Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Experts are Skeptical of North Korea’s Involvement in Sony Pictures Hack

This article is over 9 years old and may contain outdated information
Sony Make Believe Logo 310x

The FBI has spoken, but independent experts aren’t quick to buy the outcome of its investigation.

After a tumultuous month-long period for Sony Pictures, the FBI released its findings pointing to North Korea as the culprit in the studio’s computer network hack. Despite (or rather, in spite of) the feds blaming Kim Jong-un and his compliment of military hackers, several independent cybersecurity experts have come out saying that the story appears to be flimsy.

Some of the most compelling arguments against North Korea’s involvement are coming from Marc Rogers, the British hacker who organizes DEF CON every year. One of the pillars of his argument, seen in full on his blog, is that the malware, tools, and libraries used by the Sony Pictures hackers is commercially available. It’s a “if this, then that,” kind of scenario; if the FBI says that “there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” then it’s likely that the malware and other software used is available for anyone to purchase (given they look in the right places).

As for other network attacks that have been linked to North Korea, like those that took place in South Korea in 2013? “While some of these similarities certainly strongly hint at a similar operation and a shared DNA between these pieces of malware, it is hardly a smoking gun,” says Rogers.

And Rogers isn’t the only security expert to squint at the FBI report. Wired’s Kim Zetter published a report before the FBI made theirs official that, among other criticisms, points out that the hacker’s initial communications with Sony made no mention of The Interview.

Lastly, Rogers points to a report by another security expert, who quickly shows that most of the IP addresses used in the hack are widely-known proxy IPs that can be used by any number of people.

Gawker has a more lengthy list of suspect criticisms, if this trio has piqued your interest.

As more information on the breach is undoubtedly revealed in the coming weeks, will the North Korea case hold up? Or will another culprit pop up? The end of 2014 does not mean the end of the Sony Pictures breach, for sure.

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy