Doubts Persist On U.S. Claims Of North Korean Role In Sony Hack : All Tech Considered One cybersecurity expert says there's no smoking gun to prove Pyongyang was behind the attack and that the FBI's evidence is circumstantial at best.
NPR logo

Doubts Persist On U.S. Claims Of North Korean Role In Sony Hack

  • Download
  • <iframe src="https://www.npr.org/player/embed/373303733/373303734" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Doubts Persist On U.S. Claims Of North Korean Role In Sony Hack

Doubts Persist On U.S. Claims Of North Korean Role In Sony Hack

  • Download
  • <iframe src="https://www.npr.org/player/embed/373303733/373303734" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

ROBERT SIEGEL, HOST:

The U.S. government is still investigating the highly publicized cyber-attack against Sony Pictures. The FBI accused North Korea of carrying out the attack, a charge Pyongyang denies. We do know the hackers were not happy about the new Sony movie, "The Interview." By the way, we'll hear Bob Mondello's review of the film in a few minutes. First, the different conclusions some private security analysts are drawing about who hacked Sony. Here's NPR's Aarti Shahani.

AARTI SHAHANI, BYLINE: The FBI says the attack came from IP addresses, unique computer identifiers, originating in North Korea. Scott Petry, a network security analyst with the firm Authentic8, says you can fake an IP address from anywhere in the world.

SCOTT PETRY: The fact that the data was relayed through IPs associated with North Korea is not a smoking gun. There are products today that will route traffic through IP addresses around the world.

SHAHANI: Like Pyongyang or Moscow or Baltimore. The FBI also says the hackers used malicious software, code that's been used by North Korea in other cyber-attacks. Petry counters that in the world of cyber-attacks, criminals are constantly recycling code. There's a well-known attack against banks called the Zeus Trojan that went open-source - freely available to anyone a few years ago. So when a financial institution gets hit, the same malware often shows up. Again, Scott Petry says it's no smoking gun.

PETRY: It's like saying my God, this bank robbery was conducted using a Kalashnikov rifle. It must be the Russians who did it.

SHAHANI: He says the FBI's evidence is circumstantial at best. And its public handling of the case is inconsistent with proper procedure in prior investigations. Petry recalls back when he worked at Google. The search giant had evidence the Chinese government was trying to hack its servers, perhaps to mine emails from dissidents. The U.S. government, he says, counseled the company to keep quiet.

PETRY: There has never been any firm public attestation that the Chinese were responsible for any of those exploits. And yet in this instance, you know, the FBI comes out in a matter of days and says it's North Korea, case closed.

SHAHANI: The FBI declined to comment on this skepticism, citing its ongoing investigation.

HIMANSHU DWIVEDI: When you have any source attacker as a nation state, one of the key goals that they traditionally have is persistence.

SHAHANI: Himanshu Dwivedi with Data Theorem is another skeptic.

DWIVEDI: Which means staying in a location - obviously electronically - for a very long period of time.

SHAHANI: Dwivedi has investigated cyber-attacks since the 1990s. He's worked on cases involving nation state actors big and small. And, he says, it doesn't make sense that North Korea would want to make a splash.

DWIVEDI: Because there's no motivation as a nation state to communicate.

SHAHANI: The FBI is looking at data that most of the world cannot access. But Shlomo Argamon, a professor of computer science at the Illinois Institute of Technology, took a look at data from the cyber-attack that is publicly available, like leaked emails, postings from Internet forums...

SHLOMO ARGAMON: Transcriptions of messages that appeared on hacked computers at Sony.

SHAHANI: And Argamon did a linguistic analysis. Based on the writing style, Argamon wanted to identify the most likely native languages of the hackers. He considered four - Korean, Mandarin Chinese, German and Russian.

ARGAMON: There was some consistency with Korean, but much, much less, which indicates that although it's possible that these messages were written by people whose native language is Korean, it is far more likely that they were Russians.

SHAHANI: Argamon only has preliminary results so far. He says before drawing a strong conclusion, he's got more analysis to do, and so does the FBI. Aarti Shahani, NPR News, San Francisco.

Copyright © 2014 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.