Sony just had a major layoff,pointing to a possible insider.[1] Many Koreans work for Sony and they may have had a personal gripe with NK.“Guardians of Peace” comes from a quote used by former President Richard Nixon describing South Korea.[2]
In this debate[3], the security expert on the side of the FBI keeps rehashing the old it's the same IP address debate. But I don't buy it. Those are open proxies.
Combine that with the fact that North Korea has a terrible education system and an entimated 1 in 10,000 people have access to the Internet in North Korea. This is not the kind of environment that fosters elite super hackers. I don't think NK did it.
If DPRK has the capacity to pull this sort of hacking feat on demand, it begs the question: why aren't they doing it around the clock, to hurt their enemies that they seem to hate so much? It's just not very realistic to think that DPRK has this super secret hacker army (but not so secret that we haven't heard of it in the media) that can hack any large corporation (but can't cover its own tracks). If they did, we would see it action all year long.
This hack sounds like the work of a large, professional, well-funded organization that only uses its capabilities in a very targeted, parsimonious manner. But what would be the motive for the US govt to hack Sony and then accuse DPRK? Distract the public from the CIA torture report? Something else?
> the capacity to pull this sort of hacking feat on demand
> that can hack any large corporation
That's not how hacking works. Even if you have a collection of zero-day exploits, it's entirely dependent on the software and configuration of a target's computer systems. Or your own luck with social engineering.
This is not a hacking feat at all. Perhaps if this was the DoD and not Sony.
Extracting and exfiltrating many TB of data would take a bit of experience, but even some experienced script kiddies could likely get a foothold on Sony's network without much difficulty.
> Combine that with the fact that North Korea has a terrible education system and an entimated 1 in 10,000 people have access to the Internet in North Korea. This is not the kind of environment that fosters elite super hackers. I don't think NK did it.
You could say the same for nuclear programs and rockets. People showing technical aptitude are likely singled out for special training and given perks unheard of by the general population.
Plus, from what we've heard, the Sony hack didn't require remarkable levels of skill. They were doing things like storing major account passwords in text/Excel files on a shared drive.
The thing is no one should care. It isn't unique NK capability. Hacking is the domain of non-state actors, and knows no real political boundaries - at least on this level.
We're not talking about stuxnet, where it's likely wetwork teams planted it in the targets. We're talking about a run of the mill corporation with bad security getting owned - it was going to happen because the bar to clear for doing it just wasn't very high.
> Combine that with the fact that North Korea has a terrible education system and an entimated 1 in 10,000 people have access to the Internet in North Korea. This is not the kind of environment that fosters elite super hackers. I don't think NK did it.
Business Insider spoke to a defector about the DPRK's cyberwarface program[1]. Even if they can't develop hackers organically, they can build a small cadre by selecting some people who might be talented, hiring outside experts to train them and giving their trainee hackers certain privileges. An analogy might be that in the US, we build our olympic teams organically - athletes choose what they want to do based on personal interest and it's a good environment in which to grow as an athlete. North Korea has a terrible environment to develop athletes organically, but they can hire outside experts to train a small cadre of their own people. They win a few gold medals every summer Olympics.
The only problem being that no outside expert with the right skillset would ever travel to North Korea, and them doing so would be highly suspect.
Even if NK wanted to build such a team, the reality of nation-states is that you can't make up for the complete failure of your society with just money alone. The degree to which the Soviet Union turned out to be behind the US during the Cold War speaks to that - and NK is a lot worse off then the Soviet Union.
You can build the skillset without having anybody teach you in person.
NK is a lot worse than the Soviet but NK still managed to develop nukes and cobble together a midrange ballistic missile, something no teenage hackers in a basement can manage. You shouldn't underestimate NK. Just the fact they have survived as long as it has shows it means something.
The Copenhagen Suborbitals are a group of "teenage hackers in a basement" who have cobbled together a midrange ballistic missile, although without any intention of using it as a weapon. The main thing preventing other teenage hackers from doing this is violence — either the police come and arrest you, or your neighbors steal your things, or your neighbors get pissed off about the amount of nitrogen oxides you're wafting over their house and coerce you to stop.
