Wednesday, January 7, 2015

Rieder: Maybe North Korea wasn't behind Sony hack

Rieder: Maybe North Korea wasn't behind Sony hack

57 93 LINKEDIN 12 COMMENTMORE
Unless you've been vacationing on Saturn, there's little doubt you know who was behind that massive hack of Sony Pictures Entertainment. It's North Korea, right?
After all, the Obama administration has been blaming the Hermit Kingdom for the hack attack since mid-December, and on Friday President Obama imposed heightened sanctions on the isolated Asian nation. White House Press Secretary Josh Earnest said the move represented "the first aspect of our response."
The idea is that North Korea was upset, very upset, about The Interview, the Seth Rogen/James Franco comedy about a plot to kill North Korean dictator Kim Jong Un. Hackers' threats impelled Sony to cancel the movie's Christmas Day debut, then do a rapid about-face.
But while Team Obama is adamant that the North Koreans are the culprits, a growing chorus of cybersecurity experts have their doubts.
They say there are many reasons to doubt that this was a North Korean job, and that the Obama administration hasn't revealed a smoking gun that cements its case.
"North Korea has never before demonstrated any advanced hacking capabilities," Scott Borg, director of the non-profit U.S. Cyber Consequences Unit, wrote on CNBC.com on Friday. "More important, it has hardly any way of acquiring those capabilities."
Borg, whose outfit offers courses in analyzing cyberthreats, says most of the things the hackers were doing don't implicate North Korea. And, he adds, "The forensic evidence that does point to North Korea is all ambiguous and circumstantial. It mostly involves software being re-used that was widely available and servers being used that any skilled hacker could have accessed."
Cybersecurity firm Norse says its investigation found evidence leading not to the Korean peninsula but to, among other places, Southern California. Senior Vice President Kurt Stammberger told website The Security Ledgerthat the firm identified six people, one a former Sony employee, as directly involved in the hack. The ex-Sony staffer, described as having been laid off last May, was said to have served in a tech position and to have known the company's network well. The others involved, according to Stammberger, were from the United States, Canada, Thailand and Singapore.
The firm briefed the FBI about its findings for three hours last week, Politico reported.
Marc Rogers, principal security researcher at Internet security firm CloudFlare, lists many reasons on his blog why he's skeptical of the U.S. case against North Korea. He says the hackers' words seem like those of an "English speaker pretending to be bad at writing English," and like others points out that they injected The Interview into the contretemps not at the outset but only after others speculated about a connection.
The Obama administration has shown no inclination to waver from its assertion that this is all about North Korea. After the FBI was briefed by Norse, officials said they had heard nothing to make them change their minds.
"We remain very confident in the attribution" of the cybermischief to North Korea, The New York Times quoted an unidentified "senior administration official" as saying when the sanctions were announced.
Nevertheless, the Times said, the Obamaites have been "stung by the comparisons to the George W. Bush administration's reliance on faulty intelligence assessments about Iraq's weapons of mass destruction before the 2003 American-led invasion of the country." The paper noted that the administration used the sanctions announcement as an opportunity to rebut its critics and point out the naysayers don't have access to classified information that was pivotal to the administration's conclusions.
It's important to note that none of the critics has conclusively established a case, either. But it's likely that in the absence of more persuasive evidence from the administration, the sniping will continue.
Don't expect this debate to go away anytime soon.

No comments: