Well even after all the brouhaha about the FBI report coming out and (sorta) proclaiming that North Korea was responsible for the Sony Entertainment compromise, which most of the infosec community thought was bullshit from the start, they seem to be walking this back now. This is not surprising considering the evidence that has been presented to the contrary by many respected researchers in the field. On the other hand, a great many people do find this surprising, now why is this, which is the real question…
The real reason why this is surprising to so many people is many fold. First, most of us find it easy to think of North Korea as the “bad guy” just because of their past and current social and political status in the world. No one would ever argue that North Korea is not a bastion of anything other than the suppression and cruelty towards their own people and anyone they could potentially force their will upon (which sadly is only their own people). Second, as of late, they have been flexing what weak muscles they have towards Japan (hiding under the skirt of China since there is no love lost there) with missile tests and the like. And third, well, we all like bad guys being bad guys, it’s just so much simpler when the people we think are bad are, well, acting badly.
This is the perfect formula for a nice tight story, with backup that most people don’t understand, nor really care to for that matter, other than the word of our government, which, ironically, most people don’t trust to begin with! Strange bedfellows indeed! But a great formula for deceiving the masses through the attribution of ignorance. And I do not blame the masses for this, I blame the government (and most of the media) for this, as they are the ones that are attempting to take advantage of people that don’t know any better. Most people don’t know, nor should be expected to know how “sophisticated” cyber-attacks occur, after all, we pay experts to take care of this, right? I’m not trying to go all conspiracy theory on this breach, but the foundation is perfect for laying the blame wherever it’s convenient, especially considering the lack of understanding by most normal folks in society.
Fortunately, we have a lot of very talented and well-meaning people out there that know enough about attacks like this and have the balls to speak out about the research they have done on their own, without any compensation other than wanting to know the truth of the matter. The consensus, even before the FBI even floated their weak hypothesis, was that this attack never originated from North Korea. And now, through this pressure of wanting the “facts” revealed, the FBI is walking back their initial position that this was the work of the North Koreans, which even North Korea denied (which should tell you a great deal, since, as crazy as they are, would take credit for anything if it made them look good).
But enough of that for now…
So some might say it might have been Sony to help push their movie and whatever else. That’s just really crazy talk considering the money they spent on making the movie, not to mention the huge liability their responsible for at the moment, cyber-insurance notwithstanding. So the Sony Entertainment Corporation is out of the running, other than the fact that they obviously have some major security issues that were never addressed.
So who actually breached Sony and why? Well that is the real question isn't it? We can all speculate, from people with an informed perspective or people just being couch quarterbacks, but so far, no one has actually identified a person(s) or group that has left a traceable path of evidence. One group has claimed responsibility for the breach and despite all their threats, other than some data leaks, hasn't produced anything other than smack talk.
So I’ll just leave this out there for everyone to think about, especially since I know I am talking to a limited and intelligent audience; Sony is being hush-hush about this, which is to be expected, the Incidence Response firm will be shackled by NDA’s so no information will come from them and the government has now been discredited from their initial proposition by people that actually know what they’re talking about. But you know the FBI has talented people too, so that might just mean that they are hiding something, which is not unusual, but for what reason? And that is the real question isn't it?
Throughout this whole debacle there is one conclusion can definitely be drawn from all of this though and that is, attribution is now a weapon.