Who Really Hacked Sony Pictures?

Who Really Hacked Sony Pictures?

The Interview, a pretty awful comedy about two US journalists who attempt to assassinate North Korean leader Kim Jong-un, accidentally became a Christmas smash hit, making Sony $36 million in less than a fortnight. The reason for its enormous success is somewhat bizarre. Proud Americans, furious about North Korea’s alleged hacking of Sony Pictures and dumping of terabytes of private information online, flocked to defend their First Amendment rights by downloading videos of a world leader’s head exploding like an over-ripe watermelon. Or something.

The FBI has bullishly declared that North Korea was responsible for the cyber-attack on Sony, and the US has countered with a new raft of sanctions. It’s the perfect narrative: Kim Jong-un, a self-obsessed tyrant, was angered by the imperialist capitalist American dogs’ (admittedly somewhat graphic) depiction of his murder, so ordered his cyber army to smite Sony down and humiliate them on the world stage. The media loves this plotline, especially once The Interview went viral after being released online and some entertaining fellow proposed air-dropping thousands of copies of the film into the Democratic People’s Republic. America wins, North Korea loses, Kim Jong-un goes back to expressing anger at plagiarised haircuts. There’s just one problem–it probably isn’t true.

Working out who hacked Sony is incredibly complicated, and made more so by the mysticism of the online hacking community. The main attackers seem to be a group called the “Guardians of Peace”, who claim to have “huge amount [sic] of sensitive information” still to be released. Sony’s CEO has been threatened by another group called “God’sApstls” who demand “compensation” in return for stopping the data leaks. A third group called “Lizard Squad” hacked Sony’s PlayStation gaming network on Christmas Day. In all, it’s somewhat difficult to imagine North Koreans hell-bent on destroying a company’s image launching an attack via three proxies, who seem inconsistently linked and who send out emails from South Korean-language computers translated into Korean by Google Translate.

It is still plausible, one might contend, that this is just an elaborate paper trail constructed by North Korea so they can deny any involvement. If that is the case, however, five further oddities must be explained. First, most security agencies now agree that insiders who had some reason to dislike Sony – ill-compensated whistleblowers or disgruntled ex-employees, perhaps – facilitated the hack significantly. Indeed, these insiders had been snooping around for months before deciding to crash the system after recovering the data they needed. It is unclear why North Korea would have waited so long, or even why they burned Sony’s systems, if they wanted to censor The Interview but avoid a series of reprisals and sanctions from Obama. Second, the Guardians of Peace made no mention of The Interview until December 8, when they suddenly pivoted and said that the film was indeed the reason for their elaborate destruction of Sony’s reputation. Meanwhile, God’sApstls continued on with extortion threats and made no mention of the film, hardly suggesting a unified line.

rocketsThird, the Sony hack contained over 47,000 Social Security numbers and vast amounts of sensitive personal and corporate data, any amount of which could have been sold to the highest bidder. To dump all this data online, instantly rendering it worthless, suggests not the work of a profiteering state like North Korea (which would happily sell secrets to Russian hackers for financial gain), but rather the sort of perplexing maliciousness that characterises many disparate hacking communities.

Fourth, the emails sent out by these cyber-terrorists are both grammatically nonsensical and media-savvy: designed to hook newspapers on fear-the-hackers stories, they jar with a North Korean PR arm that churns out stilted Soviet-era propaganda on a daily basis. Fifth, the software used for this and similar attacks in the past is pretty amateur, and includes third-party products. The resultant code looks more like a ghetto-type project cobbled together by a hacking community than the work of a sophisticated cyber warfare military unit.

Does all of the above mean that North Korea didn’t hack Sony? Of course not. Their cyber army is formidable, and we underestimate them at our peril. Their hacking teams hardly resemble the Kim-Jong-un-tests-out-his-new-weapons Imgur fodder that symbolises North Korea in the American public eye. Additionally, it’s unclear who else would have masterminded this attack: if it genuinely is a grumpy ex-employee, they must be really angry.

One plausible explanation for the Guardians of Peace-God’sApstls mixed messages is that North Korea paid the Guardians of Peace to make the hack about The Interview once they realised that their exploit of Sony’s systems was for real. This is especially plausible given that North Korea values respect for Kim Jong-un especially highly, and insults to his reputation are branded “act[s] of war”. They may have been looking for a retaliation mechanism that the Guardians of Peace conveniently provided.

Alternatively, Voxsuggests that these attacks fit into a broader pattern of random North Korean aggression against South Korean government agencies, banks, and TV stations. This is done in order to keep the Korean peninsula at high tension and prevent US interference or North Koreans questioning the sense of the country’s presumed military-first strategy. The FBI also claims that exclusively North Korean IP addresses were used in the attack, though it’s unclear that a clever hacking group couldn’t have just pretended to be North Koreans to put the US off the scent.

There is little we can firmly conclude from the Sony hack, except for two things. First, we will probably never find out who really hacked Sony, if only because the combination of different groups, online disguises, and contradictory clues makes it incredibly hard to pinpoint any one actor. Second, if North Korea was indeed responsible, they almost certainly didn’t do it alone, relying on commercial hackers for the initial find, Russians to train their cyber-soldiers, and the Chinese government for their internet access.

The result of this is that the FBI should avoid a loud blame game, especially in the case of North Korea. In these circumstances, accusing and retaliating against an alleged hacker has force only in terms of the possible deterrent effect on others (i.e. we won’t hesitate to hit back if we think it might be you). However, that deterrent is uniquely unlikely to affect North Korea, given it and the US were hardly best friends to begin with, and Kim Jong-un’s government agencies can point out that lots of well-respected people are picking holes in the FBI’s accusations. Other hacking groups, meanwhile, sail on, knowing that there is little by way of “sanctions” or internet shut-offs that the US can realistically deploy against them.

It would be convenient to have an easy villain with a clear paper-trail for the FBI to denounce. However, that clearly isn’t the tale of the Sony hacking. The immediate presumption of guilt and swift punishment, therefore, ring hollow, and should give us pause before we line up to condemn the next state the US finds it convenient to blame for an attack on an American company.

Subscribe to the Stanford Review