The Washington Post ran a story this week on why the Sony hack prompted an unprecedented response by the U.S. government, targeting North Korea. The article cites the blocking of Sony’s freedom of expression as the principle reason behind Washington’s “naming and shaming” of North Korea. Another reason was the nature of the attack: Rather than merely extracting data for over three weeks, the hacker group “Guardians of Peace” also launched a more aggressive cyberattack on November 24, 2014, destroying data and disabling computers.
Washington’s swift and resolute response to the attack was meant to signal North Korea and other nation states that a line had been crossed, and that the U.S. will consider such attacks – even on non-critical assets like the movie industry – a severe threat to national security that will be met by reprisals.
However, within the United States, a debate is still raging between the FBI and security researchers over whether North Korea was in fact behind the attacks. On January 7, FBI Director James Comey spoke at a cybersecurity conference trying to responds to the skepticism of many experts. Comey said that, “I know … some serious folks have suggested we have it wrong. I would suggest – not suggesting, I’m saying – that they don’t have the facts I have – don’t see what I see – but there are a couple things I have urged the intelligence community to declassify that I am going to tell you right now. The Guardians of Peace would send emails threatening Sony employees and would post online various statements explaining their work. And in nearly every case they used proxy servers to disguise where they were coming from [but] several times they got sloppy.”
Security researcher Marc Rogers responds to the statement above:
“I would hope that the FBI has access to a lot more information than me. However, what many of us are saying is that if you are going to accuse a foreign country of an egregious crime, and have the U.S. respond in a punitive way to that country, the evidence should be clear, of a good standard, and handled in a transparent way. If the FBI is sitting on a smoking gun then they should tell us about it because so far all they have presented is flimsy, at best circumstantial, evidence. “
Jeffrey Carr, President and CEO of Taia Global, Inc. concurs and states that,
“It simply isn’t enough for the FBI director to say ‘We know who hacked Sony. It was the North Koreans’ in a protected environment where no questions were permitted (I never allow that at Suits and Spooks events). The necessity of proof always lies with the person who lays the charges. As of today, the U.S. government is in the uniquely embarrassing position of being tricked by a hacker crew into charging another foreign government with a crime it didn’t commit. I predict that these hackers, and others, will escalate their attacks until the U.S. figures out what it’s doing wrong in incident attribution and fixes it.”
This debate will continue until the FBI releases more definitive evidence. Yet, as I stated before, the FBI’s conclusions and new sanctions imposed on North Korea signal that the U.S. government is ready to progress up the escalation ladder from “naming and shaming” alleged state-sponsored hackers via the U.S. private sector and media to a more direct approach. And that could spell trouble for certain other countries.