One question that keeps surfacing about the Sony hack is Info security legend Bruce Schneier notes the US “might have intelligence on the planning process for the hack” which together with the evidence from the act were enough for the White House to name North Korea.
But with so many doubts and caveats buzzing about North Korea’s role, it was a second observation from Schneier that seemed to make even more sense.
He quotes a George Washington University cyber security research scientist named Allan Friedman, who said that diplomatically it’s “a smart strategy” for the US to be overconfident in assigning blame for cyberattacks. As Schneier relates Friedman’s view:
Beyond the politics of this particular attack, the long-term US interest is to discourage other nations from engaging in similar behaviour. If the North Korean government continues denying its involvement, no matter what the truth is, and the real attackers have gone underground, then the US decision to claim omnipotent powers of attribution serves as a warning to others that they will get caught if they try something like this.
Add to this that there is hardly any downside for the US to blame North Korea, the speed and confidence of the accusation makes sense. If there is one place in the world people will believe almost anything about, it’s North Korea. The Hermit Kingdom has few allies and North Korea’s “role” in the hacking of Sony Pictures would be less embarrassing than other, bigger rivals of the US.