> The attacks at Sony were routed from command and control centers across the world, including a convention center in Singapore and a computer at Thammasat University in Thailand. But one of those command and control servers, a computer in Bolivia, had been used before, in a limited set of cyberattacks on South Korean targets two years ago.
The evidence has to be better than this to make an accusation against a state. Botnets overlap a lot because the way they are built is with automated scanners that take advantage of common vulnerabilities. It isn't uncommon to find a botnet client that has been hacked a half-dozen other times and has had rootkits installed each time. A large part of sophisticated botnet droppers is removing all the previously installed botnets on a server where a vulnerability has been found.
Having one client in common with another attack network is a low or insignificant figure.
Similar applies to common modules found in other malware. Authors reverse engineer and re-appropriate techniques or libraries from other successful malware all the time. That is also not evidence of a link to North Korea.
Attribution in cyberwarfare is infamously difficult.
However, there is an age old equation that works fairly well for attribution: opportunity + motive + evidence. Opportunity in cyberwarfare is a complex item to tease out and has more to do with opportunity costs than anything else (the strategy of cyberwarfare demands owning everything immediately rather than later and the exercise becomes one of triage).
In this instance we do have both a motive and some evidence that point to North Korea, and it is in line with the sort of theatrical politics NK is known for. IMHO more evidence and an analysis of opportunity cost are a must to pin NK down further, but you can be assured that (unless officials have ulterior geopolitical motives) they have a pretty good idea about the cyber capabilities and actions of other nation states - more than they are apt to release to media outlets.
This is my concern - they are starting with a motive and the DPRK and then working backwards to fit the evidence in.
Everybody seems to have forgotten that this started as a financial ransom demand and the attackers made no mention of the movie or the DPRK until Sony and the media did.
I'm not suggesting the DPRK are not involved, but that it is a very big leap to go from media speculating about motives to the US government formally accusing them. The details leaked to the NyTimes do not substantiate this leap.
It's certainly true that a ransom was demanded first, giving Sony a few days to respond, and then only after the compromise was completed were demands made to remove 'The Interview'.
It truly is difficult to attribute and only with more evidence and a more careful analysis of timeline, the malware, and the communications will things come into focus.
One thing I have not yet been able to find are numbers for the ransom. I've seen the emails demanding ransom and the defacings demanding the same, but nowhere have I seen a number of dollars being demanded. Have you seen that anywhere?
Any action that results in rich assholes losing a bit of money or potentially losing a bit of money falls under the umbrella of terrorism now, or 'economic terrorism' if you will. So copyright infringement and of course any form of organized protest fit the bill, along with hacking a Japanese company with offices in the US.
You can try to fight the total annihilation of meaning in our language, but as you see here it is a losing battle.
Thanks to our favorite president GW Bush, any computer hacking is considered "terrorism" and has similar consequences just like real terrorism such as ISIL or Al Qaida:
I would suggest that even ISIL isn't a terrorist group, at least in the same sense that the word terrorism has been used throughout the past 100 years. ISIL represents 30k mobilized personel, are made up of a huge number of disparate factions (some fighting for a three state solution - which would actually be a great improvement in the organization of the middle east, whose lines right now were drawn by the British and have nothing to do with historical or cultural boundaries), are fighting with traditional armies with traditional warfare weaponry and because they are fighting for political change in a state where authoritarian governments with financial and political ties to outside nations has limited how much they can represent their people. ISIL to me, if I use textbook comparisons, looks more like an grassroots insurgent army fighting for political representation.
Re: computer hacking considered "terrorism" - this represents yet another way "terrorism" no longer means the despicable act it was originally associated with. And doesn't that make the "War on Terror" also a "War on Hacking"? How the hell are we going to win a war on hacking?
I do hope that the OP was not using the GW Bush administration definition of terrorism...
I agree that if you think Sony and the US government have more motive, this changes attribution (and in fact I mentioned it wrt "ulterior motive"). I'm curious about what motives you think Sony and USG have. I'm not sure what to make about the opportunity cost analysis indicting Sony or the USG - maybe you could say more about that too?
SONY might think the movie was going to bomb anyway(I don't understand why anyone would want to watch this on xmas) and this hacking incident is probably going to cost them millions as well. Turning this likely-to-fail movie + hacking disaster into a promotional catapult generating big profits would be one option. Even I want to watch this movie now, but not on xmas.
