Some of the Sony leaks have demonstrated the company's ability to influence the news cycle, giving them pull with certain news organizations and editors to change or remove parts of a story.
I'm disappointed by the lack of evidence given by the FBI and other departments investigating the attack that directly tie the incident to a specific government or group of non-state actors. Many well-known security professionals have given opinions contrary of the FBI's findings, stating that it's not only difficult to determine the source of the attack but also incredibly dangerous to attribute the attack to a specific government given so little direct evidence.
There are so many aspects to this story that don't add up, but most strikingly, the press's push to point the finger squarely at North Korea for all this.
I continue to be blown away by Hacker News' collective refusal to believe that NK is likely behind this hack. Do you all also doubt that they were behind the other hacks mentioned by the FBI (e.g. on South Korean banks and media outlets)? Is it 'incredibly dangerous' to accuse them of that as well?
I understand the post-Iraq mentality of demanding evidence before going to war with a country, but that's not what's going on here.
Also, given how mouthy North Korea is, nobody finds it telling that other than a single denial on December 7th, they've been quiet? That denial, by the way, consisted of bullshit like saying that there were “a great number of supporters and sympathizers” with North Korea “all over the world,” including “champions of peace” who might initiate more “righteous reaction” against the United States’ “evildoings.”
"I continue to be blown away by Hacker News' collective refusal to believe that NK is likely behind this hack."
Skepticism is healthy and encourages discussion. I am not observing a "collective refusal" as you put it, but instead a strong skepticism from the tech community (a community who has a good basis to interpret this story with).
"Do you all also doubt that they were behind the other hacks mentioned by the FBI (e.g. on South Korean banks and media outlets)? Is it 'incredibly dangerous' to accuse them of that as well?"
The discussion is around a specific cybersecurity attack, not North Korea's capabilities, so that's a bit of a straw man argument.
"I understand the post-Iraq mentality of demanding evidence before going to war with a country, but that's not what's going on here."
No rational person is making a case for war over this, but the fact that you mention going to war over this demonstrates why it is incredibly dangerous to make these assumptions about North Korea without looking at all the available evidence.
"Also, given how mouthy North Korea is, nobody finds it telling that other than a single denial on December 7th, they've been quiet?"
Quite the opposite. I think it would fit the profile if North Korea was being mouthy at this point in time. Their silence would suggest this is a delicate situation for them politically and they don't know how to respond to it.
Skepticism is healthy and encourages discussion. I am not observing a "collective refusal" as you put it, but instead a strong skepticism from the tech community (a community who has a good basis to interpret this story with).
Actually, we don't really have a good basis to interpret the story. The evidence that the US government has used to verify that NK was involved is most likely classified. The most straightforward way to verify the NK government's involvement is a high-level NK spy, or a communications tap on NK's political leadership. If it captured a high-level meeting regarding the "progress of the Sony hack," for example, then that would be pretty strong evidence of NK's involvement. Yet there's no way that any press release could include such info without also compromising their sources.
The point of the US government saying "NK is involved" is to say "We have verified NK is involved," not to give hard proof. Such proof may exist, but it may not be possible to divulge without also causing other consequences, as I mentioned above. It's not a trial, and they're under no obligation to present any of their core evidence or reasoning. It's up to us whether we choose to believe them or not.
The tech community sometimes overestimates how informed it is. For example, consider how someone would be viewed by the tech community if they claimed that governments were writing BIOS malware, and they made that claim before 2013.
So it seems mistaken to believe that the tech community is any better suited to interpret the story than any other community. Various intelligence communities or politics communities might even be better suited than we are at figuring out reasons why the story shouldn't be taken at face value, if any such reasons even exist.
I think dmschulman summed it up pretty well, but your outrage over a healthy does of skepticism, demands for evidence, and a desire not to jump to conclusions is the truly bizarre thing to me.
Most of human beings are "belief oriented” which is the result of hundreds of thousands of years’ evolution. It’s the cause of most conflicts in the world. The widely supported Iraq war is an example. That’s why it is dangerous to do so.
In hacker news community, there are more “evidence oriented” post-modern people. This makes a difference.
Your belief that you're "evidence oriented" is endearing. I can't help but think that in many cases it is merely another form of belief, and one that people are equally sanctimonious about holding.
Any discussion about Uber, or the evils of traditional capitalism (especially HFT) on here is full of distinctly belief driven people.
Okay, so on what do you base your belief of HFT, Uber and "traditional capitalism"? I have to assume that information inferred from data.
HFT is the easiest, it provides liquidity, helps to keep spreads narrow, flash crashes are nasty, but so rare there have been only 2 (and the cost of those was minimal, a few failed margin calls, oh noes).
Uber is tricky, because it's run by assholes, but that's not really different from the taxi (cab) industry in most cities. Plus they skirt the law, which was largely instituted to protect the interests of the incumbent taxi companies. It arguably helps to make the taxi market healthier, thanks to its increased efficiency, lower prices (larger supply), which leads to a bigger overall market, which likely leads to better relative wage for drivers. The potential negative externality happens when demand dries up, drivers are forced out of the market pretty fast, due to the more efficient pricing they must apply (or lose market share). And of course, Uber has competition Lyft (in the US) and Wundercar (in Europe) comes to mind.
And on traditional capitalism, the simple truth is that it's inescapable. People are locally rational, they have limited information, and oftentimes they have utility function that are non-optimal even locally, but they are rational nonetheless, and again, people are price sensitive. So capitalism is just the machine of progress that seeks more efficient allocation of capital. And even if you do away with property ownership (and try to opt for a temporary property possession model) you'll find that other types of capital still remain, they just get more perversely important (human capital, who knows who's who, influence, reputation, use of force, and so on).
And you can see that for these inferences you need evidence, but these are not single instance based cases like the Sony hack. It's much more sound and safe to trust and act upon these aggregates, than upon a single FBI "post" and the resulting drama.
It is hard to be convinced that North Korea were responsible. I think people just can't see them having a sophisticated enough hacker culture within government to pull this off. Sure, maybe it was outsourced to Russia. But an internal op like this seems so unlikely given what we know.
There is also the very strong polarization of everything in the US. When they choose a target they just paint everything about it in black.
On a related note, I discovered that many Americans have no ideas of the tremendous role of Russia in WWII, it has been completely erased from US collective memory the only thing that's left in popular US memory is USSR, communism is bad (and I'm pretty sure the details of why are blurry), and Russia can only be evil.
They are now painting other targets that way, like Iran, NK, and they used the same propaganda against Iraq. I guess they don't know (and acknowledge and take part of the responsibility for) the role of the US in creating the current situation in Korea.
There is a real lack of a measured and intellectual discourse in US public space (and by radiating influence, it's crushing it in the rest of the world).
What you seem to be saying, is that because you know of no measured and intellectual discourse in the United States, there is none.
Maybe you're looking in the wrong place.
Honestly, yours is truly a superficial, fake-sophisticate straw man, devoid of facts or information and pandering to the most simplistic anti-American tropes. I was happy to ignore it, but this caught my eye:
> I guess they don't know (and acknowledge and take part of the responsibility for) the role of the US in creating the current situation in Korea.
Well, since he's upset that Americans don't give Russians enough credit for their WWII contributions, such as the gift of a Stalinist government to the Korean Peninsula, he's probably blaming the US for "creating the current situation" in which the South Koreans have been denied the benefits of life in a Stalinist Workers Paradise.
I quote: "Female deaths in connection with rapes in Germany are estimated to 240,000". Stalin himself had to ask them to be more gentle, what an irony from such a horrible person.
Besides, Russia was on the side of Hitler until Hitler betrayed it. It's not like they chose to be on the same side as US and democracy and freedom for the last year of WWII, it was the definition of "coincidence".
Tanks for the demonstration. Everybody was more or less on hitler's side after Munich until a different something happened to everyone. The U.S. entered the war only after they got attacked themselves (see a pattern here?).
If remembering and describing a country's past is only remembering the worst without any nuance, why would anyone remember the U.S. for any positive thing? Or maybe the torture by the CIA or the 100000 deaths in Iraq doesn't erase the helping others in WWII and we have to live in a complex world where nothing is really black or white. just try to remember salient Facts, not rewrite history. And some countries could benefit from learning to say: "we're sorry", more than to say:"we're awesome" (that's valid for the 2 bullies of the other 200 countries).
On the NK situation, crossing the 38th parallel during the counter attack without having the means for a complete military victory and occupation just helped polarize everything. And now we can link the 2: invading Germany and Japan was possible because Russia agreed, invading NK was not possible because russia was against it. And this whole idea of "checking with Russia first" runs contrary to the Cold War mindset.
"Russian historians have criticized the estimates and argue that these crimes were not widespread."
Anecdotal here - my mother's mother (an Austrian of Jewish descent) had to dress up as an old woman to avoid being raped in the Russian quarter of Vienna.
Russians were notorious for this, so my father (an Englishman) was welcomed with relatively open arms, as the English were known to them as gentlemen less likely to brutalise women.
Every part of the "It's NK" reaction from all institutions of power/news seem just really off. Both MSM and gov't are running with it, without question. And now, most strangers off the street will parrot that same answer. Call it a PR success.
My guess, there are some serious, institutional-shaking smoking gun emails between media execs, lobbyists, gov't.
Official PR response of all parties presently guilty is to make as much noise about anything that's not in the data dump.
The strongest evidence of a North Korean tie isn't what happened - it's what didn't happen. They didn't release The Interview on torrent sites. Whether this was the work of the NK government, or one of their brainwashed citizens, it doesn't really matter. Their objective was to stop the impending embarrassment of their Dear Leader, and that is exactly what happened. NK was at a bare minimum the cause of the hack, and was almost certainly the perpetrator.
Quite often the easiest way to identify a criminal is to look at who benefited most from the crime.
The initial demand asked for money reward. It could easily be some organized crime hackers that wanted money, and then blamed it on North Korea to throw off everyone's scent.
On the Internet nobody knows you're North Korea (if you're sophisticated enough).
Also, their main evidence seems to be that "they used the same hacking software as North Korea had used before - and can be found on the black market". So this is a little like some hackers buying forensics tools that can hack iPhones, the same ones the police are buying, and then saying the police hacked the celebrity nudes a few months ago.
I've never understood why so many here ignore the CONTENT of the releases from the GOP. It's so clearly NK or an NK sympathizer. I don't see that kind of regional outrage and anger typically being used to frame someone else.
What you describe is not evidence of anything. One could take the exact same set of observations and equally well conclude that this is a false flag operation.
What would the US Government gain from that? This isn't going to serve as casus belli for a war with North Korea. North Korea stands to gain the most from this.
The facts presented in the FBI's statement were inconclusive enough to allow North Korea to deny the charges (which they have done).
Assuming the FBI have no reason to lie, the more interesting question is "why did the FBI make a statement mentioning North Korea at all?"
The FBI could have chosen to not name the suspect. The only reason I can come up with is that the US is trying to send a message to the world (perhaps China specifically?) that the US is irrational, and may do something crazy at any moment.
The historical precedent would be the game of brinksmanship that played out over the Cuban missile crisis. Obama just doesn't have that sheen of crazy that Eisenhower had.
The Cuban Missile Crisis occurred when Kennedy was President, not Eisenhower. And you really only find that "convince the adversary we're crazy so they're too scared to do anything" strategy in the Nixon administration.
I wish I could remember the HN thread, but another HNer who claimed to have worked for Sony Picture's security described the security system as non-existent and was surprised that it hadn't happened sooner... Now to go looking for that.
And any of us who've worked in a corporate environment know that Sony is by no means exceptional in that respect. There are security vulnerabilities all over cyberspace just waiting for someone to exploit them (just as in real life). We're protected mainly by some combination of good will, disinterest, and fear of punishment (also as in real life).
Not necessarily Sony, but the last missives threatening 9/11-style attacks on movie theaters would count as terrorism. Up until that point it was a hacking scandal against Sony. Once you start threatening the movie-going public, then you move into terrorism.
I thought it was interesting how much the FBI wanted to paint this as a natural and normal part of their job. If I'm dumb enough to leave my computer vulnerable to the world and someone steals my credit card data, is the FBI going to come help me investigate too?
You're being rhetorical, but yes, citizens and companies can and do regularly report internet crimes to the FBI and have them investigated.
Normally the FBI would want to see monetary loss of e.g. $50k (arbitrary number I just chose) before they start caring, so your credit card probably isn't going to cut it.
You seriously think that your debit card is on the same playing field as this attack? Get real, the FBI doesn't care about your checking account, nor should they.
...who are pandering to a crowd, and based upon essentially no information at all, but just the same sort of "I think" gut feeling notions that we see on HN. While there should always be questions about government honesty, it's rather incredible how far people will reach to find to clutch onto something that backs whatever their initial knee-jerk opinion was, seen throughout the comments here.
Quite a few comments are among the "they're making this up to go to war", which is simply incredible: Are people so far out of the loop on world players or current events? The US in no universe will launch a military action against a rogue, shells-pointed-at-Seoul, nuclear armed nation because they hacked Sony. That premise alone is simply absurd.
Is the US trying to isolate North Korea? They're already completely isolated. I mean...do people understand the situation North Korea is in, and the complete lack of tools to deal with this? The US gains literally nothing pointing the finger at North Korea.
It wins a few more points in the "you need to give up more of your privacy so we can protect you" campaign when we could be talking about "nation-state cyber-war" rather than a "Target-like hack" by hackers nobody knows or cares about. North Korea is an "iconic enemy" people can rally against.
They gain HEAPS pointing at North Korea. They can say that it shows the threat that the US has from other countries on a hacking front, and that they need more funding around a cyber defense initiative. IT can't be - oh anonymous (or some group like them) since no one will take it as seriously.
They want to point at a country that will say "damn straight we did it" even if they didn't (North Korea is perfect!)
No matter what you believe, some group just caused massive damage to Sony. If the US was looking to justify "cyber defense" spending, how would a rogue group not be a bigger threat? A rogue group better fits the terrorism narrative that has justified much of the last decade's military and intelligence spending. You're reaching.
China is busy providing all that justification, which is why Cybersecurity is getting massive military investment already. Sony being hacked is nothing, in terms of national security, compared to what China is getting up to.
They can say that it shows the threat that the US has from other countries on a hacking front
There have been attacks on the US government IT infrastructure. Stolen designs and files from military contractors. Attacks on energy and distribution systems. Attacks on the banking system.
On the grand hierarchy of attacks, this is really, really low. I mean, given the severity and regularity of attacks against things that really, really matter, no the US certainly didn't need this to justify anything. The concern is very real, and significantly more important than some Sony Entertainment emails or movie leaks.
The US in no universe will launch a military action against a rogue, shells-pointed-at-Seoul, nuclear armed nation because they hacked Sony. That premise alone is simply absurd.
I agree that it is absurd, but Washington seems to be talking up that premise.
Obama Vows a Response To Cyberattack on Sony
WASHINGTON — President Obama said on Friday that the United States “will respond proportionally” against North Korea for its destructive cyberattacks on Sony Pictures, but he criticized the Hollywood studio for giving in to intimidation when it withdrew “The Interview,” the satirical movie that provoked the attacks, before it opened.
Deliberately avoiding specific discussion of what kind of steps he was planning against the reclusive nuclear-armed state, Mr. Obama said that the response would come “in a place and time and manner that we choose.” Speaking at a White House news conference before leaving for Hawaii for a two-week vacation, he said American officials “have been working up a range of options” that he said have not yet been presented to him.
One thing I would like to know, is if this whole thing was perpetrated by the North Korean state because of the potential offence to North Korea from showing their leader being killed, why has the scene of their leader being killed been leaked by the hackers and is now posted all over reddit? That really makes very little sense.
Military action is not the only form of proportionate response. The US has been involved in sanctions based diplomacy against NK for years now around the nuclear programme. The State Department aren't idiots, any form of military action against the North runs the risk of full scale war breaking out.
It conditions the population against North Korea. Not saying that that's what's happening right now, but it's kind of our MO. We target a specific place for ulterior motives, generate public animosity among our population of morons who couldn't find X country on a map if their lives depended on it, then we put on the squeeze in order to illicit a reaction, and then when a certain action happens we can manufacture into an excuse for military action, we take military action. And then we proclaim how innocent and unwillingly we were dragged into something we had been gunning for even before the last war we were engaged in was over.
What would the ulterior motive be for taking on the cost of a war against NK? They have little to no oil or other super-valuable commodities as far as I know, so there's little financial motive. They're a risk to their neighbors but are not a credible global threat, and they're less likely to attack the U.S. than more dangerous and ideologically fervent enemies like ISIS.
They're more of an annoyance than anything else. The strategy so far seems to have been to wait it out and hope their crazy cult-regime finally collapses. I don't see any reason anyone would want to expedite this unless they thought there was a clear and present danger of NK escalating in both belligerence and power in the near future. I can imagine the former, but not the latter.
The value of NK isn't anything internally intrinsic; the main reason it has "survived" with its current and past leadership is that it is a buffer between the "West" and China. And previously it was seen as a buffer between Japan (and also the US) and Russia; Stalin was the one who authorised the Soviet invasion of Manchuria in the very last days of WWII. Russia's leadership at the time remembered Russia loss of face (and territory) to Japan in 1905; remind you of current day invasions and annexations with ruminations of nationalism?
The Korean War was in many ways similar to a "more power" version of Ukraine today.
NK may be a sideshow as far as a lot of interested parties are concerned. The benefit (if you can call it that) is that the presently-tapering security contractor gravy train gets a new shot in the arm, the Feds have a chance to set up "partnership" agreements with any number of tech firms that they just alienated during the NSA fiasco, and a much higher level of generalized network surveillance becomes a thing that plenty of companies start thinking they want.
I obviously don't know the story behind this. The point is, there are plenty of opportunistic and self-serving domestic interests who probably don't either but can nevertheless turn this hack into a very beneficial event, regardless of who did it. From their perspective, NK being the source is actually the best-case scenario.
Punishing defiance can be an ulterior motive. When the mafia send someone in to break the shopkeepers fingers they often risk their guy getting arrested, etc. losing more than the shopkeeper is worth. They still go through with it because that shop isn't the only thing in the balance, it's about keeping all the other shops scared and maintaining "credibility." You can hear war mongering politicians talk about "credibility" and "credible threat of force" all the time.
It would drain China's resources and focus, Russia's for that matter too. But, again, I said that I don't think that's what's happening with NK. NK is even too much of a pandora's box of crazy that I think will only be set off as a last ditch effort against, mainly, China. I see it as kind of a bomb that is surgically attached to China, which we can somewhat easily figure out how to set off if we so desire.
Drug running, counterfeit currency production, kidnapping foreign citizens, nuclear testing and producing nuclear capable missiles and testing them in provocative ways.
Plus their prison camp system, internal mass famines, brutal authoritarian dictatorship.
If they are wrong, then they take a hit to their credibility. The Republican Party would pounce on this and never let up. It would not look good in the public eye if the government's cybersecurity apparatus – which the president just spent the past year and a half defending – fingered the wrong country behind an attack.
Not true. Can you imagine the economic impact if this stands as a case study on how lax security standards could be at large, trusted private institutions? That all it takes is one pissed-off employee with a cursory background in computer security to cause billions of dollars in damages and rampant fear?
It's much easier to address public fears with an easy scapegoat than to owe up to the overall frailty of network-driven industry. Could you imagine the cost of creating "the TSA of networks belonging to important private entities?"
Part of me does wonder whether we're headed in that direction. See: Rainbow's End, by Vernor Vinge.
What is the equilibrium in a world where state funded actors can anonymously attack major companies / infrastructure components? I am not convinced that is possible for a Sony to secure itself to such a level that it will not be vulnerable to attacks by state actors.
That's exactly the issue. There are lots of people who can imagine that. They can also imagine corporate boards having a much harder time saying no to them in an environment that the Feds have described as dangerous. If nothing else, not (literally) buying into the scare opens companies to even more expensive liability.
oh if it were Russia I am quite sure the current Administration would waste no time exposing them. The level of disrespect shown towards with both official and unofficial comments borders on undiplomatic by most counts.
It matters little because the big issue here is that a group of cyber terrorists have effectively shut down a major corporation and most western countries are just standing by. if that is not green lighting future copy catting nothing I don't know what is.
The President should screen the film at the White House and allow it to be distributed to the armed forces
...who are pandering to a crowd, and based upon essentially no information at all
References?
What I remember is a well-argued article pointing to many parts of the hack that would seem to disqualify North Korea - for example the use of a (South) Korean language locale which North Koreans would in fact not normally be able or likely to use, broken English with little relation to how North Koreans would speak, etc.
Now, North Korean could be making a careful effort to impersonate Western hackers making a crude effort to impersonate North Koreans. But that's kind of reaching and there's a bit more than no evidence.
"What I remember is a well-argued article pointing to many parts of the hack that would seem to disqualify North Korea"
That article was a classic case of "assume the end result, and then make everything you've heard...including indirect, second-hand rumors, fit the mold you've set". You probably saw that "analysis" on here, and it was quite soundly destroyed as being largely ignorant.
Further the whole "that bad English doesn't fit how I think bad English should look" is...well it's preposterous. The article also uses a ridiculous email exchange which could be anyone as proof -- again, fitting the mold.
There is literally nothing in that, beyond some person's subjective take on how a person might mangle English (this is one of those classic claims that assumes some grand conspiracy...but that the conspirators were too dumb to get the basic stuff right), that is based upon legitimate analysis.
We're gradually seeing HN comments on world events veer into conspiro/4chan /pol/ territory. It's sad but I think inevitable with anonymous discussions.
Most posters on hackers news, it seems, rejected the idea that the Sony hack was done by North Korea or any easily determined actor.
The US government now has an official conspiracy, that the attack was the work of the government of North Korea. Just because that is conspiracy theory doesn't make it wrong but I and many people still doubt it.
You are replying to an attack on the common dubiousness of many hn posters to the North Korea theory. The attack seems to involve the idea that doubting the US government conspiracy theory has to be, itself, some other kind of more dubious conspiracy theory, when it is actually the belief that there's no evidence in that direction and plenty of evidence away from that direction.
literally nobody has said that, all that most people have said is that if you're going to accuse another nation of an act of "cyberwar" at least provide proof. Is that too much to ask?
"Opportunities to get backing for war are rare, and so there is good reason to think that the government would try to capitalize on them."..."USS Maine, anyone?"..."Queue an invasion of North Korea."
Literally quite literally doesn't mean what you apparently think it means.
And the general conspiratorial narrative is that the US is trying to blame a blameless North Korea to achieve...something. Not sure what.
"And the general conspiratorial narrative is that the US is trying to blame a blameless North Korea to achieve...something. Not sure what."
To assume the US Government's PR team won't use anything/everything to reinforce, reiterate or bolster it's own agenda is just idiocy. There are far too many examples throughout history where it has.
Whether or not that means that this investigation is a farce, is another question.
My hangup here is that the DPRK historically provides absolutely no shortage of excuses for the US to grandstand, but with the occasional exception of them shelling some South Korean island or kidnappings a tourist, they are usually (publically) ignored. Niche news websites about North Korea will talk about the crap they do or say weekly, but you usually only see US government officials and mainsteam US media piping up once or twice a year.
Its not like the US has to manufacturer an excuse to complain about them. There is an abundance of genuine North Korean antics to choose from if they want to.
> The US gains literally nothing pointing the finger at North Korea.
The US gains quite a lot by pointing fingers at a bad guy. This bad guy happens to be North Korea. Anything just to keep the public distracted and the media happy to report something else but CIA torture.
"The US in no universe will launch a military action against a rogue, shells-pointed-at-Seoul, nuclear armed nation because they hacked Sony."
Is that your gut feeling? :p I understand it's backed by strong arguments but so were (some) security professionals opinion. They might give updates after the FBI's communiqué and are aware of the limitations of their argumentation. That being said I do share your opinion on the matter...
EDIT: elaborating...
EDIT 2: Not sure why I'm getting downvoted. No matter how much I believe US won't go to war there is always a possibility I could be proven wrong. I don't think security professionals analysis was based on "no information at all" (think things we know about North Korea), no more than the analysis we have about US not going to war.
(I guess to add on to yours and the previous posters' comments...)
Even if it wasn't North Korea, the U.S. still gains nothing from this except for maybe making NK look even worse.
