A Straightforward Chronology of the Sony Hacking Incident

Security geeks reveal government disinformation

In January 2013 Google CEO Eric Schmidt visited North Korea with an aide and his daughter, as well as frequent DPRK visitor, former New Mexico governor Bill Richardson. He was of course given VIP treatment by his hosts in Pyongyang, and taken to Kim Il-song University to view students studying on the Internet. It was a private visit and the U.S. State Department did not endorse it any more than it endorsed Dennis Rodman’s trip the following month.

In April in a Wall Street Journal interview Schmidt questioned whether those he had viewed at the university were really students (as opposed to actors whose presence was staged to impress outsiders) and generally pooh-poohed the DPRK’s cyber competence. And after all, while the U.S. has 150,000 BGP routes, and South Korea has 17,000 BGP routes, North Korea has only four. While about two million North Koreans now have cell phones (imported from China), most have never had access to the Internet.

The average North Korean consumes 738 kilowatt hours of electric power per year, as opposed to the average South Koran who consumes 10,162 or the U.S. resident who consumes around 11,000. While the DPRK’s education system implants strong math skills, it does not emphasize computer science. The Pyongyang University for Science and Technology provides all of 30 computers for graduate students’ Internet use.

Nevertheless, U.S. planners and “security experts” have warned for years of the formidable capabilities of the DPRK army’s Unit 121, formed in 1998 and comprising at that time a force of 17,000 hackers. (This at least according to a report by defensetech.org on Military.com posted in 2007.) North Korea was supposedly the 8th ranked cyber–spying-capable country on earth.
Now the FBI confidently attributes what has been described as the most sophisticated cyber-attack in history, on the Japanese-owned Sony Pictures Entertainment Corporation, to this high-tech backwater. And President Obama has proclaimed that he knows who’s responsible.

But some considerations about the Sony hacking affair:

1. The U.S. government, including the security apparatus and the State Department, have a long history of bald-faced lies, and the corporate media has a long history of taking its talking points from the State Department. I don’t even want to waste time reprising the litany of lies that accompanied the preparations for the criminal assault on Iraq. Anyone paying attention knows what happened.

2. U.S. policy has long been to produce “regime change” in North Korea. Dick Cheney famously said in regards to North Korea “we don’t negotiate with evil, we defeat it.” (Recall how Dubya lumped Iraq, Iran, and North Korea together in his 2002 State of the Union speech as members of an Axis of Evil?) John Bolton so enraged the North Koreans, as a participant in talks over its nuclear program, that it labeled him “human scum.” (This could be dismissed as typical DPRK vituperativeness were it not for the fact that the British felt the same thing when he was involved with them in talks in Libya and it was felt by the UN in general when Bolton served as UN ambassador.)

George W. Bush dismayed then-South Korean President Kim Dae-Jung in 2001 when he refused to endorse Kim’s “sunshine policy” vis-à-vis his northern neighbor. As in most things, the Obama policy has been a continuation of the Bush policy.

Put these two together and what do you have, but the real possibility of a calculated effort to use the Sony hacking incident to advance the cause of regime change, regardless of what is actually true?

Lawrence Wilkerson, former Secretary of State Colin Powell’s chief-of-staff, actually implied to an interviewer December 23 that he saw parallels between the campaign to charge the North Korea with the Sony hacking and the Bush-era neocon-led effort to smear Saddam Hussein with the false charges raised against him. That–from such an establishment figure–should make everybody think.

I don’t know much about hacking, data detection malware, hard coding of paths and passwords, time-stamped data, encryption algorithms, data deletion methods, etc. These are just terms to me. I find some of the claims and critiques of the claims difficult to follow. I’m sure I’m not alone in this, and the tendency of many will be to simply rely on the “experts” (like those in the FBI, who are supposed to know this stuff) to assign blame.

But whenever there’s a contemporary controversy that puzzles me, my impulse is to create a timeline, a simple, straightforward chronology. Sometimes that alone helps to clarify the issue. So here’s my timeline on the Sony hacking incident, offered as a study aid, with minimal commentary.