True. But the focus is NK is capable of putting up ballistic missiles and naturally they are capable of cobbling some malware tools to hack into sony. Especially into sony.
> The only problem being that no outside expert with the right skillset would ever travel to North Korea, and them doing so would be highly suspect.
Really? Not one person in the entire world? It doesn't even have to be voluntary - North Korea has kidnapped foreign nationals plenty of times in the past, and I find it hard to credit the assertion that there isn't a single skilled hacker in organized crime circles greedy enough to take a generous pay package from NK.
You don't even need them to travel. Have 'em Skype in.
Given China's relationship with NK, why could they not reach out to China for people to do this? Elite hackers from the US probably wouldn't voluntarily go, but NK has way more to lose in their relations with China that the risk would be minimal to whoever goes.
I don't see why a Chinese hacker wouldn't help NK train their attackers, even if it meant the North Koreans traveling to China. The Western world isn't the only place with elite hackers.
Additionally, there is an estimate (from a facially plausible source) that North Korea has as many as 10,000 people working in IT outsourcing http://cacm.acm.org/magazines/2012/8/153816-inside-the-hermi... (yes, despite the fact that the IT firms don't have full Internet access). It also has to be pointed out that Sony's famously not the hardest target in cyberwarfare.
North Korea has a terrible education system and an entimated 1 in 10,000 people have access to the Internet in North Korea. This is not the kind of environment that fosters elite super hackers.
It's also not the kind of environment that fosters high-energy physicists, but we're talking about a regime that has indigenously developed nuclear weapons.
The NK government already has an "official" Linux distro, "Red Star OS," indicating at least some level of technical ... well, let's not say prowess, let's say comprehension. (Likewise, the proliferation of cheap high-tech goods smuggled over the Chinese border has forced the NK government to announce its own smartphone, though few people believe the factory to be anything other than a Potemkin fab, with the actual phones shipped over from China.)
You have to assume that a nation state, even one as impoverished as NK, can mobilize the kind of cash necessary to train a few hundred (at most) hackers, using Chinese or Russian instructors. It's much cheaper than hiring Makeyev OKB to design another ballistic missile system, and, unlike nuclear and missile tests, the international community doesn't have a unified playbook for dealing with target hacks, particularly against non-governmental systems. No one's going to war for Sony, but if NK is behind (or believed to be behind) the attack, you can bet that the USG has found Sony's experience to be rather bracing.
Having said that, I agree that the evidence favoring NK as the culprit is circumstantial and hazy at best. Even the best evidence they're provided is dependent on a chain of assumptions that I think haven't been properly validated.
This isn't a "WMD in Iraq" situation, because the USG would have loved for the Sony hack to be a bunch of anons doing it for the lulz (though now that the government has committed to the NK story, it's hard to backtrack). After all, we couldn't do much over NK's nuclear program, which is a crisis many, many orders of magnitude more serious than the Sony hack; calling out NK for this just underscores the fact that we don't have many levers to move against Pyongyang.
It's also not the kind of environment that fosters high-energy physicists, but we're talking about a regime that has indigenously developed nuclear weapons.
A minor quibble, but North Korea did not indigenously develop nuclear weapons - they acquired most of their knowledge and capabilities from Pakistan via the Khan network. They most certainly spent a great deal of effort internally to convert said knowledge into functional nuclear devices, but by no means did they develop everything internally.
I looked for the name Guardians of Peace prior to that meme starting, and after the George Clooney article came out, I looked again. While Nixon did use the phrase Guardians of Peace a number of times, I was unable to find it in conjunction with Korea. As far as I can tell, the only source saying Guardians of Peace is a SK reference is George Clooney.
I'll go with lying. Blaming NK serves their political agenda for now. It's still not outside the bounds of reason to believe Sony Pictures did it themselves.
I'm curious as to what exactly that agenda would be. Also, I think it is very much outside the realm of reason to think that Sony did this as a PR stunt. If they did... Well, Sony legal is probably not having a great Christmas.
