Today the FBI pretty much confirmed that North Korea hacked Sony’s servers. Having read a few summaries of their findings, I am skeptical. My skepticism is based on nearly four decades of working with computers including writing many thousands of lines of code. For 13 years I ran a small software development house. I’ve been around the industry quite a bit. But it’s the economist in me that gives me skepticism.
The FBI report made three main points according to several reports (this one from the Daily Beast):
- Similarities in the data-deletion malware and other malware that the FBI knows North Korea previously developed. Specific lines of code, encryption algorithms, data deletion methods, and compromised networks are among the details.
- Significant overlap between the infrastructure used in this attack and other malicious activity the U.S. previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
- The tools used in the Sony attack have similarities to a cyber attack in March 2013 against South Korean banks and media outlets carried out by North Korea.
The second point is the most telling. IP addresses were hard-coded into the software. This is never, ever done by any reputable programmer. Unless the North Koreans were blatantly advertising their actions — not at all out of the question — there is no reason to do this. But it makes me suspect that perhaps someone else did the hack and used this to point toward North Korea.
The other two points are equally suspect. “Similarities” to methods used years ago mean those techniques are also “easily copied.”
Finally, the FBI’s reliance on geographic locations of IP addresses is laughable. Anyone can spoof an IP address. (Heck, I could do it, but I don’t because I believe in transparency and am opposed to internet anonymity in most cases.) Frankly, that statement only makes the FBI look ignorant (to put it politely).
I have to add a couple of disclaimers. First, there is almost certainly evidence that the FBI did not release. I haven’t seen it (obviously) so I can’t use it here. Second, it is entirely possible that the North Koreans wanted the world to know what they did to Sony. Kim Jong Un appears to be irrational. That means my analysis here should be taken with a large hunk of salt. (Speaking as a student of game theory, I can attest to the usefulness of sometimes appearing to be crazy.)
On the other hand, you could just read my RedState colleague Steve Berman’s take on the situation: it’s a real estate deal.