Who really hacked Sony Pictures? (It probably wasn’t North Korea)
North Korea was indeed responsible for the massive hack on Sony Pictures, according to officials from within the US government. This follows on from Sony cancelling the release of The Interview amid threats of further attacks from the hackers — including threats of terrorism against cinemas if they show the movie (which lampoons the Democratic People’s Republic of Korea, or DPRK). While we obviously condemn the continued threats and release of private, non-newsworthy information, I would like to point out one thing: There is very little evidence that North Korea was actually behind the attack — which makes me wonder, a) Why is the US government fingering North Korea? and b) If it wasn’t North Korea, who hacked Sony Pictures?
Who framed North Korea?
From the outset, the only connection between the Sony Pictures hack and North Korea was The Interview, a comedy movie where Seth Rogen and James Franco assassinate Kim Jong-un. Now, North Korea was certainly upset about the movie — it complained about it to the UN back in July — but the hackers didn’t mention the movie at all in its original set of demands, which was emailed to Sony executives a few days before the hack went public. The famous Guardians of Peace image (below) didn’t mention the movie, either.
Sony Pictures, hacked by Guardians of Peace (GOP) warning message
The hackers only latched onto The Interview after the media spent a week prognosticating over the possibility of it being the driving force behind the hack. It wasn’t until December 8, at least a week after the Sony Pictures hack went public, that the attackers started using The Interview as leverage. If you had just hacked Sony, and the world media just gave you the perfect opportunity to shift the blame onto North Korea, wouldn’t you do the same thing?
There’s also the overall timeline of the hack to take into consideration. The hackers managed to exfiltrate around 100 terabytes of data from Sony’s network — an arduous task that, to avoid detection, probably took months. Given how long it would’ve taken to gain access to Sony Pictures, plus the time to exfiltrate the data, I think the wheels started turning long before North Korea heard about The Interview.
Even if we take the movie out of the equation, the hack just doesn’t feel like something that would be perpetrated by a nation state. The original warnings and demands feel like the attacker has a much more personal axe to grind — a disenfranchized ex employee, perhaps, or some kind of hacktivist group makes more sense, in my eyes.
An inside job?
So far, the sole purpose behind the Sony Pictures hack appears to be destruction — the destruction of privacy for thousands of employees, and the destruction of Sony’s reputation. Much in the same way that murder is a crime of passion, so was the hack on Sony Pictures. Bear in mind that the hackers gained access to almost every single piece of data stored on Sony’s network, including the passwords to bank accounts and other bits of information and intellectual property that could’ve been sold to the highest bidder. The hackers could’ve made an absolute fortune, but instead opted for complete annihilation. This all feels awfully like revenge.
Really, though, the biggest indicator that it was an inside job is that the malware used during the attack used hard-set paths and passwords — the attacker knew the exact layout of the Sony Pictures network, and had already done enough legwork to discover the necessary passwords. This isn’t to say that North Korea (or another nation state) couldn’t have done the legwork, but it would’ve taken a lot of time and effort — perhaps months or even years. A far more likely option is that the attack was carried out by someone who already had access to (or at least knowledge of) the internal network — an employee, a contractor, a friend of an employee, etc.
So, why’s the US pointing the finger at North Korea?
Late yesterday, the New York Times published a story citing “senior administration officials” that North Korea was “centrally involved” in the Sony Pictures hack. Unfortunately, the same officials don’t give any indication of how North Korea pulled off the attack. Presumably US intelligence found some signs that pointed to North Korea’s involvement — and hopefully we’re talking about tell-tale signatures that are more conclusive than the fact that the malware was written on a computer with the locale set to Korean (anyone can change the locale of their computer with a couple of clicks).
The other option is that the US government is just doing a bit of saber rattling — perhaps to see how the DPRK responds, or perhaps to justify some retaliation.
Posters for The Interview have probably gone up in value…
The NYT says that the White House doesn’t yet know how it will react. Presumably, if there’s any kind of public retaliation or condemnation, the evidence tying North Korea to the Sony hack will have to be released.
Who do I think hacked Sony Pictures? Well, I don’t think it was as simple or as clean cut as “North Korea did it.” I think we’re either looking at a loose-knit group of hackers/hacktivists (similar to Anonymous), or some kind of combination attack — perhaps someone on the inside opened the door for North Korea to get in, or alternatively a country like North Korea or China found a hole in Sony’s security and then passed that vulnerability along to some unaffiliated hackers.
In either case, we are almost certainly looking at an attacker that is massively tech savvy, but also superb at playing the internet/social media game. North Korea isn’t usually very good at either of these things — but who knows, maybe Kim Jong-un has whipped his cyber army into shape?
Now read: Sony fights back against hackers, stolen file sharers – by firing a DDoS back at them
- Thanks for reading Who really hacked Sony Pictures? (It probably wasn’t North Korea)