USgov., I think they will take any chance given to them to put China, Russia and N.K. in a bad light.
North Korea threatens to nuke US, as well as half a dozen other countries, on a regular basis. There's no need for false flag operations against North Korea; they're already doing everything they can to paint themselves in a bad light.
I'm not sure what I think about the motive of Sony to turn the hacking into a promotional event or how the USG motive you suggest squares with what they've said over the past week (they have been careful not to attribute until just recently, even in spite of rumors of NK fault).
The big question your analysis seems to beg is why #GOP would demand that the movie not be shown. In the scenario where Sony and the USG want to spin this as anti-NK propaganda (certainly this is not out of the USG playbook), why would #GOP play along? I don't understand #GOP's motive in your scenario.
All this is pure speculation on my part of course, but I think the #GOP are just talented people doing it for the lulz. Note that the media mentioned North Korea first, possibly giving #GOP the idea to increase the lulz to levels previously unimagined. Bonus points - It diverts attention from the real hackers; making them less likely to be caught.
Completely agree. I know the regime in North Korea is crazy, but I really don't see them caring about this at all. On the other hand, they're often the butt of jokes in the west. Just look at all the "you've been banned from r/pyongyang jokes on reddit. Or 'The Interview' itself, which based on the trailer, seems to be laughing at the same stereotypes. I think a bunch of hackers that frequent 4chan have a lot more motive to continue this whole joke than North Korea itself.
I'll hammer on a third agreement. I posted a similar comment elsewhere in this thread. This really does make the most sense. I cannot imagine that North Korea has the motivation, brain power, and coordination to pull off something and actually rattle our culture, let alone be adept enough to know that Sony is a good target to attack Hollywood.
Companies are "brands" for hackers. "I hacked Target. Home Depot was me." etc. Sony is a huge brand. Keep the lulz going, and see how big it can get.
Finally, what do you think of #GOP coming from some of the same IPs used in prior attacks known to have been state sponsored? You must think that they bought access to these machines on the same forums they bought Korean malware?
Okay, so you think that this is is a manufactured lie. I understand your position now - it seems consistent to me.
I'm not sure that I personally buy that the evidence is manufactured - that there is motivation enough from the USG to invent that evidence. But this is where there is reached an impasse. There just isn't enough information at this point to really say. Either speculation can be right.
One can always post-fact construct a motive for North Korea. One can certainly think about front page worth motives for Iran too if you try, and Russia, and whoever you want.
Opportunity costs are exactly as low for every country that the US decided to antagonize by placing on their evil axys list, and only marginally bigger for any other actor, because nobody will catch the hacker.
The only item of yours that can not point to anybody that you want is the evidence. Evidence-less finger pointing is not a sane sport.
Can you come up with a good motive for Iran or Russia?
Opportunity costs are not exactly as low for every country, as they have different capabilities, use different tactics, have different budgets and talent pools, and have different interests. Triage is going to be different for different state actors. Pure and simple. I'm not sure that an opportunity cost analysis indicts NK - and in fact I do suggest that work needs to be done there in the original comment.
Even the motive for a lone wolf hacker with a huge botnet would make sense if they were impressing themselves with how good the hack was. If they could "trick" the US into thinking it was North Korea, the lulz from that alone would be enough to have the whole charade to take on a life of its own.
That's just a good a reason as any other motive for any other suspect given that I've seen.
I don't know that I would take the Time's reporting on the investigation to be the end-all-be-all of what evidence there is. Like you say, accusing a Nation State probably requires a decent amount of evidence, and I doubt they would release it all to the NY Times. The article even says
> It is not clear how the United States came to its determination that the North Korean regime played a central role in the Sony attacks
To me, that sounds like they aren't privy to the reasoning used.
Yes, accusing a nation state requires a decent amount of evidence - however the US has a track record of lying about and and manufacturing evidence when required. Or how's that whole "chemical weapons in Iraq"-thing going?
If the US has better evidence, why not show it? I'm not saying NK didn't conduct those attacks, I'm just saying the US government isn't really a reliable source about anything.
The headlines go around the world and people will just accept it as the truth.
If there is a retraction it will be in a year's time and buried under an ad for washing powder on page 17.
You simply don't need evidence anymore when the media, unwittingly perhaps, construct the narrative for you.
Why is the New York Times held in such high esteem? Was there a period of time when it truly was a paper of record? These days it seems like the name Pravda on the Hudson is well deserved.
