Originally published at ANewDomain.net:
If you were impressed by how fast the FBI placed the blame for the Sony entertainment hacks on North Korea, you weren’t alone. Internet forensics are notoriously complicated, so this was obviously the result of amazingly efficient detective work, right?
A number of security experts doubt the US government’s claim of certainty in their accusation.
“The FBI says the attack came from IP addresses — unique computer addresses — that trace back to North Korea,” NPR reports. But those could be spoofed.
“The fact that data was relayed through IPs associated with North Korea is not a smoking gun,” Scott Petry, a network security analyst with Authentic8, told the network. “There are products today that will route traffic through IP addresses around the world.”
The FBI also points to malware used in the Sony attacks. Strings of that code, the feds say, are identical to those used in previous attacks known to have been carried out by North Korean hackers. Perry says that doesn’t mean anything either. Malware gets recycled by hackers all the time. “It’s like saying, ‘My God, this bank robbery was conducted using a Kalashnikov rifle — it must be the Russians who did it!'”
US government officials told the media that they found communications between the hackers that indicated their language of origin was Korean, and other experts say that conclusion is tentative and premature at best.
“Although it’s possible that these messages were written by people whose native language is Korean, it is far more likely that they were Russians,” said Shlomo Argamon, computer science professor at the Illinois Institute of Technology and chief scientist with Taia Global, after examining the writing style.
Finally, there’s the motive problem, as Wired puts it.
We’ve been told that the hacks were carried out on the order of a petulant dictator out to censor a film that disrespected his majesty, Seth Rogen and James Franco’s assassination comedy “The Interview.” But the demands of the hackers seem to align closer to a financial shakedown. Russians, then? In particular, the demands that Sony “pay proper monetary compensation” or face further attacks, points to someone other than a nation-state. Plus, for what it’s worth, North Korea has angrily denied involvement.
So if it wasn’t North Korea – or more accurately, if the US government isn’t 100% certain that it was North Korea – what are they saying that it was – or more accurately, that they are 100% certain that it was?
Robert Graham, CEO of Errata Security, speculated to Wired that a political hack within the FBI “wanted it to be North Korea so much that they just threw away caution.” Once the Obama administration repeatedly told the media that they knew it was North Korea, that became an official narrative that could never be walked back. “There’s this whole groupthink that happens, and once it becomes the message, it’s really hard to say no it’s not this.”
We have seen government groupthink before.
Within hours after the first plane hit the World Trade Center on September 11, 2001, network anchors and US government officials alike were openly jumping to the conclusion that Al Qaeda under the leadership of Osama bin Laden had to be responsible. As with the Sony hacks, what began as pure speculation based on circumstantial evidence – the theatrical nature of the attacks, their simultaneity and so on – soon became an official narrative that no one ever dared question, even when bin Laden denied responsibility (he had, on the other hand, claimed to have been behind the 1998 bombings of the US embassies in East Africa).
There are two parts of the equation here: responsibility and certainty. Who did it? How sure are we?
The FBI appears to be playing fast and loose with the latter question, much in the way that the Bush administration claimed to have been certain that the government of Iraqi dictator Saddam Hussein possessed weapons of mass destruction during the 2002-2003 run-up to the invasion of that country. The lie was not in claiming that Saddam possessed WMDs. The lie was claiming to be sure.
Bin Laden may well have been the sole financier and leader of the 9/11 plot, just as the North Korean government could be responsible for the Sony hacks. In both cases, however, a rush to judgment in anticipation of the facts may prevent some or all of the truth from ever coming to light. In the 9/11 case, for example, considerable evidence points to Islamic Jihad, a radical organization based in Egypt, as well as Saudi financiers. Pinning the blame exclusively on bin Laden and Al Qaeda let those guilty parties escape investigation, and perhaps punishment.
Similarly, the FBI’s premature passing of blame on the government of President Kim Jong-un could be muddying the waters, thus allowing the actual responsible parties to continue their activities and setting the stage for their next hack attack. Not to mention, is it really a good idea to antagonize a paranoid, nuclear-armed adversary that is already convinced the US intends to invade and occupy it, by falsely accusing them?
It would be nice, though perhaps too much to ask, for the United States government to seek the truth in a calm, deliberative manner. The media can wait after an attack to learn who’s to blame. So can we.