US discovers Sony attack is 'state-sponsored' and considers 'proportional response'

North Korea not directly namechecked as aggressor, however

The US government has stated that it now believes the recent hacking attack on Sony pictures was a "state-sponsored" attack from another government, and is now considering what it calls a "proportional response".

Despite the ongoing link with North Korea, which is largely down to media coverage and US intelligence already stating that the country is "centrally involved", but not revealing how, yesterday's official word from the US government did not directly name North Korea as the assailant.

White House spokesman Josh Earnest said that the investigation was "progressing", but that he was not able to say whether North Korea was responsible, stating simply that the attack was an example of "destructive activity with malicious intent that was initiated by a sophisticated actor".

Meanwhile, Earnest said that US national security "would be mindful of the fact that we need a proportional response", as well as recognition that people carrying out such attacks are "often seeking to provoke a response".

Overall, Earnest called the hack "a serious national security matter" that president Barack Obama was monitoring personally and closely.

The official US comment comes just a day after Sony Pictures announced that it is no longer planning to release comedy film The Interview, which features a graphic sequence in which North Korean leader Kim Jong Un is assassinated by US agents (pictured).

The November hack involved various pre-release versions of films being leaked, as well as a number of highly sensitive email communications from within Sony, including executives criticising the professional conduct of actress Angelina Jolie, and Sony Pictures co-chairman Amy Pascal apparently using racist language when discussing Barack Obama.

While many have commented that this decision shows the US pandering to terrorists' desires to enforce ‘creative expression', it seems equally likely that stalling the film is an attempt by Sony Pictures to stem the ongoing threat of further top secret information leaks, as hackers had threatened to reveal more inside information as part of a "Christmas gift" later in December.

Ken Westin, a security analyst at Tripwire, describes the ongoing ‘blame' situation between Sony and North Korea as "a great deal of cyber rattling".

"Unnamed US official(s) provided some information to the media regarding a connection to North Korea, however no evidence has been provided and no ‘official' statement. FBI notices have been sent out stating specifically no connection has been made and that the investigation is still underway," said Westin.

Westin describes talk of counter-attacks or sanctions as "concerning, due to the lack of knowledge related to attack attribution by those clamouring for retaliation".

He also says he stills believes it unlikely that North Korea is behind the attack, preferring to believe it could be a sympathiser group, or even a ‘false flag' scenario.

"The fact that parts of the malware had Korean language settings, and possibly connected to an IP in North Korea (as well as several other countries) would be an amateurish mistake for an APT-level attack," he argued.

"However, if the artifacts pointing to North Korea were implemented on purpose, it could be a sign of sophistication in an attempt to divert attention from the real attackers."