And the U.S. might make some stupid political decisions, but there's a difference "ill advised" decision and a flat-out stupid decision. Going to war with NK would mean South Korea getting attacked by NK. Would the U.S. risk that?
I honestly do not think so, because it'd signal the end of the U.S.' diminishing credibility in the global sphere. Nobody wants to be friends with a country who'd willingly throw a friend under the bus simply because another country (which has very few friends) hacked into one of millions of corporations in said country.
If the U.S. and USSR could go years without nuking each other, I believe the U.S. has enough restraint to not launch (enough of) an attack on NK that would provoke a NK response towards their southern neighbors.
Seems like there would be substantial traffic logs if 100TB+ of data flowed from Sony to NK, right? Surely the NSA would have seen this traffic, why was Sony not informed of this? Also nobody at Sony noticed suspicious persistent connections to their gateway? Seems if it was not an inside the job the "hackers" must of had access for months to a year to gather that amount of data. I haven't gone looking, but I have doubts the movie in question even existed if there are not copies running rampant on the net. Yes I agree too much of what we're being told does not make sense.
A film is usually completed many months before release; photography generally wraps more than a year in advance of release. The script can float about for years before release. Scripts aren't secret, with rare exceptions (eg a big franchise film like the new Star Wars) - they're shred around freely, because any script worth its salt is registered with the Writer's Guild for copyright establishment purposes, so there's no big advantage to keeping it secret. Only film buffs enjoy reading film scripts, the general public does not.
Details about who's attached to a project as a star/director, or senior technician are easily available through trade newspapers and industry newsletters. The 'packaging' of a film ('Seth Rogen to star in The Interview') is the first stage of the marketing, taking place as long as 2-3 years before release, sometimes longer. Basically the way you get a film made is this: Write the script; find some famous actors who like it; get them to sign (largely) non-binding 'letters of intent' to act in it if it manages to attract financing; call up investors (including studios) and say 'do you want to put up the money for this? It's a great script, and I've got letters of intent from Seth and James!'; proceed to the stage of writing more binding contracts once you have money in the bank.
Long story short, there has been plenty of time for NK to become aware of the film and get offended about it. By some accounts the idea was in development since the last decade but got shelved when Kim Jong-Il died.
You think the movie never existed? So the whole thing is a conspiracy by Sony and the US government? So Sony intentionally leaked all their own financial data? Sony leaked all their own private compromising emails?
My point is that this can't be a conspiracy by Sony, because they would never leak the extremely compromising information that has been leaked. A lot of the leaked information makes them look very bad.
If you are trying to say that the movie not being leaked means the movie never existed, that doesn't make sense. If North Korea did hack Sony, they would not leak the movie because they hate the movie and don't want anyone to see it. If a group of other hackers hacked Sony and are pretending to be North Korea (compiling code on computers with the Korean language), then they wouldn't leak the movie because North Korea wouldn't leak it and they are pretending to be North Korea.
As far as I can tell, there are (EDIT: at least) three scenarios:
1. The NSA is competent, and has verified that NK is responsible.
2. The NSA is competent, and is lying about whether NK is responsible.
3. The NSA is incompetent, and erroneously concluded that NK is responsible.
Since we know that the NSA is filled with highly competent people (based on the quality of the people who periodically join the commercial world after a stint at the NSA) we can probably consider 1 or 2 the most likely explanation.
Which do you believe, and why? Unless there is strong evidence, 1 seems the most likely. It's also the simplest explanation.
Also, the reason I'm talking about the NSA even though the article is talking about the FBI is because this surely falls under their umbrella, and the NSA has the most powerful tools for verifying what happened. Other agencies would seek answers from them, and the NSA's input would matter. For example, one sentence starts, "As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, ..."
EDIT: Could we focus on the question? Which do you believe, and why? Please feel free to add additional scenarios, but at least mention whether you believe them and why they're likely.
The FBI and NSA are two very different entities. The investigation goes to the FBI because it is essentially an "in the USA crime". While FBI and NSA may both be looking into it, they don't share all of their data.
Also, from my experience, the FBI is quite incompetent. The 'evidence' so far is, as others are pointing out, that people in NK wrote similar malware and some of the components used. Trend Micro says that the malware used is available on the black market. This points to my previous conclusion that this is being paid for.
Whether NK government is involved in funding this particular hack is the real question. I don't think NK has direct control over the hackers at this time, because as others have pointed out, it is not in NK best interest for this to continue.
It is easy to pin the blame on NK, and I think that is exactly what the hackers want to happen. Personally I think Sony simply pissed off too many people and this is the inevitable result.
> The 'evidence' so far is, as others are pointing out, that people in NK wrote similar malware and some of the components used.
I had written a lengthy post pointing out the many pieces of evidence you're ignoring, but I think the FBI release does the job just as well. I find the infrastructure evidence as interesting, if not more interesting than the similar code:
> Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
> The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
>Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
This also does not mention that some of the code was compiled on a machine configured with Korean language settings. This doesn't establish definitively that North Korea was behind this, but it is consistent with that conclusion.
There is also classified evidence. You may choose to ignore it, but I find the claim deserving of some (though not decisive) weight, and certainly worthy of mention.
Sure there are things pointing to NK; but I believe this is intentional. Using an IP in NK, or one "associated with NK actors" doesn't prove it is NK. Consider all the discussion for piracy. IP doesn't prove anything.
I don't think the action was directed clearly by high level NK officials.
Consider; what if the hackers had said "We are NK, war on USA" from the very start. Would that change anything? Nope. Just because something appears to be something doesn't mean it is.
Also; why is the evidence classified? The public already has the leaked data in immense amounts... many groups already have the malware itself that was used... How about they actually show the evidence instead of just pointing fingers.
Anyone can go "yeah it's NK; they do this sort of thing".
>The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible.
That's an uninformed confused argument. That blogers' links about "traditional" korean are about a few differences in vocabulary that have developed between North and South. Nothing that would suggest that there are any differences in the characters used to type on a computer with. That's because the languages and characters are the same.
BTW, the original investigation on the locale concluded that the UTF8 character could be decoded with korean or chinese locales.
The fact that the hackers were using a korean (or chinese) locale doesn't prove that the hackers were korean, but it also doesn't prove that the hackers were NOT korean, as this blogger tries to do.
I don't find that argument very persuasive. First, while there are dialect differences I think this argument significantly overstates them - I think the last answer in this Quora discussion sums it up well, saying that it's like the differences in American and British English - significant, but hardly a serious barrier: http://www.quora.com/Korean-language-1/How-different-is-the-...
It's not like North Korea's government just picks random proles and tells them to start writing malware if they want to keep receiving gruel; anyone engaged in cyber-espionage is going to have a very high security clearance and be well educated by North Korean standards. You wouldn't be surprised by the idea of a KGB officer (or FSB these days) that spoke perfect English, would you? Why is the idea that North Korean spies would be fluent in dialect/idiom of their own language so hard to swallow? I would imagine that any North Koreans engaged in cyber espionage/security has spent at least some time infiltrating South Korean social networks, to gather intelligence, disseminate subtle propaganda (as opposed to the chest-beating type put out by the official news agencies) and so forth.
I don't know if the Sony attack was carried out by NK or not, but the idea that it could not have been rests on the notion that North Koreans are incapable of social engineering, acquiring language skills beyond their own, or impersonating anyone else for espionage purposes - a modern version of the trope that Russian spies could be quickly detected by the poor cut of their suits.
What OSs have "North Korean" locale and language settings? The Windows 7 PC I'm on now sure doesn't have one (though it does have "Korean"). And if there is no "North Korean" setting available, wouldn't it make sense for them to use Korean, seeing as it's the only other language that uses their system of writing?
>>> While FBI and NSA may both be looking into it, they don't share all of their data.
The irony of this statement is this is one of the primary reasons the department of homeland security was established, so sharing of information between these very offices would enable them to be more on top of stuff like this.
> The irony of this statement is this is one of the primary reasons the department of homeland security was established, so sharing of information between these very offices would enable them to be more on top of stuff like this.
No, it wasn't. Which is evidenced by the fact that neither of these entities were among those moved from other Departments into the new Department of Homeland Security.
Improved information sharing among the parts of the intelligence community that were not consolidated into the DHS is the reason that various changes in the laws governing information sharing in the IC were changed, and that the office of the Director of National Intelligence was created to separate the head of the IC from the Director of a particular agency (the CIA) in that community.
