I want to believe. But, there's such a history of deceit from our government, when there is a political motivation. I honestly don't understand why they'd be lying in this case...but, well, Iraq and years of torture at Guantanamo didn't really make sense to me, either. I don't think there is anyone gunning for war with North Korea (well, Northrup Grumman and Halliburton probably are, but I don't believe our state is entirely owned by the defense industry anymore, as it was during the Bush years). So, what's the motivation, if the FBI is misleading people?
The thing is, I'm entirely willing to believe North Korea would like to have this kind of capability, and if they do have this kind of capability (which they might), I'm entirely willing to believe that they would use it broadly and aggressively. North Korea is led by angry, crazy, people. But, the early communication about the attack does not match that of a nation state, and there's no reason for them to have tried to pretend to be a random blackmail organization that I can imagine.
In short, an IP is not a smoking gun. I worry that the FBI is taking advantage of people's lack of understanding of technology in order to push a story that is politically convenient, but factually shaky. I mean, I hope they aren't intentionally misleading people, I just don't necessarily trust that they wouldn't if there were motivation to do otherwise.
I don't think the motive would be to start a war with DPRK. What I am afraid of is the use of this incident as "evidence" that our nation needs more "cybersecurity". This could help pass legislation previously blocked by congress due to insufficient evidence. There isn't much of a leap from declaring war on terrorism to declaring war on cyberterrorism, and we all know how that went.
I know my tin foil hat is showing, but it's a creepy possibility nonetheless, and is in no way distant from Washington's past antics.
That does make more sense, and is in line with past behavior of the Obama administration (prosecuting and imprisoning whistleblowers at a rate unprecedented in American politics).
Another explanation is that Sony Pictures asked them (your gov) to. Helps stop lawsuits over their poor security, might even result in some government funding to help them recover. And Sony can repay with campaign funds or what have you.
One motivation would be to look like they have the capacity to do things such as attribute cyber attacks. If they know that no one can prove them wrong, they may think that accusing North Korea with "classified evidence" looks more impressive then saying that they do not know, or are not confident about, who did it.
That's a possibility, though it seems somewhat weak to me. I've read the theory in a few places, that Sony and the media were demanding answers, and so the administration gave them one. Conveniently, I guess, it is one that they assumed would not be believed whether they denied it or not (because who believes anything said by the North Korean government?).
I just don't know that Sony and the media industry carries so much weight that they can actually sway our government to make shit up. And, was a pleasant fiction even what they actually wanted? I guess George Clooney wanted it. And, I guess Sony wanted to be able to say, "See, it was a nation-state that did this terrible thing, not our horrendous security practices."
So, maybe it is this simple. And, others have mentioned reasonable theories about what the administration could get out of it being North Korea: Concessions from NK allies, the ability to ratchet up cybersecurity expenditures (as another arm of the military industrial complex), and redirection of attention from other issues. If the latter was the goal, it has certainly been effective. We're all talking about it, and many of us don't even believe them. So, it might not even matter if we believe the story, as long as we're not paying attention to whatever else they're up to.
The theory I described is not that the Sony/the media pressured the FBI to blame someone, but rather that the FBI saw a high-profile cyber attack and internally decided that it wanted to project power by pretending that it can solve this type of case.
Or perhaps an individual in the FBI running the investigation wanted to project confidence to his superiors, and made a public statement. At which point the FBI felt that it could not backtrack and decided to double down on its confidence.
Or maybe there was a filing error where a low level secretary checked "North Korea, definite" instead of "Uncertain" on the paperwork, and the FBI is again doubling down on its original public claim.
> I honestly don't understand why they'd be lying in this case
Foreign policy shenanigans. They claim North Korea is attacking our economy, and the next time they have to sit down with the crazy fucks at a table with the Chinese and Russians, maybe they don't have to make as many concessions.
Doesn't matter if it's true or not, just that it was plausible.
This is firmly in conspiracy theory territory, but didn't the U.S. government accuse North Korea on the exact same day (December 17, 2014) that Obama announced a thaw with Cuba?
> I honestly don't understand why they'd be lying in this case
If they already wanted to slap NK with more sanctions this gave them an easy way to do it.
Some high ranking US/FBI official: "Let's just say NK attacked us, no one can prove it, no one will listen to NK if they dispute it, AND it looks like a win for US/FBI out-hacking the hackers. After all can't we all agree NK is bad so what if we lie about this hack we are serving the GREATER GOOD by doing so..."
Could someone explain how they would know that the IP "used exclusively" by NK wasn't a proxied IP but in fact the "real" source IP?
Personally, I think just mentioning that part of the evidence came from the Behavioral Analysis Unit proves that NK's ties to this are definitely shaky.
Funny, when the IP addresses weren't NKorea, as earlier highly voted HN articles have told us, it was proof that it wasn't NKorea. Now that they do, its somehow further proof that it wasn't N Korea.
I understand knee-jerk anti-US comments are karma gold here, but I don't think you guys realize how ridiculous you sound to the rest of us. I think its pretty difficult to arm-chair analyze this stuff and come out with a definitive answer, especially considering a lot of this stuff will never be declassified, but the Alex Jones-like conspiracy thinking here really brings the discourse down to a reddit-like level.
Purely from an Occam's razor perspective, the country that attacked this film and warned of consequences if released-- consequences that actually happened, is probably at fault here. This analysis of how it must have been anyone but NKorea, especially considering NKorea's reputation, is highly questionable to the unbiased observer.
Who is saying this is proof that it wasn't NKorea? Straw man. People on HN are just more likely to believe Schneier or other respectable security people, and not government agencies who by their very nature are going to have their own agenda and not be 100% honest.
As far as consequences that actually happened -- Do you mean to say that theaters that showed the film were bombed? Or are you referring to embarassing email leaks which would have no doubt been released anyway?
First, mentioning Occam's Razor isn't really helpful in realpolitik discussions and certainly not helpful in discussions involving DPRK since they are well-known irrational actors. Occam's Razor only states that the scenario with the fewest assumptions is likely correct. That isn't really useful when your scenario involves an unpredictable state actor.
Second, if you need to set up a fall guy, then implicating a nation state as historically secretive, aggressive, and isolated as the North Koreans is actually a pretty good idea.
"Do something bad and blame the weird kid" isn't a new idea.
I don't know who did it, but both arguments seem plausible.
The assumption that the DPRK is an irrational actor would actually be handled just fine under Occam's Razor, it is simply an additional variable in the hypotheses.
I'm not sure how anything I said was anti-US. Is being at all reluctant to believe everything one hears anti-US to you? I'm wondering who is bringing discourse down here besides the person attacking commenters instead of discussing the content of their comments.
This is supposed to be a technical forum, but any post now related to the US government or the NSA too many people here now throw all of their technical know-how out the door and everything becomes conspiracy theory. Yet somehow Joe Random bloggers repudiations of said government are not met with any skepticism. Confirmation bias in full effect in these threads these days.
Confirmation bias is definitely in full effect... My comment was on the technical aspects of the story and specifically highlighted the non-technical evidence as substandard. Joe Random bloggers who I've seen repudiate the government have by and large been well-known security experts compared to the nameless hand-waving of the FBI. I think what it comes down to is the question of whether educated people, after Snowden, WMDs, torture, and so on are better off presuming the accuracy or inaccuracy of the government's statements.
This type of thinking is the exact problem that I'm highlighting. I respect Schneier and have read his stuff for a long time, and even gone to see him speak, but believing him over the FBI is just an appeal to authority when he is just another outsider without having access to any first-hand knowledge of what evidence the FBI possesses.
