49 comments

[ 3.2 ms ] story [ 110 ms ] thread
It kind of blows my mind that North Korea is responsible for Spider-Man joining the MCU.
Care to explain? I don't know much about Spiderman and Marvel.
Sorry! See chrisdsalvidar's response above, they outlined it pretty well.
I’ve heard this a few times but I’m not super familiar with the ins and outs of the MCU and who owns (owned) what.

Can you connect the dots for me?

When Sony was hacked over The Interview a bunch of emails were leaked including some between Sony and Marvel. Apparently Spiderman was supposed to be in Captain America: Civil War but the deal fell through. When the emails leaked about it fans went nuts a pushed Sony to include Spiderman in the MCU which ended up happening. Sony still has the rights to Spiderman he's just part of the MCU now.

I'd recommend reading the emails. They show just how badly Sony needed Marvel's help to make a good Spiderman. Here's my favorite http://imgur.com/XiqC6fz

Edit: Also Sony was trying to make their own Spiderman universe instead of being part of the Marvel Cinematic Universe.

For some further background, many of the most popular Marvel characters' rights were sold off years before the MCU & Disney acquisition, such as Spiderman.

Disney has tried to get back as many as they could, and are continuing to do so. Off the top of my head, Universal currently owns theme park rights to Spiderman, Avengers, X-Men, and Fantastic Four on east-coast USA. In regards to film rights, Fox owns X-Men and Fantastic Four, and Sony owns Spiderman. One of the reasons Disney is pushing hard for acquiring Fox is to get back the X-Men rights from Fox, as that's the 'easiest' way to add them into the MCU.

Universal also owns Hulk and his rogue's gallery with a few exceptions.
Unless things has drastically improved at Sony, this does not bode well for Venom.
Thanks for posting your favourite email leak - it made my day. I would imagine it'd be hard for a group of middle-aged adults trying to modernize Spiderman by observing their children's day-to-day activities. Conversely, I really liked how Marvel included vlogging as a narrative form, which added a good amount of humour and relatability for modern youth.
One person? Anyone else feel their spidey senses tingling?
What I really want to know is how did they learn the skills to do this? And more importantly, if they had that kind of access to outside information, how do they not know about the atrocities they are involved in? Or is it a catch 22 where if they don’t help then they become a victim?
> Or is it a catch 22 where if they don’t help then they become a victim?

In case it wasn't obvious, this is seemingly how NK handles anyone who knows things that didn't come from the propaganda broadcasts. Your countrymen will also generally not understand or believe what you've said, and if they're the thrust of your action, you'll realize that they have very little power.

If they don't help, their entire family become victims.

It's hard to imagine standing up to that.

Some insight into how they learn the skills...

https://www.businessinsider.com/north-korean-defector-jang-s...

"Mirim University produces most of the hackers that get placed in Bureau 121. It's a highly competitive program, with each class accepting only about 100 students out of 5,000 applicants. They take six 90-minute classes every day, learning different coding languages and operating systems, from C to Linux. Jang says a lot of time was spent dissecting Microsoft programs, like the Windows operating system, and how to attack the overall computer IT systems of enemy countries like the US or South Korea."

Also

https://www.nbcnews.com/news/north-korea/how-north-korea-rec...

https://www.express.co.uk/news/world/913712/North-Korea-late...

Someone else has mentioned how they learn. As to why they do what they do, it's probably for the same reason people do most things: to get a better life for themselves and their family. I don't think they do this out of fear of becoming the victim, these are elite and well-trained operators. They volunteered to get this education, they aren't conscripts. As crazy as it sounds to you or I, I think these individuals genuinely believe in the DPRK, or at least are apathetic to it and think only in terms of their own advancement.
Remarkably low level citizens (basically grad students) have access to public (monitored) internet. https://www.youtube.com/watch?v=Orcmmra9oLQ

My guess is that, like the incubator baby thing in Iraq, the more heinous crimes are just made up. It's easy to make up stories when there's no way to refute them.

The defector stories are already internally inconsistent. https://www.theguardian.com/world/2015/oct/13/why-do-north-k...

