Sony's decision to cancel the release of The Interview was perhaps inevitable given the threats made, but it's still hugely depressing:
Sony Pictures has cancelled the planned US release on 25 December of the film The Interview, after major cinema chains decided not to screen it.
The film is about a fictional plot to kill North Korean leader Kim Jong-un.
Hackers have already carried out a cyber attack on Sony and warned the public to stay away from cinemas screening the film.
The US government said it was considering a "range of options" on how to respond to the attack.
"We know that criminals and foreign countries regularly seek to gain access to government and private sector networks - both in the United States and elsewhere," a National Security Council statement said, adding that the FBI was leading the investigation.
"We take very seriously any attempt to threaten or limit artists' freedom of speech or of expression."
The statement came after US media quoted anonymous officials as saying that the FBI had linked North Korea to the attacks.
The Sony attackers didn’t just siphon data from the studio’s networks, they also used a wiper component to destroy data. To do the wiping, they used a driver from a commercially-available product that had been used by other attackers before. The product, called RawDisk, uses drivers that allow administrators to securely delete data from hard drives or for forensic purposes to access memory.
The same product was used in similarly destructive attacks that hit Saudi Arabia and South Korea. Since some people have claimed those were both nation-state attacks—U.S. officials blamed Iran for the Saudi Arabia attack; South Korea blamed China and North Korea for its attack—people assume the Sony hack is also a nation-state attack. But the evidence pointing to those other attacks as nation-state attacks is also flimsy....
Regardless of whether the Sony, Saudi Aramco and South Korea attacks are related, the evidence indicating they’re nation-state attacks is circumstantial. And all of the same evidence could easily point to hacktivists. Our money is on the latter.
This is likely a group of various actors who coalesce and disperse, as the Anonymous hackers did, based on their common interests. But even with that said, there is another possibility with regard to the Sony hack: that the studio’s networks weren’t invaded by a single group but by many, some with political interests at heart and others bent on extortion. Therefore, we can’t rule out the possibility that nation-state attackers were also in Sony’s network or that a nation like North Korea was supportive of some of these hackers, since they shared similar anger over Sony.
Anyway US officials, according to the NYT, believe they have evidence enough to detect the hand of Pyongyang:
American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.
Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was debating whether to publicly accuse North Korea of what amounts to a cyberterrorism attack.....
Officials said it was not clear how the White House would respond. Some within the Obama administration argue that the government of Kim Jong-un must be confronted directly. But that raises questions of what actions the administration could credibly threaten, or how much evidence to make public without revealing details of how it determined North Korea’s culpability, including the possible penetration of the North’s computer networks.
We shall see.
In the meantime, Justin Moyer in the Washington Post produces what may well be the worst piece yet on the whole sorry business - well, at least until someone at the Guardian gets their act together: Why North Korea has every reason to be upset about Sony’s ‘The Interview’.