UPDATE: Wired's take is below...
Found a great piece by Cyberwonk, an anonymous cyber policy blogger. The claim: there's a fair chance that North Korea had nothing to do with the attacks that everyone's been attributing to them. Interesting, especially now that Republicans are, of all things, calling for cyber retribution!
The press loves a good villain, and so the story seems to make intuitive sense: the nuke-testing, IBCM-firing, SCUD-launching North Koreans launch a cyberattack in yet another moment of classic brinksmanship to protest the United Nations, US imperialism, ROK aggression, and prove their own might. The progression is obvious. Right? Not really.
More of Cyberwonk's points after the jump, but the crux of the case is:
a) Half of the reason North Korea tests weapons is to cement Kim Jong-Il's popularity inside the country, but cyber attacks don't gain you popularity in a country with virtually no internet access.
b) If they wanted to shake things up on the international stage and show their strength, wouldn't they have taken credit?
Don't want to steal all of Cyberwonk's thunder, but here are the six reasons:
- A cyberattack doesn’t score points with North Koreans.
- No responsibility claim.
- Cyberattacks don’t keep the Kim family in power.
- Little experimental value for the military.
- Anyone could do it; but could the North Koreans?
- When it comes to targeting, they’re not idiots.
You can find the full explanation here. He also gives some alternative perpetrators:
- North Korean sympathizers in the ROK or Japan, acting on their own (without direction from Pyongyang). Any fringe group or individual with some tech savvy, and a mediocre knowledge of the US, might be more plausible than Pyongyang itself. After all, many of the more prominent cyberattacks have been the work of isolated, passionate, ideological but random people. Or,
-
Enemies of one or more of the agencies targeted (like the FTC, which recently shut down one of the larger spam and illegal porn havens on the internet), seeking to deflect broader attention while still achieving their retributive objective.
As for me, I think it's worth pointing out that if some random dude wants to get attention (and we know there are lots of these out there) that this was a pretty good way to do it.
UPDATE:This from Wired's Threat Level blog:
The Associated Press was the first to publish a story prominently quoting anonymous South Korean intelligence officials blaming the attacks on North Korea, even though such attacks are generally very difficult if not impossible to trace. A follow-up AP story indicated that officials had no proof to back their provocative claim...
...Security professionals in the U.S. indicated this week that the author of the attacks borrowed old code written by previous malware writers to conduct the attacks and made no attempt to hide his code from being detected by anti-virus programs. They told Threat Level that the nature of the showy attacks appeared to indicate that the hacker simply wanted attention. They found no evidence so far to support claims that North Korea — or any other state-backed entity — was behind the attacks. (Source)