So who was really behind the Sony hack? And does it really matter?
We've certainly seen some amazing ups and downs in our efforts to answer the first question. Initially, everyone fixated on the previously unknown, Anonymous-like hacker group Guardians of Peace, which took credit for the hack. Then the media began speculating that the hack had something to do with the movie The Interview. Since the movie involved the assassination of North Korea's leader, Kim Jong Un, the suspicion arose that North Korea was the real culprit. There was a backlash against this suggestion, with many experts explaining why North Korea's involvement was unlikely. Ira was in this camp.
From there, things got really interesting. The hackers seemed to latch onto the media speculation, demanding that Sony not release The Interview, even threatening 9/11-style attacks against theater-goers. Theater owners panicked and refused to book the movie. Sony capitulated and canceled the Dec. 25 release. Then came another backlash, and in the name of patriotism, Sony put the movie out, mostly in smaller, independent theaters, as well as online.
Meanwhile, the U.S. government expressed confidence that North Korea was responsible for the attacks. The media reaction to that was to seek out computer security experts who would argue that the government was wrong.
Analysts at security consulting firm Norse, having performed independent research on some of the compromised data and looked at hacker message boards, came up with their own theory: that a former Sony employee provided information to former Lulzsec members, thus enabling the attacks. Norse noted that the malware used in the attacks included insider credentials. It also contended that North Korea would not act so childishly and would not have deployed the same command-and-control structure it had used in the past.
To be clear, it is possible that a laid-off, disgruntled employee sought out parties to exact revenge. That in no way means that this was the actual source of the attack in question. Sony, like all large organizations, is actively being targeted by many parties for many reasons.
The people second-guessing the U.S. government accusations essentially argued that it was more likely that the attackers were just malicious, if clever, script kiddies, and not representatives of an unpredictable, vindictive and destructive nation-state. In doing so, they completely discounted the fact that U.S. government has billions of dollars of surveillance technology, and that the National Security Agency over the past year has notoriously been accused of collecting and analyzing every bit of data in the universe.
After the new year, however, when President Obama announced sanctions against North Korea, the media generally got in line. It was clear that the U.S. government was confident enough in public and classified information to take action. We have also revised our early assessment, having recognized that the government wouldn't be so confident unless it had information that the rest of us aren't privy to. And having once worked at the NSA, he can well believe that's true.