(*) This post is designed to stimulate debate, not make a definitive claim.  The lost side of this debate, I contend this: absent any technical data, a North Korean cyberattack is actually less likely than most mainstream media and defense establishment presume.

The press loves a good villain, and so the story seems to make intuitive sense: the nuke-testing, IBCM-firing, SCUD-launching North Koreans launch a cyberattack in yet another moment of classic brinksmanship to protest the United Nations, US imperialism, ROK aggression, and prove their own might.  The progression is obvious.  Right?  Not really:

1. A cyberattack doesn’t score points with North Koreans. Nuclear tests, ICBM launches — both have tremendous symbolic value to the North, helping to demonstrate to the elite and rank-and-file alike that under Kim Jong-il’s leadership, the DPRK has ushered in a socialist paradise and breeds the world’s finest technology. (Please, restrain your laughter.)  Largescale military hardware is easy to demonstrate for the masses and, most critically, the regime elites that could threaten the Kim dynasty as it prepares for the dangerous business of transferring leadership to a new heir.  Yet note this now-famous satellite photo above: the DPRK is not a terribly well-lit country, let alone a wired one.  The “victory” of taking down websites for a few days would probably elicit blank stares from all but the most favored regime members—probably few to none of which even have internet access.  Kim can parade ICBMs down the streets of Pyongyang and make a point; with a cyberattack, not so much.
2. No responsibility claim. When the DPRK detonates a nuke, they want everyone—domestically and abroad—to know about it.  It’s a dysfunctional, if effective, way of demanding international attention.  But Pyongyang hasn’t owned up to these attacks, and without that claim, it’s hard to see how it seeks to posture against an international audience.  Is there some three-star general in the Korean People’s Army taking credit for this attack?  Quite possibly.  But that doesn’t mean he orchestrated them any more than your high school’s IT guy did.  And on some level, Kim would be in a difficult position in accepting responsibility, lest he force his ‘ally’ China into the awkward position of joining in a public condemnation, despite numerous high-profile reports of the PRC’s own cyber-meddling. If they can’t own it, and major questions persist about the origin (see #5), it is hardly a foregone conclusion that the North has much to gain by waging the attack in the first place.
3. Cyberattacks don’t keep the Kim family in power. In a state with no productive economy, it’s probably safe to assume that he who controls the nukes controls the country.  That’s why many are arguing (convincingly) that the North’s recent bellicosity is largely a function of domestic concerns.  Controlling a botnet of several thousand computers, however, does not provide much in the way of a regime’s power consolidation.
4. Little experimental value for the military. Every time the North fires an ICBM, or tests a nuclear weapon, the military gains data about how to achieve systems with a slightly-less-embarrassing failure rate than before.  With military toys, the value here is nontrivial–especially when your deterrence posture largely relies on the hardware’s ability to, well, work.  Test-firing a DDoS attack, however, is like test-firing artillery–the artillery is proven, and the mechanics are not rocket science (as it were).  Pyongyang may not know how many gigabytes-per-second of data inflow is required to take down the ROK President’s website…but we’re getting ahead of ourselves.  Do we really believe that Pyongyang is losing sleep over having not tested that one out?  And moreover, that they’d spend their (very) precious resources on figuring it out?  Seems like a stretch.
5. Anyone could do it; but could the North Koreans? The paradox of this kind of attack is that it is at once quite easy to orchestrate, yet quite hard from a place as insular and poorly-connected as Pyongyang appears to be.  On the one hand, a precocious, basement-dwelling eighteen-year-old can build a botnet capable of such an attack.  On the other, spreading that malicious code—especially incognito—is a lot easier in a wired country than one with few network connections to the outside world.  Yes, one can envision a scenario whereby the North sends agents abroad to conduct this attack, but the question recurs: why go to all the effort, in light of #1-4?  The perpetrator could at once be anyone and, ceteris paribus, Pyongyang would have a tougher time launching the attack than might a disgruntled South Korean spammer.
6. When it comes to targeting, they’re not idiots.  Insular, impulsive, yes, but if you paint the North Koreans as irrational fools, you end up with a North Korea policy much like that of the last decade’s.  A quick look at the target list (as I’ve already discussed) suggests that the U.S. targets were chosen perfunctorily at best.  The North Korean elite knows the agencies of the U.S. government; they have, after all, been negotiating with them in one format or another for fifteen years.  If they were looking to disable vital servers, they got it wrong.  If they were looking simply to send a message, they got it wrong, too.

(Some alternatives, after the jump.)

“But,” I can already anticipate the emails, “who else would target just the ROK and US, and stand to gain?  Clearly this was Pyongyang.”  Perhaps, and as of now, we have no way of knowing.  But for my money, equally likely would be:

• North Korean sympathizers in the ROK or Japan, acting on their own (without direction from Pyongyang).  Any fringe group or individual with some tech savvy, and a mediocre knowledge of the US, might be more plausible than Pyongyang itself.  After all, many of the more prominent cyberattacks have been the work of isolated, passionate, ideological but random people.  Or,
• Enemies of one or more of the agencies targeted (like the FTC, which recently shut down one of the larger spam and illegal porn havens on the internet), seeking to deflect broader attention while still achieving their retributive objective.

Add to it the current political climate in South Korea, with an imminent vote on a new anti-terrorism statute, a president that seems to derive much of his sense of purpose from hostility towards the North, and the chance to prop up his own flagging popularity with such an external threat, and you have a perfect storm of finger-pointing from Seoul, parroted by the less critical here in Washington.  The irrationality, it seems, might be a bit farther South of the 38th parallel than many assume.