A banner for "The Interview"is posted outside Arclight Cinemas, Wednesday, Dec. 17, 2014, in the Hollywood section of Los Angeles. A U.S. official says North Korea perpetrated the unprecedented act of cyberwarfare against Sony Pictures that exposed tens of thousands of sensitive documents and escalated to threats of terrorist attacks that ultimately drove the studio to cancel all release plans for the film at the heart of the attack, "The Interview." (AP Photo/Damian Dovarganes)
North Korea winning a cyber war?
02:13 - Source: CNN

Story highlights

The United States is set to blame North Korea for the massive hack at Sony

It's not the first time North Korea would be accused of launching such an attack

"In Pyongyang, they're probably popping the champagne corks," says one analyst

CNN  — 

As the United States gets ready to blame the Sony hack on North Korea, a troublesome question is emerging: Just what is North Korea capable of?

Experts say the nation has spent scarce resources on building up a unit called “Bureau 121” to carry out cyberattacks.

North Korea has been blamed in the past for attacks in South Korea, but the Sony hack – if indeed North Korea is behind it – would seem to represent an escalation of tactics.

“I think we underestimated North Korea’s cybercapabilities,” said Victor Cha, director of Asian Studies at Georgetown University. “They certainly didn’t evidence this sort of capability in the previous attacks.”

Cha was referring to attacks on South Korean broadcasters and banks last year.

In March 2013, South Korean police said they were investigating a widespread computer outage that struck systems at leading television broadcasters and banks, prompting the military to step up its cyberalert level.

The South Korean communications regulator reportedly linked the computer failures to hacking that used malicious code, or malware.

An investigation found that many of the malignant codes employed in the attacks were similar to ones used by the North previously, said Lee Seung-won, an official at the South Korean Ministry of Science.

North Korea denied responsibility.

A spokesman for the General Staff of the Korean People’s Army labeled the allegations “groundless” and “a deliberate provocation to push the situation on the Korean Peninsula to an extreme phase,” according to KCNA, the North Korean state news agency.

North Korea has similarly denied the massive hack of Sony Pictures, which has been forced to cancel next week’s planned release of “The Interview,” a comedy about an assassination attempt on North Korean leader Kim Jong Un.

But KCNA applauded the attack.

“The hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK,” it said, using the acronym of its official name, the Democratic People’s Republic of Korea. “The hacking is so fatal that all the systems of the company have been paralyzed, causing the overall suspension of the work and supposedly a huge ensuing loss.”

Experts point to several signs of North Korean involvement. They say there are similarities between the malware used in the Sony hack and previous attacks against South Korea. Both were written in Korean, an unusual language in the world of cybercrime.

“Unfortunately, it’s a big win for North Korea. They were able to get Sony to shut down the picture. They got the U.S. government to admit that North Korea was the source of this and there’s no action plan really, at least publicly no action plan, in response to it,” said Cha. “I think from their perspective, in Pyongyang, they’re probably popping the champagne corks.”

CNN’s Gregory Wallace, Brian Stelter, Evan Perez, K.J. Kwon and Jethro Mullen contributed to this report.