An ABC affiliate reports on December 19th that the FBI officially announces that North Korea is responsible.
It is also around this time that CNN speculates that North Korea has engaged in cyberwar.
So, exactly what evidence is there that links North Korea to hacking Sony Pictures?
The FBI Evidence
When the FBI made it's announcement linking North Korea to Sony Pictures, it released a statement discussing the evidence.
The following is the purported evidence:
"As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:According to Steve Ragan of CSO's Salted Hash column, he questions the FBI's conclusions. To summarize Ragan, code can be recycled, the tools used could be employed by anyone and lastly, IP addresses can be spoofed. [Source: CSO 12/2014] The New York Times also has an interesting article citing the lack proof by the US Government to back up their claims that anyone reading this should check out.
- Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
- The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
- Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea." [Source: fbi.gov]
Security guru Bruce Schneier also echos the same sentiment that the amount of evidence released is minimal and not particularity solid.
Even Rachel Madow has posed the question of what if North Korea isn't behind this?
So, if North Korea isn't behind the hack, then who is? In order to answer that question, we need to learn who the Guardians of Peace are, or, is?
Where is Japan's involvement in this ordeal? Sony is a Japanese company and Sony Pictures Entertainment is one of it's divisions. With that being said, how is the Sony Pictures hack a matter of US national security if it is owned by Japan? (Granted this hack has shown how vulnerable organizations are, but still...)
What are your theories and questions? Drop a comment. You can also send email to dcde [dot] transmission [at] gmail [dot] com
Sony Pictures: Timeline of the 2014 Hack
Sony Pictures Hack: The Malware
Sony Pictures Hack: The FBI Investigation