June 11, 2014: In a letter to UN Secretary-General Ban Ki-moon, the North Korean government denounces the Hollywood film The Interview as “undisguised sponsoring of terrorism, as well as an act of war.” Pyongyang, well known for its bluster, promises “decisive and merciless countermeasure [if] the U.S. administration tacitly approves or supports” the movie.

late June: Sony CEO Michael Lynton consults with Bruce Bennett, a “senior defense analyst” at the RAND Corporation, author of Preparing for the Possibility  of a North Korean Collapse, about the  film. He particularly asks his opinion about the final scene in the “comedy,” in which Kim Jung-un’s head is blown off by U.S. journalists working with the CIA. (He perhaps asks whether or not this might threaten U.S. national security.)

(The RAND Corporation is a government-linked think tank whose trustees have included Donald Rumsfeld and Condoleezza Rice, and whose researchers have included Francis Fukuyama and Zalmay Khalilzad. During the 1980s RAND researchers were deeply involved in the effort to vastly exaggerate Soviet military strength to undo détente and justify Reagan’s massive military buildup. )

June 25: Bennett emails Lynton: “I… thought a bunch more about the ending [of the film]. I have to admit that the only resolution I can see to the North Korean nuclear and other threats is for the North Korean regime to eventually go away… I have been clear that the assassination of Kim Jong-Un is the most likely path to a collapse of the North Korean government. Thus while toning down the ending may reduce the North Korean response, I believe that a story that talks about the removal of the Kim family regime and the creation of a new government by the North Korean people (well, at least the elites) will start some real thinking in South Korea and, I believe, in the North once the DVD leaks into the North (which it almost certainly will). So from a personal perspective, I would personally prefer to leave the ending alone.”

June 25: Lynton emails Bennett: “[I] [s]poke to someone very senior in [the] State [Department] (confidentially). He agreed with everything you have been saying. Everything. I will fill you in when we speak.  (This may have been Daniel R. Russell, Assistant Secretary of State for East Asian Affairs.)

Comment: In other words, the State Department agreed that it would be good to have the comedy conclude with Kim Jong-un getting his head blown off by U.S. agents. It would set of “some real thinking” among North Koreans viewing DVDs of the film smuggled into the DPRK.

Late June: Lynton arranges a screening of a rough cut of The Interview to at least two U.S. government officials who approve the film, including the ending.

Around this time:  U.S. special envoy for North Korean human rights issues (Robert R. King) is also consulted by Sony on the film.

June 27: North Korean ambassador to the UN Ja Song-nam requests that the Security Council adopt the DPRK’s statement against the film.

–Five months pass by–

November 21: A person or group of persons identifying as “God’s Apostles” (“God’sApstls”) sends an email to Lynton and Amy Pascal, co-chairman of SPE, threatening to hack Sony Pictures Entertainment and demanding money. “We’ve got great damage by Sony Pictures. The compensation for it, monetary compensation we want. Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You’d better behave wisely.”

November 24: All employees at Sony Pictures Entertainment headquarters in Culver City, California see the image of a skull and long skeletal fingers on their computer screens and the message: “This is just the beginning… [W]e’ve obtained all your internal data” and warn that they will release Sony’ “top secrets” unless the company agrees to “obey” their demands. The hackers identify themselves as “Guardians of Peace.” But since they also say, “We’ve already warned you, and this is just the beginning” we can probably surmise that they are the same as “God’s Apstls.”

November 25: Cyber-security experts Jacob Kastrenakes and Russell Brandom see the hacking as an inside job, and post the article “Sony Pictures hackers say they want ‘equality,’ worked with staff to break in,” on ”The Verge” website. 
November 28: Appearance of the first news reports that North Korea may have been responsible. Technology news site Re/code report is picked up by Reuters and other news agencies.

December 3: Skeptics emerge. “Sony Hack: Studio Security Points to Inside Job,” in The Hollywood Report, questions North Korean responsibility.

