Did North Korea really hack Sony? Cybersecurity pros at odds

Industry experts weigh in on whether they believe North Korea is behind the massive Sony Pictures hack, which prompted the studio to pull 'The Interview' from theaters. 

North Korean leader Kim Jong Un inspected the Korean People's Army naval Unit 189 in an undated photo released by North Korea's Korean Central News Agency.

Korean Central News Agency/Reuters

December 18, 2014

Was North Korea involved in the Sony Pictures Entertainment hack? On Wednesday, several news reports quoted unnamed US officials saying yes. But many cybersecurity experts remain skeptical. On Thursday, the White House refused to point the finger at North Korea, instead saying a "sophisticated actor" was behind the hack. Passcode asked experts throughout the industry whether they believe North Korea is responsible for the breach. Here's what they had to say: 

Graham Cluley, former senior technology consultant at Sophos and author of the security blog grahamcluley.com:

"It’s a bit like asking if I think Belgium was involved with the Sony hack. Why would you think North Korea is involved? The idea appears to only have popped up in a story in Re/Code a few days after the big, public reveal of the attack. The hackers hadn’t mentioned it. Sony executives received an e-mail a few days before the attack that said 'you just need to pay us.' When the message with all the skulls came up, there was no mention of the movie. If stopping 'The Interview' was the point of the attack, why wouldn’t they mention it? I just don’t get it. When have we ever heard of state sponsored cyberterrorism putting skulls on people’s screens?

"All I know from police investigations into cybercrime is that they are incredibly complex and can often take years. To complete this kind of investigation, the US would need the support of North Korea to look at the computer that made the attack. Hackers can make it look like they are coming from North Korea when they are really coming from Belgium, or the computer could be compromised and a computer in North Korea could be being controlled from somewhere else. To make this announcement so quickly seems a bit rushed."

Tal Klein, vice president of strategy for the cloud security company Adallom Inc.:

"No. I'm not even wearing my cybersecurity hat when I say that. Too many things don't fit. When the attack was announced, North Korea denied it. North Korea loves to talk about themselves in these situations. It's not like Russia or China denying their role in espionage. North Korea would be dancing up and down. It doesn't fit. And a few days ago, the FBI was asked point blank and said they didn't think North Korea was behind the attack. That was an actual person willing to go on the record. Compared to that, an anonymous source is very hard to believe. The language in the ransom note is too western — it seems like someone with a Western education trying to sound Korean — and it didn't mention 'The Interview.'

"The malware used is likely derivative of something written in North Korea, but that's likely the extent. There's no indication from the malware that North Korea made any move to specifically get it to the attackers."

Dave Aitel, chief executive officer of the cybersecurity company Immunity Inc.:

Can Syria heal? For many, Step 1 is learning the difficult truth.

"I always thought it was pretty obvious it was North Korea. The pattern on these state sponsored attacks is always similar — they don’t make it so entirely obvious that it’s a nation behind the attack. We’ve seen this kind of attack from Iran. The goal is not so much about 'The Interview.' It’s about showing they have enough power in cyberspace to make a Sony do what they want. Sony was in the wrong place at the wrong time with the wrong movie. Now that North Korea made their point, they won’t have to do this type of move again. I do expect to see similar attacks from India and Pakistan to demonstrate they have that power."

Adam Segal, director of the Program on Digital and Cyberspace Policy at the Council on Foreign Relations:

"I have to say, I was leaning toward greater ambiguity but after the US official’s statement, I’m slightly leaning toward it being North Korea. I’m not sure we’ll get any more new public evidence one way or the other. The Korean characters in the code, the clock settings being from the region, the malware being used in an attack in South Korea, these things are not persuasive. Unfortunately, with cyber warfare we’re dependent on classified information."