North Korea was responsible for the cyber attack on Sony according to the U.S. government, but as people continue debating and challenging this it shows how enemies can take advantage of public ignorance and intentional misinterpretation of intelligence to engage in effective subversion and espionage operations against the United States.
Almost as soon as the FBI announced that North Korea bore principal responsibility for the cyber attack on Sony critics began challenging this assessment. Some offered thoughtful criticisms and suggested it was an insider attack. Others, however, engaged in chest-thumping, arguing that the incomplete information the government presented to the public, combined with the alternative insider attack theories, “proved” the government was wrong and possibly even outright incompetent.
The FBI and other government officials listened to cyber experts who argued that evidence pointed to an insider being primarily responsible for the attack. But after it did, the government stood with its original assessment that North Korea bore principal responsibility. This should have given critics pause. But it didn’t—at least not for those who seem more interested in promoting themselves than discovering the truth. In fact, at least some critics pointed to the government meeting with its critics as greater “proof” that the government assessment is wrong. Some of these critics have even begun to disseminate intentionally false information in order to further their accusations of government incompetence.
Arguing that insiders, with no involvement from North Korea, committed the cyber attack on Sony is fair enough if that is where the evidence ultimately leads. However, arguing that North Korea didn’t commit the cyber attack on Sony solely because of circumstantial evidence that an insider participated in the attack shows how some people don’t understand how intelligence operations work. Simultaneously, the argument shows how others are intentionally denying any North Korean involvement for their own malicious purposes.
I have no knowledge of what happened or what is going on with the Sony cyber attack other than what I read in the media and what the government releases through official channels. I have never worked on such a case, I am not communicating with anyone who is working on this attack, and I don’t have any expertise in cyber areas. So I can’t say for certain the government is right. Nor can I say the critics don’t have some legitimate points and might be correct. Or they might be partially correct even if the official government assessment of North Korean main culpability remains true.
But I can say with high confidence there are some people who are criticizing the government assessment because they are either ignorant of how intelligence works, or because they are actively subverting U.S. intelligence efforts.
I base my assessment on the evidence the government provided and the fact that it openly acknowledges it has additional classified intelligence that it is unwilling to disclose because it wants to protect its tactics, techniques, and procedures. Furthermore, basic knowledge of subversion and espionage operations reveals that even if the critics are right that an insider helped with the Sony cyber attack (something the government appears to be leaving open as a possibility) it doesn’t “prove” wrong the government assessment that North Korea bears primary responsibility.
For instance, if a disgruntled ex-employee played a part in the attack it would fit right in with standard intelligence operations. The U.S. government openly admits that disgruntled employees are prime recruits for enemies wishing to engage in subversion and espionage against the U.S. (or in this case, Sony).
It’s odd this even needs mentioning. Here is an official U.S. government briefing on subversion and espionage that lists multiple examples of people who betrayed the nation by using their positions in the U.S. government to provide intelligence to foreign countries. Few would argue that just because these insiders provided intelligence that foreign nations weren’t ultimately behind the subversion and espionage.
This unintentional public ignorance and intentional misinterpretation of intelligence is of great value to enemies of the United States. First, the legitimate questions about what happened, combined with the legitimate confusion that some of the public has with who was responsible for the attack on Sony, serves to undermine public confidence in U.S. intelligence efforts.
Secondly, the intentional misinterpretation of intelligence and the government assessment multiplies the distrust of the government.
Third, many members of the media and pundits are challenging the government to prove the cyber attack wasn’t the work of an insider by showing them more evidence. The government likely would have to reveal classified intelligence in order to satisfy these demands—again, something the government has already admitted it doesn’t want to do. But no one is immune from public pressure. And as long as the media and pundits continue applying pressure to the government to reveal its classified information by mocking its assessment, the chances grow that the government eventually will reveal intelligence that will disclose critical TTP. In fact, this already may be occurring. And this will only play right into the hands of enemies who will be able to counter yet more U.S. intelligence efforts.
My concerns about revealing critical TTP do not mean that I am not curious about what really happened. Nor do they mean I want the media to stop investigating and asking questions. In fact, I encourage media and pundits to continue asking questions about what happened and doing what they can do to investigate it without demanding the revelation of critical U.S. intelligence and counterintelligence TTP. Here is one area where I certainly would like the media and pundits to examine: Did China and/or Russia assist the North Koreans?
The government suggestion that the North Koreans had help in their Sony cyber attack is particularly noteworthy when combined with an article from The Daily Beast that claims China helps North Korea with cyber warfare. And the Russians assisting North Korea isn’t out of the realm of possibilities either. If either of those nations assisted, it should set off alarm bells. After all, where did Edward Snowden first flee when he stole U.S. intelligence which the DIA assessed as being of grave damage to the national security of the United States? Hong Kong. And where did Snowden eventually go? Russia. I’d welcome people investigating if the North Korean cyber attack is yet more evidence of how badly Edward Snowden’s treason has hurt the U.S.
Perhaps the government will eventually change its assessment and say that North Korea had nothing to do with the Sony cyber attack. Or perhaps the assessment will stay the same but we’ll learn the North Koreans had help—perhaps from a disgruntled insider, perhaps from another nation, or perhaps both. But whatever happens two things are certain: many people don’t understand how intelligence works, and many others are helping enemies (intentionally or unintentionally) subvert U.S. intelligence efforts by insisting the assessment of North Korea responsibility for the cyber attack on Sony is wrong unless the government reveals additional (and classified) information that shows otherwise.
The opinions expressed by columnists are their own and do not necessarily represent the views of Barb Wire.