Just when you thought we'd reached peak finger-pointing in the whodunit centering around the Sony hacks attributed to North Korea by the FBI, the folks over at Data Driven Security have blessed us with a website that randomly generates a plausible argument for the guilt of everyone from Chinese criminals to call center workers each time you visit.
Not satisfied with the FBI's publicly released evidence against North Korea? Not content to say that you simply don't know who hacked Sony, either? The Sony Hack Attribution generator promises to fulfill your every conspiratorial fantasy, and all you have to do is hit refresh.
"I made the page mostly as a way of illustrating the silliness of people sharing their opinion about the hack with little or no knowledge," said Kevin Thompson, one of the three collaborators listed on the project's Github page, in an email. "You can make really sketchy evidence sound very authoritative."In other words, the attribution generator is a piss-take on security companies and observers leveraging flimsy evidence to try and say more than, "We don't know," when it comes to pinning the hack on someone—anyone.
While the FBI has remained steadfast in its position that North Korea is to blame for the hacks, security experts and the media have cited disgruntled ex-employees, the Chinese government, and teenage DDoS-ers Lizard Squad as possible accomplices, if not outright culprits.
The generator draws on data from Verizon's 2014 Data Breach Investigations Report and the VERIS Community Database, which contains raw data from thousands of security breaches shared under a creative commons license.
By fusing the data from these sources with quotes from security experts skeptical of the FBI's evidence against North Korea and randomly selecting a threat actor—say, a crime ring or a lone hacker—along with a random country of origin, the site convincingly presents a new perpetrator with each new visit.
Or, at least, as convincing as some of the other speculations that have been floated since the first hack was detected on November 22nd, 2014.
The generator was briefly down today due to what collaborator Alex Pinto told me was likely high traffic to the site. Thompson, however, offered a different explanation: "It looks like the reason for the outage was actually a network attack launched by a Costa Rican activist group known as 'Fisto Justica.'"