Department of Homeland Security Secretary Jeh Johnson on Thursday said the United States “is actively considering a range of options” to take in response to the Sony hack.
The hack is “very serious,” Johnson said, though he refused to label it as a terrorist attack.
Although there has been widespread suspicion that North Korea engineered the hack, Johnson said the U.S. is “at this point … not prepared to officially say who we believe was behind this attack.”
“It’s an ongoing investigation,” FBI spokesperson Jenny Shearer told TechNewsWorld.
Speculation About the Hack
Unnamed U.S. government officials reportedly have blamed North Korea for the attack.
However, White House press secretary Josh Earnest told The Wall Street Journal that he was not prepared to publicly that speculation.
The Obama administration is debating whether to publicly accuse North Korea, according to The New York Times.
The prospect of confronting North Korea directly raises questions about what punitive actions the U.S. could take and how much evidence could be released as proof without endangering the NSA’s penetration of North Korean networks.
Direct confrontation would provide North Korea the political version of street cred, opponents of that strategy have argued.
Further, Japan reportedly fears that a public accusation could imperil diplomatic negotiations for the return of Japanese citizens kidnapped by North Korea years ago.
“Sanctions against North Korea are already pretty strong, so making them stronger probably wouldn’t have much impact,” said Rob Enderle, principal analyst at the Enderle Group.
“The risk for Sony if the U.S. reacts strongly is that North Korea releases the material Sony doesn’t want released and makes both Sony and the U.S. look stupid,” he told TechNewsWorld.
What Points to Pyongyang
One of the servers from which the hack was launched reportedly is in Bolivia. It previously had been used in limited cyberattacks on South Korean targets two years ago, and there’s speculation the same hackers might have attacked Sony.
Further, the malware used in the Sony hack has many similarities with that used in attacks on South Korean banks and broadcasters last year. Those hacks were the work of the Dark Seoul cybercriminal gang.
A tool used in the hack is apparently the same one used in the Shamoon attack on Saudi Aramco two years ago, however, which points to the possibility of Iranian involvement.
On the other hand, the hackers could have lifted the tool and might have nothing to do with Iran.
Meanwhile, investigators also are considering whether someone at Sony was involved. The names of Sony servers and administrative credentials for them were found in the malware.
“The nature of the murky world of hacking means U.S. officials are never going to have foolproof digital evidence that North Korea was behind the attack,” remarked Jonathan Sander, strategy and research officer at Stealthbits Technologies.
Off With Their Heads!
In addition to strong suspicions, there are some strong arguments against the involvement of North Korea.
Nevertheless, “if mercenaries were to sneak in, lock families out of their … homes and steal their stuff …, the U.S. government would react like it was an act of war,” Stealthbits’ Sander told TechNewsWorld.
That’s pretty much what the hackers did to Sony, he said, and “the tough choice facing the U.S. government is if they will treat this [hack] the same way.”