Evidence released by the Obama administration pointing to North Korea as the culprit behind the cyberattack on Sony Pictures Entertainment is hardly conclusive, a number of private security researchers told The New York Times.
Last week, both President Obama and the FBI accused North Korea of hacking Sony’s computer systems.
Obama said he would take action, pledging a “proportional response” a few hours before North Korea’s Internet went offline.
North Korea denies any involvement in the Sony hack, called Obama “a monkey” and accused the U.S. of shutting down its Internet.
Breitbart News reports that “computational linguists at Taia Global, a group of cyber security consultants, performed a linguistic analysis of online messages from the Guardians of Peace, and concluded that, based on translation errors and phrasing, the group is more likely Russian than Korean.”
The Obama administration alleges that the cyberattack against Sony was in retaliation for “The Interview,” a comedy film depicting a satirical plot to assassinate Kim Jong-Un, North Korea’s leader.
“Security researchers remain skeptical, with some even likening the government’s claims to those of the Bush administration in the build-up to the Iraq war,” reports The New York Times.
The article adds:
“Fueling their suspicions is the fact that the government based its findings, in large part, on evidence that it will not release, citing the ‘need to protect sensitive sources and methods.’ The government has never publicly acknowledged doing so, but the National Security Agency has begun a major effort to penetrate North Korean computer networks.”
Security researchers suggest more proof is necessary to make a conclusive determination on who was behind the cyberattack.
“Essentially, we are being left in a position where we are expected to just take agency promises at face value,” Marc Rogers, a security researcher at CloudFlare, a top mobile security company, wrote in a Dec. 24 post for The Daily Beast. “In the current climate, that is a big ask.”
“Mr. Rogers, who doubles as the director of security operations for DefCon, an annual hacker convention, and others like Bruce Schneier, a prominent cryptographer and blogger, have been mining the meager evidence that has been publicly circulated, and argue that it is hardly conclusive,” notes the Times.
The article points out that some private security researchers do support the government’s claims.
“CrowdStrike, a California security firm that has been tracking the same group that attacked Sony since 2006, believes they are located in North Korea and have been hacking targets in South Korea for years,” reports the Times.