December 3: In an interview with Voice of America an unidentified North Korean diplomat denies any involvement in the hacking.

December 4: Associated Press reports some cyber-security experts say they’ve found “striking similarities between the code used in the hack of Sony Pictures Entertainment and attacks blamed on North Korea which targeted South Korean companies and government agencies last year.” Experienced hackers say this proves absolutely nothing since such codes are easily stolen, sold, or shared.

December 5: A message from hackers claiming to be Guardians of Peace is emailed to SPE employees: “Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the e-mail address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger.”

December 7: North Korea denies involvement calling the charge “a wild rumor.” But it calls the hacking a “righteous deed.”

December 8: On a file-sharing site GOP warns Sony to “Stop immediately showing the movie of terrorism which can break regional peace and cause the War!” This is the hackers’ first apparent implicit reference to The Interview.

December 15: Sony Pictures CEO Michael Lynton tells employees that the ongoing investigation is being handled at the “highest level” of the FBI.

December 16: GOP makes their first direct reference to The Interview, 25 days after the first threat sent to Lynton and Pascal. Reporters receive an email declaring: “We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.”

December 16: The FBI states, “We are aware of the threat.”

December 17: Sony Pictures scraps the planned Christmas Day release of the film.

December 17: Professional computer security experts begin to weigh in on the Sony hacking story. Kim Zetter, senior staff writer at Wired (a well respected news site and magazine covering technology), writes the article,  “North Korea Almost Certainly Did Not Hack Sony. ”

December 17: Jason Koebler, Motherboard, posts article, “Reaction to the Sony Hack Is ‘Beyond the Realm of Stupid.’”

December 17: Jeffrey Carr (cybersecurity expert, CEO of Taia Global),  posts “Why You Should Demand Proof Before Believing The U.S. Government On North Korea and Sony,” on Digital Dao. 

December 18: White House Press Secretary Josh Earnest tells reporters: “I can tell you that, consistent with the president’s previous statements about how we will protect against, monitor and respond to cyber incidents, this is something that’s being treated as a serious national security issue.”

December 18: More computer security specialists question allegations of North Korean responsibility. British security blogger Graham Cluley writes, “US reportedly blaming North Korea for Sony Pictures hack. But why?”  

December 18: Marc Rogers–director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company, Cloudflare–writes: “Why the Sony hack is unlikely to be the work of North Korea.”

December 19: Sony announces it will completely cancel the film’s release. Hackers contact Sony, praising the pulling of the film as a “wise decision.”

December 19: FBI publicly fingers the government of North Korea as the instigators of the hack and threats towards moviegoers.  “As a result of our investigation, and in close collaboration with other U.S. Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions…. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.”

(It has been suggested that the “other U.S. Government departments and agencies” include most significantly the National Security Agency or NSA.)

December 19: At his year-end press conference President Obama repeats the FBI’s allegation and decries Sony’s decision to pull the film. U.S. media universally accepts without question the U.S. charge that North Korea hacked Sony.

December 19: More critical analyses appear. These include Jeffrey Carr, “Sony, the DPRK, and the Thailand – Pyongyang Connection,” on Digital Dao and Paul Wagenseil, “North Korea Hacked Sony? Don’t Believe It, Experts Say,” on Tom’s Guide

December 19: Reuters reporter Julie Noce briefly interviews convicted hacker and security expert Kevin Medwick who questions North Korea link and suggests Sony was hacked by insiders.

December 20: North Korea again denies responsibility, demands the U.S. agree to a joint investigation.

December 20: Further critiques of the FBI story. Robert Graham (CEO, Errata Security), “Sony hack was the work of SPECTRE,” Errata Security; Christina Warren, “How the FBI says it connected North Korea to the Sony hack — and why some experts are still skeptical,” Mashable; “Lets blame our perennial adversary!,” the grugq; “Fauxtribution?” at Krypt3ia (pseudonymous hacker).