Also now after Snowden everything the USG does is to be doubted (I'm guessing since his revelations affect the internet and this is the first issue that has directly affected people on HN), and now everything they do can somehow be traced back to trying to suppress, hamper, weaken and spy on you via internet.
Watching the theories that somehow we'd try to use N Korea who have zero value economic value to the USA, or actually posing a threat as some kind of scapegoat to hinder online speech is more entertaining than anything else.
Because the real world doesn't fit nicely into theoretical boxes. I'd like to have their facts as well, but you cannot seriously expect the government to potentially lose future sources of information or even risk people's lives by handing out every bit of info they have. Some things are classified for a very good reason and should stay so for some time.
It's really not, the justification is obvious; revealing information may very well also reveal how it was obtained. I understand the skepticism, and obviously this justification could easily be abused, but it's not some imaginary thing.
My wife worked in Navy intelligence for six years. She was privy to classified information. She, at times, knew where information was coming from, and it is obvious that the information itself would have implicated its source if it were to be released.
I'm not saying that's the case here. I'm pretty damn skeptical of my government as well. That said, the Fed is under no obligation to reveal all of the information it has. I think we'll be in the dark on this one for some time unless things change in such a way that would require more information to be released.
I think we'll be in the dark on this one for some time unless things change in such a way that would require more information to be released.
I strongly dislike this paternalistic approach, and I'm rather tired of the people being treated like children. We know things are complicated. We know geopolitics are more complex than "USA good, NK bad" or vice versa. They could say a lot more than they are saying without compromising their intelligence gathering capabilities.
If the US government wants support and trust, it needs to earn it from every new generation of citizens. If it doesn't care about support and trust, it has overstepped its bounds as a representative government and should be reeled in.
> Purely from an Occam's razor perspective, the country that attacked this film and warned of consequences if released-- consequences that actually happened, is probably at fault here. This analysis of how it must have been anyone but NKorea, especially considering NKorea's reputation, is highly questionable to the unbiased observer.
The correct response to "who was responsible for this" is "who cares". The FBI seems to think it matters, so people are refuting their evidence. And are reasons for that.
The government has no credibility in this area. Iraq didn't have weapons of mass destruction. This has the same ring to it. They have a lot of the same incentives. It doesn't even matter whether they're intentionally misleading us or just incompetent, the solution in either case is to disregard whatever they say.
And they can't actually tell where the attack came from. That's not how it works -- especially if the attacker is trying to disguise their true location as they have every incentive to do. Computers in North Korea are not immune from the myriad Java and Flash vulnerabilities, and once you pop one machine you can put ssh on a VM and stage your attack from it. Distinguishing that from the attacker being physically in the same room as that machine is not going to happen based on an analysis of network traffic or anything to do with IP addresses. Anyone who claims otherwise could be malicious or just wrong, but it's at least one of those.
None of that proves it wasn't North Korea. The point is that it doesn't matter. What are you going to do differently if it was, as opposed to being some troll in Florida? The only sensible things to do are the same in either case. Stop using ridiculously bad passwords, etc. What changes if it was North Korea? Are we going to invade? Should we give the FBI new powers of cyber warfare? That's what people are afraid of, because those are profoundly stupid ideas.
The earlier set of IP addresses was pretty conclusively not North Korea. The new set of IP addresses is ... undisclosed, so until that changes, they can say whatever they like without any "danger" of being checked.
(Not buying "sources and methods" as a reason for failure to disclose in this case -- I may not know what IP addresses are conclusively tied to North Korea, but the North Koreans themselves certainly do, and they must assume that the NSA does as well. Particularly if, as Comey claims, the use of those addresses "unshielded" was an error that they immediately recognized as such, and rectified post haste.)
Purely from an Occam's razor perspective, the country that attacked this film and warned of consequences if released-- consequences that actually happened, is probably at fault here.
I don't recall Occam's razor ever applying to politics.
I would disagree on your point that "knee-jerk anti-US comments are karma gold here" on 2 notes, 1 that being anti-US-administration is not being anti-US, and 2 that most unsubstantiated comments that are critical of government actions almost always get down voted to oblivion.
Everyone knew that North Korea had it out for Sony, what's to stop a network security enthusiast from stirring the pot by performing the attack and planting "evidence" that it was coming from North Korea. I don't think it's far fetched to think that many young security enthusiasts would get excited to think about causing such a stir.
Not to mention it's also easy to spoof your IP address if you are traversing out of a DC or node that does not do egress filtering (meaning you don't even have to proxy through the proper IP/country... you just make it up).
Shaky evidence? You bet ya. (and it seems this is the only evidence offered as an explanation so far)
Also, if N. Korea really was behind this "attack" of a private company with no US Gov't ties, why would they not claim responsibility and tout their "Cyber Attack" skills? They do for just about everything else (even failed missile launch attempts). Fear of retribution? No way, this is/was a private company... the US Gov't could not respond with any kinetic weaponry attack and look good on a geopolitical scale.
N. Korea also offered to send personnel to help the FBI in the attack investigation, which is extremely uncharacteristic of N. Korea to say the least... normally they'd just praise the attack flatout.
It is _not_ easy, or even possible, to "make up" an IP address that works for receiving data across the public Internet. The responses to packets you send from such an address will not come back to you. This doesn't thwart all attacks (DNS query amplification, general flooding, etc), but their hack involved transmitting AND receiving data (ssh, http, etc).
What is _easy_, however, is determining which country is using a given IP address. Particularly when the searching party is a superpower and the country they're investigating is known for having very few links to the Internet. And what connections they do have are severely restricted. I imagine it would be very difficult to find a reliable, exploitable proxy server inside North Korea that is accessible across the public Internet.
You may not need the responses to come to you, particularly if (as is suggested) this is a tiny minority of traffic. Sending something to some /dev/null address in NK? Why not?
> And why do you have attack in quotes? Do you believe Sony wasn't actually attacked?
No, I think it's plenty clear that they were. It's just that "attack" has a certain stigma to it, and what happened to Sony was not some grand attack, but rather a run-of-the-mill hack against a company with extremely poor security.
There's no emotions involved -- just like there's no evidence involved.
It's flat out wrong to blame some small and non-credible-threat country for something they likely had nothing to do with just to advance a political agenda.
North Korea is not a great country... but that doesn't mean a "global leader" like the USA can just pin something on them with zero evidence.
I'm not a fan of the US' foreign policy in some ways, and certainly place no blind faith in the declarations of the government, but, that doesn't exactly make North Korea the 'good guys'...
Their nuclear program claims it has a range of 4,000KM, but to reach the USA it would take about 10,000KM. Not to mention their last missile launch test could not even escape their border.
That's what I mean when I say non-credible threat; they are incapable of inflicting meaningful harm to the USA. They are really all bark and no bite...
> oesn't exactly make North Korea the 'good guys'.
Of course not. Nobody said they are -- they just simply aren't the "bad guys" we are looking for in this specific case.
and the missile used (Unha 3) has a 10000 KM range and is capable of reaching the western US (with at least a 200kg payload):
http://en.wikipedia.org/wiki/Unha
They have managed to put a single satellite into low orbit (back in 2012) which is only about 2,000KM (a far cry from the 10,000KM you claim)... and only after several failed attempts.
Regardless, the flight characteristics of a space-bound launch vehicle are far different from an ICBM, and are very easily detectable and intercepted by just about all countermeasures.
They would be more of a threat to South Korea of an attack than on US soil. To the US, they are a non-credible threat.
Except 'orbit' doesn't mean they put a satellite 2000km high and let it fall back down. It means the satellite travelled at least once around the earth, so that's equal to at least 40000km of range.
> they just simply aren't the "bad guys" we are looking for in this specific case.
You seem to be awfully certain. Frankly, I have no idea and am quite skeptical of people who profess such certainty in the face of so few facts. Seems to be the kind of thinking where you have a conclusion and look around for facts to support it.
Perhaps I overspoke a tad. I'm awfully skeptical is better put.
We're largely a scientific community here at HN. Something is False until proven True. You may have a hypothesis, but it's just that, an educated guess as-to the result.
To prove something True you must present overwhelming evidence. We have none of that here... What we do have is a hypothesis being perpetuated as fact in the face of almost zero concrete evidence.
The FBI first says "there is zero evidence to suggest North Korea has anything to do with the hack". Then some "high level anonymous White House official" "leaks" to the NY Times that they believe it's North Korea, and it takes the FBI 3 full days to change their public announcement, yet present zero concrete evidence. This was a rudimentary hack against a private company, there's nothing that would be classified or kept top secret here. Sony should do a full disclosure. Until then, we can not be certain of anything.
Fully agree with your technical AND political analysis. I commented along the same lines when the attacks were first announced and got downvoted. When a way of thinking is too far ahead of the crowd, the HN algorithm fails.
If somebody were to want to frame the North Koreans, what would stop a motivated attacker (perhaps a nationstate) from just abusing BGP to spoof source IPs? How hard would that be to detect, particularly if you controlled direct peers?
As I understand it, China would be able to do so easily and convincingly, since most (all?) of NK's traffic passes through China. That may even be a good theory. China might not want to directly attack US industry in this way, but might "assist" North Korea in doing so.
IF someone "route flapped" the entire North Korean IP space for any amount of time, one of the 10+ organizations who monitor BGP would have noticed and commented on that already.......
If Russia et al had the ability to covertly do that...why attack Sony....why not big financial institutions or other such high profile targets....
Timing correlation. If you are monitoring traffic in/out of NK, you can correlate traffic by similar sequence of sized packets going into one IP and then coming out of another.
This is the "secret sauce" that the FBI says they cannot tell anyone imo. Doing this is nothing new and I am sure they've been doing it for ages though.
The problem is that if you assume the FBI is doing this ( which any skilled hacker would assume ) then you can easily get around it by sending a sequence of instructions ahead of time, and then having them playback at what seems like a reasonable rate at a later time. ( making it seems as if you are on site and didn't set it up ahead of time )
If the NSA has taps sitting on all the routers that are a hop away from NK, they can probably nail it down just from timing, right? If the packets were being proxied through an NK IP, I would think it would be easy to tell the difference (if you're the NSA, anyway).
How many technical experts do we need to explain that IP address is not proof, especially when many random IPs and proxies are involved.
Suppose I am a hacker who wants it to seem like NK did it. I use a bunch of random proxies, and I use a couple machines IN NK that I previously hacked into. ( adding time delays to all commands I send to these ) I do stuff through these machines a bunch, making sure to connect to them and setup all the seeming commands ahead of time, and I let it happen. -wham- "proof" that I'm from NK and am an idiot suddenly realizing I forgot to use the proxy.
I agree with the hackers. FBI are idiots. ( not the first time I've noticed they are idiots either; they also were very stupid when dealing with myself as a hacker imo )
I assume they're this confident because the NSA is snaffling up every 1 and 0 that comes in and out of NK. It would explain both their confidence and reticence to explain why.
There are also nontechnical ways to attribute the attack to North Korea. For example a human informant inside North Korea which they did not want to reveal could provide quite solid information.
But it appears we will never know the source of their confidence.
I've said my piece about attribution already. There's no new evidence I've seen (and there is not likely to be). I remain sceptical: Comey and especially Clapper aren't exactly what I'd call reliable sources. But they seem to have made their minds up, and that argument just goes round in circles. (The amused may wish to check out http://sony.attributed.to/ and reload the page a few times.)
I'm concerned about where this rhetoric is heading, for several reasons. One reason is that I know this evidence absolutely can be faked: one particularly good tool to fake it is called QUANTUMSQUIRREL. They aren't the only people who can build tools like that: doesn't even take a high budget. And the same people who built QSQRL, have built other systems which automatically respond with high-budget malware when they think they're being attacked.
I think we all know what happens in that endgame: the only winning move is not to play. But numerous countries, and non-state actors, are already playing it - if the FBI is to be believed, even psychotic despotic ones with relatively small budgets.
I want to get off Mr Comey's wild ride; but how? Technically, we can build stronger network protocols, write bug-free software... every bit as hard as it sounds, but we can try our best.
What can we do politically? Given how incredibly dangerous this could get, perhaps a treaty banning 'cyberwar' or 'cyberespionage' would be a good idea. (While we're at it, can we ban the use of 'cyber'? It sounds utterly ridiculous.) But the intelligence and law enforcement agencies already doing this would get very pouty at the prospect of their toys being taken away.
It's all very disappointing. Anyone got any bright ideas?
There have been discussions of treaties banning "cyberwar" already. It seems counterproductive. I assume it would be preferable to someone in Seoul that they were attacked through digital means than with conventional weapons. They might lose access to their bank accounts for a while, but they won't have their homes destroyed or family killed.
Asymmetric warfare of all kinds has two sides to it, it's part of the definition of asymmetric. The low capability party has to attack asymmetrically, but the high capability party can respond with much greater and effective force. In most cases, we are the high capability party.
This "new" concept of cyber-warfare is really a way of saying conflict through the use of digital networks, but in a way that is distinguishable from network-centric or electronic warfare which are two different things. It is also asymmetric in the sense that it enables a low capability party to attack a high capability party with a much small investment than a strategic attack through other means would require. (Leaving out "terrorist-style" attacks using small arms or devices for the moment, which are not usually strategic.) It also means that a high capability party may not have an adequate defense against this type of attack, no matter how much they might invest in passive/defensive security. One weakness in enough systems is enough to massively increase the effectiveness of the overall attack.
To respond to your second point, the overuse of "cyber-" is nauseating, and I personally restrict it to the use I mentioned earlier which is a means of differentiating it with network-centric or electronic warfare.
A financial institution issuing press releases talking up their "cyber-security" means as little their marketing copy mentioning their use of "industry-grade SSL encryption." A proper disclosure would get into password policies for internal systems as well as customer accounts, what hashing algorithm they use to protect customer account passwords in their system, and other details that would give testimony to their capabilities in securing their own systems.
This is somewhere where Google and Chrome can do a lot of good, giving us more than EV certificates and use of higher bit and stronger hash algorithms on CA certs as feedback in the browser. The next step could be a (cryptographically) signed affidavit of the internal security measures in place, which could be scored and used as a part of the determination of what feedback to show in the browser UI.
It might also make sense for Chrome to conduct a rudimentary scan of the home router for these kind of obvious issues, or maybe for Google or someone else to offer an inexpensive secure router, though too many of these are provided by the ISPs now.
Anyway, I'll leave it the cyberexperts to share their cyberknowledge about cyberwarfare and cybersecurity about how to prevent cyberviruses and other malware to those of us who are less cybersavvy, or, in the words of more than one newscaster, barely know how to turn on their computer.
I thought about prior plausibility of the statement that actors for the north Korean regime would lack technical chops, and then I remembered the first north Korean nuclear weapon test.[1] A source I remember looking up after reading a Hacker News comment a year or two ago points out that the explosive yield from that test was very small, and I see that the Wikipedia article on the topic[2] reports the issue that way. Sometimes the north Korean regime intends to do something skillfully but screws up. I sure wouldn't want to be a smart person living under that regime, and there may be either intentional sabotage of some of their efforts (this has happened in plenty of other dictatorships before, by deeds of dissenters) or the best people they can find to carry out their hacks are not very 1337 hax0rs.
