The New York Times reported U.S. intelligence officials said North Korea is “centrally involved” in the Sony hack — later noting, however, that “it is not clear how the United States came to its determination that the North Korean regime played a central role in the Sony attacks.” The Washington Post quoted a source saying there was “99 percent certainty.
Few should be surprised by the news. From the earliest days of the leak, even before hackers made mention of “The Interview,” news reports repeatedly linked North Korea to the cyberattack. It began on Nov. 28 with an account in Re/code. Citing “sources familiar with the matter,” it said Sony Pictures was “exploring the possibility” that the hackers worked for North Korea. That story gave way to a deluge of additional reports — in Reuters, in the Guardian, in Forbes — that said the same.
It was a tidy, clean narrative. Sony made a movie that deeply insulted North Korea’s sensibilities. So North Korea retaliated, then escalated. Tying those disparate events together was a natural conclusion. But if the weapons of mass destruction debacle teaches us anything, it’s to be suspicious of natural conclusions.
Despite the reports and media hype, as of Thursday morning, there was still no definitive evidence made public linking North Korea to the hack nor to this week’s threats that caused numerous theaters to pull out of screening “The Interview.” Neither Sony nor the FBI have disclosed any proof. And some experts are more than a little skeptical.
“To go out and do something like this, then threaten another 9/11?” asked Martyn Williams who operates North Korea Tech, which closely tracks all things cyber in the Hermit Kingdom. “I’m not sure that the North Korean government is that stupid.” But could it be hackers working for North Korea? “If it’s hackers working for the North Korean government, that’s more plausible,” Williams said. “Maybe North Korea is simply providing the software and the money and the hackers.”
The drama started over the summer. That’s when North Korea complained to the United Nations about the movie, saying it would open the country up to acts of terrorism. North Korea, no stranger to wild rhetoric, threatened a “resolute and merciless” response against the United States if it didn’t ban the movie. Keep in mind that this sort of talk isn’t unusual for North Korea. That same week, it threatened to destroy the White House — “the source of all evil” — with a nuclear bomb.
Then on Nov. 21, a strange message popped into several Sony executives’ inboxes. It was three days before the hacks debilitated the company. And this was their first contact. But the message didn’t talk politics. It didn’t mention anything about “The Interview.” What did the hackers want? Money.
“We’ve got great damage by Sony Pictures,” the message said, according to a copy published by Mashable. “The compensation for it, monetary compensation we want. Pay the damage, or Sony Pictures will be bombarded as a whole.” The message was signed: “From God’sApstls.”
The hackers had not yet donned the moniker “Guardians of Peace.” And they still weren’t talking much about “The Interview.” “Our aim is not at the film ‘The Interview’ as Sony Pictures suggests,” CSO quoted one person claiming to be a member of Guardians of Peace on Dec. 1. “But it is widely reported as if our activity is related to “The Interview.”
The hackers did, however, deploy an assault that used code that bore similarities to attacks on South Korean companies last year, attacks that were widely believed to be North Korean in origin. But the similarities with past North Korean hacks appear to end there. “There are numerous in inconsistencies with previous cyberattacks that were blamed on North Korea,” North Korea Tech reported. “Of course, that doesn’t mean the country isn’t involved [in the Sony hack], but each one makes it less and less likely it is.”
- Computers at Sony displayed a message threatening the release of internal documents if undisclosed demands were not met. North Korean hackers have never made such public demands.
- The message claimed the hack was carried out by “#GOP,” which stands for “Guardians of the Peace.” Attacks linked to North Korea have never included such claims of credit.
- The attackers posted messages on several Sony Twitter accounts, personally attacking Sony Pictures CEO Michael Lynton. North Korean attacks have never used such a tactic and state media has never called out Sony executives when criticizing the movie.
- North Korea has never launched such a targeted and public attack at an institution that angered it, and many organizations have angered it in the past.
Still, it’s conceivable U.S. officials will release on Thursday damning evidence linking North Korea to the Sony hack. It’s possible that North Korea was plotting some terrorist strike to derail the movie’s release. It’s possible — but is it likely? Or is it more likely that the hackers, who were initially after money as they said, have been goaded into the media’s narrative?
“It’s quite possible the media are guilty of inspiring the hacker’s narrative,” Wired reported last night, “since it was only after news reports tying the attack to the Sony film that the [Guardians of Peace] began condemning the movie in public statements.”