WASHINGTON, December 23, 2014 – Some of the facts about the cyberattack on Sony raise serious questions about the role of North Korea in orchestrating the attack.
The FBI noted similarities between the malware used against Sony and malware used against by North Korea against Saudi oil firm Aramco and South Korean firms in previous attacks, and servers were used in the attack that were used in previous attacks as well. The FBI released a statement on Friday saying that it “now has enough information” to say that North Korea was definitely behind the attack. It called the destructive nature of the Sony attack especially egregious.
Foreign affairs analysts and computer security experts are not as certain as the FBI that North Korea is to blame. North Korea denies the attack; while a rational criminal would be expected to deny the crime, North Korean leaders have never been bashful about their desire to harm the United States or to crow about their supposed successes in doing so.
Some of the code used in the hack was in the Korean language, but experts point out that the North Korean dialect is a little different. The communiqués of the hackers seem to be written by people not fluent in English, but to some language experts, that appears almost deliberate. Is North Korea being set up?
There is no hard evidence to show that North Korea was behind the Aramco and South Korean attacks. IP addresses are easily used by others who might want to turn attention to North Korea. The attack could easily have been an inside job – it would certainly have been much easier with information from people well-familiar with the Sony computer networks – and the fact that it was destructive rather than extortionist suggests perpetrators with a revenge motive, not a monetary one.
The film “The Interview” has been suggested as that revenge motive, but the hackers never mentioned the film until the western press made the connection. Attention on “The Interview” seems almost an afterthought by the hackers, another way to deflect attention to North Korea.
The attack showed a better understanding of Hollywood and American society than would be expected of North Korean cyberwarriors. The hackers knew which emails to release to cause maximum harm to Sony: executive salaries, snide comments about actors, racially tinged comments about President Obama, upcoming projects. The initial thrust of the attack was to isolate Sony, humiliate its executives, and ensure that the news and social media coverage stayed focused on Sony, not on the crime that had been committed against it.
None of this is conclusive, only suggestive and circumstantial. The fact that the computer security community is dismissive of the FBI statement could by colored by their long-standing contempt and distrust of the agency. The FBI probably has better evidence than it has made public, and the Pentagon has devoted considerable resources to finding the source of cyberattacks. That’s because a cyberattack is not like a nuclear missile, which as one Pentagon source noted, comes with a return address. It is imperative that we know where attacks come from so that we can respond appropriately, retaliating against the people who attack us and not against their decoys. Some of the billions the government has spent on that effort are likely to have paid off.
It matters in an important way whether the attack was from North Korea or elsewhere. We need to know where it came from in order to punish whoever is guilty. We don’t want to focus our attention on North Korea and ignore another threat just because it’s easy. Lashing out against an easy target is emotionally satisfying and politically useful in the moment, but it leaves us in a worse situation in the long run.
We should still move decisively to destroy the North Korean regime of Kim Jong Un. That regime has done far worse than attack Sony, and it has done it almost without protest from the rest of the world for decades.
A United Nations commission on human rights in North Korea spent over a year gathering information for a report it released in February of this year. The commission found evidence of the deliberate use of starvation as a weapon against North Koreans on a large scale, the extensive use of torture, mass imprisonment, enslavement, rape, and other crimes against humanity.
On Monday, the UN Security Council met for a briefing on that report. North Korea refused to attend, and instead threatened to resume nuclear testing. China, North Korea’s patron and closest ally, attempted to block the briefing and failed. China’s argument that the Security Council has no business investigating a country’s human rights record was countered by Australia’s UN ambassador, Gary Quinlan. Quinlan cited the attack on Sony as evidence that North Korea’s activities can “destabilize other countries and international commerce.”
It is important that national security and law enforcement officials determine exactly who was responsible for the attack on Sony. It is also important that we deal with North Korea. Now that North Korea’s human rights crimes are a subject of UN Security Council interest, there is a real possibility of moving charges against Kim Jong Un and the other criminals in his government to the International Criminal Court. That should be a focus of American diplomacy regardless of North Korea’s role in the attack on Sony.
And that is the only diplomacy that really matters with regard to North Korea.