It's basically a specialization of the base rate fallacy. If, say, idiots can still be right by chance 10% of the time, and experts are right 90% of the time, but only 10% of the population are experts, then lucky idiots will make up fully half of the population of people who are right.
10% is pretty generous for most of the work experts actually do, though.
Experts do many things, one of which is to occasionally make predictions, where 10% might be more reasonable.
But, for work like imagining how a given goal can be realized, I would guess an "idiot" could compose an achievable plan less than a fraction of a percent of the time.
It's all about having enough variables in the system so you can point to something else as the cause when there is failure, and yourself as the cause when there is success. With willful ignorance of reality, idiots can have a success rate much higher than 10%. :)
5. This is an FBI statement. As the Sony movie studio's network is not a classified US Government network, it isn't the NSA's job to defend it.
So, they may not have even been consulted on this - or (far more likely) their contributions, if relatively inconclusive, may have been cherry-picked for only those specific points which supported a politically-convenient, face-saving conclusion. (Which, as we all know, has happened before on a few infamous occasions.)
When you have a big hammer, sometimes everything looks like a nail. When you have a database of every IP address which sends packets transiting a collection point to every other IP address suspected of being a C&C (and the NSA & GCHQ do have exactly that), everything looks like a potential controller. There is a remarkably strong bias towards false-positive confirmation caused by (amongst other things) P2P networks and UDP packets with forged IP addresses. A bias the NSA (and/or GCHQ) would warn about: a warning that, alas, law enforcement tend to not always take to heart - which is (anecdotally) partly why GCHQ rather dislike working with the plod (and quite probably the same feelings persist in the NSA towards the FBI).
I still think the links to DPRK are very weak, if they even point that way at all - not that the North Korean government aren't vile dictators (they are) but because everything I've seen makes it look more like low-rent organised crime - indeed, I gather the payload and C&Cs used, which the FBI have (IMO) erroneously used in their attribution, are publicly available (though no, I will not link to them)!
What I've seen even (albeit weakly) indicates at least two actors with different names, one of whom asked for a monetary ransom, and the latter mentioned the movie after the media did and thanked the other (for giving them access?).
It may be (but there is no strong evidence either way) that the latter is actually the DPRK - in which case their "cyber-army" looks like low-rent organised criminals, which I admit would not be implausible, but speaks volumes about Sony's stunningly negligent incompetence!
The one thing I feel absolutely confident saying is this: Sony Pictures were an extraordinarily soft target, and this was not a display of any high degree of technical competence on the part of the attackers. It could've been anyone from North Korea to a disgruntled ex-employee (of which they have no recent shortage) to some random 14-year-old angry kid, or anyone in between. My sodding cat could have hacked them. ¬_¬
I suspect they know who did it, and they have data that would expose just how much they know and do not want to disclose that information. They possibly know because they've compromised an allies system to do so, and providing that information would expose this vector and compromise relations. These guys aren't incompetent, full stop. Saying so may make you feel better, but we have all the proof in the world about their capabilities.
Shouldn't "NSA" be replaced with "FBI" in all three scenarios (and all additional scenarios)? After all, the news release from the FBI indicates that the conclusion is the FBI's, not the NSA's.
Further, the equation of "competent" and "correct" in the scenarios is ill-founded; competent people can reach incorrect conclusions and vice versa.
> Since we know that the NSA is filled with highly competent people (based on the quality of the people who periodically join the commercial world after a stint at the NSA) we can probably consider 1 or 2 the most likely explanation.
Perhaps, but even if so, #1 and #2 need to be expanded to:
1a. The FBI is competent, and has correctly determined that NK is responsible, and is accurately reporting its correct determination.
1b. The FBI is competent, but has nevertheless incorrectly assessed that NK is responsible, and is accurately reporting its incorrect determination.
2a. The FBI is competent, and has correctly determined that NK is not responsible, and is misrepresenting its correct determination.
2b. The FBI is competent, but has nevertheless incorrectly determined that NK is not responsible, and is misrepresenting its incorrect determination.
In pure logical terms, why is "competent, and erroneously concluded that NK is responsible" not an option? Leaving that out seems based purely on opinion and not in any reported or historical facts.
Smart people make mistakes, too.
In fact, I'm not sure why competence or incompetence affects the second half of your scenarios at all.
Reply to EDIT: Your logical estimation was based on the wholesale elimination of several options, of which, I think "competent but wrong" has the largest possibility.
I don't think which I believe and why matters much here, but this is a "false choice" fallacy that seems to be based on personal opinion and doesn't accurately set up the question for others to answer. I think that should be called out.
If I accept that the NSA is competent in their intelligence gathering capacity. An organization does not get away with what they did for years and keep it secret for any period of time by being incompetent. That said, AFAIK the NSA has not stood behind this information, the FBI has.
If the NSA were able to identify with some certainty who the attackers were and it was another nation, and they forewent actually using this as an example of a real tangible good that comes from the intelligence gathering apparatus they've put in place after all the flak they've gotten, to me that colors the information somewhat. If they don't want to stand behind the assessment, it could be entirely political (none of the controversial programs helped, so don't fuel the fire of people asserting they aren't worthwhile) or it could be operational, as in they aren't as confident as the FBI is professing. I'm sure there are many other possible reasons as well, but I don't think it simply boils to competence or incompetence.
For the sake of completeness, there's also a fourth:
4. The NSA is incompetent, but correctly concluded that NK is responsible anyway.
I agree that the "incompetent" ones are pretty unlikely. As for choosing between the first two, the big question to me is motive. I've seen plenty of people proposing 2, but I've not yet seen anybody articulate why they would do so. The only reasoning I've seen consists of references to similar false attributions in the past, which certainly has happened, but there are always reasons for it.
So what would the motivation be to lie about it? The Iraq WMD lie was used to justify war, but hacking a movie company won't move the dial on national support for war against North Korea, and there are many better ways to drum up popular support for such a thing. Increased cybersecurity funding? Again, I don't think people will care too much about a movie company as the target. Maybe someone in the US government hated the movie and wanted to sink it, and NK is just a convenient scapegoat? Pretty far fetched. Some other group carried out the hack, but this can't be disclosed somehow? Doesn't make much sense to me.
Unless there's some sort of reasonable proposal for why the US would lie about NK being the source of the hack, it doesn't seem too useful to discuss that angle beyond a basic "and yes, they might be lying for some unknown reason."
How about, if the people behind the hack are trying to make it seem like it is NK, then investigators may go publicly with that theory while trying to track a culprit, as to announce otherwise may make finding who it is more difficult.
Is there any particular reason we haven't included the "incompetent, erroneously concluded that NK is not responsible, and is lying about it" quadrant? It's always nice to fill out the last box of the square.
Or perhaps something without such stark, binary conclusions:
The NSA has much competence, but not omniscience. There's indirect evidence of overlap with NK hacking activities.
Maybe the evidence means NK was the prime mover. Or maybe it means NK got invited in later, during the many months of likely compromise. Or maybe it means NK was intentionally implicated ("framed") by others. Or maybe it's a coincidence of many teams working the same tools/pathways/compromised servers.
Certain agencies and people gain politically – in budget or prestige or minimization-of-embarrassment – by leaning towards the "finger NK" call. There's enough murky evidence it's defensible, whether true or not, and in any case hand-waving about confidential "sources and methods" makes the call low-risk. Who else are people going to believe?
So the NK call goes out, and no one's competence or veracity is really on the line.
Agreed that #1 is most likely. In fact, it seems probable that if this hack were indeed carried out by NK, the NSA is likely to have known about it during the planning or execution stages. Certainly they have eyes and ears on NK officials. While they wouldn't step in to prevent the attack (not their job), certainly they are active with the FBI to make decisions on the source and technical nature of the attack.
I wouldn't expect the FBI to do a thorough job on matters of digital security or cryptography, but I certainly would expect that of NSA. And therefore it seems unlikely we will be told all the evidence that they have collected in order to conclude NK is responsible.
Edit: This assumes they are telling the truth, which they might not be. But if they do honestly think NK is behind this, they certainly have a wealth of secret evidence supporting that decision.
> I think a trichotomy would be 3 categorical bins.
That's what was presented.
