17 Dec 2014

The hack, the film, its studio and North Korea – are they related?

News that a major US cinema chain has cancelled plans to show The Interview has once again thrown the hacking of Sony into the limelight.

The film, a comedy about a plot to kill the North Korean leader, has been touted as the reason why a hacker group calling itself The Guardians of Peace broke into the entertainment giant’s network, stealing swathes of sensitive data.

The evidence is still not conclusive; here’s how the arguments stack up on either side.

Why North Korea was behind the Sony hack:

–    Months before the hack North Korea’s leader Kim Jong Un used the country’s state-run news agency to call The Interview a “wanton act of terror” and threatened “merciless” retaliation.
–    The malware used has been identified by Kaspersky as Destover, the same malicious software that targeted banks and military systems in South Korea, an attack blamed on North Korea by its Southern neighbour and christened “Dark Seoul”.
–    The malicious software was built on a Korean-language computer according to one security researcher
–    In both the Dark Seoul attack and the Sony hack, victims’ computers displayed a warning image depicting a skeleton; the same font and colour was used in the text.

Why North Korea wasn’t behind the Sony hack:

–    Destover has the ability to wipe any computer it lands on. If North Korea really wanted to damage Sony it could have inflicted far more damage, which is what happened to Saudi Arabia’s national oil firm two years ago.
–    The Saudi attack wasn’t widely blamed on North Korea, so it’s clear that Destover is not used solely by North Korean hackers.
–    North Korea has denied any involvement in the attack, and even the FBI doesn’t see any connection.
–    Nation-state hackers don’t court this much publicity (the more attention you attract, the more of a target you become for counter-attacks). High profile tactics like this have generally been the tool of hacktivist groups like Anonymous, or aggrieved employee (an option reportedly being explored by Sony)

So much for the alternative endings, now for the out-takes:

–    Two former employees are taking legal action against Sony for allegedly letting their data fall into the hackers’ hands
–    Sony has warned publications about using documents obtained in the hack, and a security researcher working on the documents has reportedly been visited by the FBI.
–    If the hack was meant to sink the film, it may have backfired spectacularly. Not only has it received massive publicity, but there is now a free speech campaign to go see the film backed by, among others, the producer of The 40-Year-Old Virgin.

And let’s not forget that little scene that pops up after the credits to send you home on a high: there are reports of a plan to send DVDs of The Interview into North Korea using balloons.

Follow @geoffwhite247 on Twitter