US Media Goes Into Overdrive Blaming North Korea for the Sony Hack: Is It Justified?

The US will sanction North Korea by an executive order signed by President Obama, which will target ten North Korean officials and three government entities. The sanctions are in response to the December hack on Sony that the US blamed on North Korea.

The White House Press Office has released the following statement:
The President issued an Executive Order (EO) authorizing additional sanctions on the Democratic People’s Republic of Korea. This EO is a response to the Government of North Korea’s ongoing provocative, destabilizing, and repressive actions and policies, particularly its destructive and coercive cyber attack on Sony Pictures Entertainment.

The EO authorizes the Secretary of the Treasury to impose sanctions on individuals and entities associated with the Government of North Korea. We take seriously North Korea’s attack that aimed to create destructive financial effects on a US company and to threaten artists and other individuals with the goal of restricting their right to free expression.

The identity of the Sony hackers is still unknown. Yet President Obama, in a December 19 press conference, announced: “We can confirm that North Korea engaged in this attack.” He then vowed: “We will respond…We cannot have a society in which some dictator some place can start imposing censorship here in the United States.”

The US Government’s campaign to blame North Korea actually began two days earlier, when The New York Times said, ‘American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.

Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was debating whether to publicly accuse North Korea of what amounts to a cyberterrorism attack. Sony capitulated after the hackers threatened additional attacks, perhaps on theaters themselves, if the movie, “The Interview,” was released’.

With virtually no skepticism about the official accusation, reporters David Sanger and Nicole Perlroth at the International New York Times deemed the incident a “cyber terrorism attack” and devoted the bulk of the article to examining the retaliatory actions the government could take against the North Koreans.

Other than noting in passing, deep down in the story, that North Korea denied responsibility, not a shred of skepticism was included by Post reporters Drew Harwell and Ellen Nakashima. Like the NYT, the Washing Post devoted most of its discussion to the “retaliation” available to the US.

The NYT and Post engaged in this stenography in the face of numerous security experts loudly noting how sparse and unconvincing was the available evidence against North Korea. Kim Zetter in Wired - literally moments before the NYT laundered the accusation via anonymous officials - proclaimed the evidence of North Korea’s involvement “flimsy.” About the US government’s accusation in the NYT, she wisely wrote: “they have provided no evidence to support this and without knowing even what agency the officials belong to, it’s difficult to know what to make of the claim. And we should point out that intelligence agencies and government officials have jumped to hasty conclusions or misled the public in the past because it was politically expedient.”

Numerous cyber experts subsequently echoed the same sentiments. Yet none of this expert skepticism made its way into countless media accounts of the Sony hack. Time and again, many journalists mindlessly regurgitated the US Government’s accusation against North Korea without a shred of doubt, blindly assuming it to be true, and then discussing, often demanding, strong retaliation. Coverage of the episode was largely driven by the long-standing, central tenet of the establishment US media: government assertions are to be treated as Truth.

Unsurprisingly, the most egregious and darkly amusing “report” came from Vox‘s national security reporter Max Fisher. Writing on the day of Obama’s press conference, he announced that, “evidence that North Korea was responsible for the massive Sony hack is mounting…North Korea’s decision to hack Sony is being widely misconstrued as an expression of either the country’s insanity or of its outrage over The Interview.”

It’s tempting to say that the US media should have learned by now not to uncritically disseminate government claims, particularly when those claims can serve as a pretext for US aggression. But to say that, at this point, almost gives them too little credit. It assumes that they want to improve, but just haven’t yet come to understand what they’re doing wrong. But that’s deeply implausible. At this point - eleven years after the run-up to the Iraq War and 50 years after the Gulf of Tonkin fraud - any minimally sentient American knows full well that their government lies frequently. Any journalist understands full well that assuming government claims to be true, with no evidence, is the primary means by which US media outlets become tools of government propaganda.

However, cyber security experts are divided as to whether or not North Korea was truly behind the attacks with some of the most recent evidence pointing towards a disgruntled former Sony employee possibly having played a role in the hack.

Business Insider:      First Look:   NYT

 

« Malaysia Airlines flight MH370 theories: 17 possible explanations that could reveal fate of plane
Mass Surveillance: The Internet’s best engineers are fighting back »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

RioRey

RioRey

The DDoS mitigation specialist, from single server to Enterprise wide carrier level networks the RioRey Solution provides effective immediate and easy to manage protection.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

CI-CERT

CI-CERT

CI-CERT is the national Computer Incident Response Team for Cote d'Ivoire.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

3i Infotech

3i Infotech

3i Infotech offers consulting & professional services to assess, design and build next gen IT infrastructure, and managed services to operate, optimize and continuously improve.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Corinium Global Intelligence

Corinium Global Intelligence

At Corinium, we have been bringing together the brightest minds in data, AI and info sec since 2013, to innovate at the intersection of technological advancements and critical thinking.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

Creative Network Innovations (CNI)

Creative Network Innovations (CNI)

Creative Network Innovations is a leader in providing advanced IT and cybersecurity solutions.

Bluecyber Insurance

Bluecyber Insurance

At Bluecyber, we are revolutionizing the cyber insurance market, democratizing access to digital protection for small and medium-sized businesses.