Does the US government really have much to gain from falsely claiming that North Korea is behind the attack? It doesn't seem like it, and it would be pretty embarrassing if it turns out that they're wrong.
That's the only reason I tend to believe in the FBI in this particular case, when they say they have good evidence. It doesn't change much if North Korea is responsible, so why lie?
North Korea is a nuclear power (they tested their first nuke some number of years ago now...) and the last few CIA Directors under the Obama administration have included North Korea on a list enumerating 'rising powers'.
Instability in North Korea potentially benefits the United States as its instability agitates its neighbor China and because China would be responsible for millions of very sick and extremely brainwashed immigrants were it to collapse.
Finally, Korea was split as a post war agreement (and punishment to Japan) after World War II and the goal was to quickly thereafter have the cooperation of the US, UK, the Soviet Union and China reunite. (Interestingly, part of Japan was also promised to the Soviet Union, but that never came to pass as the West reneged). Rising tensions during the Cold War prevented the cooperation necessary to achieve this reunification and the provisional governments became entrenched as legitimate statehoods. IE to the major powers Korea (especially North Korea) has no legitimate claim to existence - it is a provisional government that got away from its imperialist keepers.
> Does the US government really have much to gain from falsely claiming that North Korea is behind the attack?
Governments frequently benefit from drumming up fear against an external enemy because it justifies increased government power and control over the population which otherwise might not be tolerated. Blaming the Sony hack on North Korea creates a very tangible mental connection between cyber-war and terrorism. This makes agencies that violate the rights of citizens on the Internet seem like the good guys in the minds of many.
> it would be pretty embarrassing if it turns out that they're wrong.
No, it won't, because they'll always have plausible deniability in the form of "we have access to information that you don't"; whether they actually do or not is immaterial. Besides, it's not as if brazen lies really actually get punished, i.e. yellow cake.
Because of basic human fallibility. Have you ever met someone at work who claims to know the answer to a question, or claims to know how to fix something, when they didn't? People or organizations will make claims like that for a variety of petty reasons.
I'm agnostic about the whole matter, but I would guess the question is whether they have the same definition of "good evidence" that I have. I suspect their threshold is much lower than mine. Without seeing any of the evidence, it's hard to judge. For all we know it's essentially the same evidence (Korean character set, etc) that many people didn't find compelling when the story first broke.
They don't have all that much to gain by lying, but they have much to lose by telling the truth: that they don't know who did it. "We're not yet sure, but we're working on it" is often the honest answer, but sadly, it's a political and PR deathtrap. It's perceived as weakness and vulnerability, and political opponents can spin it up as incompetence.
Quickly, confidently, and decisively fingering a known bad guy, regardless of the apparent connection, is the safest short-term political choice. You'll notice that our government has been pretty big on this strategy over the years. The consequences are often fraught with peril, or at least with embarrassment -- but if the chickens come home to roost, we can always blame "bad intelligence," or fire a Secretary of Something, or just dig in our heels and double down on the confidence.
Somehow Kaspersky (Russia) is in on it too? The similarities in toolchain and appearance to shamoon and darkseoul are meaningless? This is not regurgitation, this was out prior to the FBI announcement. Evidence has only grown since then.
The 2012 attack on Saudi Arabia, dubbed Shamoon, was blamed on Iran by U.S. officials, and yet researchers believe that the malware originated from hacktivists. How is that related to North Korea again, unless you're implying North Korea carried out that attack?
Your own link states: "While there is nothing in the analysis that would tie the three attacks to the same malware developers, they all used similar techniques, as well as some of the same commercial Windows drivers to attack the hard drives of their victims."
Darkseoul was blamed on North Korea as well as China only because an IP address in China seemed to be part of the campaign. South Korean officials later retracted those allegations.
Read the Kapersky analysis, it starts to answer your questions regarding the reuse of Shamoon by NK.
Doesn't matter though, my point was, this was not the media regurgitating a US gov opinion as the comment I replied to claimed.
I agree that the publically available evidence is never 100%, but the malware samples and c&c infrastructure point to NK. If you have evidence that someone else did it, that would be interesting. As it stands, NK has a very strong motive for the timing of this move, so that plus just the public info, and the FBI claim based on nonpublic info is enough to convince me they are responsible.
That's the only reason I tend to believe in the FBI in this particular case, when they say they have good evidence. It doesn't change much if North Korea is responsible, so why lie?