Euro Security Watch with Mathew J. Schwartz

Sony Hacking Is a Hollywood Blockbuster But North Korea Not to Blame, Despotic Regime Claims

Don't blame North Korea for the Sony Pictures Entertainment hack. So claims a diplomat for the dictatorship that refers to itself as the Democratic People's Republic of Korea. "Linking the DPRK to the Sony hacking is another fabrication targeting the country," the official tells Voice of America, speaking on condition of anonymity. "My country publicly declared that it would follow international norms banning hacking and piracy."

See Also: Creating a User-Centric Authentication and Identity Platform for the Healthcare Industry

After days of silence - and speculation - that's the first official denial from North Korea, after suggestions that it launched the Nov. 24 attack using "wiper" malware known both as "Destover" and "Wipall," which was built to delete data from PC and file-server hard drives at Sony Pictures Entertainment. Attackers also stole and have begun releasing many gigabytes - and potentially terabytes - of Sony data.

Somebody ought to make a movie about this. 

Sony has yet to respond to my requests for comment, or issue a definitive, public statement on the attack, for which a group calling itself the Guardians of Peace, or G.O.P., has claimed credit.

Earlier this week, re/code - a news site affiliated with CNBC - reported that Sony was set to announce that it had been hacked by North Korea.

But a Sony official later dismissed that report. "The investigation continues into this very sophisticated cyber-attack. The re/code story is not accurate," a Sony Pictures Entertainment representative told the Associated Press.

Wiper Malware: The Korean Connection

The North Korean suspicions were sparked by Destover/Wipall having been built using some Korean-language tools, according to a related, Dec. 2 "FBI Flash - Destructive Malware" warning. Some digital forensic investigators hired by Sony have allegedly also seen similarities between the malware and the attack code used in the 2013 "Dark Seoul" incidents, for which North Korea has been blamed.

Another potential link is the Sony film The Interview, due out Christmas Day, which centers on a pair of tabloid TV reporters - played by James Franco and Seth Rogen - heading to Pyongyang to interview Kim Jong-un, only to be approached by the CIA to assassinate him instead. North Korean officials in June denounced the comedy, telling the despotic state's own news agency that the film was an "act of war that we will never tolerate," and promising "merciless" retaliation.

The plot continues to thicken. On December 3, G.O.P. leaked internal documents from Deloitte, including salary information for more than 30,000 employees, The New York Times reports. "We have seen coverage regarding what is alleged to be 9-year-old Deloitte data from a non-Deloitte system," Deloitte spokesman Jonathan Gandal tells me. "We have not confirmed the veracity of this information at this time."

Hollywood's Own Cablegate

Remember the 250,000 classified State Department cables released by WikiLeaks? The Sony Pictures Entertainment hack is fast becoming Hollywood's equivalent, as entertainment reporters pore over the leaked materials, which have so far reportedly revealed not just every employee's salary, but a document that Gawker describes as a "25-page list of reasons it sucks to work at Sony," compiled from employees' grievances.

The Guardians of Peace, in a statement issued to The Verge, said that it attacked in response to the "greed of Sony Pictures." But G.O.P. might be pleased to know that, based on the leaks, many Sony Pictures Entertainment employees aren't happy about having to release so many "mundane, formulaic Adam Sandler films" either.

Insiders, Hacktivists

To date, however, Sony has remained almost virtually silent. "Sony is playing catch-up in communications," says the privacy blogger known as Dissent. "It needs to get its PR team in high gear to issue a press release that confirms what it already knows."

From a PR perspective, subtracting North Korea from the breach discussion could be awkward for Sony, says Jeffrey Carr, who heads the threat-intelligence firm Taia Global, because the alternative explanations for the breach center on it either being the work of an insider or a hacktivist. The insider attack "opens a huge can of worms," he says, "because you hired the guy and malicious insiders always, ALWAYS, give early warning signs before they rip you off, which you clearly missed."

Somewhat better in the court of public opinion is the hacktivist attack, which is equivalent to: "Your multi-billion dollar multinational corporation has just been breached by some low-rent kid ... and your CEO looks like a jerk," Carr says. "But at least you can blame someone else."

Coming Soon ...

If there's a silver lining for Sony Pictures Entertainment, perhaps it's that the firm won't have to buy the rights to this year's biggest "ripped from the headlines" computer-hacking story. "Reality is stranger than fiction," Sean Sullivan, a security adviser at anti-virus firm F-Secure, tells me. "Somebody ought to make a movie about this."



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network