North Korea 'denies' Sony Pictures hack, but experts unsure

Kim Jong-un Image copyright Getty Images
Image caption Pyongyang has not yet made an official comment

A North Korean diplomat in New York has said his country was not behind a cyber-attack on Sony Pictures, according to reports.

The film giant suffered a huge leak of information after last month's breach.

US broadcaster Voice of America quoted the unnamed diplomat as saying claims North Korea had been responsible were a "fabrication".

Sony has hired security specialists but has not yet made any suggestion as to the source of the attack.

Independent security researchers said there were solid clues that the attack had originated in the secretive nation.

Sony has brought in the services of security specialists FireEye to investigate the breach, which reportedly saw computers across Sony Pictures rendered unusable, with staff told to switch off their technology.

The FBI is also involved - it alerted businesses to be aware of "destructive" malware that had recently been discovered.

Technology news site Recode on Wednesday said Sony Pictures and FireEye were poised to announce that North Korea had been responsible - although the companies have since denied this.

However, independent researchers - such as security firm Trend Micro - have pointed out similarities in the malicious code used to hit Sony and a similar attack on South Korea last year.

The South Korean government said the attack, dubbed Dark Seoul, had been carried out by North Korea - although, like many cyber-attacks, the source was never confirmed.

Film anger

The suggested motivation for a hack from North Korea, commentators said, had been the country's anger at an upcoming Sony film, The Interview.

In the film, set for release at Christmas, Seth Rogen and James Franco play two reporters who have been granted an audience with North Korean leader Kim Jong-un.

The CIA then enlists the pair to assassinate him.

Image copyright Columbia Pictures
Image caption The upcoming remake of Annie, due for release this month, was reportedly leaked online

North Korea said the film was "the most undisguised sponsoring of terrorism as well as a war action".

The country's UN envoy Ja Song-Nam said there would be a "merciless response" if the film was not cancelled.

However, the diplomat quoted by Voice of America - who asked to remain anonymous - dismissed reports his country had been involved in the attack on Sony.

"Linking [North Korea] to the Sony hacking is another fabrication targeting the country," he told the broadcaster.

"My country publicly declared that it would follow international norms banning hacking and piracy."

Earlier this week, a separate North Korean official gave a more ambiguous response, saying: "Wait and see," in response to a question about the attack.

Analysis: Leo Kelion, technology desk editor

Suggestions North Korea could be behind the Sony Pictures hack has drawn incredulity from some, surprised that the "Hermit Kingdom" might be able to pull off such a stunt.

In fact, experts say Pyongyang's cyber-skills should not be underestimated. One US government adviser warned last year that North Korean hackers posed "an important 'wild card' threat" to US and international security.

Being sure about how far its cyber-capabilities extend isn't easy. A report by Hewlett Packard's security division noted that most North Koreans were restricted to an intranet system, separate from the wider internet, which limits their links to the outside world.

But the report noted that the state's education system places special emphasis on mathematics, which has helped it develop skilled programmers, cryptographers and security researchers.

According to a report by Al-Jazeera, North Korean defectors have spoken of promising students going on a two-year accelerated university course before heading to China and Russia for a year to hone their hacking skills.

A US analyst quoted a defector who claimed to be part of North Korea's Unit 121 hacking squad until he escaped in 2004. He said some operations had been carried out from a Pyongyang-owned hotel in Shenyang, China.

According to HP, North Korea's "cyber-warriors" are thought to have carried out a wide variety of attacks, including:

  • Spreading malware via video games
  • Stealing details of foreign technologies stored on computers
  • Carrying out distributed denial of service attacks (DDoS), which knock services offline by flooding them with traffic sent from hijacked foreign computers
  • Cyber-psychological operations - posting propaganda to social networks and "trolling" message boards

However, hacking a major corporation to make threatening demands is not a behaviour that has been linked to North Korea in the past, and the hashtag #GOP (Guardians of Peace) - used in the Sony attack - is not known to have been used by Pyongyang.

More on this story