14 DAY TRIAL // Several media sources report that the US investigators working on the Sony hack case have reached the conclusion that the North Korean government is behind the attack.
The news comes after a message allegedly from Guardians of Peace (GoP), the hackers claiming responsibility for the incident, threatened with 9/11-style violence on theaters playing the comedy “The Interview” if Sony did not stop the release of the movie.
There is no official stance at the moment
CNN and The Wallstreet Journal broke the news on Wednesday, citing official information, both outlets pointing out that the difficult question to answer now is what the US government’s next actions would be, considering that this is an act of aggression by a foreign government.
Evan Perez from CNN says (video below) that it is expected that the US government will make the announcement assigning attribution of the attack today.
New York Times also obtained off-the-record confirmation of this theory, from senior administration officials.
Posted on Pastebin, which publishes snippets of text anonymously, the menacing message from the hackers warned moviegoers to avoid cinemas playing “The Interview.”
“The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time,” the text reads.
However, based on their intelligence, the US Department of Homeland Security did not determine the threat to be credible. President Barack Obama also assured that there was no risk and told ABC News (video below) that citizens should not be alarmed and recommended that “people go to the movies.”
“If we see something that we think is serious and credible, then we’ll alert the public. But for now, my recommendation would be that people go to the movies,” Obama said in the interview.
Important to note is that this recommendation came before Sony decided to cancel the debut of the movie.
Speculation about North Korea has been floated since the beginning
North Korea has been accused of being involved in the attack since the beginning of the investigation, although Pyongyang has denied any implication in the Sony incident, at the same time applauding the initiative of the hackers.
It has also been speculated that GoP benefited from inside help to carry out their data exfiltration activities from the Sony network.
On the other hand, none of the information that reached the public has been confirmed officially, all the details being attributed to “sources familiar with the investigation.”
After having their data wiped from the computers, Sony hired Mandiant, FireEye’s cyber-response division for forensics investigation.
They declined to make any comment on any allegation exposed to the public by media outlets and said they’d been silent since the moment they had been hired.
An analysis from Kaspersky of Destover, the malware used in the incident, pointed out similarities to the malicious file used by the DarkSeoul group in 2013 against South Korean media and banking organizations. At the time, theories about the attacker also implicated North Korea, which would link Destover to the Pyongyang government, were any of the theories confirmed.
Cisco also dissected a sample of Destover and published a technical report on Wednesday, which said that the malware was “poorly written code” and “includes very little obfuscation.”
This contradicts at least one official’s off-the-record opinion cited by The New York Times saying that “this was of a sophistication that a year ago we would have said was beyond the North’s capabilities.”
It is unclear, though, whether they referred to the latest stage of the attack, which destroyed the data on the Sony computers, or to the entire operation, which could have started months earlier with reconnaissance activities and lateral movement on the network.
Report from CNN:
Barack Obama on ABC News:
