This past week FBI director James Comey presented additional evidence to support his assertion that North Korea is behind the recent cyberattack on Sony. Specifically Comey explained that the attackers were using a set of proxy servers to conceal the origin of their online campaign. He also stated that there were isolated instances in which the attackers somehow neglected to use these proxies, thus revealing their actual location:

“Several times either because they forgot or because they had a technical problem they connected directly and we could see them. And we could see that the IP addresses being used to post and to send the e-mails were coming from IPs that were exclusively used by the North Koreans. It was a mistake by them that we haven’t told you about before that was a very clear indication of who was doing this. They shut it off very quickly once they realized the mistake. But not before we knew where it was coming from.”

This new evidence leaves something to be desired. Officials have revealed very little about these IP addresses. How, exactly, did investigators conclude they were exclusively used by the North Koreans? Were the network connections located inside of North Korea or in another country? What sort of devices were using the IP addresses in question?

It’s entirely plausible that the alleged North Korea IP addresses are themselves proxies to provide another layer of obfuscation in a multi-tiered communication channel. Spoofing IP addresses and subverting network devices are de rigueur in the domain of advanced persistent threats. In fact a whole industry has emerged to cater to attackers who want to muddy the water and cover their trails. For example, a company called Ntrepid offers operational “non-attribution” to customers through its Internet Operations Network.

The NSA has gone so far as to develop its own custom tool suite to foil attribution. The spies at Fort Meade have built a covert global infrastructure of network proxies, known as Operational Relay Boxes, which they leverage to conceal clandestine online attacks. Could the NSA have ORBs in North Korea’s networks? Could foreign intelligence agencies have similar proxies located inside North Korea?

Welcome to the wilderness of mirrors that makes tracing cyberattacks so difficult.

Richard Bejtlich, Richard Bejtlich, a former Air Force intelligence officer and the Chief Security Strategist at network security vendor FireEye, disparages naysayers as a bunch of skeptical conspiracy theorists:

“I don’t expect anything the FBI says will persuade Sony truthers. The issue has more to do with truthers’ lack of trust in government, law enforcement, and the intelligence community. Whatever the FBI says, the truthers will create alternative hypotheses that try to challenge the ‘official story.’”

Yet his barbed dismissal raises an interesting point: after all of the shameless lies we’ve been told by high-ranking government officials, it’s not unreasonable to question what they say, particularly in matters regarding national security.

Recall how the NSA vehemently denied being involved in economic espionage, or how Director of National Intelligence James Clapper offered a "least untruthful" statement to the Senate, or how CIA director John Brennan derided Senator Feinstein’s claims of monitoring, or how Obama assured the American public that drone attacks were “precision strikes.” Never mind the hundreds of thousands of Iraqis who perished in the U.S. hunt for alleged imaginary nuclear weapons.

An official like FBI director Comey would never lie, right? The same guy who wants to bring back key escrow encryption and put explicit back doors in high-tech products?

Yes, he would. As Cryptome’s John Young explains, the shroud of official secrecy leveraged so heavily by spy masters poses a fundamental threat to society:

“Secrecy poses the greatest threat to the United States because it divides the population into two groups, those with access to secret information and those without. This asymmetrical access to information vital to the United States as a democracy will eventually turn it into an autocracy run by those with access to secret information, protected by laws written to legitimate this privileged access and to punish those who violate these laws.”

A functioning republic requires well informed citizens who exercise sound judgment. Faced with a litany of national security fabrications it’s the civic duty of citizens to weigh what they’re spoon fed by security services. Secret keepers have a long and storied history of hiding the truth. It would seem that Mr. Bejtlich has shown his colors.

The attack on Sony may very well be the work of the North Korean government. But it might not be. It’s disappointing, but not necessarily surprising, that outlets like the New York Times have not been more aggressive in questioning official statements about the Sony cyberattack and offering a more critical assessment of the facts. The corporate media has maintained long-standing relationships with government spies, which the press often relies on as a source of information. This is something to keep in mind when accusations start flying.