The United States federal government is guilty of willful neglect in the matter of the Sony hack and the ensuing investigation’s stubborn reliance on the North Korea-as-the-perpetrator strategy.
The Feds continue to stand by their original narrative which was hatched from secretive, cloak and dagger cyber-espionage resources which they are conveniently prevented from detailing at all. In fact, they appear to be hiding behind the wall of putative law-enforcement/intelligence authority which is just one minor step away from tyranny. All we get out of them are vapid generalities about amorphous malware, servers and code which align, supposedly, with previous North Korean hacks (again, allegedly).
In their December 19 statement, the FBI declares, in a statement redolent of corporate boardroom grammatical style:
“As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
- Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
- The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
- Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”
This is vague, scripted fluff that says nothing about exposing the sources of the Sony hacking adventure. I’ve never believed North Korea was the key actor in this script, or that the secretive nation was primarily culpable for the hack. North Korea’s primary involvement is just a talking point that Sony and the United States government have resorted to force feeding down our collective throats.
Rather, I suspect there is a deeper, more malicious series of machinations on cue in this saga that may never be known.
In this video, talking head intelligence regurgitation expert, retired Major General Brett Williams, recites the standard tropes regarding the hack while clearly towing the government line and method which appears to be, “we’ve committed to the North Korea script, we have no relevant basis for this narrative, so we’ll resort to that nebulous no-man’s land of “attribution” or lack thereof…(and besides, what we say goes in the popular dialogue so who can doubt us?)”
At the 8:20 mark, Williams ponders the more grave possibility that would have unfolded if the North Korean hackers had targeted the energy grid, the air traffic system, or a major financial institution. Important stuff. Not a stupid movie studio that was releasing a brainless teen/bro movie. And in so doing, he parroted the agency line which plants the seeds of fear and apprehension, the greatest motivators that make Americans surrender their rights to the wielders of power.
Yes…why didn’t North Korea, with its massive, layered hacking infrastructure that everyone keeps raving about and which the FBI is basing its investigation around, choose to hack something that mattered instead? Sony is in entertainment and toys and television. Trivial stuff. North Korea’s previous nationally-fomented attacks have involved government agencies, banks and television stations. Questionably, more reasonable targets, from the terror perspective. Obviously, Sony presented a good opportunity for a hack; a virgin sacrifice to the cyber gods. What was it about Sony? The answer to this will tell us all we need to know but not all we’ll be told, apparently.
The elusiveness of American intelligence officials in providing verifiable proof or citations for their allegations is troubling. The drivel and empty-headed talking points they’ve provided to the media for Mr. and Mrs. Main Street America only tells us the What, not the How, and if we are to believe they are basing their case on this cited inconclusive historical data which is completely obsolete now since numerous hacking generations have come and gone, (a hacking generation is at most, what…six months?) then surely they are pulling the wool over their own eyes.
But they are not stupid people, and I don’t believe they are pulling the wool over their own eyes, despite the fact they are part of the Federal bureaucracy. Problem is, the North Korea narrative has been sown, early on, by Sony, and now the FBI is engaging in some high level shenanigans involving painting the bulls-eye around the arrow of accusation which slipped out of the bag back in November.
Why does the FBI feel compelled to perpetuate the Sony script?
I’m perfectly willing to buy the intelligence conclusion that North Korea was solely guilty of this hack. It’s no skin off my back, however, please furnish some concrete proof. This is something intelligence can do wisely and discreetly without compromising their investigative assets. They are fully capable of this, but instead they tell us, “technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed.” Oh really…wow, I’m sold, it had to be Pyongyang then! Tacitly accepting this tripe as anything approaching proof of North Korea’s guilt betrays an ignorance of the constantly evolving nature of the hacking dynamo.
If we allow the Feds to slither this investigation through without cynicism and allow them to continue protecting their corporate conglomerate co-conspirators, we, 1) deserve what we get, which are, 2) a protracted series of lies, half-truths and surreptitious behaviors for years to come.
As the digital world pulls the curtains of secrecy back, this will be the New Way: governmental “openness” cloaked in a cushion of nefarious bullshit.