Who hacked Sony? It probably wasn’t North Korea

Regardless of who is responsible, the president views this as a serious national security matter — that is a very close paraphrase of White House Press Secretary Josh Earnest answering questions this afternoon about the Sony hacking.

OK. That’s it. The United States can now be declared certifiably insane!

The hacking may well have nothing to do with North Korea — it may indeed involve disgruntled Sony employees — and yet this is a serious national security matter?!

The only way that claim could marginally make sense would be if one fudged the definition of national security and said that it should include cybercrime committed by Americans targeting Americans — though by that definition, all crime would thence become an issue of national security.

Hollywood, the media, and the public all like stories. Narratives convey meaning in its most easily digestible form: a plot.

Sony Pictures made a movie, The Interview — a political action comedy which ends with the assassination of North Korean leader Kim Jong-un — and the North Koreans didn’t think it was funny. Indeed, they were so outraged they set about trying to make sure the movie would never be released. By yesterday afternoon they seemed to have succeeded.

The problem with this story is it’s probably a work of fiction — and maybe that shouldn’t be any surprise, given its source.

There’s one compelling reason to believe that the real story here has nothing to do with North Korea: in all likelihood the hackers were busy at work before anyone in the Democratic People’s Republic had even heard of Seth Rogen and James Franco.

Sebastian Anthony writes:

The hackers managed to exfiltrate around 100 terabytes of data from Sony’s network — an arduous task that, to avoid detection, probably took months. Given how long it would’ve taken to gain access to Sony Pictures, plus the time to exfiltrate the data, I think the wheels started turning long before North Korea heard about The Interview.

Even if we take the movie out of the equation, the hack just doesn’t feel like something that would be perpetrated by a nation state. The original warnings and demands feel like the attacker has a much more personal axe to grind — a disenfranchized ex employee, perhaps, or some kind of hacktivist group makes more sense, in my eyes.

So far, the sole purpose behind the Sony Pictures hack appears to be destruction — the destruction of privacy for thousands of employees, and the destruction of Sony’s reputation. Much in the same way that murder is a crime of passion, so was the hack on Sony Pictures. Bear in mind that the hackers gained access to almost every single piece of data stored on Sony’s network, including the passwords to bank accounts and other bits of information and intellectual property that could’ve been sold to the highest bidder. The hackers could’ve made an absolute fortune, but instead opted for complete annihilation. This all feels awfully like revenge.

Really, though, the biggest indicator that it was an inside job is that the malware used during the attack used hard-set paths and passwords — the attacker knew the exact layout of the Sony Pictures network, and had already done enough legwork to discover the necessary passwords. This isn’t to say that North Korea (or another nation state) couldn’t have done the legwork, but it would’ve taken a lot of time and effort — perhaps months or even years. A far more likely option is that the attack was carried out by someone who already had access to (or at least knowledge of) the internal network — an employee, a contractor, a friend of an employee, etc.

Before the hacking became public, Sony executives received what looked like a fairly straightforward extortion demand — a demand that made no reference to The Interview.

In the digital variant of a note pasted together from letters cut out of a newspaper, the extortion note came in broken English.

We’ve got great damage by Sony Pictures.
The compensation for it, monetary compensation we want.
Pay the damage, or Sony Pictures will be bombarded as a whole.
You know us very well. We never wait long.
You’d better behave wisely.
From God’sApstls

Maybe there are indeed some telltale signs in the syntax or maybe the author took advantage of Google and Bing’s translation-mangling capabilities by writing in English, translating in Korean (or any other language) and then translating back into English.

If the story here is really about extortion, then to recast it as political probably serves the interests of all parties — including North Korea.

No corporation wants to be publicly exposed as having capitulated to extortion demands — it would much rather hand over the money in secret while portraying itself as a political victim of the hostile foreign government. The North Koreans get the double reward of being credited with a hugely successful act of cyberwar while also getting removed from Hollywood’s list of favorite countries to target. And the Obama administration is able to sidestep a much larger a thornier issue: how to protect the American economy from the relentlessly growing threat of from global cybercrime whose points of origin are notoriously difficult to trace.

Finally, there is another theory about the real identity and motive of the hackers: they are Sony employees begging that no more Adam Sandler movies be made.

Print Friendly, PDF & Email