The security establishment remains defiantly sceptical but a new statement from the FBI has formally pinned the blame for the Sony Pictures attack on hackers acting on behalf of North Korea.
The evidence put forward by in the FBI is a modest expansions on snippets of information that have been kicking around for some days.
Infrastructure such such as hardcoded IP addresses showed an “overlap” with that used in previous and possibly undisclosed attacks attributed to North Korea, the FBI said, while tools deployed were similar to those used in the notorious attacks on South Korean media outlets and banks in early 2013.
Most important of all, an analysis of the destructive payload used against Sony could be connected to other malware the FBI believed had been used by North Korea.
The latter point is important. Outright destructive malware on any scale is unusual in cyberattacks. The best-known examples are probably Iran’s alleged ‘Shamoon’ attack on the Saudi oil industry in 2012 and the media attacks on South Korea mentioned above. Using this kind of tactic is without doubt a way of sending a message and only ideological hackers set out to draw attention to themselves in this way.
“We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States,” read the FBI statement.
The FBI’s point about national security will likely be ridiculed in some quarters but if the North Koreans attacked Sony as part of a giant coded warning to the US (using the movie as a cover story), then the chances are they have tried to break into other companies, or will try to soon.
If one accepts the North Korean theory, it’s a particularly targeted version of what Iran did to the US banking sector in 2012, when it launched a huge wave of DDoS attacks that also got the FBI’s attention.
“Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart.”
An alternative conspiracy theory has it that the ‘Guardians of Peace’ – a reference to a 1972 speech by Richard Nixon - is a cover story for an elaborate inside job, though it’s not clear why an insider would need any story at all. It’s possible that the attack had some inside help but that’s very different from an inside job of the sort being mooted.
Or it could be Chinese hacktivists using the DRPK to shield their anti-Americanism. Either way, the evidence is ambiguous enough that there will be doubters aplenty. Privately, one or two security experts are absolutely sure that North Korea is behind the attack in some way but lack the absolute certainty to stand that up with demanding peers.
Would even North Korea attack one company because of a movie? Scarily, there might be a lot more to it than that.
What is not in doubt is that North Korea has more than enough resources to pull of an attack like this. An HP report from earlier this year cited South Korean sources (whch might be exaggerated) to suggest the country had up to 6,000 trained hackers working for it, mainly in southern China. It even named buildings connected to this program.