If North Korea is really behind the cyberattacks on U.S. and South Korean websites over the past few days, as South Korea has claimed, why hasn't it taken responsibility? The Kim Jong Il regime has never been shy of owning up to its mischief: if anything, it tends to exaggerate its ability to do far-flung damage. And yet, there has been no chest-thumping from Pyongyang about the "glorious destruction of the powerful computer systems of the evil enemies of our Dear Leader."
This uncharacteristic reticence could undermine the initial assumption that the attacks originated in North Korea. Indeed, five days after the first attacks, there has been no proof of Pyongyang's involvement. Unlike their South Korean counterparts, U.S. officials have pointedly avoided blaming North Korea, or any other country, for the attacks.
Cyberexperts like Dale Meyerrose, who recently retired as chief information officer for the director of national intelligence, say it may be weeks before it becomes clear who was responsible for the mischief. In fact, if the attackers were smart enough, we may never be certain of their identity.
But even if the trail does lead to North Korea, there's no reason to believe it ends there. Meyerrose, now with the consulting firm Harris Corp., points out that hackers routinely route their attacks through other countries and networks, using multiple cutouts to evade detection. "In every attack I've ever seen, the attackers were careful to use cybersurrogates," he says.
Another wrinkle: once the initial attack (wherever it may have originated) was under way, it's entirely possible that other, unconnected hackers joined the fray. "If you're a hacker, and you see something like that going on, you can use the opportunity to test out your capabilities, masking them under the original attack," says Roger Baker, East Asia analyst at Stratfor, a global intelligence company.
So why did suspicion fall on the Kim regime? The South Koreans immediately blamed their cousins to the north, but Seoul fingers Pyongyang for all sorts of things, and not always with much to back up its claims. But in this case, there is some circumstantial evidence to support their allegations.
The timing of the attacks is one: they coincided with the anniversary of the birth of North Korea's founder and Kim's dad, Kim Il Sung, an occasion you might reasonably expect the regime to celebrate with some long-distance shenanigans. And the regime is already embroiled in conflict with the U.S. over nukes and missiles; a hack attack would be just one more inflammatory act by a country that specializes in inflammatory actions.
The choice of targets is also instructive: Who else but North Korea would attack both South Korea and the U.S.?