How do you know it's a botnet? For all we know the attackers have list of compromised servers that they use. I know the distinction is thin, but it still exists.
"Intelligence officials believe with “99 percent certainty” that hackers working for the North Korean government carried out the attack, said one individual who was briefed on the investigation and spoke on condition of anonymity."
The US government is never going to release all of the evidence it has because they don't want to explain how they obtained it, which would be the inevitable follow-up question.
Behavior of all involved parties is highly indicative that they at least believe the threats of violence to be real. Body guards, cancelled media appearances, unprecedented cancellation of a theatrical release, jumpy reactions in public, and more. Internet death threats are nothing special. They happen all day every day. Especially for celebrities. Hacks aren't an every day occurrence but we hear about them regularly.
That doesn't mean the threats are legitimate. Or that North Korea is involved. But the actions of folks involved do give serious weight to such an accusation.
The Post says the malware itself contains sections in Korean and is similar to code found on South Korean networks. But like you, I still remain skeptical
TMZ is reporting [1] that studio executives are convinced this was an inside job based on layoffs at Sony that included IT employees. Before you write them off, they've broken several big stories this year, and their sources at movie studios are probably spot on.
If you think about it, it makes perfect sense. The continuous release of leaked data means the attacker probably had access for a considerable amount of time to completely download the large number of files. My guess is that they had escalated their own access during employment and routinely monitored the communications of executives.
This was most likely the work of someone that had or maintained a blackhat past. This is someone that most likely had access to a botnet, knew where to go to buy/download malware (underground forums), and knew how to obscure their connections (and where to directly connect). And if you think about it, posting to Pastebin? Definitely a US-thing, and not so much a Chinese thing.
I'm willing to bet this person/people will be caught through old-fashioned profiling. Cross-checking the terminated IT employees with previous convictions for computer crimes, their personal emails with known hacker aliases, and other investigative techniques.
Why would #GOP demand that 'The Interview' not be shown? To throw off the scent? Also I'd be interested in your thoughts as to why an ex-employee bent on revenge demand a ransom not to engage in the sabotage?
I do think that the ransom makes the North Korea explanation less likely, unless NK reached out to #GOP after they were not given a ransom and offered to pay?
The other explanation seems to be that #GOP would demand the movie not be shown to confuse the scent of their real motive (revenge? lulz?) (but this is also questionable IMO). It also seems unlikely that an ex-employee would use the same IPs from previous Korean state sponsored attacks, although maybe they could have bought access to these servers on underground forums? Others are suggesting that this is entirely invented evidence - I see no good reason to believe that.
"We got hacked by a state" is much less embarrassing than "We got hacked by a former employee". If that is the case it's in Sony's interest not to let it get out.
And they say North Korean hacking is often done from China. And the US tries actively to infiltrate North Korean computers... Sorry, I don't trust any source, it's just finger pointing.
Wired offers a different perspective of the same story
http://www.wired.com/2014/12/north-korea-did-not-hack-sony-p...
Silver lining is it's incredible press for The Interview, excellent crisis management by Sony's PR people. Apart from this Wired article all I've read is PR and political finger pointing.
Incredible press for a movie whose release they just canceled? The movie's getting a hell of a lot of attention; I'll grant you that. But I don't see how this helps the movie.
I know a lot of people are speculating that Sony has something up its sleeve, like a limited-time-only release right after Xmas, or early next year, or a digital release, etc. I'd consider that an extraordinarily slim to nil outside possibility. The material leaked in the Sony hack does not exactly give the impression that these guys are marketing geniuses. Just sayin'. :)
For what it's worth -- not saying you're suggesting this, just that I've now heard the theory a couple dozen times -- some people are speculating that Sony engineered this entire fiasco as a publicity stunt for the movie. That sort of thinking is beyond-the-pale naive. Sony doesn't want to be civilly or criminally liable for having doxxed thousands of its own employees. Believe me.
They may well attempt to rerelease it, and its notoriety may attract a decent opening weekend. But notoriety alone won't save a turkey. If it's actually bad, this incident won't be able to turn around its long-term prospects. If it's good, that's a different story -- but if it were good, you'd think Sony wouldn't have pulled support so quickly in the first place.
It doesn't matter if it's a good film. That's why you see marketing campaigns saying 'just try it' - even if the product is crap they still make 1 sale.
The film is getting such incredible hype a huge amount the profits will be in the opening night. Check out the Rotten Tomatoes score: critics are divided on whether it's a good film, but 96% of people want to see it.
