>> I'm not sure NK even has the computer skills to pull it off, for that matter
Ugh, it pains me to see people get this so wrong. Let me state this as plainly as possible: when you're attacked by a state, whatever encryption or security you have in place doesn't matter. They'll go after your weakest link, and exploit that until they have access to whoever controls your security infrastructure. It could be as simple as bribing an Ops guy, or it could be as complex as planting a spy, or secretly threatening someone with access. Once you're up against a state, all bets are off.
>Once you're up against a state, all bets are off.
This is a gross oversimplification.
Some states are much more capable than others. The US and China probably have more digital offensive capability than everyone else put together.
Some targets are much easier than others. Larger companies usually present a larger attack surface. Some companies don't care as much about security. If you're one person with really good OPSEC practices, you're substantially harder to go after than a large organization.
And, of course, all security is a matter of degrees. You don't need to have perfect security; you just need to have security good enough that the group coming after you can't justify the expense of circumventing it.
While I realize that you can do a lot with 'rubber hose' cryptography, I'm not sure how that's relevant to the Sony hack as I don't remember any reports of such.
Also, I don't get how this hack helps North Korea in any real way. Maybe there really are 'links' as such, but I honestly wonder if this was something they put together as I don't see how it helps them.
