Legal experts say potential complications illustrate why federal authorities rarely announce they've solved a case before an arrest.
"Once the government says it has good reason to believe North Korea did it, then that is good reason to believe that the defendant did not do it unless the defendant was an agent of North Korea," said Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society.
U.S. officials for weeks have been emphatic blaming North Korea for the hack attack, citing similarities to other tools developed by the country in specific lines of computer code, encryption algorithms and data deletion methods. The Obama administration - reeling over persistent public skepticism whether North Korea was to blame - asserted its certainty again last week, announcing a new round of sanctions against North Korea that officials said will be just the first step of retaliation.
FBI Director James Comey told a cyber-security conference in New York on Wednesday that the hackers "got sloppy" and mistakenly sent messages directly that could be traced to Internet addresses used exclusively by the North Korea. Comey said the hackers had sought to use proxy computer servers, a common ploy to disguise hackers' identities and throw investigators off their trail by hiding their true locations.
"It was a mistake by them," Comey said. "It made it very clear who was doing this."
Though the FBI has repeatedly maintained that there's no credible evidence suggesting anyone other than North Korea was responsible, that hasn't stopped skeptics from challenging the government's conclusion and raising questions about whether hackers or Sony insiders could be the culprits instead of - or maybe along with - North Korea. At least one firm claims to have identified a group of individuals it says may have attacked the company's networks.
Comey said only the FBI has the whole picture, but the U.S. government has been hamstrung over its reluctance to disclose sensitive information that could be persuasive yet might reveal intelligence secrets about how the U.S. secretly watches North Korea.
"They don't have the facts that I have, don't see what I see," he said.
Either way, the public finger-pointing was exceptional considering that federal law enforcement is ordinarily loath to discuss an ongoing investigation, particularly in cyber-security cases where it's notoriously difficult to assign blame. It's even more unusual for a president to make public accusations ahead of an arrest. In a conversation with reporters just one week before the Obama administration's statements, the FBI director said investigators had not finished combing through the evidence to arrive at a point of certainty about who was responsible.
"The temptation to engage in the kind of global politics surrounding this rogue nation is probably just too great to resist," Harvard Law School professor Lawrence Lessig said. He added, "Finding a way to continue to reinforce the world's commitment to bringing North Korea around to sanity seems a pretty compelling objective - which might lead them to deviate from standard practice."
It's not clear whether any individuals, in North Korea or elsewhere, will ultimately be implicated in the break-in at Sony. Prosecutions of cybercrime are challenging, especially when they reach overseas. Five Chinese military officers were indicted in May on charges of vast corporate cyberespionage, but none has appeared in an American courtroom.
In this case, if anyone outside the North Korean government were to wind up accused, lawyers representing a defendant would almost certainly demand access to all nonpublic evidence pointing to North Korea as potentially exculpatory material. The government would risk revealing sensitive sources and methods about the North Koreans if it shared such evidence during the discovery process. If it refused to turn over the material, the government would face demands from the defense that it dismiss the prosecution, Granick said.
If the government were to blame someone other than North Korea, a defense lawyer would easily "stand up and say, But that's not what they said before. They said it was North Korea,'" Lessig said.
"If you're imagining the jury kind of sifting through those two accounts, it certainly benefits the defense that they've got this alternative plausible theory that creates in their minds reasonable doubt," Lessig said.
Given the risks in revealing evidence, the public statements were a "bold move" that could suggest the government acted in haste - or that it has a much stronger case than what's been made public, said Tor Ekeland, a New York lawyer whose clients have included a man accused of illegally gaining access to AT&T's servers and stealing the email addresses of more than 100,000 iPad users.
"That's what makes me think they've got some smoking gun piece of information that they haven't revealed," he said.