If Sony don't release the film eventually internationally, they'll lose money - but withholding it makes it a scarce commodity, drives hype etc.
What you are now reading about The Interview isn't politics, it's PR crisis management.
Sure. But hence my point about opening weekend (trial) vs. what happens after opening weekend (ongoing business, lifetime earnings). You can drive trial of a bad product, but it's extremely hard to get people to keep coming back, or to tell others it's worth seeing. So your bad product + ultra-hype is basically a recipe for a big opening with extreme decay every day thereafter. This usually isn't enough to recoup the production, print & advertising costs of a major movie, especially when you factor in profit-sharing and other cuts to top-line revenue (Rogen and Goldberg are almost assuredly getting points on the movie's gross, and it's possible that Franco is, too.)
A general rule of thumb is that a movie studio spends at least as much on prints and advertising ("P&A") as it does on production costs for the movie itself. That is to say, if the movie cost $35M to make, Sony sunk another $35M or more into P&A. So it would need to earn more than $70M to break even (more than that, because everyone's taking points off the top-line gross, plus profit-sharing with theaters and distributors, etc.). Is it possible that Sony could earn that much on this sort of movie, given its notoriety? Maybe, maybe not. Notoriety alone can rarely get you to $70M. (It's possible, but unlikely.) To stand a better chance, your movie also needs to be halfway decent.
Once again, I have no idea if this movie is good or bad. Just saying this for the sake of explanation.
Surely if the movie is bad this (http://www.bbc.com/news/entertainment-arts-30589472) is still an incredibly good launch by world class pr people. If the movie is good then it's still a good launch and will make money afterwards. The thing about bad movies is you can only make money on the opening weekend - this marketing was free (+the original marketing costs already spent and ignoring the lasting costs of being hacked) so the ROI will be incredibly good. Any film that caused the president to give a speech about it pre-release is going to do well on the opening weekend - I still don't think it matters if it turns out its a bad film or not, but I can't wait for the data. I guess it will be here? https://en.wikipedia.org/wiki/The_Interview_(2014_film) And total costs around <$100m (again discounting hack).
This also isn't taking into account the ROI from turning Sony into the victim in this scenario - not a massive company with a tiny, unsophisticated infosec team who messed up big time by not investing more in security.
The vituperative nature def. does not seem like a PR stunt gone awry. The flip side is the US may want to blame a state because they don't know who did it.
>In light of the decision by the majority of our exhibitors not to show the film The Interview, we have decided not to move forward with the planned December 25 theatrical release. We respect and understand our partners’ decision and, of course, completely share their paramount interest in the safety of employees and theater-goers.
As mentioned by others, there isn't any solid evidence here. I consider NYT one of the more reputable news sources out there (the bar is pretty low...), but this situation reminds me all too well of the following which I half-jokingly shared with a friend recently:
How to be a media outlet in 5 easy steps:
- do not provide any sources, at all, unless of course you're dogfooding
- make bold claims based on hearsay, comments from random strangers and uneducated/irrelevant celebrities
- judge and slander people before any researched verdict has been reached
- spread lies and make them truths through mob behavior, then support your original lies by pointing to the "public consensus"
- do not take responsibility for any of your actions, ever, unless it generates money and/or attention
The repercussions of these half-assed "investigations" worry me to say the least.
Not to put too fine a point on it, Sony's security practices were so negligent, anyone could have done it. The tools used were very unimpressive and easily available.
The evidence linking this to any nation-state at all at the moment is incredibly weak, bordering on non-existent.
Not just "anyone", but there could've been multiple unrelated groups hacking them at once. Didn't they say there's some evidence of hacking from 2 years ago? Some of them could've just hacked them and Sony never found out about it.
I was certain that the story of NK being the actor here was just publicity, paid for by Sony to promote the film and capitalize on their hacking disaster. The release cancellation nixed the idea that Sony was behind the threats, but it still didn't point to NK's culpability. Any lunatic could have bombed any theater in the country next week and Sony would have been liable.
With these administration comments, is it more likely that NK was actually responsible? It's still possible that this will turn out to be the overblown suspicions of somebody unfamiliar with how digital attacks work, published too quickly because they fit the narrative. We've seen the state of journalistic fact checking lately, and even if this is the NYT, 'senior administration officials' isn't a bulletproof source. But it's also possible that we now live in an era where nations wage proxy digital war against corporations not just for theft but for ideology.
