Should We Really Assume That North Korea Was Behind the Sony Attack?

Pyongyang is the most likely culprit, but that doesn't mean it's responsible.

Daily Life In Pyongyang
PYONGYANG, NORTH KOREA - APRIL 02: North Korean children learn to use the computer in a primary school on April 2, 2011 in Pyongyang, North Korea. Pyongyang is the capital city of North Korea and the population is about 2,500,000. (Photo by Feng Li/Getty Images)

Over the past few weeks, a shadowy group calling itself the Guardians of Peace has taken credit for a massive hack last month of Sony Pictures. The group has released thousands of pages of emails, including some from top studio executives, social security numbers from at least 47,000 current and former employees, and other private information.

In their public statements, Guardians of Peace have alluded to the upcoming comedy The Interview, which is set for a Christmas Day release and features two journalists assassinating North Korean President Kim Jong Un. Unshockingly, Pyongyang has not taken kindly to the film. On Tuesday, some news outlets received an email purporting to come from the group Guardians of Peace, warning of a massive terrorist attack a la Sept.11, 2001. That email appears to have achieved its desired effect. On Wednesday afternoon, Sony announced it was canceling its premiere showings of the film — because of the threat.

Security experts have described the attack — and the fact that Sony has cancelled its plans — as unprecedented, and North Korea has become widely mentioned as a likely culprit behind the attack. Was it Pyongyang? The world’s most opaque country (North Korea) plus the world’s most opaque crime (cyberattacks) means it’s impossible to say.

But at this stage, North Korea remains the most likely culprit. In July, North Korea’s ambassador to the U.N., Ja Song Nam, wrote a letter to Secretary-General Ban Ki-moon calling the production and distribution of the film “the most undisguised sponsoring of terrorism as well as an act of war,” a sentiment similar to the most recent threat (see the bottom of this post for the full text).

Indeed, North Korea’s history of cyberattacks also lends credence to the idea that Guardians of Peace is a Pyongyang-orchestrated plot. North Korean attacks against South Korean banks and television stations bear some resemblance to the Guardians of Peace Sony hack. Moreover, some of the malicious code used by the Sony hackers was written in Korean, suggesting either a Korean author or that the hackers are using Korean to confuse the authorities, said James Lewis, a cybersecurity expert at the Center for International and Strategic Studies.

The email’s bombastic, awkwardly worded warning — “the bitter fate those who seek fun in terror should be doomed to” — even sounds like something Pyongyang would say. “Of the characters who are out there,” the most likely culprit is North Korea, Lewis said.

While Pyongyang has officially denied the Sony hack, on Dec. 7 a North Korean spokesman gloated over its success: “The hacking is so fatal that all the systems of the company have been paralyzed, causing the overall suspension of the work and supposedly a huge ensuing loss.” The spokesman added that “the hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal.”

Of course, it could also have been carried out by somebody else. Bruce Schneier, a cybersecurity expert and the chief technology officer of the security software firm Co3, thinks it’s more likely that the attack was carried out by “just a couple of guys” who are unaffiliated with North Korea. “Sony is a company hackers have hated for more than a decade,” he said.

Moreover, North Korea very rarely mentions 9/11, and appears to have never used the phrase “Guardians of Peace.” (Because it sounds like something out of a bad action film or a Marvel comic book, Lewis speculates that the phrase was coined by someone tasked with studying the United States.)

So what do we know? Salary information about stars like Seth Rogen, scandalous revelations about internal Sony drama and that the company should have invested more in cybersecurity protection. We also know that the terrorism threats are overblown. “There is no possibility of a 9/11 style attack,” Lewis said. “But it’s a nice threat.”


The text of the recent email that included the threat appears to have circulated in different versions. Here’s what the Washington Post posted:


We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.

Soon all the world will see what an awful movie Sony Pictures Entertainment has made.

The world will be full of fear.

Remember the 11th of September 2001.

We recommend you to keep yourself distant from the places at that time.

(If your house is nearby, you’d better leave.)

Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.

All the world will denounce the SONY.

This post has been updated. 

Feng Li/Getty Images

Isaac Stone Fish is a journalist and senior fellow at the Asia Society’s Center on U.S-China Relations. He was formerly the Asia editor at Foreign Policy Magazine. Twitter: @isaacstonefish