"They don't see what I see": Why FBI's claim against North Korea is so dubious

Is NK really the Sony hacker? Numerous tech security experts question it -- and given U.S. history, you should too

By Matthew Rozsa

Staff Writer

Published January 12, 2015 11:58AM (EST)

James Comey      (AP/Jose Luis Magana)
James Comey (AP/Jose Luis Magana)

Whether he realizes it or not, James Comey, director of the Federal Bureau of Investigations, has made a rather brazen request of the American people. As he attempted to reinforce the government’s case that North Korea was responsible for the hacking of Sony Pictures Entertainment, he urged critics of the intelligence community’s position to remember that “they don't have the facts that I have. They don't see what I see."

Considering the validity of the lingering questions about North Korea’s culpability -- to say nothing of the unsavory recent history of our foreign policy establishment -- Americans would be well-advised to not abandon their skepticism quite yet.

In a Monday Op-Ed in Time magazine, security technologist Bruce Schneier spoke for “many of us in the computer-security field” when he described the FBI’s evidence as “circumstantial and not very convincing.” For instance, as Schneier pointed out in an earlier article for the Atlantic, the use of the Korean language in the code from the attack is “easy to fake,” even though the FBI cited that as part of its proof. Marc Rogers, the principal security researcher at CloudFare and director of security operations at the annual hacker convention DefCon, also characterized the case against North Korea as “plausible … but not definitive.” Referring to the fact that the malware used against Sony was similar to software used by North Korean sympathizers in the past, Rogers told Dawn Chmielewski at Recode.net that “the similarity between two pieces of malware doesn’t tell you they came from the same author. They just have access to the same information -- maybe they hang out in the same forums.” Besides, as Rogers wrote for the Daily Beast, “it isn’t the IP address that the FBI should be paying attention to. Rather it’s the server or service behind it.”

Indeed, after analysts at the cybersecurity firm Norse Corps. (which has worked for government agencies, financial institutions and technology companies) conducted their own investigation, they observed that the malware that infiltrated the studio’s network contained names of company servers and passwords that would only have been available to someone with inside information about the company, suggesting that a disgruntled former employee or someone else with a personal grievance against Sony was involved. “We can’t find any indication that North Korea either ordered, masterminded or funded this attack,” said Kurt Stammberger, a senior vice president at the company, in an interview with the Los Angeles Times. Both Schneier and Rogers have also argued that that possibility should be seriously considered.

Instead Comey and the FBI used their Wednesday cybersecurity conference to double down on the premises of their earlier case. After arguing that the North Koreans had exposed themselves because they “got sloppy,” Comey reiterated the agency’s earlier claim that the hackers revealed IP addresses that had been previously used by North Koreans. "Several times, either because they forgot or because of a technical problem, they connected directly,” he asserted, “and we could see that the IPs they were using ... were exclusively used by the North Koreans.” Despite failing to address the cybersecurity community’s point about the unreliability of using IP addresses as proof of responsibility, Comey repeated that he still had “very high confidence about this attribution [of North Korea to the Sony attacks].”

While the inadequacies of the government’s case against North Korea would be troubling enough on their own, the need for skepticism is compounded by our own recent history. After all, the FBI’s argument isn’t pure conjecture, but the basis for President Obama’s decision to impose additional sanctions against North Korea. In light of this retributive measure, it’s important to note that only a dozen years have passed since erroneous intelligence about the presence of weapons of mass destruction (WMD) in Iraq was used to justify a bloody and costly war. Even more recently, Edward Snowden’s whistle-blowing revealed to Americans that the National Security Agency was engaging in unprecedented spying on its own citizens despite earlier assertions to the contrary. Last month they also discovered, thanks to the Senate torture report, that the government had lied about the extent of its use of torture and the overall effectiveness of the tactic.

Nor is the foreign policy establishment’s duplicity limited to the 21st century. If anything, the list of our country’s known acts of dissembling are too numerous to fully itemize here: In 1986, President Ronald Reagan infamously reassured the American public that his administration “did not trade weapons or anything else for hostages,” only for the Iran-Contra investigations to reveal that the exact opposite had been true; in 1964, Secretary of Defense Robert McNamara deliberately misled President Lyndon Johnson and Congress about the so-called Gulf of Tonkin attacks, which resulted in our escalation of the Vietnam War; and as far back as 1898, the government attributed the explosion of the USS Maine to the Spanish empire as a pretense for initiating the Spanish-American War, even though evidence to this day on the sinking remains inconclusive.

While none of this proves in its own right that the government is wrong (knowingly or otherwise) about North Korea’s involvement in the Sony attack, it is more than enough to justify the skepticism that Comey wishes to brush off. Right now 76 percent of Americans support increasing economic sanctions against North Korea because of the belief that they attempted to suppress freedom of speech in this country. Certainly the business community’s reaction to "The Interview" tested the strength of that cultural precept, regardless of whether North Korea was a legitimate perpetrator or a red herring. When it comes to the shaping and implementation of foreign policy, however, Americans need to hold our government to a much higher standard. Simply trusting public officials like Comey because “we don’t see what they see” won’t cut it.

By Matthew Rozsa

Matthew Rozsa is a staff writer at Salon. He received a Master's Degree in History from Rutgers-Newark in 2012 and was awarded a science journalism fellowship from the Metcalf Institute in 2022.

MORE FROM Matthew Rozsa

Related Topics ------------------------------------------

Cybersecurity Edward Snowden Fbi Hack Hacking Jim Comey North Korea Sony The Interview Wmd