The Obama administration has officially linked the North Korean government to the Sony Pictures hack, perpetrated by a group calling itself the “Guardians of Peace” in retaliation for a film that mocks North Korean dictator Kim Jong Un.
The most common theory of the attack is that the Guardians of Peace are either a freelance hacking group controlled by the North Korean regime, or they are directly employed by the North Korean military, which is known to have plowed considerable resources into developing cyberwarfare techniques. This theory allows for the strong possibility that someone inside Sony, most likely a disgruntled employee or ex-employee in their IT network, assisted the North Koreans with the attack.
Some have advanced alternative theories for the hack, suggesting that it was entirely the work of either outside hackers amusing themselves by causing mayhem—Sony insiders looking to get even with the company for some slight or even a blackmail scheme that escalated when the hackers didn’t get the money they wanted. Room for these theories was created by the administration’s refusal to provide smoking-gun evidence for its conviction that the North Koreans were responsible.
On Sunday, the New York Times published an article saying that evidence of North Korea’s complicity in the Sony hack does exist and was developed with the assistance of the National Security Agency’s controversial Internet monitoring programs. With assistance from South Korea and “other American allies,” the NSA is said to have begun penetrating North Korean networks in 2010, saturating the computers of Pyongyang’s cyberwarfare specialists with viral software that would allow the NSA to monitor their activities.
This is said to be the intelligence that convinced the White House that North Korea was behind the Sony hack. It would make sense that the NSA would be reluctant to discuss the details of this information or how they obtained it, because they would prefer not to compromise the monitoring system they’ve set up. Their intelligence was good enough to produce the very first explicit accusation of a foreign government launching cyberwar on American targets. In fact, it was specific enough to indicate that the theft of a particular Sony system administrator’s username and password provided the weapons needed to breach the company’s online security and begin raiding their data stores.
That leads to the uncomfortable question of why the administration didn’t warn Sony about an attack it evidently knew was coming—an attack that cost Sony a great deal of money and seriously damaged the company’s reputation with artists and business partners. The answer provided in the Times article is that American investigators knew North Korea was conducting some reconnaissance inside Sony’s system but didn’t realize they had a large-scale attack in mind until it was under way.
Director of National Intelligence James Clapper reportedly had dinner with the North Korean intelligence officer who was overseeing the Sony operation in early November, during a trip to Pyongyang, but they did not discuss what Clapper privately knew his host was up to.
None of that is going to reassure critics of the Obama administration’s bumbling efforts to contend with international threats. Clapper does not come out of this story looking terribly suave, and Sony execs will not be cheered by the thought that our intelligence services knew a foreign power’s cyber army was snooping around in their network but did not bother to warn them because the administration woefully underestimated the level of mischief they had in mind.
Also, while understandable that the NSA would prefer not to compromise its surveillance of North Korean hackers, keeping their evidence under wraps leaves us with nothing but circumstantial evidence of the regime’s involvement, offered halfheartedly by the FBI, that would not be very difficult to fake. We know just enough to make us nervous but not enough to make us confident the government can protect us against state-sponsored cyberterrorism or confident that the administration’s accusations against North Korea are accurate. At least now we have some idea of what caliber that “smoking gun” might be and whose fingerprints are on it.