Regardless of whether FBI is lying (I believe they are telling the truth in broad strokes) here are reasons to implicate NK (when both Russian and Iranian signatures were present the malware):
- Instability in NK means instability in China
- NK is a nuclear power and rapidly rising as a country on the world stage (according to CIA director Panetta)
- Russia's sharing of hypersonic missile technology with North Korea heightens already mounting global nuclear tensions
- Temporary division of Korea was set up by US and allies as a result of WWII - it was slotted for reintegration within a few years but Cold War tensions blocked cooperation between the nations required to achieve this; meaning:
a.) North Korea has never been recognized by the US as a 'legitimate' state to begin with
b.) The Korean War was fought for and activity in the area continues to be of proxy interest to greater geopolitical goals
- Cooperation between SONY, RAND corporation and the State Department on the development of "The Interview" (and the gutting of the Smith-Mundt Act at the time this cooperation began) lends favor to the narrative that the film is a "Diplomacy Product" of the US State Department and that North Korea was the target to begin with
- The United States is engaging in a mammoth amount of effort to establish international norms for cyberattacks and needs to show proactivity in this area
"Terrorist attack" straw-man used to justify attacking an unrelated state target we happen not to like. Government officials appearing on complacent media outlets to beat the drums and persuade the populace that "they have conclusive evidence" and "retaliation is required to protect the country".
Yes, it's funny how it's a "terrorist attack" when a country we don't like does the same things we do. The most prominent recent example of the US (and Israel) carrying out an attack like this is Stuxnet.
One targeted a civilian organization, the other targeted a government installation (one could even make the case it was a military target). It's not hard to understand why some people would give one a "terrorist" label but not the other.
One inflicted economic damage to a private company, but Stuxnet put several lives at risk.
Saying the former is a terrorist attack means that the attacks to Target et al were terrorist attacks, too.
Given the first Geneva article placing private targets within international convention if they are of military interest (including media and broadcast services), and SONY's cooperation with the State Department in producing "The Interview", might SONY then qualify under international law?
Petrobras is hardly a private corporation - the Brazilian government is the majority shareholder[1]. What was done to Sony is entirely different as well - this was a clear effort to cause damage to them, not a means to gather intelligence.
Per your own link, broadcast services are only legitimate targets for attack under the Geneva Conventions if they are of fundamental military importance.
Petrobras is very close to 50% owned by the public, but okay. There's plenty of other examples including the IT systems of various private firms around the world, Stellar, Cetel, IABG, Huawei, Deutsche Telekom, even some multinational companies based in the US.
> What was done to Sony is entirely different as well - this was a clear effort to cause damage to them, not a means to gather intelligence.
100% agree. It is very different and establishing boundaries here is an important keystone to US cyberwarfare norm efforts. Unlike other posters I would separate sabotage from 'corporate doxxing' - Stuxnet then is very different.
> broadcast services are only legitimate targets for attack under the Geneva Conventions if they are of fundamental military importance
Which depends on the perspective - as the State Department was involved with SONY in the development of "The Interview" and the US is well known for international propaganda, I could well understand if another nation state considered the private company partners to be an extension of fundamental military importance (and certainly the US considers it a keystone of international efforts and calls it "Psychological Warfare").
The thing is, I'm entirely willing to believe North Korea would like to have this kind of capability, and if they do have this kind of capability (which they might), I'm entirely willing to believe that they would use it broadly and aggressively. North Korea is led by angry, crazy, people. But, the early communication about the attack does not match that of a nation state, and there's no reason for them to have tried to pretend to be a random blackmail organization that I can imagine.
In short, an IP is not a smoking gun. I worry that the FBI is taking advantage of people's lack of understanding of technology in order to push a story that is politically convenient, but factually shaky. I mean, I hope they aren't intentionally misleading people, I just don't necessarily trust that they wouldn't if there were motivation to do otherwise.