N. Korea: We didn’t hack Sony, but we’re glad someone did

As suspicions grow that North Korea was indeed responsible for the Sony hack, North Korea offers that oddly unconvincing denial. If the North Koreans really did do it, some commenters think the U.S. will have to respond:

Aitel says the hacks are potentially “a ‘near red-line moment'” because they represent the kind of incident that would almost require a US policy response assuming a rival state was behind it. As Aitel says, “This is the first demonstration of what the military would call Destructive Computer Network Attack (CNA) against a US Corporation on US soil … a broad escalation in cyberwarfare tactics” that would demand some kind of American response. [Business Insider]

Personally, I’d have thought that the 2009 incident when North Korea (or its sympathizers) was suspected of hacking “27 American and South Korean government agencies and commercial Web sites” would have crossed a red line. I’d be interested in knowing what evidence linked those attacks to North Korea, but targets of cyberattacks often avoid publicizing the fact that they were attacked.

Mandiant’s extensive report on China’s state-sponsored hacking was an exception to that rule. Maybe Mandiant should write a second report on North Korea, and especially about what support the North Korean hackers receive from China.