Modern field guide to security and privacy
Korean Central News Agency/Reuters
North Korean leader Kim Jong Un inspected the Korean People's Army naval Unit 189 in an undated photo released by North Korea's Korean Central News Agency.

Did North Korea really hack Sony? Cybersecurity pros at odds

Industry experts weigh in on whether they believe North Korea is behind the massive Sony Pictures hack, which prompted the studio to pull 'The Interview' from theaters. 

Was North Korea involved in the Sony Pictures Entertainment hack? On Wednesday, several news reports quoted unnamed US officials saying yes. But many cybersecurity experts remain skeptical. On Thursday, the White House refused to point the finger at North Korea, instead saying a "sophisticated actor" was behind the hack. Passcode asked experts throughout the industry whether they believe North Korea is responsible for the breach. Here's what they had to say: 

Graham Cluley, former senior technology consultant at Sophos and author of the security blog

"It’s a bit like asking if I think Belgium was involved with the Sony hack. Why would you think North Korea is involved? The idea appears to only have popped up in a story in Re/Code a few days after the big, public reveal of the attack. The hackers hadn’t mentioned it. Sony executives received an e-mail a few days before the attack that said 'you just need to pay us.' When the message with all the skulls came up, there was no mention of the movie. If stopping 'The Interview' was the point of the attack, why wouldn’t they mention it? I just don’t get it. When have we ever heard of state sponsored cyberterrorism putting skulls on people’s screens?

"All I know from police investigations into cybercrime is that they are incredibly complex and can often take years. To complete this kind of investigation, the US would need the support of North Korea to look at the computer that made the attack. Hackers can make it look like they are coming from North Korea when they are really coming from Belgium, or the computer could be compromised and a computer in North Korea could be being controlled from somewhere else. To make this announcement so quickly seems a bit rushed."

Tal Klein, vice president of strategy for the cloud security company Adallom Inc.:

"No. I'm not even wearing my cybersecurity hat when I say that. Too many things don't fit. When the attack was announced, North Korea denied it. North Korea loves to talk about themselves in these situations. It's not like Russia or China denying their role in espionage. North Korea would be dancing up and down. It doesn't fit. And a few days ago, the FBI was asked point blank and said they didn't think North Korea was behind the attack. That was an actual person willing to go on the record. Compared to that, an anonymous source is very hard to believe. The language in the ransom note is too western — it seems like someone with a Western education trying to sound Korean — and it didn't mention 'The Interview.'

"The malware used is likely derivative of something written in North Korea, but that's likely the extent. There's no indication from the malware that North Korea made any move to specifically get it to the attackers."

Dave Aitel, chief executive officer of the cybersecurity company Immunity Inc.:

"I always thought it was pretty obvious it was North Korea. The pattern on these state sponsored attacks is always similar — they don’t make it so entirely obvious that it’s a nation behind the attack. We’ve seen this kind of attack from Iran. The goal is not so much about 'The Interview.' It’s about showing they have enough power in cyberspace to make a Sony do what they want. Sony was in the wrong place at the wrong time with the wrong movie. Now that North Korea made their point, they won’t have to do this type of move again. I do expect to see similar attacks from India and Pakistan to demonstrate they have that power."

Adam Segal, director of the Program on Digital and Cyberspace Policy at the Council on Foreign Relations:

"I have to say, I was leaning toward greater ambiguity but after the US official’s statement, I’m slightly leaning toward it being North Korea. I’m not sure we’ll get any more new public evidence one way or the other. The Korean characters in the code, the clock settings being from the region, the malware being used in an attack in South Korea, these things are not persuasive. Unfortunately, with cyber warfare we’re dependent on classified information."


You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Did North Korea really hack Sony? Cybersecurity pros at odds
Read this article in
QR Code to Subscription page
Start your subscription today