Cyber whodunnit: North Korea prime suspect but there are many potential culprits

Did they get any Jennifer Lawrence pics? EPA/Rodong Sinmun

The recent cyber attack on Sony Pictures was so extensive there were notices placed on the entrance doors telling staff not to log in to the company’s network when they reached their desks.

Sony’s entire network had to be taken down as the film company tried to deal with a sustained attack by hackers threatening to release sensitive documents to the public unless a ransom was paid. Since then, files and ripped films have appeared online.

The clear-up continues and Sony has employed a leading US cyber-security company to seek out the smoking gun. Meanwhile, speculation is rife as to who was responsible. Conspiracy theories have been fuelled by the FBI, which issued a flash alert, warning that cyber-attackers were launching malware that could destroy whole networks and result in total data loss.

At the moment, any accusations about who carried out the Sony attack are pure speculation. Like a good crime novel, people are combining motive, means and opportunity to identify the culprit.

Motive

That’s how they’ve landed on North Korea. Its motive is rage about a forthcoming Sony film The Interview, which parodies Kim Jung Un. North Korea has already said it considers the release of the film to be an act of war. The national government has also apparently written to the UN secretary-general, Ban Ki-moon, to express its annoyance about the film and has refused to comment when asked if the attack was launched from its shores. All this has been sufficient to convince some people of North Korea’s guilt.

But let’s just take a step back for a moment. Is there really no one else that could have a motive for this attack? What about a competitor? Hiring hacks as a service has become a growing trend and many cyber-criminals even advertise online, offering to do some form of cyber-damage to your commercial competition for the right price. And what about criminals hunting for content they can then pirate? Copyright theft is one of the fastest-growing crimes online – and the financial gains for the criminals are enormous.

Capability

Then comes means. Could North Korea really launch such a sophisticated attack? The short answer is yes. We don’t know for certain but it is indeed possible that it has the capability. The internet has levelled the playing field when it comes to crime and warfare. You no longer need an army, just a relatively small group of skilled people and some cheap hardware to develop malware.

We know that up to 90% of successful hacks involve some form of human failure. It might be that, in this case, someone at Sony made a simple error that let in the attackers. Even technically sophisticated attacks can be carried out by people without much knowledge, thanks to the toolkits available online.

But attacks on the internet have one other feature that conventional physical attacks do not. When you launch your weapon, your victim can – if it has the skill – capture the code and repurpose it to use back against you. Rather like biological weapons, it is dangerous to unleash these weapons because they have a nasty habit of infecting friendly systems, albeit in slightly modified forms.

Remote launch

What about opportunity? Some say that North Korea is so disconnected as a country that it couldn’t launch a cyber-attack on any meaningful scale. This fails to recognise one of the great advantages of launching attacks on the internet – you can do it from anywhere in the world. It’s not like launching a rocket and hoping no one traces it back to its launch point. Many attacks quite deliberately use false flag operations so the person suffering the attack has little chance of using the point of origin to find the attacker.

Worse still, many of us are unwittingly helping attackers by allowing our computers to become part of a botnet which is then used as a platform from which to launch attacks. Nearly all denial-of-service attacks are “distributed” denial-of-service attacks – the flood of data that cripples the victims network comes from many, many machines spread across the globe. That’s what makes then so difficult to combat.

North Korea quite possibly has motive, means and opportunity to carry out this attack on Sony, but as with any successful prosecution, that isn’t enough. We need evidence. We will have to wait for the detailed forensic work to complete before we stand a realistic chance of knowing for certain.

That may or may not be forthcoming, but in the meantime we should consider what this event tells us about the balance of power in cyberspace. In a world in which major disruption can be caused with scant resources and little skill, all enemies are a threat. North Korea might be the rogue state that everyone loves to hate but there are plenty of others who could have done it.

There is no longer a tiered approach of superpowers fighting proxy wars in smaller, developing nations. Now those developing nations can fight back, and you might not even know it was them.

Next read: South Korea’s cyber-war ambitions could backfire badly