Actually, North Korea might not be guilty in the Sony hack

GlobalPost
Updated on

SEOUL, South Korea — The release of “The Interview” last week was supposed to spark a geopolitical imbroglio just in time for the holidays. Instead — after a last-minute release of the hastily canceled film to select theaters and crowds on the web — this Christmas turned out like any other, and we were allowed to watch Kim Jong Un’s head explode in peace.

There was no political escalation — no additional leaks or cyberattacks — from the group of mysterious hackers thought to sympathize with North Korea. Even the rogue state’s customary bluster was absent. There were no trademark missile or nuclear tests, and no naval attack or skirmish in the Yellow Sea intended to blackmail the regime’s enemies.

All was quiet, it seemed, on the northern front.

State media instead pulled out its usual bag of insults. On Saturday, it compared US President Barack Obama to a “monkey in a tropical forest,” and said that he “took the lead in appeasing and blackmailing cinema houses and theaters in the US mainland to distribute the movie.”

But why all the talk with no big punches thrown? After all, the Obama administration declared North Korea responsible for the embarassing cyberattack on Sony Pictures, the studio behind the film. Sony quickly shelved the movie after anonymous threats of 9/11-style attacks on US theaters showing it. Then the studio reversed its decision after pressure from the president, allowing audiences access, albeit limited, to the provocative buddy comedy. So shouldn’t we have witnessed a fiercer, more threatening pushback from Pyongyang upon the release of “The Interview”?

Perhaps not. A growing body of skeptics think that North Korea actually wasn’t the culprit behind the Sony hack, or at least that it’s too early to make a call.

More from GlobalPost: Terrorist nation status would be a 'big deal' for North Korea

That goes against the findings of the FBI, which announced on Dec. 19 that it “has enough information to conclude that North Korea is responsible for these actions” but could not reveal all the information to protect its sources and methods. On Monday, a State Department spokesman told reporters that the administration stands by the FBI assessment in spite of new reports calling it into question.

Critics say the evidence is rickety.

Take, for instance, the snippets of unspecified malware code the FBI claims were similar to the ones used by North Korea in the past. The bureau was probably referring to the DarkSeoul hard drive wiper used in its June 2013 cyberattack on South Korea, writes cybersecurity expert Marc Rogers, who heads security operations for DEF CON, the world’s largest hacker conference.

This is hardly a smoking gun, he writes, because cyber-criminals can lease their malware from other groups, shielding them from detection.

The FBI also suggested that IP addresses used in the attack were the same ones previously used by North Korea. But these IP addresses are nothing special, Rogers wrote, because they’re also open to everyday cyber-criminals who need a staging ground for an attack.

Others speculate that the FBI quickly assigned blame because it holds key intelligence still withheld from the public. “The evidence presented publicly by the FBI isn't nearly enough to conclude it is North Korea, but it's also not possible to say it isn't them,” said Martyn Williams, who runs the North Korea Tech blog.

Williams still has doubts about North Korean involvement because “compelling points” in the hackers’ strategy don’t add up. “The hackers didn't mention the movie until two weeks into the hack,” he said. “That's not a very effective way of getting the film pulled, if that was the intention.”

Should the FBI admit that it misfired, this would merely amount to Washington’s latest of several questionable findings on North Korea.

In 2013, President Obama cast doubt on a Pentagon assessment that concluded “with moderate confidence” that North Korea had mastered a sophisticated technology: miniaturizing a nuclear warhead and placing it on a crude missile.

That would mean Kim Jong Un, with his rudimentary nuclear arsenal, could theoretically strike US bases in Japan and South Korea.

In 2011, American intelligence agencies were caught off guard when state television announced the death of the current dictator’s father, Kim Jong Il, who had died two days earlier.

Even as far back as 1997, a CIA report predicted that North Korea — suffering from a famine that would kill hundreds of thousands of people — stood a chance of collapse within five years.

Of course, North Korea poses special challenges for intelligence analysts, who must grapple with a regime inner circle that is far more opaque and unknowable than other authoritarian governments.

Open-source intelligence, in the form of media reports and the testimony of defector associations in Seoul, is rife with misinformation that can easily cloud judgment. The FBI’s findings on the Sony hack could be the latest victim.

Sign up for our daily newsletter

Sign up for The Top of the World, delivered to your inbox every weekday morning.