Want to know who’s really behind the Sony hack? Don’t hold your breath.
Nearly a month after hackers busted Sony Pictures Entertainment wide open, revealing sensitive employee data, trade secrets and embarrassing emails, U.S. officials seemed to be settling on North Korea as the source. Unnamed U.S. officials on Thursday said North Korea’s government was “centrally involved,” but White House spokesman Josh Earnest stopped short of assigning blame. North Korea has denied involvement, and called the hack “a righteous deed.”
A cyberattack is notoriously easy to deny and hackers can be very difficult to trace. They can route their activity through different parts of the world, for one thing, making it appear they’re based somewhere they’re not.
Cybersecurity experts in Tel Aviv told Buzzfeed reporter Sheera Frenkel that the Sony hack may have been the work of anyone with the money to buy the right malware.
“It could’ve been North Korea, it could’ve been a couple of guys,” Bruce Schneier, a security technologist, told The Huffington Post in a phone interview. “It’s probably some kids who are North Korean nationalists somewhere in the world. This is a hack. Any good hacker can do this. Security sucked and hackers got in.”
The problem of identifying hackers, Schneier said, has a lot to do with the difficulties of tracing data packets — information broken into smaller parts to travel the Internet more efficiently. As Wired points out, the best hackers are adept at hiding their locations via proxies. It’s also possible an unrelated hacker could plant false signals that point to North Korea.
“One can show that [a hack] originates in North Korea or any nation-state,” Margaret Kosal, an assistant professor at Georgia Tech’s Sam Nunn School of International Affairs, told The Huffington Post in a phone interview. “That does not necessarily mean the government was behind it, nor does it necessarily mean that the individual doing it was of that nation-state.”
In a 2012 hack against The New York Times, for example, attacks were routed through compromised computers that belonged to universities across the United States, disguising the source. Only by watching the hackers in their system for four months were investigators working for the newspaper able to find evidence tracing the attacks to China.
It’s not unusual for a cyberattack investigation to go unsolved. A case regarding the leak of sensitive emails from a climate change research institute prior to a United Nations meeting was closed without resolution in 2012. Unidentified hackers once extorted millions of Euros from Nokia. Unclassified White House computers were attacked this fall and banking giant JPMorgan Chase was breached over the summer. Government officials anonymously blamed Russia for the White House attack, but culprits haven’t officially been identified in either case.
In the case of the Sony hack, North Korea certainly appears to have motive: Its government complained about “The Interview” to the United Nations earlier this year. And so much of the recent rhetoric from the hackers has focused on the movie, though they didn’t mention it at first. In addition, North Korean hackers have a history of successful cyberattacks.
According to The New York Times, the Sony hack in some ways mirrors a recent attack on Saudi Arabia, purportedly from Iran. It also bears resemblance to a recent attack on South Korea, which may implicate the North. Sony has been tight-lipped about specifics.
So, North Korea’s a great suspect. And it may even get the blame from the U.S. government. But without an outright admission of guilt, we may never know for sure.