President Obama has done his best to tamp down fury at North Korea for hacking Sony--"I don't think it was an act of war," he said Sunday on CNN, but "cybervandalism"--but to find true skepticism about North Korea's role in the attack, you have to turn to the professional hacking and anti-hacking community.
Many hackers, anti-hackers and cybersecurity experts still don't share the FBI's conclusion that "the North Korean government is responsible for these actions," as the agency declared last week. They've picked apart the FBI's evidence, which was set forth in a public memo Friday and a much more detailed alert circulated to corporation security departments early in December, and found it wanting.
As we explained earlier, that's important for two main reasons: You don't want to stoke anger at a government that may be either innocent or peripherally involved (North Korea has denied responsibility for the Sony attack), and you don't want the real perpetrators to evade the law-enforcement net.
Let's take a look at what the experts are saying. Our first stop is Marc W. Rogers, whose anti-hacking credentials are impeccable; among other roles, he helps screen papers for presentation at DEF CON, the leading hacker conference.
In his latest blog post, Rogers underlines what he sees as the major weaknesses in the FBI's claim. The agency says it blamed North Korea in part because the software deployed against Sony resembles that used, purportedly by North Korea, in two other major hack attacks, one targeting the Saudi arm of the oil company Aramco in 2012, and a crippling attack on South Korean businesses in 2013.
The problem there is that North Korea's role in the earlier attacks is itself unproven. Rogers writes that it's "pretty weak in my books to claim that the newest piece of malware is the act of a nation state because other possible related pieces of malware were 'rumored' to be the work of a nation state. Until someone comes up with solid evidence actually attributing one of these pieces of malware to North Korea I consider this evidence to be, at best, speculation."
The anti-hacker community isn't ruling out North Korea. Many also acknowledge that the FBI may have stronger evidence against North Korea that it's chosen not to make public. It's also proper to note that disdain for the FBI--indeed, for the government in general--runs deep in this community.
But these experts' warnings that it may be premature to declare the case closed should be taken seriously. To quote Dr. Krypt3ia again: "Let’s take a step back here and ponder the FBI statement today on colonel mustard in the study with the laptop before we go PEW PEW PEW ok?"