Did North Korea Really Attack Sony? by Bruce Schneier.
From the post:
I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.
Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.
…
I appreciate Bruce linking the haste to blame North Korea to a similar haste on weapons of mass destruction in Iraq. (see also my: Sony, North Korea and WMDs.)
The other interesting point is the mistake on using a standard Korean keyboard, which would not be available in North Korea. The sort of mistake that someone trying to blame North Korea for the attack might make. Can you think of any ham-handed agencies in the United States capable of such clumsiness?
I hope more will become “known” but once the news cycle dies down, the lack of any resolution will pass unnoticed. And why press a weak case? In the public’s mind, North Korea attacked Sony, what more is there to accomplish?
Bruce’s honesty as a technical expert puts him at a disadvantage vis-a-vis the government. Technical correctness, facts, evidence, basic honesty are nice to haves for government sources, but not really necessary.