> This looks like OP cherry picked 3 options from a 2x2x2 choice matrix with NSA competency, NSA honesty, and the truth as its axes.
That sounds about right, which would mean there ought to be (assuming each of the implicit dichotomies was valid, and that they covered the problem space), 8 categorical bins, which is why the presented trichotomy would be a false one.
My comment was a prompt. It was to inspire interesting discussion and debate. It wasn't meant to persuade. It also wasn't meant to be an exhaustive list.
I'm just happy some interesting discussion came of it.
That 2x2x2 table isn't complete, by the way. For example, "The NSA came to a different conclusion other than the most politically desirable one" falls nowhere within it.
That's why I didn't try to enumerate all possible scenarios, especially the less plausible ones. That would be uncharitable to readers, as well as talking down to them.
Strong evidence is lacking to make any conclusion, including that NK is responsible.
There are incentives to falsely place blame on NK and there is a wealth of history demonstrating that type of behavior. In particular the US may have wanted to attack NK for some time but lacked a way to galvanize the public's support. Opportunities to get backing for war are rare, and so there is good reason to think that the government would try to capitalize on them. The fact that the government isn't releasing evidence suggests that it is weak or non-existent.
There is also good reason to believe that NK did do the hack.
Assuming 1, NK has opportunity (but, given the Internet and the time frame, about half the world has), means (but, apparently, the method of break-in is for sale, so many parties epwill have the means), and, apparently (I haven't seen the movie), motive.
I do not see a huge motive, though. Also, I think we can assume that the NK is above average competent, too. Why would the NK find this so important to spend time and effort on? Did they buy options on shares in movie companies to make a lot of money? Is this a small operation by some NK agent or department head who wants to make an impression to his superiors, or intends to blackmail Sony Pictures (if that is the case, the villain should already have asked for money. We don't know whether he did).
4. The NSA is competent, and has good reason to carry out a false-flag operation.
As far as I can gather, only the CIA and FBI have published statements pointing to North Korea. I believe the NSA to be competent, but I have seen members of the US government lie repeatedly in the recent past.
Regarding Iraq, we know now that the US government lied and/or misrepresented facts regarding chemical weapons, biological weapons, and uranium enrichment programs. We know from recent revelations that the CIA considered, planned, and approved of false-flag operations in Cuba in the 1960s. Given this history, we should not rule out the possibility that the US intelligence agencies are misleading the American public intentionally to achieve their own goals, independent of the facts.
It's a bit unnecessary to invent three scenarios and choose which is the most likely.
There is no reason to believe the NSA is involved. The article does not mention it and there is no other official reason to think they are. The FBI have their own cybercrime unit.
But if the FBI investigation actually did conclusively show that NK was involved, what could they possibly have to gain by putting out a press release? To let the hackers know that we're on to them?
The only possible reason for a press release at this time is to widely circulate this piece of information, which must be valuable to the FBI for some reason. There's no need to complicate the issue further.
I don't believe in any of the provided options. My only decision making guide is definitive evidence and not some emotion-based public interpretation as to what might have happened.
I guess I'd have to favor #2. I think the NK connection is dubious at best, but it probably best serves political interests to point the finger that way at this time in history.
NSA and FBI have a strong history of lying to the public. I would say that makes #2 more possible.
It's also in their interest to position the threat as a national security issue because that's where they derive their power to regularly break the law through spying and other tactics as well as their over-inflated budgets. If the threat is coming from a hostile nation it helps their narrative better than a disgruntled employee or someone doing it for lulz.
If the FBI is involved and there was significant uncertainty to their conclusion wouldn't they slightly biased against concluding it is an international actor since it takes it out of their jurisdiction?
If the above is true should that cause us Bayesians to slightly believe their conclusion more? Or are they so influenced by governmental interests (who may want cyber warfare) that it really isn't a factor?
There have now been 239 years since the Declaration of Independence, and you honestly believe that the simplest explanation is 1) the government is competent and 2) the government is honest.
One week after the torture report, you simply can't make this up. Then of course, you did make this up, because nobody has even mentioned the NSA.
> Since we know that the NSA is filled with highly competent people (based on the quality of the people who periodically join the commercial world after a stint at the NSA) we can probably consider 1 or 2 the most likely explanation.
Since we know that the NSA is government agency we probably can rule out the possibility of it being competent. No matter how competent are the people are hired there.
Mob that consists of intelligent and competent individuals is still a mob.
It seems unfortunate to me that the Sony hack has now displaced the CIA torture report completely in the national narrative. Whether purposefully orchestrated or not, it sure seems like a useful coincidence.
To be fair, its been a busy newsweek. The ruble collapsing, Putin's ridiculous Q&A and befriending of North Korea, the Sony hack, Iran coming to the negotiation table, a few days of no deaths in Ukraine, Australian terrorist operation, UK VIP sex ring deaths, Hong Kong protestors being pushed out, etc.
The torture report is just more details on what happened 10 years ago. No one is shocked or surprised. The guy in charge of all this left when the current guy took office in 2008. If we're playing nation state PR trickery games, it seems to be Russian and Chinese media outlets were really pushing the report as a way to distract from their own domestic issues, their own domestic human rights issues against their own citizens, and to continue to vilify the US as it serves them domestically to deter people from their god given rights to freedom, justice, and self-rule.
Of course, to many internet commentators, Russia and China never do dirty tricks like these, only the US. Shame we can't have a more evolved view of press release timing, news cycles, etc. Its just more anti-US conspiracy theories while the rest of the world, especially dictatorial regimes, get a free pass.
You rather ironically left out the most historic event this week, the US normalizing relations with Cuba. To say the news this has been a busy newsweek is an understatement.
I'd just like to point out that the "Australian terrorist operation" turned out to be one person with a previous history of violence and mental instability, who has been disowned by every group he claimed some connection with.
It wasn't so much a "Terrorist operation", as an act of horrible desperation by an incredibly disturbed individual.
This is a perfect example of why "Terrorism" is a dangerous term. It has huge definition creep.
>> "It seems unfortunate to me that the Sony hack has now displaced the CIA torture report completely in the national narrative."
Unfortunate but let's be honest - nothing was ever going to be done about that report. The world is outraged, the US apologises and does nothing, and most people forget.
Yeah, no conspiracy here. A hack in a private company is a reason good enough to start another war. I didn't know people feel so patriotic over Sony Entertainment
I hate Sony, but if North Korea really did hack them and threaten terrorist attacks in the US purely to cancel a movie mocking their leader, then yes I feel angry and rather "patriotic". US businesses giving into terrorist threats is not a good precedent.
Also, Sony Pictures is an American company which was bought by Sony, the Japanese megacorporation.
Ok, how much do you wanna bet than in less than 6 months there is going to be a war? (probably giving the weapons to south Korea so the put the body count)
> Ok, how much do you wanna bet than in less than 6 months there is going to be a war?
Be foolish to bet against that, since the US has never stopped being at war with North Korea since the 1950s.
> (probably giving the weapons to south Korea so the put the body count)
Given the pre-targeted artillery pointed at their capital, neither the people nor the government of South Korea are likely to get behind resuming active conflict with the North without some somewhat more substantial provocation than the SPE hack.
And US encouragement -- if it were to be offered -- is unlikely to change that.
>Be foolish to bet against that, since the US has never stopped being at war with North Korea since the 1950s.
They are not trying to hard right, I mean they trhowed down Saddam Hussain in a couple of years, but somehow they are unable to take North Korea despite fighting for more than 50 years (based on your claim), yeah... no.
Yeah, the DPRK actually sank a ROK naval vessel a while ago, and shelled an island, but obviously an InfoSec/Hacker related issue will cause war to break out!
The Republic of Korea Navy (ROKN; Korean: 대한민국 해군; Hanja: 大韓民國 海軍; Revised Romanization: Daehanminguk Haegun) is part of South Korean army, not the USA. Please know your stuff before you talk.
Far more important IMO is the simple fact that a large number of Americans, possibly a majority, support torturing suspected terrorists and think that the only thing wrong with this whole affair was that the report was published.
A large number of Americans also believe the Earth is only a few thousand years old and insist their children are being taught their believes as 'facts' in schools.
Don't take what a clown like Cheney says as gospel. Many Republicans and most Democrats take these things seriously and do not want to stoop to the level of the Taliban.