EDIT: Would love to hear something counter in addition to the downvotes. Particularly against Shin Dong-hyuk's testimony which is hugely internally inconsistent, and also the basis for the idea of North Korea's concentration camps.

We have large amounts of testimony and evidence for DPRK concentration camps, dating back decades. It's not like we are relying on a single person's testimony. For instance, we have satellite imagery of the prison camps.

Also, the guardian article that you linked to literally states that just because there are inconsistencies doesn't mean that there aren't serious human rights abuses, including the existence of prison camps.

> We have large amounts of testimony and evidence for DPRK concentration camps, dating back decades. It's not like we are relying on a single person's testimony.

For camp 14, the supposed concentration camp, we have two eyewitnesses. Shin Dong-hyuk, and Kim Yong. Both of their stories are hugely inconsistent, and they get paid based on how crazy their stories are.

> For instance, we have satellite imagery of the prison camps.

We have satellite imagery that they have prisons. We don't have any imagery of abuses.

> Also, the guardian article that you linked to literally states that just because there are inconsistencies doesn't mean that there aren't serious human rights abuses, including the existence of prison camps.

Yeah, it's a Guardian article. You can't rock the boat too much.

There is not one concentration camp, there are over a dozen. And while I could only find those two you mentioned as eyewitnesses to camp 14, we have plenty of other witnesses to the other camps. Dozens of people going back decades. And even if you consider the entirety of their testimony suspect, these witnesses bare the physical signs of torture and malnutrition.

I'm unclear on what exactly your position is. Are you just skeptical of stories like boiling people in molten iron? If so I can understand. Do you believe that these political re-education camps exist? What about the policy of sending an entire family, including children, to prison if one member of it commits a political offense? Do you believe that these camps are host to abuses, including the torture of prisoners as punishment, forced labor, and inadequate access to food and medical care?

> There is not one concentration camp, there are over a dozen.

Over a dozen prison camps. Camp 14 was the "hotel California" camp supposedly, the others are focused on rehabilitation and release.

> Dozens of people going back decades. And even if you consider the entirety of their testimony suspect, these witnesses bare the physical signs of torture and malnutrition.

Dozens of the literally tens of thousands of North korean defectors. But it's only the ones with the sketchy stories for some reason that get the limelight.

> And while I could only find those two you mentioned as eyewitnesses to camp 14, we have plenty of other witnesses to the other camps. Dozens of people going back decades. And even if you consider the entirety of their testimony suspect, these witnesses bare the physical signs of torture and malnutrition.

I mean, they were under sanctions during a famine. Nearly everyone was malnourished.

> Are you just skeptical of stories like boiling people in molten iron? If so I can understand.

Yes, skeptical to say the least.

> Do you believe that these political re-education camps exist?

I believe that prisons should be focused on rehabilitation and integration back into society, I guess you can call that "political re-education".

> What about the policy of sending an entire family, including children, to prison if one member of it commits a political offense?

I doubt that this exists. What's more likely is that political dissonance (which was outlawed by the US in times of war also), is hard to keep to an individual in the extremely family centric societies of the east, including North Korea and would tend to pull in family members who didn't report it.

> Do you believe that these camps are host to abuses, including the torture of prisoners as punishment, forced labor, and inadequate access to food and medical care?

I think that's true of nearly all prisons, including those in the US. And before you go calling "whataboutism", I think that's core to the distinction made between a "concentration camp" and a prison.

My main issue is how it gets portrayed as worse than the Nazis or Unit 731, when there's essentially no reliable evidence to the fact. All in a context where there's a push for a war with them, and we've manufactured evidence for the past few wars.

there’s an industry of tabloids and publishers waiting with open arms for nork defectors to denounce their former government. these defectors are basically the dregs of society in south korea; impoverished, unskilled, widely despised and easily identifiable. many of them effectively live in the projects together, working low wage jobs and facing discrimination from the public. if you can make some bank telling a particularly lurid versions of stories you’ve heard back home, and there’s little other opportunity...

none of this is to say that the NK regime doesn’t commit atrocities. i’m certain some of the stories are true. i only mean to point out that there are perverse incentives that point exclusively in one direction.

