Think North Korea hacked Sony? Think about this

There's a lot of circumstantial evidence, but very little actual information on the hack against Sony

North Korea or not? There's still a lot we don't know about the attack on Sony Pictures and those behind it.

After two weeks of investigations, anonymous government officials told some reporters and politicians on Wednesday that North Korea was behind the attacks. But on Thursday, U.S. officials resisted making the same allegations in public and didn't release any evidence to back up the anonymous claims.

North Korean involvement is certainly possible. After all, defectors have spoken about North Korea's cyber attack force and training. But it also plays into a popular and easy-to-believe narrative about the country.

There certainly appears to be circumstantial evidence, but it could be just that. So before calling case closed, here are some reasons to be wary, at least until some evidence is made public.

It's unlike any hack attributed to North Korea in the past

North Korea has been blamed for a string of hacks in the past, and it's generally accepted that the country has the capability to hack and attack companies. But no previous attack attributed to North Korea -- or any nation-state -- has been so public and so noisy. In the past, attacks happened, North Korea was suspected, and then sometimes the country was later blamed. It rarely said anything, except for an initial denial. This time around, the hacker group has posted messages online taunting Sony and telling the FBI they cannot be caught. Early on, they were also interacting with reporters.

It is, however, very similar to plenty of hacker activist attacks made against major corporations and governments and -- it's worth noting -- against North Korean Internet sites in May 2013. In those attacks, thousands of user names and passwords for North Korean news site "Uriminzokkiri" were leaked by hackers operating under the "Anonymous" banner.

The hackers didn't mention "The Interview" at first

If the hack was all about stopping the release of "The Interview," why didn't that come up earlier? For the first couple of weeks, the messages that accompanied leaked data didn't mention the movie at all. It was much more about Sony and its executives -- something underlined by the vindictiveness of the leaks.

Here's a key paragraph from a message sent on Nov. 30 to an IDG News Service reporter from the same e-mail address used to leak the first cache of Sony data:

"Sony and Sony Pictures have made terrible racial discrimination and human rights violation, indiscriminate tyranny and restructuring in recent years. It has brought damage to a lot of people, some of whom are among us. Nowadays Sony Pictures is about to prey on the weak with a plan of another indiscriminate restructuring for their own benefits. This became a decisive motive of our action. We required Sony Pictures to stop this and pay proper monetary compensation to the victims."

The movie wasn't mentioned until a message on Dec. 8, and then it was in addition to previous demands made by the group.

"Do carry out our demand if you want to escape us. And, Stop immediately showing the movie of terrorism which can break the regional peace and cause the War!"

The movie wasn't mentioned by name until Dec. 10, when the hackers also issued their threat to movie theaters.

North Korea issues threats all the time

The country expressed outrage at "The Interview" on June 25 when, without mentioning it by name, it promised "Those who defamed our supreme leadership and committed the hostile acts against the DPRK can never escape the stern punishment to be meted out according to a law wherever they might be in the world."

If you don't follow North Korea closely -- and few do -- you'd be forgiven for thinking that's a pretty damning statement of intention. But such threats are business as usual for North Korea.

On the same day, the state-run news agency hit out at regional U.S. military actions, saying the situation was so grave "that a nuclear war may break out any moment." In the same article, it said "Only merciless punishment and fist, not word, will work on the U.S." And a day later, it lashed out at South Korea, saying its own soldiers were awaiting "the order to be given by the Supreme Command to strike the provocateurs."

It's easy to believe

Because not a lot is known about North Korea, things that really should be questioned are sometimes taken as fact because they neatly fit into the box where many people place North Korean behavior: weird with a touch of crazy.

Take the death of Jang Song Thaek, Kim Jong Un's uncle, who was removed in a purge a year ago. A report, eventually traced back to a Chinese satirical website, said he had been killed by being stripped naked and fed to a pack of ravenous dogs. Newspapers jumped on the story without questioning its source, and it made global headlines for a day until cooler minds noted he was probably killed by a firing squad.

And then there was Kim Jong Un's former girlfriend, Hyon Song Wol, who, according to newspaper headlines in late 2013, had also been purged and killed by firing squad. In May this year she appeared on North Korean television speaking at an event in Pyongyang and looking very much alive.

Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags Criminalsecuritydata breachlegalSony Picturescybercrime

More about FBIIDGNewsSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Martyn Williams

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts