Doubts linger on the role of North Korea in Sony cy­ber­at­tack


Even after Wash­ing­ton pointed the fin­ger at North Korea for the mas­sive cy­ber­at­tack on Sony Pic­tures, some ex­perts say the ev­i­dence is far from clear cut.

U.S. Pres­i­dent Barack Obama ear­lier this month took the un­usual step of nam­ing North Korea for the crip­pling at­tack, while promis­ing that the United States would “re­spond pro­por­tion­ately” after the FBI said ev­i­dence pointed to Py­ongyang.

But a num­ber of cy­ber­se­cu­rity spe­cial­ists ar­gue that links to North Korea are un­cer­tain, and that some ev­i­dence leads else­where.

“I’m skep­ti­cal about the claim and I would be even more skep­ti­cal that the North Kore­ans did it on their own with­out help from a third party or gov­ern­ment,” said John Dick­son, a for­mer Air Force in­tel­li­gence of­fi­cer who is now a part­ner in the cy­ber­se­cu­rity firm Denim Group.

The North Kore­ans “cer­tainly have the will to poke us in the eye,” but “don’t have the crit­i­cal mass skills of other na­tion states” to carry out an at­tack of this kind, Dick­son told AFP.

Se­cu­rity tech­nol­o­gist Bruce Schneier of Co3 Sys­tems, also a fel­low at Har­vard’s Berk­man Cen­ter, said he also doubts the role of North Korea.

“The truth is we don’t know,” he said. “There are facts that are clas­si­fied and not be­ing re­leased.”

Schneier added that “even if we don’t know (who is re­spon­si­ble), it makes sense for us to pre­tend we know be­cause it serves as a warn­ing to oth­ers.”

In a blog post, Schneier said that “clues in the hack­ers’ at­tack code seem to point in all di­rec­tions at once ... this sort of ev­i­dence is cir­cum­stan­tial at best. It’s easy to fake, and it’s even eas­ier to in­ter­pret it in­cor­rectly.”

North Korea has been seen as the source of the mal­ware, pre­sum­ably due to anger at the car­toon­ish por­trayal of the Py­ongyang com­mu­nist regime in the com­edy film “The In­ter­view.”

But a lin­guis­tic-based anal­y­sis of the mal­ware by the Is­raelibased se­cu­rity firm Taia Global said the na­tive lan­guage of the hack­ers ap­peared to be Rus­sian, not Korean.

The study con­cluded that the soft­ware au­thors were not na­tive English speak­ers, and that the trans­la­tion er­rors pointed away from the Kore­ans.

“We tested for Korean, Man­darin Chi­nese, Rus­sian and Ger­man,” the re­port said. “Our pre­lim­i­nary re­sults show that Sony’s at­tack­ers were most likely Rus­sian, pos­si­bly but not likely Korean and def­i­nitely not Man­darin Chi­nese or Ger­man.”

Clas­si­fied In­tel­li­gence

Se­cu­rity ex­perts note that it is rel­a­tively easy for hacker to route their at­tacks through third par­ties to fake their lo­ca­tion and that is nearly im­pos­si­ble to con­clu­sively show the source of an at­tack.

And Dick­son notes that Wash­ing­ton is un­likely to re­veal its in­tel­li­gence sources in the Sony case “be­cause the next set of at­tack­ers would change their tac­tics” to avoid de­tec­tion.

Jo­hannes Ull­rich, dean of re­search at the SANS Tech­nol­ogy In­sti­tute, said the at­tacks could have been car­ried out by in­de­pen­dent hacker groups, pos­si­bly with help or di­rec­tion from North Korea.

“Some­times state ac­tors use the hacker groups and stay at arm’s length, but are help­ing th­ese groups,” he told AFP.

The free flow of in­for­ma­tion among hacker groups and rogue na­tions could mean mul­ti­ple par­ties were in­volved, Ull­rich said.

He noted that the Sony at­tack “did not re­quire a high level of so­phis­ti­ca­tion, but what it re­quired was per­sis­tence, to find the weak spot to get in.”

Con­tract Hack­ers

Re­searcher Robert Gra­ham at Er­rata Se­cu­rity said if North Korea had a role in the at­tacks, it may have been through out­side hack­ers.

“North Korean hack­ers are trained as pro­fes­sional, na­tion state hack­ers,” Gra­ham said in a blog post.

“North Korea may cer­tainly re­cruit for­eign hack­ers into their teams, or con­tract out tasks to for­eign groups, but it’s un­likely their own cy­ber­sol­diers would be­have in this way.”

Other ex­perts ar­gue that the Obama ad­min­is­tra­tion would not pub­licly name North Korea un­less it had solid ev­i­dence.

“I’m amazed that peo­ple con­tinue to have doubts,” said James Lewis, a cy­ber­se­cu­rity re­searcher at the Cen­ter for Strate­gic and In­ter­na­tional Stud­ies. “Peo­ple love con­spir­acy the­o­ries.”

Lewis said U.S. in­tel­li­gence has the ca­pa­bil­ity to lo­cate the source of the at­tacks, and there is no do­mes­tic po­lit­i­cal need to blame North Korea.

“The in­tel­li­gence com­mu­nity would never have let ( Obama) stick his neck out on this un­less they had a high de­gree of con­fi­dence about this,” he said.

Paul Rosen­zweig, a for­mer U.S. Home­land Se­cu­rity of­fi­cial who now heads a con­sult­ing group, said “it is worth con­sid­er­ing the op­pos­ing view.”

“In the post-Water­gate/post-Snow­den world, the (gov­ern­ment) can no longer sim­ply say ‘trust us,’” he wrote in a post on the Law­fare blog.

“Not with the U.S. pub­lic and not with other coun­tries. Though the skep­ti­cism may not be war­ranted, it is real.”

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.