I can't believe so many people are rendering verdicts sans evidence that the FBI is wrong about this.
Look, I don't trust the FBI completely. But as of this point they're the only people who have actually seen any of the pertinent evidence. Unless you have a prior that they are actually MORE likely to be malicious than not, there's no grounds to do anything but acknowledge their claim (with as much salt as your please, of course).
If we assume everything written here is the full truth, I think they need to release some more technical details on the specifics of the hack.
If foreign governments are now a real threat, industry should have some awareness of the methods being used so we can try and protect our own infrastructure. Especially as this seems to indicate they are using software that's at least somewhat known already.
The US government getting involved initially moved this from "Sony never bothered paying for actual security" to "somebody is trying to take advantage of the attack". When Obama promised a "proportional response, this drama suddenly sounds like war drums.
So I guess the question is either who needs a war asap (follow the money?), or who needs a war-sized distraction?
It is really quite safe to say that absolutely no one wants a war with N. Korea. It would be one of the most horrific wars in history, and everyone in the Defense department knows that. N. Korea has been looking to provoke conflict for a while, and the US, or anyone, doesn't want them to escalate. They have nukes.
Where is Japan in all this? If North Korea is in fact responsible, it seems like Japan should be the one weighing a "proportional response". They are certainly capable.
The response is rather disturbing. It's like we're expanding the reach of N Korean censors. My initial reaction to accusations of N Korean involvement was to laugh it off. Seems like the sort of thing Russian teenagers would do quite frankly.
It is significant that this information is coming from the FBI and not the Pentagon, CIA or NSA. It indicates that this will be treated as a domestic criminal issue and not an act of war. Don't expect an overt military response. Also, since US law doesn't apply to the North Korean government, don't expect much to happen at all besides Sony continuing to cede to the demands of the hackers.
FBI isn't about criminal issues anymore now that they got into the CIA/NSA club about a year ago. In case you missed their change in direction, their new mission statement says the primary function of the FBI is "national security", not "law enforcement".
FWIW, one of Obama's quotes today referred to the "criminals" behind the attacks, which is a careful choice of words. It implies that it is not being treated as a terrorist attack, and certainly dampens the rhetoric that this is state sponsored. Criminal implies independent groups or possibly foreign organized crime elements, but not necessarily state-sponsored.
To be fair, now FBI deserves some of the blame. I'd like to see exactly why they believe this was a specifically Korean thing and not a "North Korea used this same malware family they acquired elsewhere for their South Korea attack earlier" situation.
To be fair, the FBI is a big organization which employs many intelligent individuals. It's very unlikely we know everything about this situation that they do.
"FBI now has enough information to conclude that the North Korean government is responsible for these actions"
Their reasons were along the lines of "attacks that look very similar were from North Korea" but were those attacks conclusively linked? I'm also curious how they decided it was the government there, not a rogue group of people.
The one thing I can't get off my mind is something I saw in another forum related to InfoSec when the letter threatening the employees came out.
A Russian poster said, it was an odd use of the word "False" in the email, since in English it's "Lies". He said when you translate the Russian word for "Fake" or "Lies" it comes out as "False". Which, if you read the email and substitute the word "Lies" for "False" in the two sentences where the word is used, suddenly the meaning is totally clear.
Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan. It’s your false if you think this crisis will be over after some time. All hope will leave you and Sony Pictures will collapse. This situation is only due to Sony Pictures. Sony Pictures is responsible for whatever the result is. Sony Pictures clings to what is good to nobody from the beginning. It’s silly to expect in Sony Pictures to take off us. Sony Pictures makes only useless efforts. One beside you can be our member.
Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger.
Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely.
Just something I keep coming back to in all of this.
One of the articles that was debunking the NK connection mentioned that the language used in NK stems heavily from Russian in a variety of ways. So if they took the use of false to mean lies and falsehoods it would make some kind of sense.
That's certainly interesting, but one would have to compare North Korean dialects and translations for a complete analysis. It's very possible the language spoken there also uses "false" to mean "lies".
One is an act of state-sponsored warfare, the other is a criminal act. Different departments investigate different things based on their department's scope.
Wasn't MtGox a Japanese company? That'd put it slightly out of FBI jurisdiction. And weren't other parts of the USG trying to shut down MtGox for trading without proper licenses?
Sony Pictures is American, and the attack occurred on American infrastructure, involving American citizens. It's not remotely like MtGox. Also it's rather odd to assume I didn't know Sony is a Japanese brand.
What would be the point of randomly attacking NK "computers"? I'm sure the NSA is on top of penetrating such systems for intel. Going about wiping things, what's that going to accomplish? Ha! We taught you a lesson about keeping offline backups, take that for hurting a private company? It's a knee jerk reaction similar to the US's war campaigns after 9/11 or WMD stories.
If breaching poor security was all NK was ever capable of, yeah maybe go for it. Otherwise, they remain an Involved State, so it's best to save intelligence for stuff that matters, and have the FBI use info from this attack to improve other security.
Questions to challenge this assertion (because come on, my grandmother is more competent at digital forensics than the FBI):
Technical analysis of the data deletion malware used in this attack revealed
links to other malware that the FBI knows North Korean actors previously developed.
For example, there were similarities in specific lines of code,
Did the original NK's malware use lines of code from somewhere else, and could this 'shared line of code' just be a very common line of code?
encryption algorithms,
Encryption algorithms in common?! Oh, heavens! I use AES too! Maybe i'm a North Korean hacker and I never knew it!
data deletion methods,
Because there are North Korean ways of deleting things that nobody else uses to delete things?
and compromised networks.
If a network has been compromised by one person, it's probably been compromised by several.
The FBI also observed significant overlap between the infrastructure used
in this attack and other malicious cyber activity the U.S. government has
previously linked directly to North Korea.
Using the same questionable ways of 'linking' like the above, I presume.
For example, the FBI discovered that several Internet protocol (IP) addresses
associated with known North Korean infrastructure communicated with IP
addresses that were hardcoded into the data deletion malware used in
this attack.
THE SMOKING GUN! An IP address! And we all know those can't be spoofed! But just to clarify: An IP of some NK hardware communicated with an IP that was hardcoded in the malware. That 'hardcoded IP' could be a Google web server for all we know.
Separately, the tools used in the SPE attack have similarities to a
cyber attack in March of last year against South Korean banks and media outlets,
which was carried out by North Korea.
The tools used are similar? They might have used Metasploit to hack a SK bank, but that doesn't mean everyone who uses Metasploit is a NK hacker. And off-handedly asserting NK did the SK bank hack is a bit of a hand-wavey move.
--
It's clear that the FBI has no actual direct links or hard evidence. It has amassed a set of random unrelated suspicious notes and decided this is enough to be sure NK was the perpetrator.
And that's how law enforcement works in this country, folks. Some obscure hokey details get paraded around as hard evidence so they can look like they've done their job.
He mentions that we as an international community needs to establish better internet and cyber operating rules, and I think we are slowly but steadily heading to a decentralized internet as the answer.
The problem I see with decentralization is that non-technical people have absolutely no idea what it even is or how it can help. However, the trend with these major cyber breaches seems to be that they are occurring more frequently and being more widespread. This may be a push towards educating the public on the benefits of decentralizing information on the internet.
The 'Of Course' side of me is disappointed in this whole thing and how our freedom is very weak when put on CEOs/corporations protecting self interest first.
This confirms that the public mindset doesn't need evidence when it comes to geopolitics. Over a decade later, and people still never ask for evidence. #learn-nothing-ever
This is a very serious allegation -- I certainly hope as much evidence as possible is provided to the public before any punitive or compensatory measures are taken.
But let's be honest, the perp is North Korea. Nobody in this whole process will be stressing the need for transparency and restraint.
Looks like Sony's horrifying and insulting info-sec policies are going to be swept under the rug.
There are far better ways to drum up support for an invasion of North Korea than a false-flag hacking of an entertainment company. All you'd really have to do is wait a little while until they test another nuclear bomb or shell South Korea again or sink another South Korean ship or anything of the sort, and then take a hard line response instead of the standard "if we ignore them maybe they'll go away" response. The idea that this was drummed up to start a war makes no sense to me.
Maybe it's a double secret false flag. The real goal is to pass a cybersecurity bill in the US Congress to counter industrial espionage by Chinese professional crackers targeted against American and multinational businesses.
