Unhappy With Explanations for the Sony Hack? Change Them With a Click.

Having trouble keeping track of who was supposedly behind the hacking attack on Sony Pictures? You’re not alone. While law enforcement officials at the FBI and at the White House continue to insist that North Korea was “centrally involved” in the attack, numerous competing theories have emerged involving unhappy Sony insiders and Russian gangsters, among others.

Now, with a few clicks, you can conjure up an authoritative-looking page with “evidence” to support your favorite scenario. The Sony Hack Attribution Generator shifts the blame for the hack to another randomly generated party every time you refresh the page. One minute it’s North Korea, the next minute it’s organized criminals in Romania, a random employee or mobsters in the U.S., complete with IP addresses and links to Google Map images of where the “hackers” are.

It’s a joke, of course, a bit of pointed hacker humor commenting on the difficulty of “attribution,” always among the toughest problems in investigating computer crimes. Evidence, always scant, can and typically does point in multiple directions, and smart attackers often leave false clues meant to mislead. Numerous experts have sought to poke holes in the FBI’s findings. (For the record, the FBI has firmly stuck to its guns.)

“You’re probably avoiding the discussion because you’re ashamed to admit that you don’t know what happened and you don’t want to look amateurish in the eyes of your peers,” a Data Driven Security blog post explaining the site reads. “You probably spent the holidays hoping that your family wouldn’t bring up the subject and force you to take a position on the attribution.”

The blog is run by Bob Rudis and Jay Jacobs, co-authors of a book of the same name.

Rudis, who calls the site an “overly detailed joke,” created it with another collaborator, Kevin Thompson, a risk and intelligence researcher with Verizon. Alex Pinto, a security researcher and data scientist, came up with the idea.

In crafting the joke, they used some real data. The random “evidence” used to attribute responsibility for the Sony hack is taken from information used in Verizon’s Data Breach Investigations Report, an annual accounting of hacking attacks around the world, and the Veris Community Database, an open effort to catalog breaches. What’s the point of that? “You’ll know that your story is at least kind of plausible too!” they write.

This article originally appeared on Recode.net.

We're here to shed some clarity

One of our core beliefs here at Vox is that everyone needs and deserves access to the information that helps them understand the world, regardless of whether they can pay for a subscription. With the 2024 election on the horizon, more people are turning to us for clear and balanced explanations of the issues and policies at stake. We’re so grateful that we’re on track to hit 85,000 contributions to the Vox Contributions program before the end of the year, which in turn helps us keep this work free. We need to add 2,500 contributions this month to hit that goal. Will you make a contribution today to help us hit this goal and support our policy coverage? Any amount helps.

One-Time Monthly Annual

$5/month

$10/month

$25/month

$50/month

Other

$

Yes, I'll give $5/month

Yes, I'll give $5/month

We accept credit card, Apple Pay, and Google Pay. You can also contribute via