December 20:  First piece of mass media journalism to question North Korean responsibility: Michael Hiltzik’s piece “These experts still don’t buy the FBI claim that North Korea hacked Sony” in the Los Angeles Times.

December 20: CCTV (Chinese government-sponsored English-language cable TV) report from Los Angeles notes that many cyber experts doubt the North Korea link.

December 21: More questioning: a Comment by Marcus Ranum, e-security expert, posted at Free Thought Blogs; Marc Rogers, “Why I Still Don’t Think Its Likely that North Korea Hacked Sony,” on Marc’s Security Ramblings.

December 22:  The U.S. rejects the joint investigation proposed by Pyongyang. State Department spokeswoman tells reporters: “The government of North Korea has a long history of denying responsibility for its destructive and provocative actions, and if they want to help here, they can admit their culpability and compensate Sony for the damage they caused.”

December 22: North Korean internet is shut down for 9 hours. U.S. does not comment. U.S. mass media states that the problem is mysterious and avoids blaming U.S. government.

December 22: Expert criticism continues, although largely ignored by the mass media. Bill Blunden, “The Mighty Wurlitzer Plays On: Sony Propaganda,” on Counterpunch;. Jason Ditz, “Lacking Evidence, Obama Mulls Action Against North Korea,” on antiwar.com. Also Charles C. Johnson, “BREAKING: We Can Conclusively Confirm North Korea Was Not Behind #Sony Hack” on gotnews.com

December 22: Small media breakthrough when news anchor Chris Hayes interviews Marc Rogers briefly on MSNBC’s All In with Chris Hayes. Hayes begins: “But here’s the thing. There are some very smart people out there including computer security experts and hackers with no allegiance to North Korea and no dog in this fight who say they just aren’t necessarily buying that North Korea did this either.” The interview is short and cut off, but at least begins with this noteworthy admission by Hayes.

December 23: Sony announces it will release the film after all and Obama praises the decision. The entire corporate mass media rejoices in the triumph of free expression versus North Korea’s attempt to suppress our free speech.

December 23: Col. Larry Wilkerson is interviewed by Paul Jay on Real News. Jay asks him “Why do you think President Obama is so out front on this when the evidence seems so flimsy?” Wilkerson replies, “I’m confused about it myself. I think the media have made a mountain out of a mole hill.” ((For more on Wilkerson analysis, see “Media Bias against North Korea.”))

Asked: “And is there another agenda with North Korea here? Or is this mostly a PR exercise by the president?” Wilkerson replies: “I certainly hope there’s not another agenda, but I smell one, because in the summer of 2001, as the Bush administration was laboring over who in the axis of evil it was going to take on, Korea was first and foremost in many people’s eyes. Once they were sobered up by the military and others, including yours truly, about what it would mean to have a war on the peninsula… they sobered up quickly. They didn’t want anything to do with that. And, of course, we know where they turned. They turned to the low-hanging fruit of Iraq.”

(In the interview Wilkerson says he has no trust in the national security circle around Obama.)

December 24: Marc Rogers again lays out the case against North Korean involvement in the hacking, in the eminently respectable mainstream website The Daily Beast, in a piece entitled “No, North Korea Didn’t Hack Sony.”

Again: Rogers is director of security operations for the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company. This appears to be the most definitive, authoritative debunking of the NSA/FBI/State Department/Barack Obama claim.

(You would hope that this sharp critique would incline the official press to back off from its knee-jerk acceptance of the Obama version of reality, and to abandon its weasel words like “It is thought that…” You’d hope that the talking heads would shift towards a more nuanced approach, such as, “While security analysts widely dispute the charge, the Obama administration claims that…” But no, this is not happening.)

December 24: New York Times’ Nicole Perlroth, “New Study May Add to Skepticism Among Security Experts that North Korea Was behind Sony Attack” reports that computational linguists at Taia Global, a cybersecurity agency, have concluded the hackers are more likely to be Russian speakers than Korean.

December 25: Russian Foreign Ministry spokesman Alexander Lukashevich states in a press briefing that the U.S. has failed to offer any proof of North Korean involvement in the Sony hacking.

