Pyongyang is the prime suspect in cyber attacks against the film studio but there are several holes in this theory, argues North Korea Tech

Why North Korea might not be to blame for the Sony Pictures hack

It makes a compelling story.

A month away from the release of Seth Rogen’s new movie The Interview – in which he plays a celebrity reporter sent to North Korea to interview Kim Jong-un and kill him - North Korea is so enraged that it has hacked into Sony Pictures, leaking key titles and threatening to release corporate secrets.

It makes sense because North Korea has previously complained about The Interview to the United Nations on the grounds that it promotes terrorism against the country.

But unfortunately that’s all the supporting evidence there appears to be.

The story began with Re/code, a technology news website, which reported the possibility of North Korean involvement on Friday.

“Sony Pictures Entertainment is exploring the possibility that hackers working on behalf of North Korea, perhaps operating out of China, may be behind a devastating attack that brought the studio’s network to a screeching halt earlier this week, sources familiar with the matter tell Re/code,” the site said.

It went on to say that security experts from outside the company were exploring the theory that the attack, which brought Sony’s internal network to a halt, was linked to The Interview. The source of this theory is unclear.

Over the weekend, the possible link with North Korean was reported by numerous news organisations including Reuters, the Guardian, NBC News, ABC News, CBS News, which asked Is North Korea targeting Sony in cyberwar?, and Forbes, which reported North Korea May Have Leaked Sony Movies Online.

On Monday NBC News reported that the FBI was also investigating last week’s hack, which saw several high-profile movies showing up on piracy sites.

North Korea has been accused of a number of cyberattacks before, most of them targeting South Korean institutions. One of the most disruptive attacks was in March 2013, which took down the internal networks of several major South Korean TV broadcasters and a bank ATM network.

South Korean investigators linked that attack to North Korea, who denied any involvement.

The Wall Street Journal quotes anonymous sources saying that the tools used in that attack were very similar to those used against Sony, but the latest attack has numerous inconsistencies with previous ones blamed on North Korea:

1. Computers at Sony displayed a message threatening the release of internal documents if undisclosed demands were not met. North Korean hackers have never made such public demands before.



2. The message claimed the hack was carried out by “#GOP,” which stands for “Guardians of the Peace”. Attacks linked to North Korea have never included these credits.

3. The attackers posted messages on several Sony Twitter accounts, personally attacking Sony Pictures CEO Michael Lynton – but state media has never singled out Sony executives when criticising the movie.

4. North Korea has never before launched such a targeted and public attack at an institution that angered it – and there have been many in the past.



Of course none of these mean that the country is definitely not involved, but it seems possible that the story is too good to be true.