The hacking of Sony Pictures Entertainment in late November 2014 has generated a new clash between the United States and North Korea, a furor over what by most accounts is a very bad film, a huge number of articles – for a selection of over a hundred see here – and it must be admitted a certain amount of entertainment, tempered by concern. The incident has breached a number of barriers. It is the first time the U.S. has made an assassination film, and a comedy at that, about a living foreign leader, rather than fictional one. It is the first time that the U.S. has formally accused another state (as opposed to foreign nationals) of a cyber-attack. It may be the first time that the U.S. has refused to confirm or deny a cyber-attack on the institutions of a foreign government.
And it is the first time that there has been such a surge of expert dissension and scepticism. Usually when there is a stoush between the U.S. and a foreign country – not an unusual event it itself – the “experts” and the mainstream media stand pretty firmly behind the government. The official line is received wisdom, incontestable, not to be seriously challenged but to be regurgitated with variation. True, a few “respectable” voices have been raised questioning the government narrative over the Ukraine, Russia and Vladimir Putin and reported in the mainstream press: John J. Mearsheimer in Foreign Affairs, former Republican presidential candidate Ron Paul and the occasional journalist – Eugene Robinson and Katrina vanden Heuvel in the Washington Post, Patrick L. Smith in Salon. However, in general the “experts” have stood in solidarity with the administration, frequently offering advice how to deepen the crisis; for instance Michael Weiss in Foreign Policy advising “How to Kneecap the Thug in the Kremlin” (it’s not only the North Koreans who use intemperate language).
How different things are with the Sony hack. Here the prevailing opinion amongst cybersecurity experts seems to be that North Korea was not involved. They tend to be too polite to suggest that the U.S. government is actually lying, though that is often the unstated implication. And the word “Iraq” is occasionally mentioned. Why the difference? It is not that the government evidence in this case is particularly shonky; it is rather that these experts in general have a different relationship to the government, and the state, than those in international relations and they approach the available facts (and the supressed ones) more critically. A good example of this “clash of civilizations” is provided by James A. Lewis , formerly in the Foreign Service, now at CSIS, who laments that “The real issue is lack of trust in the government.” Exactly.
There has been an explosion of articles, some quite technical, on the incident so it is not possible to go into them in detail. A useful chronology of the incident is given by Gary Leupp. However a few headings give a reasonable picture of what is being said, and perhaps even more important, where the doubts and alternatives are being reported.
Foreign Policy: Was the Sony Hack an Inside Job?
The Washington Post: Why North Korea may not be behind the Sony hack
The Christian Science Monitor: Security experts: FBI report light on evidence linking North Korea to Sony hack
DefenseTech.org: Experts: North Korea May Not Have Hacked Sony After All
And there are many more. Some media, such as Fox News, may well be driven by hostility to Barack Obama rather than a disinterested pursuit of truth, but surely this volume of skepticism about a government pronouncement is unprecedented.
The LA Times notes that “It’s also proper to note that disdain for the FBI – indeed, for the government in general – runs deep in this community.” On December 19 the FBI released its verdict that “the North Korean government is responsible” and based its conclusion, in part, on three aspects – malware, IP addresses and similarity with a “cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.” The in part” of course carried the implication that it had really damning evidence which “… the need to protect sensitive sources and methods precludes us from sharing.” Some, especially those with government contracts, bought the hidden smoking gun story but many did not. Jack Goldsmith, writing in Lawfare from the Brookings Institution made the legal case:
But if protection of “sources and methods” prevents the United States from publicly revealing a lot more evidence, including intelligence beyond mere similar characteristics to past attacks, then there is no reason the rest of the world will or, frankly, should believe that a response on North Korea is justified. … Even if the attribution problem is solved in the basement of Ft. Meade and in other dark places in the government, that does not mean the attribution problem is solved as far as public justification – and defense of legality – is concerned.
The cybersecurity experts had a field day with the public FBI evidence, agreeing that it proved nothing perhaps beyond the agency’s incompetence. Marc Rogers, for instance
Furthermore, to imply that some addresses are permanent fixtures used by North Korean hackers implies a fundamental misunderstanding of how the internet works and in particular how hackers operate….
So in conclusion, there is NOTHING here that directly implicates the North Koreans. In fact, what we have is one single set of evidence that has been stretched out into 3 separate sections, each section being cited as evidence that the other section is clear proof of North Korean involvement. As soon as you discredit one of these pieces of evidence, the whole house of cards will come tumbling down.
Some were ruder. On malware:
But some have noted that the malware code has already leaked and is used by others, meaning its use in this attack doesn’t necessarily point to North Korea.
“It’s kind of like saying the bank robbers used a Ford Focus as a getaway car. Your grandmother uses a Ford Focus. Therefore, your grandmother is the bank robber,” Stammberger said.
The most likely explanation is that the hacking was done in collaboration with disgruntled former employees, with no connection with North Korea.
For Sony the attribution to North Korea was a godsend. It diverted attention from the embarrassing emails the hacking had revealed. It might well provide legal protection against the resulting lawsuits. It also rescued The Interview. Not merely was the film savaged by the critics but it appears from the emails that Sony, and its offices around the world, realized that it was awful. However, the publicity and Obama’s call not to be bullied by a dictator led to many gullible Americans paying money to see it, thinking that they were defending free speech.
The hackers are off the hook. Although the FBI claim that the investigation is ongoing it is unlikely that it will be vigorously pursued; a court case in which it was revealed that there was no connection with North Korea would be a big embarrassment.
For North Korea, which has denied the allegations, and has proposed a joint investigation –arrogantly dismissed out of hand by the U.S. – there is some consolation in the affair. Although it has suffered cyber-attacks, and sanctions, it does mean that it will no longer be seen as easy meat when Hollywood casts around for foreign villains. The Soviet Union is gone, China is too big a movie market to insult and North Korea seemed to fit the bill. Witness the transformation of the villains in the film Red Dawn from Russians, to Chinese, to Koreans. North Korea may not have hacked Sony, but if the industry thinks it did, then it is likely to play safe and look for less dangerous targets. For Sony, the productions costs, and the hack, were sunk costs and so it could go for broke, exploiting patriotic fervour. For new ventures the calculation will be different; look out for the return of the aliens.
But what about the White House? The possible advantages and probable disadvantages and dangers of the U.S. government’s involvement in the Sony affair are of a different order of magnitude and will be discussed, as they say in serials, in the next installment.
Picture: Eric Lafforgue
Join the influential community of members who rely on NK News original news and in-depth reporting.
Subscribe to read the remaining 1472 words of this article.