UCSB Group Suggests Sony Cyberattack Not Committed By N. Korea

January 6, 2015 at 7:20 am by Josh Ortiz

Photo Courtesy of Spencer Bruttig

Researchers of the Computer Security Group at UCSB have recently suggested that the Nov. 24 cyberattacks on Sony Pictures were not committed by the state of North Korea, as claimed by the United States Federal Bureau of Investigation (FBI).

Right before this past Thanksgiving holiday, a group of hackers attacked Sony Pictures with a breach that took more than 100 terabytes of data from employees’ computers and planted a virus designed to erase data from the servers, followed by a threat on Dec. 16 attributing the attacks to the soon-to-be-released comedy “The Interview,” which satirized North Korean leader Kim Jong-un. Since the threats, the FBI has alleged that North Korea is behind the Sony hacking and has imposed economic sanctions in response to the alleged attacks.

Computer Science professor Giovanni Vigna, who is a faculty member at the university’s Computer Security Group, a research program dedicated to detecting and preventing computer hacking, said he does not agree with the FBI’s allegations claiming that the state of North Korea is responsible for Sony hacking.

“It doesn’t sound like a nation state attack,” Vigna said. “There’s no evidence for it.”

According to Vigna, a nation state attack would have been more clandestine than the Nov. 24 hacking, and furthermore it involves sophisticated computer hacking knowledge that he claims the North Korean government does not have.

“Usually a nation state [attack] is a very targeted attack,” Vigna said. “Their whole goal is to keep silent and to gather intelligence.”

Vigna said the attacks on Sony were more characteristic of cyber-hacking youth than of a nation state in that the hackers acted openly and leaked the personal e-mails of Sony executives to the global public arena, giving themselves the penname “Guardians of Peace” or “GOP.”

“It’s not like nation state hackers are acting like teenagers,” Vigna said. “Accessing the emails of Sony executives? It’s silly. Who cares about it?”

Computer Science Ph.D. Candidate and Computer Security Group Researcher Yanick Fratantonio said the FBI has accused the state of North Korea of the cyberattack because of the hacker’s use of IP addresses related to well-known proxies. However, Fratantonio said the IP addresses stand as insubstantial evidence for North Korea to be the culprit because, according to him, virtually anyone can access those IP addresses.

“[The IP addresses] are open addresses that me or you can use,” Fratantonio said. “Using this as evidence is not enough to say these guys are North Korea.”

Computer Science Department Research Assistant Fish Wang said the state of North Korea was not involved in the cyberattacks because the country does not have the proper infrastructure necessary for the team of hackers that would be required to perform the Sony cyberattack operation.

“Most people inside North Korea don’t even have access to global Internet,” Wang said in an e-mail. “They don’t have the proper environment to forest good hackers.”

However, Wang said it is possible that North Korea may have still been involved in the cyberattacks by paying hackers from other countries or working with the original hackers following the initial hack in November.

“North Korean government may pay some people in other countries to hack Sony,” Wang said, “or some hackers already compromised Sony and then contacted North Korean people and sold necessary login credentials or information to them.”

Despite these possibilities, Vigna said it is more likely a group of individuals who held grievances against Sony took charge of the hacking than the state of North Korea. Vigna also said it could have also possibly been a group of teenagers who took charge of the hacking.

“If I had to make a bet, that would be my bet,” Vigna said.

According to Fratantonio, preparation for future hackings like the one Sony experienced requires more computer security research to be conducted, which is what he said he and his colleagues at UCSB are continuously working on.

“There’s no final answer for [how to prepare for hacks], or else I wouldn’t have job,” Fratantonio said.