It really doesn't make any sense to me that blaming North Korea serves a political agenda for the administration. They have a limited time left in office and they're trying to use it to accomplish something in foreign policy (so far, Cuba, a climate deal with China). This is particularly important since the President's domestic influence will be limited. This business with North Korea seems like a distraction. It's not serious enough that it's going to change anything in the relationship between the US and the DPRK. The DPRK is so unpredictable that starting a beef with them unnecessarily seems like a terrible idea. It's another item on the agenda with China, and I'm sure that there are a lot of other things that we would rather be discussing with the Chinese.
Whether NK is behind this hack or not, you cannot deny that the president's statement is a show of force. It is a clear message to any country that plans to use 'cyberwarfare' against the United States - we will retaliate proportionally.
The clear message the USA appears to be broadcasting by reacting swiftly on what appears to be very dubious information is that it is now providing the facility for trolls to SWAT entire countries, rather than just someone who had pissed them off on Counterstrike. I do not think this makes the world safer.
From the latest reports it seems that the advanced torture, cough ahem enhanced interrogation, techniques were designed and used partially to craft evidence to support an Iraq invasion [1], which seems even more sinister than what you had mentioned.
Potentially interestingly, a guy from Norse security figures:
>data is pointing towards a woman who calls herself "Lena" [...] someone who worked at Sony in Los Angeles for ten years until leaving the company this past May.
So we may actually get a proper answer as to who did it. Maybe.
> It's worth noting that the original demand of the hackers was for money from Sony in exchange for not releasing embarrassing information. There was no mention of the movie "The Interview"
That alone really pokes a hole in the official narrative.
These are the two original defaces on Sony's computer systems. Neither mention money, just vague "obey our demands or we will expose all your data". The first one explicitly mentions a "great effort to peace of the world", in line with the name "Guardians of Peace".
Why would a disgruntled insider make something up about world peace if they just wanted money?
Not saying that means it's necessarily North Korea, but I'm pretty sure the actors either had The Interview as a real motive, or used the movie as a pretext, from day 1.
I'm not disputing that, really. I'm disputing this:
>It's worth noting that the original demand of the hackers was for money from Sony in exchange for not releasing embarrassing information. There was no mention of the movie "The Interview"
It very well could be an extortionist, but I think they clearly intended to give the impression that it was allegedly about The Interview, first subtly then explicitly. No public message, or leaked private message, was ever released that showed the hackers asking for money. It is possible they sent a private demand for money to Sony which has yet to be released, but that would just be speculation.
Their group name, constant requests to "preserve world peace", releasing all sorts of movies and scripts except anything relating to The Interview, and then explicitly calling The Interview a "movie of terrorism" seems to show that they intended to use the movie as a bargaining chip from day 1.
Lena is the name of one of the most common test images used in image processing. If someone involved had a degree or background in electrical engineering, they would know this name.
I doubt anyone seriously believes NK could have manufactured the malware that was used.
...but it's plausible they may have paid other people to do it; or at least seed funded some third party (eg. russian hackers).
To be fair to the NSA; they're not retards.
Evil... maybe. But stupid? I don't think so.
If they (via the FBI) say it was NK, they probably have something to back that up (eg. intercepted communications or money trail that leads back to the NK).
Interesting point drops out of it though; I'd say it's pretty obvious the NK were never in control of the data or malware. If they paid for it, are they still to blame? Or are the people who actually did the hack to blame...?
I doubt many 'hackers' manufacture the malware themselves these days. Many buy/copy from others.
And we keep saying NK doesn't have enough capable human talent but they developed nukes and launched a mid range ballistic missile. Surely they can lock up some men in a building and teach how to run malwares?
>I doubt anyone seriously believes NK could have manufactured the malware that was used.
It's actually quite possible. The Shamoon/Destover family borrows a lot of code from commercial products, with some standard command & control functionality added. This is not Stuxnet style malware: Stuxnet was designed to spread perniciously and send precise commands to SCADA controllers; this malware is designed to wipe drives and capture basic information and files at the behest of an operator.
