sony hack? Not all experts agree.
Read this article in
QR Code to Subscription page
Start your subscription today