The controversy started late on Friday when the FBI published a statement blaming North Korea for the Sony data breach, which has resulted in the cancelation of the cinema release of The Interview comedy film, the leak of five movies as well as data loss including emails and thousands of employee records.
The FBI said that North Korea was behind ‘destructive' malware that rendered ‘thousands' of Sony Pictures inoperable, forcing the firm to take its entire computer network offline.
“As a result of our investigation, and in close collaboration with other US government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the agency said at the time.
The FBI further notes that this conclusion was based on technical analysis of the data deletion malware used – which bore similarities with other malware ‘the FBI knows North Korean actors previously developed'. In particular, there were similarities in the code, encryption algorithms, data deletion methods and compromised networks.
In addition, the IP addresses linked back to known North Korean infrastructure, and are thought to have been involved with previous cyber-attacks on South Korean banks and media outlets.
“North Korea's actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves,” reads FBI's note. “Such acts of intimidation fall outside the bounds of acceptable state behaviour. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”
A day later and President Barack Obama followed suit in an interview with CNN, in which he said that while North Korea was to blame, he did not believe that it was “an act of war.” He added that the administration would respond “proportionately” to the cyber-attack, which could see North Korea being put back on the country's list of terrorism sponsors.
"I'll wait to review what the findings are," said Obama in the interview.
But North Korea bit back over the weekend by issuing a long statement warning the US against strikes against the White House, Pentagon and “the whole US mainland.”
"The army and people of the DPRK [North Korea] are fully ready to stand in confrontation with the US in all war spaces including cyber warfare space," reads the statement, which was published by the official Korean Central News Agency.
"Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole US mainland, the cesspool of terrorism, by far surpassing the 'symmetric counteraction' declared by Obama."
Finally, the statement said it was “not aware” of where the Sony hackers were, although it has previously said that they were “highly righteous” for the attack, which is widely-believed to be in retaliation for The Interview, a comedy in which two journalists set off to kill North Korean leader Kim Jong-un.
Digital forensics expert and white-hat hacker Jonathan Zdziarski told SCMagazineUK.com that attribution remains difficult, despite FBI's insistence that this attack is the work of North Korea.
“Right or wrong, FBI are not what most would consider the authoritative cyber-security experts. I'd listen to what the professionals are saying – but we also don't know all the details.”
“From what I've read so far, FBI's entire story is based on exploit code (which can be stolen and repurposed) and IPs (weak),” he said, adding that most of the country's bandwidth goes through China ‘which is more believable as a source'.
The Chinese foreign ministry said on Monday that the country “opposes any country or individual using other countries' domestic facilities to conduct cyber-attacks on third-party nations,” according to a Reuters report. Chinese Foreign Minister Wang Yi told U.S. Secretary of State John Kerry that “China opposes all forms of cyber-attacks and cyber terrorism.”
Adrian Culley, an independent cyber-security consultant and a former Scotland Yard cyber-crime detective, said that the FBI must have more information to conclude that North Korea is the threat actor.
“Attribution in cyber investigations is, at best, always difficult. Other corroborating evidence is generally needed, and not always easily available, to connect things cyber to the physical world,” he told SCMagazineUK.com.
“The evidence in the FBI statement regarding the Sony cyber vandalism incident, as currently released, is tentative. For the US Government to level these politically sensitive allegations against North Korea, which I cannot believe has been done lightly, they must have sensitive information, intelligence and/or evidence other than what has been so far published," added Culley.
"There are perennial issues in converting sensitive intelligence into criminal evidence. It is for good reason the most Democracies keep intelligence and law enforcement agencies separate."