Body
It has been a couple weeks since the first details of the devastating cyber attack on Sony Pictures emerged. Of clear relevance to us is the North Korean connection, which quickly became an echo-chambered fact after first breaking on Re/code. There is both motive and forensic evidence to suggest that this is the work of North Korean-state sanctioned hackers punishing the studio for the impending release of “The Interview”. But as with all things DPRK– and all things cyber – the truth is elusive.
Engadget has put together a good summary of the attack and the possible perpetrators. In one version of the story, the problems began on November 24th when a group by the moniker “Guardians of Peace” took over systems studio-wide, flashing messages that threatened to publically release stolen data. An alternate story is that the hackers contacted Sony’s top execs three days prior to try to extort the studio for money.
Who are the Guardians of Peace? The most popular theory is that they are hackers from North Korea, or North Korea-sanctioned hackers working from China. Sony’s looming release of “The Interview”, a film that North Korea has decreed an act of terrorism and has levied threats of “merciless retaliation” towards, is a clear motive, and in later communications the Guardians of Peace said as much:
“Stop immediately showing the movie of terrorism [“The Interview”] which can break the regional peace and cause the war!”
More evidence has mounted. CNN Money reports that Destover, the name of the malware used, was built using the Korean language and is strikingly similar to DarkSeoul, the malware that took down South Korean banks, ATMs, and telecoms last year. Even the National Defense Commission’s official response sounds like they are trying to take credit without actually taking credit:
“We do not know where in America the SONY Pictures is situated and for what wrongdoings it became the target of the attack nor we feel the need to know about it. But what we clearly know is that the SONY Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership of the DPRK by taking advantage of the hostile policy of the U.S. administration towards the DPRK…The hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal.”
But let’s not rush to conclusions just yet. There are also a few compelling, if not largely circumstantial, contradictions that shift the blame from North Korea:
- North Korea Tech ran through a list of inconsistencies comparing the Sony attack on previous hacks tied to the DPRK. This would be an unprecedented departure from past operations: North Korean hackers have never made such public demands, the “Guardians of Peace” has never been mentioned before, and this would be the first targeted attack on an institution which angered North Korea (and think about how many of those there are!).
- There is an alternate theory that this was an inside job. Right after the initial attack, someone claiming to be a participant contacted The Verge and wrote that they wanted “equality” from Sony, and worked with like-minded Sony staff to gain access. FP cites that a hacker-tracking company, Norse, plans to approach the FBI with information that implicates a Sony employee in Japan.
- Even as recently as Wednesday, the FBI has found no evidence that North Korea was involved in this attack.
- Hackers only started to make more explicit connections to the release of “The Interview” weeks after the attack, there was no mention of “The Interview” in the pre-attack emails sent to studio execs, and, of the many yet-unreleased movies stolen from Sony’s servers, “The Interview” has not been listed as one.
Even if North Korea was not involved, they gain from this incident. It’s possible that this case will never be completely solved, leaving lingering suspicion of North Korea’s involvement and its technical capabilities to wreak havoc on groups it opposes. Sony is not planning to pull “The Interview”, but let’s hope that this episode does not make film execs think twice about green lighting politically sensitive projects.