Is N. Korea behind hack?

"The Interview" never had a chance in the busy holiday movie season. Following the release of internal emails, personal health and financial information, and even the leaking of a draft script for the upcoming James Bond film "Spectre," a group calling itself "Guardians of Peace" threatened September 11-style attacks on moviegoers if they went to see the Seth Rogen and James Franco-starring comedy. On December 17 – eight days before its release – Sony Pictures decided to cancel "The Interview," stating it had no plans to release the movie with an estimated $44 million (35 million euro) budget.

US officials have said they are ready to publicly accuse Pyongyang of being responsible. But could the "Guardians of Peace" really be the North Korean government?

Difficult to prove

While North Korea may have been partially responsible for the hack, there isn't enough direct evidence to prove it, according to James Lewis, Director and Senior Fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS) in Washington, DC.

Writing for 38 North, a website focused on North Korean affairs run by the US-Korea Institute at Johns Hopkins University's Paul H. Nitze School of Advanced International Studies, Lewis says some of the code used in the hack was written in Korean, and bears similarities to attacks against South Korean banks and television stations in 2013 and spring 2014. But, he writes, the Sony hackers could also be South Korean, or people who learned Korean to confuse investigators.

Caroline Baylon, a Science, Technology, and Cyber Security Research Associate at Chatham House in London, told DW it would make more sense for North Korea to launch an attack from abroad. "Not only does North Korea have limited Internet connectivity," she says, "but using an actor based abroad makes the attribution process even more difficult."

Others are also skeptical

"I don't think that North Koreans would launch such an attack by themselves," Leonid Petrov, a Korea studies researcher at Australian National University, told DW. He added while the North Korean government may be involved in some way, the damage caused was not within the country's known interests or capabilities.

Limited resources

A cyber-attack might appeal to North Korea because it does not necessarily require a significant amount of resources, explains Amy Chang, the Norman R. Augustine Research Associate at the Center for a New American Security (CNAS) in Washington, DC.

"Asymmetric capabilities such as conducting cyber attacks are an advantageous use of limited resources because they undermine developed and resourceful countries with cheaper and simpler methods that target a company or a government's weaknesses," she told DW. "Cyber attacks that entail infiltrating a network and pilfering data from it only need a single vulnerability to be able to enter the system. Malware can be installed or network access can be granted through something as simple as a spear phishing email or a malicious link."

Increasing capability?

Even if North Korea did not carry out the hack – said to have begun on November 24 when a red, glowing skeleton appeared on screens before nearly 38 million files were stolen – the country has increasingly invested in electronic infrastructure.

"Computer science is very popular in the DPRK," says Petrov, using an acronym for North Korea's official name, Democratic People's Republic of Korea. "It is the most desired discipline at North Korean schools and universities. More and more students, who get computers at home, socialize online through domestic Intranet provided by major universities and public services." He adds that the government is known to be nurturing a cyber warfare unit, known as Bureau 121. According to defectors, the shadowy group is thought to boast 1,800 handpicked members, and is considered an elite part of the North Korean military.

Chang adds while North Korea may have a few thousand hackers, there is evidence China has helped the country improve its cyber capabilities, or provided infrastructure for North Korea to conduct information collection or attacks.

Still, simply because North Korea could potentially carry out an attack isn't enough reason to convince blogger Marc Rogers. In a post, he lists nine reasons why the perpetrators were likely someone else – including that "Guardians of Peace" did not mention "The Interview" in attacks until after others began speculating the movie was a motive. He adds the code in traditional Korean may make it less likely that it is North Korea, as North Koreans do not speak traditional Korean.

Motive

North Korea's opposition to the movie has been well documented. In July, Pyongyang's ambassador to the United Nations, Ja Song Nam, penned a letter to UN Secretary-General Ban Ki-moon, writing that production of the film amounted to "an act of war." North Korea also threatened a "resolute and merciless" response in June if the movie was not banned.

The film could be seen as a threat because it challenges the image of North Korea's ruling Kim family, says Petrov. "Their charisma is squarely based on myths, which are easily broken by comedies, like 'The Interview,'" he explains. "When people start laughing at the leader, his legitimacy is questioned and his charisma dissipates."

North Korea itself has denied responsibility. On December 7, a Policy Department of the National Defense Commission (NDC) spokesperson told the state-run Korean Central News Agency (KCNA) the hack was a "righteous deed." The spokesperson denied the government's involvement, however, stating, "We do not know where in America Sony Pictures is situated and for what wrongdoings it became the target of the attack."