This would be a strange new state of affairs. I wonder how long before corporations are fighting back? If, say, Samsung's expected value for government reconstruction contracts following NK's fall was in the tens of billions, how difficult would it be for them to cause a couple military installations, power plants, or leaders' flights to explode and make regime change more likely?
> Any lunatic could have bombed any theater in the country next week and Sony would have been liable.
Source? The bomber would be liable but why would Sony be? (Provided that they informed at least law enforcement and certainly if they made the details of the threats public).
I meant that the probability of losing a civil suit, in the event that the threatened disaster occurred, was high enough to impose heavy cost on showing the film. Criminal liability would of course fall to the perpetrator.
In retrospect, I was wrong - it was the theater chains who would be exposing to themselves to that risk, so they (very logically) cancelled their showings. As a result Sony was forced to pull the film's theater release.
> With these administration comments, is it more likely that NK was actually responsible?
Less, in my view. It's true that if a liar says the sky is blue, that doesn't make the sky pink. However, if that liar is the United States government, it doesn't hurt to have a look out the window.
Noticing incentive structure common to a government can be helpful in making judgements like that, but I'd wager that anthropomorphizing an organization with >20k employees as a single persona would do more harm than good to my predictive ability. I was asking more in a technical sense - are these comments coming from somebody with no knowledge of network security, or from an expert? Regardless, we now have much more information.
This is the new normal. The US government does this, the French do this, the Chinese do this, Syria does this, North Korea does this... etc.
As with other new frontiers of geopolitical leverage there will be a painful learning and a growing period for the internet. There's so many ways it could turn out and I fluctuate between being hopeful and pessimistic and what I will temporarily think is 'realistic'.
I must have missed alot, what are other instances of attacks like this? We are not talking about espionage or theft, the Sony attack was plain malice. The only prior examples I can think of are private activists (eg Anonomous) or major tactical targets (eg nuclear centrifuges).
We differ in that I would group this action together with espionage and sabotage, but if you are looking for other examples of nation state sponsored 'malice' attacks the Syrian Electronic Army's ("state-supported") attack of Ebay, Paypal, Ferrari, Walmart, media organizations, security companies, government twitter accounts, and Microsoft (and others) are examples of attacks that are meant to hurt reputation and cause chaos more than they were about data or finance.
I find it funny how fast pop-media news jumps on top of a bandwagon without actual investigation.
Earlier we were being told "North Korea is definitely behind this". Right now everyone is saying "North Korea is probably not behind this".
Why bother with networks that just regurgitate information from other people? Don't push a point of view, just lay out actual facts and let the readers come to their conclusions as more information is made available.
It's sad that most of mainstream media considers "getting semi-official government leaks" as "investigating" now, as if the government could never lie or anything. When your sources come from Joe Biden's right hand (just an example), you should be very suspicious.
I wouldn't even limit it to semi-official government leaks.
For instance, New Gingrich said:
> No one should kid themselves. With the Sony collapse America has lost its first cyberwar. This is a very very dangerous precedent.[1]
> @RobLowe it wasn't the hackers who won, it was the terrorists and almost certainly the North Korean dictatorship, this was an act of war [2]
So now we have uninformed rhetoric coming out from people who—unfortunately—may have their opinions viewed as credible due to their past as an elected official. This was a candidate for presidency in 2012.
There are interesting "free speech" implications to this too. E.g. North Korea seems to have succeeded in scaring off all the major theater chains from showing "The Interview" in theaters.
"Much of North Korea’s hacking is done from China."
If the hack was indeed state sponsored as this article claims (based on comments from unnamed intelligence officials), then it seems much more likely that the hack was done by Chinese hackers than North Korean.
Right. I can certainly buy a joint China/NK venture with China providing the talent and resources, but I can't imagine NK has the ability to pull of any decent hacks.
The implications of a US response to this hack are limited by how much evidence the intelligence agencies are willing to provide - it's unlikely that they would want to divulge the details around their own penetration to North Korean networks.
Amnesty International is fairly well known for encouraging private citizens like you and like me to write letters to government officials of governments that hold "prisoners of conscience." I have done this before, and I should do this more often. When I lived in Taiwan in the early 1980s, under the former dictatorship there, I actually spoke in public at a speech contest for foreign students on the occasion of Sun Yat-sen's birthday on how much Taiwan then didn't live up to the ideals of the 1911 revolution in China as proclaimed by Sun.
