Sony Hack: Could secretive group of ethnic North Koreans in Japan be to blame?

Headquarters of the Chongryon in Japan, via Krebs on Security.


Headquarters of the Chongryon in Japan, via Krebs on Security.

Security researcher Brian Krebs breaks down the FBI’s statement, "what experts are learning about North Korea’s cyberattack capabilities, and what this incident means for other corporations going forward."

A new wrinkle in the story: a group of North Korean expats in Japan may be to blame. Krebs says it's unlikely U.S. officials are particularly happy about alleged involvement from North Korean actors, "because it forces the government to respond in some way and few of the options are particularly palatable."

Sources familiar with the investigation tell KrebsOnSecurity that the investigators believe there may have been as many as several dozen individuals involved in the attack, the bulk of whom hail from North Korea. Nearly a dozen of them are believed to reside in Japan.

According to HP, a group of ethnic North Koreans residing in Japan known as the Chongryon are critical to North Korea’s cyber and intelligence programs, and help generate hard currency for the regime. The report quotes Japanese intelligence officials stating that “the Chongryon are vital to North Korea’s military budget, raising funds via weapons trafficking, drug trafficking, and other black market activities.”

While the United States government seems convinced by technical analysis and intelligence sources that the North Koreans were behind the attack, skeptics could be forgiven for having misgivings about this conclusion. It is interesting to note that the initial attackers’ initially made no mention of The Interview, and instead demanded payment from Sony to forestall the release of sensitive corporate data. It wasn’t until well after the news media pounced on the idea that the attack was in apparent retribution for The Interview that we saw the attackers begin to mention the Sony movie.

"FBI: North Korea to Blame for Sony Hack" [krebsonsecurity.com]