Experts Skeptical North Korea Hacked Sony

A chorus of cyber experts question the FBI’s evidence.

Experts Skeptical North Korea Hacked Sony
[Photo: Flickr user Uri Tours]

The FBI declared last Friday that the North Korean government was responsible for hacking Sony–but for many security experts and hackers, the case is far from closed.


“It was an act of cybervandalism,” President Obama told CNN, refusing to categorize the attack as an act of cyberwar even as he joined the FBI in laying blame at the feet of Kim Jong-un, the totalitarian state’s “supreme leader.”

Yet despite that official conclusion, voices questioning the FBI’s evidence have grown louder. Some experts have pointed to flaws in the FBI’s technical reasoning:

On its face the evidence shows only that this attack has characteristics of prior attacks attributed to North Korea. We know nothing about the attribution veracity of those prior attacks. Much more importantly, it is at least possible that some other nation is spoofing a North Korean attack. For if the United States knows the characteristics or signatures of prior North Korean attacks, then so too might some third country that could use these characteristics or signatures.

And technical knowledge:

The IP address is never what is interesting. It’s what’s running on the system that has that IP address that is interesting. Furthermore, to imply that some addresses are permanent fixtures used by North Korean hackers implies a fundamental misunderstanding of how the internet works and in particular how hackers operate.

While others pointed to the “North Korean Hacking Team’s” use of language as suspect:

1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish,” i.e., it reads to me like an English speaker pretending to be bad at writing English. 2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden.

Plus, there’s the pesky question as to why the hackers didn’t mention The Interview until press coverage noted a possible connection between the attack and the movie’s upcoming release.

It seems the evidence released to date is mostly circumstantial. So far, the FBI has yet to release additional information beyond the brief statement it published last week.


North Korea, via United Nations diplomat Kim Song, continues to deny that it played a role in the hacking fracas. In a symbolic gesture of anger, the country today refused to attend a Security Council meeting alongside the United States in protest over the FBI’s accusations. On the agenda: North Korea’s human rights record, including its brutal system of political prison camps.

[h/t: Gawker]

About the author

Staff writer Ainsley (O'Connell) Harris covers the business of technology with a focus on financial services and education. Follow her on Twitter at @ainsleyoc.