Did North Korea hack Sony? Probably Not

It’s a compelling story.

A month away from the release of Seth Rogen’s new movie “The Interview,” in which he plays a celebrity reporter sent to North Korea to interview Kim Jong Un and kill him, North Korea is so annoyed at the film that it has hacked into Sony Pictures and threatened to release corporate secrets.

It’s also most likely not true.

The story appears to have begun with Re/code, a technology news website, which reported on Friday “Sony Pictures Investigates North Korea Link In Hack Attack.”

“Sony Pictures Entertainment is exploring the possibility that hackers working on behalf of North Korea, perhaps operating out of China, may be behind a devastating attack that brought the studio’s network to a screeching halt earlier this week, sources familiar with the matter tell Re/code,” the site reported.

It goes on to say that security experts from outside the company are exploring the theory that the attack, which brought Sony’s internal network to a halt, is linked to the movie that is due in U.S. movie theaters on December 25.

The source of the theory is unclear.

Over the weekend, the possible link with North Korean was reported by numerous news organizations including Reuters, The Guardian, NBC News, ABC NewsCBS News, which asked “Is North Korea targeting Sony in cyberwar?” and Forbes, which reported “North Korea May Have Leaked Sony Movies Online.”

North Korea has been fingered in a number of cyberattacks before, but those usually target South Korean institutions. One of the most disruptive occurred in March 2013 when attacks took down the internal networks of several major South Korean TV broadcasters and a bank ATM network. South Korean investigators linked the attack to North Korea and the country later denied any involvement.

In this latest attack, there are numerous inconsistencies with previous cyberattacks that were blamed on North Korea. Of course, that doesn’t mean the country isn’t involved, but each one makes it less and less likely that it is:

  • Computers at Sony displayed a message threatening the release of internal documents if undisclosed demands were not met. North Korean hackers have never made such public demands.
  • The message claimed the hack was carried out by “#GOP,” which stands for “Guardians of the Peace.” Attacks linked to North Korea have never included such claims of credit.
  • The attackers posted messages on several Sony Twitter accounts, personally attacking Sony Pictures CEO Michael Lynton. North Korean attacks have never used such a tactic and state media has never called out Sony executives when criticizing the movie.
  • North Korea has never launched such a targeted and public attack at an institution that angered it, and many organizations have angered it in the past.

5 Comments on "Did North Korea hack Sony? Probably Not"

  1. Thanks for being the voice of reason amongst all this nonsense.

  2. I always take sensational reports about North Korea with a grain of salt.

  3. Good post! I was surprised at how lazy sites like the ABC* were to pick up on this so called assertion of DPRK being behind it! it doesn’t seem to make much sense and lazy..

    (*sorry earlier posted BBC, but the relevance remains when it comes to them and the guardian etc!)

  4. Care to rethink your analysis? Who else, but NK would threaten violence over a movie no one else on Earth cares about?

    Dec 16, 2014

    The Sony hackers have threatened a 9/11-like attack on movie theaters that screen Seth Rogen and James Franco’s North Korean comedy “The Interview,” substantially escalating the stakes surrounding the release of the movie.

    The attackers also released the promised “Christmas gift” of files. The contents of the files are unknown but it’s called “Michael Lynton,” who is the CEO of Sony Pictures Entertainment.

    “The world will be full of fear,” the message reads. “Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you’d better leave.) Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.”

  5. Good story. Do you have any update in light of the FBI’s Press Office release? http://recode.net/2014/12/19/fbi-names-attacker-in-sony-hacking-case/

    I read it, and I’m wondering why it uses “information” instead of “evidence” in the the paragraph just before the bullet points. And the bullet points, I wonder, is it possible for a hacker to create “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”? Whatever that means.

Comments are closed.

An affiliate of 38 North