The US has always been the world leader of cyberwar, hacking damn near everyone without any repercussions. And, for years, US intelligence officials and private contractors have been milking hacks to secure billions in cyber security programs: all you need is an enemy, and they will sell you the cure.

Their blatant hypocrisy, threat inflation and militaristic rhetoric must be challenged if we are to have a free and equal internet.

That familiar formula is playing out again with the recent Sony hack. We are supposed to be shocked that these "cyber-terrorists" – purportedly from North Korea – would attack our critical infrastructure and, clearly swift retaliation is in order. But, despite the apocalyptic hype, the Sony hack was not fundamentally different from any other high-profile breach in recent years: personal information was stolen, embarrassing private emails were published and silly political rhetoric and threats were posted on Pastebin. In many ways, it's similar to an Anonymous operation except that, this time, the FBI accused North Korea. That accusation was based on supposed forensic analysis which they have not publicly produced after refusing to participate in joint inquiries.
This official narrative is disputed by many renowned infosec figures. Any skilled hacker or well-financed nation-state practices anti-forensics measures like modifying logs and using proxies to make the attacks appear to originate elsewhere. And North Korea has already been falsely accused of several cyber-attacks – including attacks against US and South Korean targets in July 2009 and again in 2013. The inherent difficulty of identifying the true attackers should give us pause
before we rush to judgment.