By Chris Spargo
The Daily Mail
The FBI just last week confirmed what many Americans already assumed to be a forgone conclusion when they revealed there was conclusive evidence that North Korea’s government was behind the hacking of Sony, an attack the government bureau said was carried out as a way ‘to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.’
Then, in a press conference on Friday, President Obama not only attacked North Korea and leader Kim Jong-un for their attempts to ‘intimidate’ Americans through their actions, but went so far as to warn the country that America would retaliate in response their actions.
Almost immediately the North Korean leader issued a statement denying involvement and demanding an apology from the United States for their ‘evil doings.’
And while that apology is probably never coming, it seems that Kim Jong-un may be right, at least according to numerous cybersecurity experts and hackers who have come forward to not only point out the flaws in the FBI’s investigation, but also possibly reveal the identity of the culprit.
The problems with the FBI’s investigation are best explained by Marc Rogers in an article he wrote for The Daily Beast.
Working as both the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company, Cloudflare, Rogers may be one of the foremost experts when it comes to hacking.
The first FBI claim that Rogers tears down also happens to be one the strongest that the FBI has, saying in their statement; ‘The malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed.’
There are two problems with this according to Harris, and both have to do with the bureau basing their findings on assumptions as opposed to fact.
First,while a similar malware may have been used in a previous cyber attack that North Korea has been linked to, that does not serve as definitive proof that this attack was carried out by North Korea.
Harris then further chips away at this statement, pointing out that he and many security experts do not believe North Korea was involved in those previous incidents, whose coding the FBI is referencing to tie the attacks together.
What’s more, the coding for one of the two malwares, Shamoon, was leaked according to Harris, and would not be difficult for any hacker to find.
He then takes aim at the FBI conclusion that since the IP addresses used in the attack are addresses used by North Korea in previous attacks, they must be responsible.
According to Harris, the reasoning is flawed as these addresses are used by everyone from major hackers to even small time Internet criminals to avoid detection, meaning these addresses could tie virtually anyone in the hacking community, or even someone using stolen credit cards to shop online and avoid detection, to the attack.
Then, there is the fact that the demand by the hacking group, who call themselves the Guardians of Peace, that the The Interview not be released was not announced until weeks into the hack, and only after some members of the media had begun to perpetuate the now widely accepted story that the goal of the hack was to make sure The Interview would never be distributed by Sony.