The FBI announced Friday that in no uncertain terms North Korea was behind the group called Guardians Of Peace (GOP) that hacked Sony over the last few weeks.
The on-the-record announcement comes after unnamed US officials told The New York Times and other news outlets on Wednesday that they suspected North Korea was behind the hacks in apparent retaliation for the movie “The Interview” that depicted the assassination of that country’s dictator, Kim Jong-un.
But those allegations didn’t actually explain how North Korea pulled it off, fueling speculation that it had nothing to do with the hacks.
Over the last few days, a lot of people, many of them in the tech community, have come out against the government’s narrative and tried to poke holes in its case. The theory among those sceptics is that the GOP is a so-called hacktivist group like The Syrian Electronic Army, LulzSec, or Anonymous acting independently from North Korea or any other state.
Here’s a quick, high-level breakdown of the supposed holes people are finding in the FBI’s case.
Kim Zetter of Wired has the most detailed roundup of the thin evidence the government has linking North Korea to the GOP.
First, Zetter points out that the hackers are acting more like hactivists than cyber warriors employed by a nation state:
Nation-state attacks aren’t generally as noisy, or announce themselves with an image of a blazing skeleton posted to infected computers, as occurred in the Sony hack. Nor do they use a catchy nom-de-hack like Guardians of Peace to identify themselves.
Zetter and other sceptics have also pointed to the FBI’s lack of concrete evidence. The US intelligence community isn’t telling us specifically how it was able to tie the attacks to North Korea and how the hackers were able to break into Sony, fueling speculation that the US government simply doesn’t have that evidence.
Marc Rogers, a security blogger, wrote that he thinks the hackers deliberately used Korean to throw the investigators off the trail and link the attacks to North Korea. Rogers also says the hackers used broken Korean, which he thinks is all the evidence we need to prove the hackers weren’t actually from North Korea.
But the most common source of the scepticism is that the hackers masked their location, so it’s nearly impossible to trace it to North Korea as the FBI claims to have done.
Finally, some experts think the hackers used a “time bomb” to infiltrate Sony, a method that is relatively crude and often used by hacktivists, not by the kind of sophisticated cyber warriors that you’d expect North Korea to employ.
Of course, there’s a counter to all of those arguments. If the FBI does have the evidence it says it has linking North Korea to the Sony hacks, it can’t share that information. In fact, in its statement Friday, the FBI said it can’t share all the evidence it has against North Korea because of a “need to protect sensitive sources.”
And we can go on and on trying to poke holes in everyone’s theories.
At this point, it almost doesn’t matter who was behind the attacks. The hackers or terrorists or whatever you want to call them won this round. And they won because Sony let them by caving to their demands and shelving “The Interview” for good.
Sony set a precedent that big corporations can cave to hackers’ demands. It doesn’t matter if those hackers are backed by a state or just a group of kids causing trouble. When the next hack happens, there’s now a better chance that another company will cave just like Sony did. The power is in the hackers’ hands.