Maybe North Korea Didn’t Hack Sony

999 - 2015 01 01 hackedbygop-1024x511

According to the White House, the FBI, and lots of other folks who really should be pretty sure of these things before making statements or taking action, North Korea was behind the infamous Sony hacks that have been in the news for most of the end of 2014. Apparently, the US was confident enough to retaliate by shutting down Internet to the entire country:

North Korea called U.S. President Barack Obama a “monkey” and blamed Washington on Saturday for Internet outages it has experienced during a confrontation with the United States over the hacking of the film studio Sony Pictures. The National Defense Commission, the North’s ruling body chaired by state leader Kim Jong Un, said Obama was responsible for Sony’s belated decision to release the action comedy “The Interview,” which depicts a plot to assassinate Kim.

And yet, as I’ve been paying attention to the story I am not convinced that we’ve got the write villain. It’s articles like this one that, as far as I can tell, make the strong case that the hack was actually an inside job pulled off primarily by disgruntled ex-employees of Sony itself. One of the first things to point out, for example, is that the hackers showed absolutely zero interest in “The Interview” until after media reports arose alleging a possible North Korean connection. Only at that point did the hackers make an issue out of it, as though taking a convenient opportunity to throw researchers on the wrong track.

Other reasons to think that North Korea might not have been to blame? Logs indicate that files were transferred at a rate that you would only get by physically plugging a device into the server to download files, not by moving them over the Internet. Specific IP addresses and user credentials were known to the hackers ahead of time, not discovered during preliminary hacks. Linguistic examination of online communication by the hackers (Guardians of Peace or GOP) suggests they are native Russian speakers, not native Korean or English speakers.

The leading theory, from where I’m standing, is that an angry, laid-off worker with tech skills (security researchers believe they have identified her individually) teamed up with the kind of hackers who resent Sony for attacking the Pirate Bay and other anti-piracy measures and maybe some friends left inside the company to pull off the hack. Why would the government get it wrong? Well, it’s not like it’s the kind of thing that North Korea wouldn’t or couldn’t do, so I don’t think it was a stupid mistake or a conspiracy theory or anything. But I don’t have a lot of confidence in the federal government’s ability to do this kind of analysis correctly and even less confidence in their ability to correct a mistaken impression once it takes hold at a senior level. Would you want to be the one who told the President he’d gone public with bad intel?

On the other hand, I can’t really think of a worse possible reason to start World War III than mistaken accusations about hacking a movie studio, so I really do hope they figure this one out.