Executive Intelligence Review
Subscribe to EIR


Cyber Security Expert Rejects ‘North Koreans Did It’ Story

Dec. 26, 2014 (EIRNS)—Marc Rogers, who describes himself as "the director of security operations for DEF CON, the world's largest hacker conference, and the principal security researcher for the world's leading mobile security company, Cloudflare," wrote a piece in the Daily Beast on Dec. 24 titled "No, North Korea Didn't Hack Sony." He says that despite the FBI's claim that it has secret evidence to back its charge that North Korea did it, his experience gives him credibility to refute its claim. He says that "almost all signs point in another direction," likely a disgruntled Sony employee.

In brief, Rogers argues that the FBI claims that malware found in the course of investigating the Sony hack bears strong similarities to malware found in other attacks attributed to North Korea. "This may be the case," he argues, "but it is not remotely plausible evidence that this attack was therefore orchestrated by North Korea.... Even if these prior attacks were co-ordinated by North Korea—and plenty of security experts including me doubt that—the fact that the same piece of malware appeared in the Sony hack is far from being convincing evidence that the same hackers were responsible.... Just because two pieces of malware share a common ancestry, it obviously does not mean they share a common operator."

The FBI's second justification for its charge "is even more flimsy," Rogers says.

"What they are saying is that the Internet addresses found after the Sony Picture attack are known addresses that had previously been used by North Korea in other cyberattacks. To cyber security experts, the naivété of this statement beggars belief. Note to the FBI: Just because a system with a particular IP address was used for cybercrime doesn't mean that from now on every time you see that IP address you can link it to cybercrime.... It isn't the IP address that the FBI should be paying attention to. Rather its the server or service that's behind it."

Rogers analyzes the command and control addresses in the malware used in the attack, and finds that "they have been used by malware operators in the past." He add that we are thus "left in a position where we are expected to just take agency promises at face value. In the current climate, that is a big ask."

Evidence to the contrary is significant, he writes. The film attacking North Korea never came up in the hacker's e-mails until the government and the media focussed on it. The hackers "had extensive knowledge of Sony's internal architecture and access to key passwords," implying an inside job, since it could only have been obtained by North Korea through a long and difficult process. Also, he adds: "You don't need to be a conspiracy theorist to see that blaming North Korea is quite convenient for the FBI and the current U.S. Administration."