3 Reasons Security Experts Are Unconvinced North Korea Was Behind Sony Hack

Hackers “had extensive knowledge of Sony’s internal architecture and access to key passwords,” writes one renowned security expert who thinks an “insider” may be to blame

The U.S. government accused North Korea of carrying out vicious hacks against Sony Pictures Entertainment on Friday. But several cyber-security experts and hackers are unconvinced there’s evidence to indict Kim Jong-un’s regime.

President Barack Obama, Secretary of State John Kerry and the Federal Bureau of Investigation are confident the Democratic People’s Republic of Korea is responsible for the breach, which resulted in gigabytes worth of leaked private data and the shelving of Seth Rogen and James Franco‘s assassination comedy “The Interview.”

But skeptics say North Korea may have been framed. Here are three of the leading reasons:

1) The Guardians of Peace did not mention North Korea or “The Interview” in the group’s initial threat.

The hackers released many gigabytes worth of stolen, private data since penetrating Sony’s defenses on Nov. 24. But neither the country of North Korea nor “The Interview” were explicitly referenced in the hackers’ original message, which began:

“We’ve already warned you, and this is just a beginning. We continue till our request be met,” the text began. “We’ve obtained all your internal data including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.”

The threats were written in broken English and North Korea had condemned “The Interview” in a July letter to the U.N. Secretary-General, so the country was quickly mentioned as a potential suspect in various media reports.

2) The FBI’s (publicly released) evidence against North Korea leaves room for reasonable doubt.

After examining the malware used to infiltrate the studio, the FBI said it found similarities between that software and software used in previous cyber-attacks carried out by North Korea — “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”

But Jack Goldsmith, a Harvard Law Professor who serves on the Hoover Institution Task Force on National Security and Law, thinks the evidence is unconvincing.

“It is at least possible that some other nation is spoofing a North Korean attack,” he wrote Friday on the national security blog Lawfare. “For if the United States knows the characteristics or signatures of prior North Korean attacks, then so too might some third country that could use these characteristics or signatures.”

3) North Korea is not the only player with a motive.

With Rogen and Franco plotting to kill North Korea’s dictator in “The Interview” it is easy to imagine why the country might want to stall the film’s release. But “White hat” hacker Marc Rogers and frequent speaker at the DEF CON Hacking Conference thinks a former Sony employee might be responsible. He thinks it’s more reasonable to assume an insider helped carry out the attack.

“It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords,” he wrote Thursday on his blog. “While it’s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of an insider.”

The federal government remains confident in its claim, however.

“As the FBI and the President and everyone has now made clear, we are confident the North Korean Government is responsible for this destructive attack. We stand by this conclusion,” Marie Harf, Deputy Spokesperson, U.S. Department of State, said during her Monday briefing. “The Government of North Korea has a long history of denying responsibility for destructive and provocative actions, and if they want to help here, they can admit their culpability and compensate Sony for the damage that – damages that they cost.”