Or if that wasn't the real goal, never let a good crisis go to waste, and just do that anyway.
Out of curiousity, does anyone know any serious or credible infosec figures who believe the attacks were perpetrated by North Korea?
All I've heard confirming this is from MPAA "cyberterrorism experts." And George Clooney, whose statement regarding the Nixon origins of the name "Guardians of Peace is also unverifiable.
Am I the only one thinking that maybe the attack came from North Korea, but the hackers originated from China? Maybe China even loaned the hackers?
I can't see how NK could have a hacker force when they are so behind in technology. For hackers to be good, they need to be educated with technology. That seems unlikely coming from NK.
No need to be snarky. I'm not reading NK news everyday and I'm sure I was not alone not knowing about that Unit 121.
Even so, this article actually raises more question than it answers. Was Sony's security really weak or was the hack very clever? It may have been the former and if so, some other people might have the same information for quite some time now.
Didn't mean to be snarky, I just keep seeing all of the "North Korea is behind in technology" talk with not a whole lot of evidence to support it. Thinking that any nation doesn't have the technological capability to perform some complex hack is a little misguided, in my opinion. The average citizen may not be up to snuff technologically, but these are governments we're talking about.
Now that anti-prohibition measures are passing in various states - posing a threat to the feds' cash cow (the "War on Drugs") - the feds are now trying to stir up nonsense over supposed "cybercrime".
The intrusion in this case was most likely done by an insider, the feds themselves, or a hacktivist group. The feds routinely break into private systems and are known to go to great lengths to construct elaborate string operations [1].
The timing of the press release is highly suspect. An investigation into an international security breach can take months or years. The feds rarely comment conclusively at the outset because such statements can compromise the investigation. They've provided no evidence whatsoever to support their claims.
Tipping off the purported culprit in this way by claiming to have identified their tell-tale attack signature would make it harder to track future breaches. (It's like publicly announcing that a suspect's phone is being tapped.)
This press release violates standard operating procedure. And why haven't the feds filed charges if the investigation is all "wrapped-up"?
If a foreign nation was involved, there's no evidence that's the case. NK has been the subject of scathing media criticism in the west for years, but other critics weren't targeted in this way.
As others have pointed out [2], the intruders initially demanded a cash ransom. The theory that the attack was linked to a movie release was originated and spread by the media.
For Argument sake, What if this is another WMD, of NK which did not exist in Iraq, and Did not Originate from NK. Not saying NK is not behind the attack, but what if they are not?
Haven't we lost the hope and trust on Media and Agencies already?
Potentially irrelevant, but: I find this quote to be distasteful and offensive (for hopefully obvious reasons). This and "you never go full retard" are two quotes I think modernity could do without.
Really? I didn't realize it had anything to do with that. I thought it was simply about how the "short bus" looks like a normal bus from one angle, but disproportionately small from another. As in, DPRK threats look scary but really don't have much backing.
It refers to a smaller bus used to ferry students to special education programs, with the implication that they're all dumb and so is the person being insulted.
That's really not how it's used around here (west coast canada). They aren't associated with special needs kids. When I rode motorcycles at university the term was used for any silly-looking vehicle. A Jeep TJ with a lift and big rims, or a large truck with a tiny trailer would be called "short bus" if it looked taller than long.
I think that was the context Archer meant. (s04e09 "The Honeymooners" when Lana an Archer pose as newlyweds)
Fire up a Tor browser, it's probably all over the dark web. Part of me wants to dig through it because I'm just nosey, but I don't need a new way to waste time.
Honestly, I think Sony did take a big risk with that movie. First, the movie is total crap, and, now, because of all the noise, more people will watch than it deserves when it gets released on DVDs, cable, and so on!
We know CIA and NSA do sabotages as well and have hacked the whole world already - why do we think this right is reserved only for America and North Korea and other countries are not allowed to do this when it serves their interest?
how do you know the movie is crap? it's probably at least as good as any seth rogen movie. and seth rogen movies were good enough to get this one made.
for my money, it had a great trailer. the movie could be okay. it's easy to pile on to the notion that the movie is crap, as it makes the proceedings even more absurd. if the movie was good, then sony is somewhat vindicated, but we can't imagine that to be the case, because sony has bungled every moment of their response.
There are no good comedies these days. If you put a price tag on your life's worth and then calculate the dollar value of an hour of it, will you invest all that money into watching a crappy comedy, really? Although the time spent watching may have some health benefits from the laughter, I think meeting friends and having a social conversation, which is often accompanied with even healthier laughter is time much better spent. I personally want to "invest" in a movie only if it enriches me in some way. Unfortunately, these movies are so rare nowadays.
I was forced to watch the previews at Edwards - it's crap according to my moderately high standards. I know it's good for the demographic that watches movies with farts, vampires, zombies, and the horror crap that sums up what comes out of the rear end of Hollywood these days.
Seth Rogan movies are a reasonable product. He got paid a bit more than $10m for this film. James Franco got a bit less than $10m. It cost something like $45m to make. There are very many much worse films being made, especially in the comedy genre which is pretty poor overall. (Does anyo e have recommendations for great comedy films from the last ten years?)
While not great comedy they're better than the Adam Sandler shovelware being churned out by Sony -- films that were given pretty heavy criticism from Sony employees in the leaked emails.
Well, I totally agree about Adam Sandler, but we need to demand quality. If we keep watching (i.e. paying for) subpar movies, movie studios will keep making them - cha-ching! I'd rather watch one quality comedy than 10 crappy ones. And the humor these days is getting very primitive - nothing sophisticated like in the British flicks or, let's say, Louis de Funes. These are comedies, the rest is idiotware made for people who're brain-dead to enjoy them as well (wider markets). I recently started to show my kids Charlie Chaplin movies and they love them. We need to keep raising the bar, not constantly lower it.
By definition, most people lack taste, intelligence, manners, beauty, etc. I know my taste isn't popular, because I'm blessed not part be of the gray mass of the majority.
It's probably not wise that they release malicious binaries or details about foreign hacking infrastructure to the general public. That doesn't leave the with much direct evidence they can release at this point. Remember, it is an ongoing investigation and will be for quite some time considering the scope and severity of the breach.
On one hand, it seems incredibly stupid to make a movie (comedy or no) about assassinating a sitting national leader. They didn't even use a thinly-veiled reference. They used his actual name.
Still, of course this response is unwarranted.
>North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States
Ah, the real meat of the issue? Has anyone else noticed the drumbeat ramping up in earnest for the next "War on fill-in-the-blank"? Sure, we all know that the threats are real, but it strikes me that we're about to spin up the full military/cyber-security complex, complete with its incessant fear-mongering, revolving private/public beneficiaries, and trillion dollar budgets.
Something about repeating the same patterns ad infinitum in response to every threat or perceived threat is just a bit exhausting.
The Naked Gun: from the Files of Police Squad!, anyone?
The plot of that movie revolved around a professional baseball player psychologically reconditioned to assassinate the Queen of Canada during a game. Oddly enough, neither the Expos nor the Blue Jays were the visiting team.
Interesting that the article only gave an honorable mention for the fistfight where Lt. Drebin rubbed the birthmark off of Gorbachev's head.
Interesting, but there don't appear to have been any movies in that group wherein the entire plot was dedicated to the assassination of a sitting leader, who is unabashedly named as such.
Most seemed to be a random, satirical event within the film or non-current leaders. The Chaplin flick seems the closest, but even that's subject to debate (per the article).
Not to say that any of these were especially wise either, just that the entire premise of "The Interview" seems especially stupid.
[Edit] Actually I shouldn't have posted that. Some reporter is going to see this post, assume that I'm repeating something I heard from a reputable source, put it on the front page, and the whole world will suddenly believe that we were always going to invade Korea, because terrorism!!
I'm disappointed by the lack of evidence given by the FBI and other departments investigating the attack that directly tie the incident to a specific government or group of non-state actors. Many well-known security professionals have given opinions contrary of the FBI's findings, stating that it's not only difficult to determine the source of the attack but also incredibly dangerous to attribute the attack to a specific government given so little direct evidence.
There are so many aspects to this story that don't add up, but most strikingly, the press's push to point the finger squarely at North Korea for all this.