Some experts doubt DPRK as source of Sony Pictures hack
Even after Washington pointed the finger at the Democratic People's Republic of Korea for a massive cyberattack on Sony Pictures, some experts say the evidence is far from clear cut.
US President Barack Obama earlier this month took the unusual step of naming the DPRK for the crippling attack, while promising that the United States would "respond proportionately" after the FBI said evidence pointed to Pyongyang.
But a number of cybersecurity specialists argue that links to the DPRK are uncertain, and that some evidence leads elsewhere.
"I'm skeptical about the claim," said John Dickson, a former air force intelligence officer who is now a partner in the cybersecurity firm Denim Group.
The DPRK "certainly have the will to poke us in the eye" but "don't have the critical mass skills" to carry out an attack of this kind, Dickson said.
Security technologist Bruce Schneier of Co3 Systems, also a fellow at Harvard's Berkman Center, said he also doubts the role of the DPRK.
"The truth is we don't know," he said. "There are facts that are classified and not being released."
'Pretend we know'
Schneier added that "even if we don't know (who is responsible), it makes sense for us to pretend we know because it serves as a warning to others".
In a blog post, Schneier said that "clues in the hackers' attack code seem to point in all directions at once... this sort of evidence is circumstantial at best. It's easy to fake, and it's even easier to interpret it incorrectly."
The DPRK has been seen as the source of the malware, presumably due to anger at the cartoonish portrayal of the nation in the film The Interview.
But a linguistic-based analysis of the malware by the Israeli-based security firm Taia Global said the native language of the hackers appeared to be Russian, not Korean.
The study concluded that the software authors were not native English speakers, and that the translation errors pointed away from the Koreans.
Security experts note that it is relatively easy for hacker to route their attacks through third parties to fake their location and that is nearly impossible to conclusively show the source of an attack.
And Dickson notes that Washington is unlikely to reveal its intelligence sources in the Sony case "because the next set of attackers would change their tactics" to avoid detection.
Other experts argue that the Obama administration would not publicly name the DPRK unless it had solid evidence.
"I'm amazed that people continue to have doubts," said James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies. "People love conspiracy theories."