Could North Korea Really Be Behind The Sony Hacks?

Sony Execs Knew About Extensive IT Flaws Two Months Before Leaks

We've done a switcheroo. First, the media started speculating about North Korea possibly being the culprits behind the devastating recent Sony hacks. At first, the FBI said it probably wasn't them -- but has now outright blamed it for the attack, while the media is starting to doubt North Korea's capabilities. Adversarial journalism in the tech world is so passive-aggressive.

Sony recently cancelled the release of The Interview - both in cinemas and video-on-demand - after threats of "9/11 style attacks" on any theatre showing it. The FBI has now released a statement that clearly says North Korea was behind this. But while people across the world wonder why Kim-Jong Un, of all people, can tell us what we can watch, and Barack Obama condemns giving into demands, some of us are scratching our heads over whether this was really possible.

Specifically, whether it was really possible for the same nation we routinely make fun of for attempting to convince people it landed on the sun, and displays an often comical lack of understanding of the world around it, could defeat Sony's cyber security so comprehensively. It's been shown that Sony's security was sorely lacking, but it still would have taken some expertise to cause this much damage. And as children of the internet, we all know what some people are willing to do for that most heinous of motivations: The lulz.

Over at the Marc Rogers blog, there are a few very good points on why this might not be the work of North Korea at all. He points to hard-coded passwords and paths in the malware used in the attack as evidence of previous knowledge of Sony's network, and the fact that North Korea doesn't actually speak in the way displayed by this attack:

For example, the Korean word for “Helicopter” is: 헬리콥터 or hellikobteo. The North Koreans, on the other hand, use a literal translation of “vehicle that goes straight up after takeoff”. This is because such borrowed words are discouraged, if not outright forbidden, in North Korea.

There are a few points I'd argue, such as that of the hackers not attempting to extort money, which has been reported.

As Mashable points out though, there is evidence in the hacking team's communications that suggests it doesn't speak Korean natively. Overall, Rogers has a decent set of points. He also mentions that while North Korea is now the "official" bad guy, it might be in the best interests of some, politically, to blame North Korea. When I first learned of the attack, I initially thought of a Western hacking group, but Rogers thinks it's more likely an inside job by a scorned employee.

How well do you treat your IT pros?

[Marc's Security Ramblings]