>My guess is that, like the incubator baby thing in Iraq, the more heinous crimes are just made up. It's easy to make up stories when there's no way to refute them.

It's also a nice way to prop up the "enemy du jour". You wine and dine some people who got out, and they'll tell any kind of horror story you'd like to hear.

>And more importantly, if they had that kind of access to outside information, how do they not know about the atrocities they are involved in

Nation state hacking is like being one of the guys in a missile silo. Your job is to maintain the capability to hurt your enemy. You rarely actually do it though. You just hack media companies and fire off test missiles once in awhile. It's much easier to sleep at night being the guy who does that than being the guy who carts people's families off to the gulag or being the NSA analyst who has to go dig up dirt on politicians.

(comment deleted)
>how do they not know about the atrocities they are involved in?

Why do you think this is so obvious? Why are Facebook employees oblivious to the atrocities they contribute to?

Taking domestic propaganda into account, do you think, as a North Korean, your country looks so much worse than the US? From the most cynical view of US foreign policy?

> , if they had that kind of access to outside information, how do they not know about the atrocities they are involved in?

How many thousands of people work on the US nuclear weapon program - knowing full well the US is the only country to use nuclear weapons, on predominately civilian targets, twice?

I work in the entertainment industry for a major Sony competitor. This hack was when entertainment execs started listening to their infosec people. It wasn't just IT. Media apps also got more secure and data retention policies got much, much more disciplined. The paranoia was real. I'd dare say it's why the big social media data retention scandal came out of the election instead of Hollywood.

I've always been suspicious of the touted NK connection. It seemed flimsy then, and it seems flimsy now. However, all these years later, I don't know why they'd be interested in keeping up security theater, so I assume someone closer to it than I knows all the facts.

Yes, perfect scape goat... And we're never going to hear the other side of the story. When did the world become so trusting of American intelligence agencies? Is it like everyone is desperate to support their stories these days - and their combined track record is worse than any criminal living today!
There's some fairly extensive information publicly available in support of the NK connection. I'll point to https://www.operationblockbuster.com/wp-content/uploads/2016... (disclaimer: I worked with the team that wrote that report, though not on Operation Blockbuster itself). That information shows that the group behind the Sony Hack were a previously unknown APT group. Analysis of malware used, C&C servers, and even re-used certificates connect this group to a variety of other attacks in the years prior, all targeting various South Korean entertainment and financial institutions. The report I linked to provides more information.
I've never understood the knee-jerk skepticism to the IC consensus despite no countervailing evidence to these foreign hacks. I'm really concerned we're going to be caught flat-footed to significantly more severe attacks from foreign powers if 40-50% of the population denies that they happened.
It's because institutions everywhere have been caught lieing repeatedly and maliciously. Public trust in institutions has been seriously eroded because those institutions have not been acting in a trustworthy manner.

People are being trained to not believe data from any organized group

As someone else that's spent a large amount of time looking into this, I'd like to offer a dissenting opinion.

I agree with the analysis linking the groups.. however, the final conclusion is because the other attacks were attributed to NK, then we must also attribute these attacks to NK.

I think these assumptions need to be questioned.

The sophistication of the attacks is so out of proportion with North Koreas abilities, it almost reaches the point of absurdity.

I mean we're talking about an entire country full of people that are denied access to the internet, most do not have computers, and many don't even have the electricity to run them. We're talking about a country where refrigerators are luxury and purchased by the middle class to store books since they don't have steady electricity that would allow them to keep food cold.

When you look at the sophistication of the attacks, it's an amazing leap to assign such sophisticated cyber attacks to a country that runs it's entire computer infrastructure as an government controlled Intranet that people still access over dial-up modem.

I mean even just using Occams razor on the South Korean bank attacks...

You're going to require extremely educated people, who have the requisite hacking skill and mindsets, which often require unfettered access to information that is denied to most everyone, and small details like the fact that the attackers also are knowledgeable in multiple spoken languages and other things that are so out of the ordinary for NK.

