Sony hackingU.S. says evidence ties North Korea to Sony cyberattack

Published 18 December 2014

U.S. intelligence agencies said they have concluded that the North Korean government was “centrally involved” in the attacks on Sony’s computers. This conclusion, which will likely be confirmed today (Thursday) by the Justice Department, was leaked to the media only hours after Sony, on Wednesday, canceled the Christmas release of the comedy — the only known instance of a threat by a nation-state pre-empting the release of a movie. Senior administration officials, speaking on condition of anonymity, said the White House was still debating whether publicly and officially to accuse North Korea of the cyberattack.

U.S. intelligence agencies said they have concluded that the North Korean government was “centrally involved” in the attacks on Sony’s computers.

This conclusion, which will likely be confirmed today (Thursday) by the Justice Department, was leaked to the media only hours after Sony, on Wednesday, canceled the Christmas release of the comedy — the only known instance of a threat by a nation-state pre-empting the release of a movie.

The New York Times reports that senior administration officials, speaking on condition of anonymity, said the White House was still debating whether publicly and officially to accuse North Korea of the cyberattack.

The initial breach of Sony’s systems was an act of cyber theft, but Tuesday’s threat of 9/11-like attacks on moviegoers was an act of terrorism, so charging North Korea with responsibility for the hack would mean that that country was now being charged with being a terrorist entity.

There are other issues which the White House is considering. One is how much of the evidence implicating North Korea in the Sony hack should the United States reveal, because the more detailed the evidence released is, the easier it would be for the North Koreans to figure out how the United States gathered the evidence, and how much penetration the United States has gained into the reclusive country’s computer systems.

The second issue is what the United States can, and should, do in response to the North Korean attack. The North Korean regime is anything but predictable, and the United States should take into consideration the fact that North Korea may decide to escalate the conflict if directly confronted, and use its now-proven cyber capabilities not against a movie studio, but against the U.S. critical infrastructure and financial markets.

The Times notes that while intelligence officials have concluded that the cyberattack on Sony was both state-sponsored and more destructive than any previous cyberattack on American soil, there are still debates in intelligence circles about whether North Korea was helped by Sony insiders with an intimate knowledge of the company’s computer networks.