Was North Korea behind the Sony hack? Not all experts agree.
Some cyber specialists aren't convinced that North Korea was the culprit. One critic calls the the FBI鈥檚 evidence 'weak' and 'at best, speculation.' Others back the FBI claims.
An exterior view of the Sony Pictures Plaza building is seen in Culver City, Calif., on Dec. 19. President Obama declared Friday that Sony 'made a mistake' in shelving the satirical film, 'The Interview,' about a plot to assassinate North Korea's leader. He pledged the US would respond 'in a place and manner and time that we choose' to the hacking attack on Sony that led to the withdrawal.
Damian Dovarganes/AP
WASHINGTON
The outrage over the hack of Sony Pictures, and the widespread difference of professional opinion about who actually did it has neatly illustrated one of the biggest challenges for US military officials who spend their days thinking about cyberwarfare and its implications: How do you figure out who, precisely, is responsible for an attack and, equally important, what is the appropriate response?
The FBI released a statement聽Friday聽saying that the North Koreans were definitely the ones responsible for the Sony hack, because the agency 鈥渘ow has enough information鈥 to make its case.
鈥淭hough the FBI has seen a wide variety and increasing number of cyber intrusions,鈥 the 鈥渄estructive nature鈥 of the attack made it particularly egregious, the agency statement said.聽
North Korea鈥檚 actions were intended to 鈥渟uppress the right of American citizens to express themselves,鈥 the statement notes. 鈥淪uch acts of intimidation fall outside the bounds of acceptable state behavior.鈥澛
On Monday, the Internet-monitoring group Dyn Research reported broad Internet outages across North Korea, though the cause was not immediately known.
Interestingly, many cyber specialists still weren鈥檛 convinced that North Korea was the culprit in the Sony hack.
North Korea denied the attack, and yet they normally revel in poking the US in the eye, many cyber analysts point out.
Mark Rogers, who is part of a jury that decides who gets to present papers at DEF CON, the premier hacking conference, calls the FBI鈥檚 evidence 鈥渨eak鈥 and 鈥渁t best, speculation.鈥澛
The FBI cites IP addresses matching those used in the past by North Korea, but proxy addresses 鈥渃ould be used by just about anyone鈥 to hide their location, Mr. Rogers notes in a blog post.
This is a point that Pentagon officials, too, grapple with in the cyberwarfare realm. Former Deputy Secretary of Defense William Lynn noted as far back as 2010, for example, that 鈥渢raditional arms control agreements would likely fail to deter cyber attacks because of the challenges of attribution, which make the verification of compliance almost impossible.鈥澛
In other words, 鈥淚f you don鈥檛 know who to attribute an attack to, you can鈥檛 retaliate against that attack,鈥 he said. 鈥淵ou can鈥檛 deter through punishment, you can鈥檛 deter by retaliating against the attack.鈥
The complexities of cyberwarfare even caused Mr. Lynn to lament the good old days of 鈥渘uclear missiles, which of course come with a return address.鈥
But in the several years since then, the Pentagon and the FBI have learned a few things, says James Lewis, a cyber expert and director of the Strategic Technologies Program at the Center for Strategic and International Studies in Washington.
鈥淭丑别 United States realized that figuring out who was doing an attack was going to be crucial to a defensive response and put immense capabilities into it,鈥 he says. When it comes to attribution, North Korea, Iran, and China have become particular areas of focus for the US intelligence community, he adds.聽
This likely helped them determine that North Korea was the culprit in the Sony hack, Lewis says 鈥 a determination with which he concurs.聽
鈥淵ou have people who have no trouble believing everything [former聽National Security Agency-employed leaker Edward] Snowden says about NSA surveillance of the American people, and yet they question鈥 the FBI鈥檚 statements about North Korea carrying out the Sony attack.
鈥淭丑别 USA spies on some people all of the time,鈥 Lewis says. 鈥淣orth Korea is a place that gets lots of attention.鈥
But the threats that prompted theaters to refuse to release the Sony film that sparked the hack 鈥 namely, that North Korea would carry out a 9/11-style attack as a punishment for those who did 鈥 are more ridiculous, Lewis says.
鈥淵ou can turn out lights and erase data, but no one can do a 鈥榗yber-9/11鈥 鈥 not even us,鈥 he says.聽
鈥淭丑别 North Koreans are famous for making these bombastic threats 鈥 you can see them on YouTube 鈥 threatening to blow up L.A., New York, the White House,鈥 he adds. 鈥淭丑别y love making these threats.鈥澛
The proper response to the hack, and these sorts of bombastic threats, is not a military or even an equivalent response, Lewis argues.聽
鈥淚 don鈥檛 think the Pentagon has a role here, but we need to send a message to North Korea that they can鈥檛 get away with it," he says.聽Pentagon officials tend to feel the same way.聽
鈥淚 mean, clearly if you take down significant portions of our economy we would probably consider that an attack,鈥 Lynn said. 鈥淏ut an intrusion stealing data, on the other hand, probably isn鈥檛 an attack. And there are [an] enormous number of steps in between.鈥
To this end, US law enforcement agencies could bore into the front companies and criminal networks that support North Korean leadership by their funneling of hard currency into the聽country, he adds.
This might also involve pumping information into the country by decidedly less high-tech means. In a country so notoriously cut off from the Internet, it might involve DVDs smuggled in from China or 鈥淰oice of America鈥 style broadcasts, letting North Koreans聽know that there is a movement from the rest of the world, through the United Nations, to bring their leadership to trial for war crimes.
鈥淭丑别 fact that they respond so violently to attacks on their 鈥榙ear leader,鈥 鈥 Lewis says, 鈥渁lso tells us exactly where we should be pushing."