A number of private security researchers are increasingly voicing doubts that the hack of Sony‘s computer systems was the work of North Korea.
US President Barack Obama and the FBI last week accused North Korea of targeting Sony and pledged a “proportional response” just hours before North Korea’s internet went dark without explanation. But security researchers remain sceptical, with some even likening the government’s claims to those of the Bush administration in the build-up to the Iraq war.
Fuelling their suspicions is the fact that the government based its findings, in large part, on evidence that it will not release, citing the “need to protect sensitive sources and methods”. The government has never publicly acknowledged doing so, but the National Security Agency has begun a major effort to penetrate North Korean computer networks.
Because attributing the source of a cyberattack is so difficult, the government has been reluctant to do so except in the rarest of circumstances.
So the decision to have President Obama charge that North Korea was behind the Sony hack suggested there is some form of classified evidence that is more conclusive than the indicators that the FBI made public on Friday. “It’s not a move we made lightly,” one senior administration official said after Obama spoke.
Still, security researchers say they need more proof. “Essentially, we are being left in a position where we are expected to just take agency promises at face value,” Marc Rogers, a security researcher at a mobile security company, wrote in a post on Wednesday. “In the current climate, that is a big ask.”
Rogers, who doubles as the director of security operations for DefCon, an annual hacker convention, and others like Bruce Schneier, a prominent cryptographer and blogger, have been mining the meagre evidence that has been publicly circulated, and argue that it is hardly conclusive.
For one, sceptics note that the few malware samples they have studied indicate the hackers routed their attack through computers all over the world. One of those computers, in Bolivia, had been used by the same group to hack targets in South Korea. But that computer, as well as others in Poland, Italy, Thailand, Singapore, Cyprus and the US, were all freely available to anyone to use, which opens the list of suspects to anyone with an internet connection and basic hacking skills. For another, Sony’s attackers constructed their malware on computers configured with Korean language settings, but sceptics note that those settings could have been reset to deflect blame.