I have got to look up how to join more direct communication to the reclusive government of north Korea, in my own name, recording my own return address, and making clear that I will not be pushed around by a regime of thugs. I have recently been following the suggestion of another Hacker News participant and have read the three-volume history of the Nazi regime by Richard Evans, the Third Reich trilogy. Evans notes in various places in his books that even the Nazis were responsive to international opinion on some issues. In the early period of the Nazi regime, Hitler used to receive personal letters from American eugenicists and segregationists who praised the policies of his regime. I don't want my not saying anything at all to be construed as consent or as fear of indicating disagreement with a dictator. I will have to openly and frequently express my disagreement with the world's remaining dictators until they all fall.
provides advice on how to write letters that may have influence on the regime there. Sure enough, one part of the advice is to write to China, the country that does the most to prop up Kim Jung-un's regime. A letter to be broadcast by Free North Korea Radio
I found your comment to be very thought-provoking. There's a lot to make fun of with regards to North Korea (as "The Interview" obviously does) but the regime's human rights abuses are well-documented and horrifying. I hadn't considered that there might be something I could do personally, and I appreciated your historical example of how even the smallest individual expressions is not necessarily completely insignificant. It's certainly something I hope my ancestors would have done. Brings to mind Tolkein's letter to a publishing house in Germany: http://en.wikipedia.org/wiki/J._R._R._Tolkien#Politics_and_r...
So I'll write a letter--now seems like an excellent time, honestly.
That's a lot of people's response. Sony Pictures does bad things, so while I have to say "this kinda thing shouldn't be done", at least it happened to a deserving company.
Sorry, not a valid point. Both entities use the name "Sony" for a reason: the goodwill associated with it. They have to accept the bad press along with the good.
Contrary to many posters, I think it's indeed very likely N. Korea was the origin of the attack.
Disclaimer:
I'm not pro war and generally not pro- US foreign policy. The events in Iraq were shameful. Our involvement in Libya and the so called Arab spring was shameful. Our involvement in Ukraine and general treatment of Russia has been deplorable and painful to watch. I think we should stop saber rattling at Iran who I believe would join the modern world much more quickly if they weren't being constantly threatened and undermined by a power that has done them some serious wrong in the past. The US's seemingly unconditional support of Israel, Saudi Arabia and the Gulf states is unconscionable in my estimation.
That being said, I feel differently about North Korea. I believe this country truly is dangerous and steps should be taken sooner vs. later to dis-empower it. I am genuinely worried worried about what might come from there in the next decade or two if things continue as they are.
I really don't buy this. Attribution of anyone is incredibly difficult. It's easy for the US to officially point fingers and turn it into a geopolitical play. There is every incentive to do so: it's plausible, the media buys it, and it buys major points in the Us vs. Them narrative.
This sends shivers down my spine. We already have net neutrality to worry about, no doubt the far right will be using this event to fear monger that kind of legislation.
Namely that the attackers don't even mention the movie, but instead seem to be on an ant-Sony crusade. Mentions of the movie by the "attackers" only seem to start happening when people started saying it could be NK.
The last time a communist country did a hack like this was during the Cold War. The hackers were coke addicted West Berliners paid off by the KGB to infiltrate high value and key .mil servers. My guess is that this time it is no different. Read Stoll's The Cuckoo's Egg and you'll see how very little for geopolitics of these attacks have changed.
If it was possible, I'd place a bet that the NSA know's who's responsible but likes to sit back and watch chaos unfold between the media and politicians.
This article is glorious. A real goldmine for satire.
The sudden urgency inside the administration over the Sony issue came after a new threat was delivered this week to desktop computers at Sony’s offices that if “The Interview” was released on Dec. 25, “the world will be full of fear.” It continued: “Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.”
The evidence has to be better than this to make an accusation against a state. Botnets overlap a lot because the way they are built is with automated scanners that take advantage of common vulnerabilities. It isn't uncommon to find a botnet client that has been hacked a half-dozen other times and has had rootkits installed each time. A large part of sophisticated botnet droppers is removing all the previously installed botnets on a server where a vulnerability has been found.
Having one client in common with another attack network is a low or insignificant figure.
Similar applies to common modules found in other malware. Authors reverse engineer and re-appropriate techniques or libraries from other successful malware all the time. That is also not evidence of a link to North Korea.