More than a month after the Sony Pictures hack raised the threat of nation-state cyber attacks into mainstream consciousness, the controversy over North Korea’s involvement still swirls.
Both Sony and the US Government have largely gone dark on the issue. Meanwhile, the hackers causing the problem have gone off the air, so to speak. Their 9-11 terror attack proclamation last month brought down a massive amount of US Government resources on them. This has clearly shown the criminal hackers the consequences of their actions.
The North Korean Connection
North Korea has been a useful foil to provide legal cover for Sony under the concepts of Force Majeure (unpredictable and overwhelming attack from a foreign power). It has also been useful in opening a dialog with the North Koreans about attribution and their operations to obtain hard currency. The purpose of the recent US sanctions was to further impair repatriation of funds to North Korea from outside the country.
The nature of the attack has elements of the North Korean regime (name of the group, IP addresses embedded in malware, broken English, cultural iconographic usage points). However, the strategy, behavior and outcomes don’t fit a nation state’s direct activities. Governments generally do a pretty good job of masking their activities. Their outcomes are large and they need covert and long term access. In this case someone took pains to provide clear attribution to North Korea, which no competent government would do. And North Korea is certainly not considered incompetent in asymmetric cyber-warfare operations.
It’s easy to forge email IP addresses. Proper tradecraft would not use IP addresses that point to the true identity of the attacker. A series of proxy IP addresses and named anonymous proxies would be used instead. Putting in the IP addresses of a North Korean location would be a false flag operation. Or it would be incredible incompetence by the North Koreans.
If there are packet traces showing command and control actively managed by North Korea, then this is clear attribution. To date, no one has seen this level of attribution. That would be positive confirmation of wire taps into North Korea’s traffic.
What’s Next in the Sony Pictures – North Korea Saga
If I was taking bets, I would wager that the US Government – in concert with other governments – is rounding up the Sony Pictures miscreants. They will then decide to either perp walk them or leave the situation as-is for national security purposes. These miscreants probably include a Sony employee, along with co-conspirators who may be located outside the USA. If the US Government decides to indict, there will probably be an explanatory narrative that will clarify the North Korean connection.
Obviously I cannot speak for the US Government, so this is all pure speculation. Further, I have no direct knowledge of any US citizens or other parties who may or may not be indicted.
The US Government could have it right, or maybe they have it wrong. There are a lot of puzzle pieces that don’t quite fit into the US Government scenario. And missing pieces tend to keep the security community up at night scratching their heads.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.