December 2014
Did the DPRK Hack Sony? (19 December 2014)

Did the DPRK Hack Sony?

19 December 2014

My Twitter feed has exploded with lots of theorizing about whether or not North Korea really hacked Sony. Most commentators are saying "no", pointing to the rather flimsy public evidence. They may be right—but they may not be. Worse yet, we may never know the truth.

One thing is quite certain, though: the "leaks" to the press about the NSA having concluded it was North Korea were not unauthorized leaks; rather, they were an official statement released without a name attached. Too many major news organizations released their stories more or less simultaneously. To me, that sounds like an embargoed press release. (One is tempted to imagine multiple simultaneous brush passes from covert operatives to journalists, but I suspect that emails and/or phone calls from individuals known to the reporters are much more likely.)

Before going further, let me add a disclaimer: I have no idea if North Korea is actually involved. I also have no idea how the intelligence community actually did come to its conclusions. What follows is speculation, not fact.

Nick Weaver has given a good explanation of how the NSA could have made the determination, just based on SIGINT. However, it wasn’t necessarily done by SIGINT alone. Suppose, for example, that the CIA (or perhaps the South Koreans) had an agent in North Korea’s Unit 121. In an era when the head of foreign operations for Hezbollah was supposedly a double agent for the Mossad and the CIA had a mole in Cuban intelligence, one can’t rule out such scenarios.

There are many more possible ways to do attribution (I like this one), but most are based on sensitive sources and methods. Translation: they’re not going to tell us, and they’re right not to do so.

It’s also very possible that their attribution is simply wrong:

In the words of a former Justice Department official involved with critical infrastructure protection, "I have seen too many situations where government officials claimed a high degree of confidence as to the source, intent, and scope of an attack, and it turned out they were wrong on every aspect of it. That is, they were often wrong, but never in doubt."
People can jump to conclusions. Worse yet, in intelligence (and unlike the criminal justice system), you never get proof beyond a reasonable doubt, and that’s even if you’re being honest. If someone doesn’t like your answers and wants better ones— well, think Iraqi WMDs. Besides, there’s always the chance that the government is lying.

Let me sum up.

Bottom line: it’s plausible, but not publicly provable.