In response to threats apparently coming from hackers in North Korea, Sony pictures has withdrawn their movie The Interview from a Christmas release. Several major theater chains had already backed out, and Sony seems to have given in, possibly after being weakened by the earlier release of hacked proprietary data.
I’ve already made it pretty clear in a different context that I’m not impressed with anonymous online threats. However, if Sony has decided to take a hit to their revenue over this movie, my suggestion is that they give the North Koreans a taste of the Streisand effect and release the movie for free online to everyone, thus making it one of the most widely-seen movies of the year. That will teach the North Korean thugs a lesson.
I’m not buying it. I don’t think the Sony hack is a North Korean cyberwar effort, and I don’t think the threats are either. I’m inclined to agree with Marc Rogers that it’s a disgruntled Sony insider.
3. It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as. […]
6. Whoever is doing this is VERY net and social media savvy. That, and the sophistication of the operation, do not match with the profile of DPRK up until now. […]
7. Finally, blaming North Korea is the easy way out for a number of folks, including the security vendors and Sony management who are under the microscope for this. […]
8. It probably also suits a number of political agendas to have something that justifies sabre-rattling at North Korea, which is why I’m not that surprised to see politicians starting to point their fingers at the DPRK also.
Somewhere, I saw that a North Korean defector was claiming the country has a cyberwar team with 1800 people. Maybe. But the North Korean government has a habit of telling lies that make them look good. This could just be someone trying to look important.
Then again, from what we know about the hack, Sony didn’t exactly have a robust security culture, so I don’t suppose it took a huge team to run the attack.
Anyway, for whatever it’s worth, my prediction is that the attacks and threats will turn out to be from somewhere a lot closer to home.