There’s a new theory making the rounds this weekend regarding the infamous hack attack on Sony’s digital infrastructure. The old, accepted story was that North Korea was responsible, primarily in retaliation for a stoner comedy which premiered in a couple hundred theaters on Christmas day. What should have seemed like a crazy story was fairly well accepted by most of us because North Korea is run by a crazy man. But Kim Jong Un kept denying it every time he could get in front of a microphone. Now, with a new study detailed by Marc Rogers, we get to consider a fresh question. What if Kim was telling the truth? What if North Korea really had nothing to do with it?
All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.
I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company, Cloudflare, I think I am worth hearing out…
What [the FBI is] saying is that the Internet addresses found after the Sony Picture attack are “known” addresses that had previously been used by North Korea in other cyberattacks.
To cyber security experts, the naivety of this statement beggars belief. Note to the FBI: Just because a system with a particular IP address was used for cybercrime doesn’t mean that from now on every time you see that IP address you can link it to cybercrime. Plus, while sometimes IPs can be “permanent”, at other times IPs last just a few seconds.
It isn’t the IP address that the FBI should be paying attention to. Rather it’s the server or service that’s behind it.
Rogers goes into the specifics of a number of beefs he has with the security experts who quickly concluded that North Korea was behind this. The IP address question is only one of them. He claims that the malware used in the attack was not exclusive to Kim Jong Un’s vandals, but had been leaked a couple of years ago and was up for grabs by any hackers with an interest in it.
Further, the author points out that the messages from the hackers never mentioned the movie “The Interview” in their initial contacts. That only came about after the media began speculating on it. Further, after Sony announced that they would release the movie anyway, the hackers turned around and said that it would be okay with them now. If this was truly the casus belli for the entire hack attack, why the change of heart now? His answer is that the actual hackers – not wanting to be tracked down and caught – found having North Korea as a convenient foil to be the perfect smoke screen for their activities.
So who did it? Rogers suggests that it was one disgruntled employee facing a pink slip who turned over her access codes to some suitably competent hackers who then went to town on the biggest, fattest Christmas present they could have ever received.
I don’t know if this is true, but it raises interesting questions. Let’s say for a moment that Rogers is right. That means that the White House is either so incredibly inept that our national cyber-security is pretty much a lost cause, or that the administration is lying in an effort to score PR points against North Korea. Strip away all of the media window dressing surrounding this story for a moment and ask yourself if either of those possibilities sounds even slightly implausible to you. Viewed in that light, Rogers suddenly looks a lot more believable.