When the FBI announced on Dec. 19 that it now had “enough information to conclude that the North Korean government is responsible” for the Sony Pictures hack, their conclusion was widely accepted as fact. Some computer security experts, however, are continuing to voice doubts that the reclusive Stalinist state was in fact responsible for the cyberattack.
The skeptics' doubts fall into two categories: technical analysis of the evidence provided by the FBI, which they claim is weak or inconclusive; and, suspicions about government claims that classified evidence further points to North Korea's guilt. One of the most prominent skeptical technical analyses comes from Marc Rogers, a security researcher for mobile security company CloudFlare, and the director of security operations for DEF CON, the world's largest hacker conference.
Writing in The Daily Beast, Rogers says that the FBI's assertion that the malware responsible for the Sony hack was similar to malware used in previous attacks is no proof of North Korean involvement: “Just because two pieces of malware share a common ancestry, it obviously does not mean they share a common operator.”
In his piece, Rogers challenges a host of other technical claims made by the FBI, but most significant is his assertion that the malware used in the hack had paths and passwords “hard-coded” into it, which he suggests, leads to the conclusion that an “insider” might be responsible for the hack.
In addition to Rogers, former Anonymous hacker Hector Monsegur, who worked under the code name “Sabu,” told CBS News that he doubted North Korea possessed the Internet bandwidth to extract the huge amount of data stolen in the hack. “Look at the bandwidth going into North Korea. … They only have one major ISP across their entire nation. That kind of information flowing at one time would have shut down North Korean internet completely.”
Another expert, Jeffrey Carr, founder and CEO of Taia Global, a cybersecurity consultancy, suggested to Buzzfeed that anonymous hackers could have accessed North Korea's Internet to make it appear that the attack had come from there when it had not.
Another theory about the involvement of parties other than North Korea emerged this week, after experts at a cybersecurity consultancy company performed a linguistic analysis of messages between the hackers written in broken English, and concluded that they were more likely to be Russian speakers than Korean speakers, according to the New York Times.
It should be noted, however, that skepticism about North Korea's role in the Sony hack is by no means universal in the cybersecurity community. For example, Dmitri Alperovitch, co-founder and CTO of the security firm CrowdStrike told Wired that there was no question that North Korea is behind the Sony hack.
Theories and technical questions aside, the skepticism seems to be partly fueled by distrust of the U.S. government.
“In the post-Watergate post-Snowden world, the USG can no longer simply say ‘trust us’,” Paul Rosenzweig, the Department of Homeland Security’s former deputy assistant secretary for policy, wrote on the Lawfare blog Wednesday. “Though the skepticism may not be warranted, it is real.”