What is more likely.. that all of these sophisticated attacks are being done by a country that can barely keep the power on, or that they are done by someone pretending to be North Korea and using them as a scapegoat?

Personally I think it's the latter.

My understanding is that NK works out of a Chinese city Shenyang. [1] Their lack of internet infrastructure does not really matter in that case. As well, if they are working out of China you have to assume they are exchanging information with China. China has some pretty top tier security experts. I do not think it is unreasonable at all for someone in NK to be trained up in how to write ransomware or a wiper.

1. https://www.businessinsider.com/north-korean-hackers-working...

I disagree with the idea that the DPRK is not capable of such attacks. They've demonstrated they are capable of creating nuclear weapons and ICBMs, I don't think it's such a stretch to say they are capable of APT attacks. Especially when you consider that the DPRK gets a lot of support from China, which also engages in cyber attacks. It wouldn't be difficult to send DPRK citizens to China to be educated and instructed in computer technology. More difficult, but still possible, is covertly sending north koreans to various western institutions to receive an education in cyber security. Recall that Kim Jung Un himself was educated in Switzerland.

There's also the possibility that the APT group is partially or completely composed of foreigners hired to engage in these attacks on behalf of the DPRK. I know one of the people on Operation Blockbuster believed that this was "contracted out" to some clandestine group. This would explain the attackers being multi-lingual. It would also explain why many of their attacks focus on financial institutions and theft. This focus has been proposed as a way for the DPRK to get international currency to make purchases and evade sanctions, but it would also make sense for a group that is in it for the money.

Can we get an estimate of how much money was stolen/earned/misplaced/whatever in this hack?
In the Sony hack? None. But many of the Lazarus group's other attacks have resulted in getting significant amounts of money. There was the theft with the Bangladesh bank a few years ago, where they got away with around $100M US. There were some other, smaller incidents involving banks in Vietnam and Taiwan. And the Lazarus group is believed to be behind the WannaCry randsomware, idk how much they got from that.
This undercuts either the APT classification or the identification of the APT with DPRK. It's not as though Sony doesn't have any money; a group that steals money would have stolen some. In that case there would have been some sort of credible trail to follow.

Actually the whole "we don't like movies about Dear Leader" supposed motivation is only superficially reasonable. From the leaked email it's clear that this was a chaotic capricious organization that wouldn't have hesitated to fire embittered IT (or simply IT-aware) staff, who would then have been well-placed to do everything that was done to Sony. (I especially liked the unencrypted Word docs they had of nothing but hundreds of passwords. Passwords don't belong in Word docs!) "Guardians of Peace" had a special hatred for Sony execs, while e.g. Rogen and Franco were afterthoughts.

What's harder, building nukes or hacking Windows? Why should I expect that an entity capable of the first is not capable of the second?
I wish someone could explain the logic of indicting foreign nationals when there's no hope of bringing them to trial. A 179-page criminal complaint must have cost a substantial sum.

Justice Department could have spent that money explaining "correct horse battery staple" (https://xkcd.com/936/) to its own people, and so made us all a bit safer.

I suppose it's a way of substantiating the attribution of the crime to North Korea. When it was just someone making the allegation, they could've been doing it for any number of reasons, but now it seems the evidence has held up to some kind of scrutiny under due process.
It substantially limits their movement, as it increases the caution needed to enter any country with which the US has an extradition treaty.

As to explaining password security, the Justice Department is a law enforcement agency, not a security agency.

North Koreans aren't known for their international travel.
North Korean hackers actually travel abroad to their target country for 2 years according to the business insider article someone liked to in this thread. Seems possible they may travel again.
(comment deleted)
>>Mr. Park, who also went by the alias Pak Jin Hek, is unlikely to see the inside of an American courtroom. The United States has no direct, formal relations with North Korea and did not communicate with its reclusive government ahead of the charges.

And if he did find himself in a court, a couple of professors and escapees can testify that unless he did what he did, he'd be in jail, along with all his extended family. Not guilty. Now maybe he didn't have to be that successful, but we don't know all details beyond reasonable doubt.