December 25: Film critic David Edmund Moody, on Huff Post Entertainment, writesThe Interview — Painfully Bad.” Todd McCarthy, The Hollywood Reporter, calls it “an intensely sophomoric and rampantly uneven comic takedown… doesn’t rate anywhere near Borat or Team America: World Police.”

December 26: CNN suddenly reports that the North Korea hacking story appears to be very questionable. This should be the end of the story. But neither the FBI nor Sony when asked for comment has answered calls.


It’s as though the managing editors of the entire corporate press, deferring by habit or inclination to the pronouncements of the FBI, had for weeks instructed their talking heads and print journalists to spin the story as they did–as a clear-cut case of North Korean “cyber-vandalism” if not “cyber-terrorism.”

It’s been oh, so typical! After the sarin gas attack in Syria on August 21, 2013, the Obama administration declared that the government of Bashar al-Assad was responsible, although that allegation was questioned then and now, by the Russian Foreign Ministry and investigative reporter Seymour Hersh, among others.

After the downing of Malaysia Airlines Flight 17 over Ukraine on July 17, 2014, the U.S. State Department immediately blamed pro-Russian separatists and by association Moscow for the tragedy. But Robert Parry, another award-winning investigative reporter, has questioned this and suggested that the Pentagon actually suspects that Ukrainian government forces are responsible, as intimated by the Russians. The latter have provided some of their surveillance data while the U.S. has provided none.

It’s still not really clear who’s to blame in either episode. What is clear to thinking people (a category excluding most bought and paid for cable news anchors) is the U.S. proclivity to fix intelligence around policy–to lie to the people to justify aggressive moves, whether against Serbia or Iraq or Syria or Libya or Iran or Russia or North Korea.

Sooner or later the truth will out, as it did in the case of the S.S. Maine, the Tonkin Gulf attacks, or Iraq’s weapons of mass destruction. Those who’ve studied the episodes realize that “genocide” charges against Serbian forces in Bosnia (1995) and Kosovo (1999) were hyped in order to establish NATO hegemony over what was once the proud neutral country of Yugoslavia, and that allegations that Muammar Gadafy was about to annihilate civilians in Benghazi (2011) were pulled out of thin air.

But the truth usually comes out after it’s too late to make a difference, and the liars responsible for high crimes against peace sleep peacefully in their beds. Milosevic died in prison while fighting charges of war crimes. Saddam Hussein was hanged. Gaddafi was murdered, sodomized with a knife. But Bill Clinton is lionized by the Democratic Party establishment and his bloodthirsty wife will likely become the next president. Dick Cheney and Paul Wolfowitz live in comfort and are treated as elder statesmen by much of the media.

Those perusing an agenda for North Korean regime change (as “smelled” by Col. Wilkerson) could feel free to cherry-pick intelligence just as the neocons did so systematically before the invasion of Iraq. That’s the system under which we live, especially post-9/11, and it will not die easily. But fortunately in this instance a Big Lie is dissolving as we speak, thanks to the honest geeks in the cyber security industry. It may be harder to justify further measures against Pyongyang after this.

To paraphrase RAND’s Bennett quoted above: The only resolution I can see (for the regime of lies under which we suffer) is for the regime to eventually go away. I believe that talk about its removal, and the creation of a new government by the people of this country, might start some real thinking.

I myself will not propose any particular dramatic “ending” to the tragicomic drama in which we live. And I wouldn’t endorse a light-hearted sophomoric farce about an Obama assassination (although I see absolutely no legal nor moral difference between such and the State Department-endorsed Sony film). But I’d hope that at minimum the farce of the North Korean “cyber-terrorism” accusations further undermines–in the minds of many of its own subjects–the credibility of the world’s most consistently violent, destructive regime.

Gary Leupp is a Professor of History at Tufts University, and author of numerous works on Japanese history. He can be reached at: gleupp@granite.tufts.edu. Read other articles by Gary.