Over the past few days, numerous media outlets have come forth with commentary stating that the FBI may have wrongly incriminated the North Korean government by blaming them for the Sony Hack in November. A number of cybersecurity specialists, technicians and companies have made numerous recommendations based on their analysis of the FBI’s reports, the malware itself and some of the similar malware that has existed. Once company, Norse, even met with the FBI for 3 hours to explain to them why they felt the FBI did not do their due diligence.
Yet after days of allegations and official meetings, the FBI has not only reiterated their support but the Department of State also waded in on the 29th, supporting the FBI’s analysis that their conclusions were correct.
Without a doubt, if this kind of confidence is demonstrated by our government, it can only be due to the fact that they have a “smoking gun.” While the analysis of all the companies — and these are some of the best in the country — focus on linguistic analysis, IP addresses and disgruntled employees (insider threats), there is something that the government is not showing, supporting their conclusion.
With the world’s largest intelligence collection platform, it is reasonable that the U.S. Government is more than able to obtain evidence that is not readily available for public consumption and further analysis. Remember, it doesn’t take a North Korean at a key board for an act of cyber terrorism to take place, it only takes a link, some form of communication that the North Korean government authorized the attack. There is no real difference between an attack that is Nation State sponsored, sanctioned or executed; in the end, the entity that authorized the attack is the culprit regardless of who actually executed the operation. Thus, the Government must have some evidence that incriminates North Korean to the point where, for the first time, America has pointed a finger directly and made the call.
I am not one to say that the U.S. Government’s charges should be automatically endorsed and Cybersecurity companies around the world are correct when they challenge allegations and indictments when there is not enough evidence to support them. With transparency usually being the best means to develop the confidence within the cyber community that the charges were warranted, then the U.S. Government should make their supporting evidence for their conclusion a bit clearer. While it is understood that some information and sources cannot be revealed, the absolute refusal to declassify, redact or simply make more details known about the Sony hack only exacerbates the confusion in the cybersecurity community when they should be one of the key allies that the government should rely on for additional support and cooperation in the response to cybersecurity threats against the U.S. This close-minded attitude continues to fan the flames of conspiracy (some are using this to claim its a prelude to aggression), and a loss of confidence from the cyber community when in fact the FBI and U.S. Government are finally starting to wake up and approach events like the Sony hack as a form of terrorism that demands a response to protect the American economy and consumer.