Many groups could have made this malware, nation-state or otherwise, including NK.
Detonate a nuclear device somewhere isolated where you already detonate nuclear stuff for fun. However, this time say that it wasn't planned at all.
Proceed to fabricate a story where the nuclear warheads were connected to the internet but with extremely high security measures. Why? Because, who knows, maybe the president is someday in the middle of a world crisis and the only way to launch nuclear retaliation is through some internet channel. Then proceed to say that North Korea and his world-class elite terrorist hackers (with the help of some insider scapegoat that you can take from jail) managed to HACK (it is important that you use this term) into the system and launch the nuclear device; fortunately they were programmed to strike on desolated terrain, god bless us all :'). Clearly, this is a direct attack towards american ground and it's people; without a doubt, a formal declaration of war. #KIMISBAD, #STOPNK2015, etc... ensues. Invade the country then, with the public's approval. And finally accomplish your goal: a military base in the outskirts of China.
51 comments
[ 3.0 ms ] story [ 117 ms ] threadCombine that with the fact that North Korea has a terrible education system and an entimated 1 in 10,000 people have access to the Internet in North Korea. This is not the kind of environment that fosters elite super hackers. I don't think NK did it.
[1] http://www.polygon.com/2014/9/18/6377971/sony-financial-resu...
[2] http://www.thedailybeast.com/articles/2014/12/20/sony-hacker...
[3] https://www.youtube.com/watch?v=vNCpHM4BBJQ
This hack sounds like the work of a large, professional, well-funded organization that only uses its capabilities in a very targeted, parsimonious manner. But what would be the motive for the US govt to hack Sony and then accuse DPRK? Distract the public from the CIA torture report? Something else?
> that can hack any large corporation
That's not how hacking works. Even if you have a collection of zero-day exploits, it's entirely dependent on the software and configuration of a target's computer systems. Or your own luck with social engineering.
Extracting and exfiltrating many TB of data would take a bit of experience, but even some experienced script kiddies could likely get a foothold on Sony's network without much difficulty.
You could say the same for nuclear programs and rockets. People showing technical aptitude are likely singled out for special training and given perks unheard of by the general population.
Plus, from what we've heard, the Sony hack didn't require remarkable levels of skill. They were doing things like storing major account passwords in text/Excel files on a shared drive.
That said, acting as if North Korea can't pull off this sort of attack is dangerously complacent.
We're not talking about stuxnet, where it's likely wetwork teams planted it in the targets. We're talking about a run of the mill corporation with bad security getting owned - it was going to happen because the bar to clear for doing it just wasn't very high.
Business Insider spoke to a defector about the DPRK's cyberwarface program[1]. Even if they can't develop hackers organically, they can build a small cadre by selecting some people who might be talented, hiring outside experts to train them and giving their trainee hackers certain privileges. An analogy might be that in the US, we build our olympic teams organically - athletes choose what they want to do based on personal interest and it's a good environment in which to grow as an athlete. North Korea has a terrible environment to develop athletes organically, but they can hire outside experts to train a small cadre of their own people. They win a few gold medals every summer Olympics.
http://www.businessinsider.com/north-korean-defector-jang-se...
Even if NK wanted to build such a team, the reality of nation-states is that you can't make up for the complete failure of your society with just money alone. The degree to which the Soviet Union turned out to be behind the US during the Cold War speaks to that - and NK is a lot worse off then the Soviet Union.
NK is a lot worse than the Soviet but NK still managed to develop nukes and cobble together a midrange ballistic missile, something no teenage hackers in a basement can manage. You shouldn't underestimate NK. Just the fact they have survived as long as it has shows it means something.
Really? Not one person in the entire world? It doesn't even have to be voluntary - North Korea has kidnapped foreign nationals plenty of times in the past, and I find it hard to credit the assertion that there isn't a single skilled hacker in organized crime circles greedy enough to take a generous pay package from NK.
You don't even need them to travel. Have 'em Skype in.
It's also not the kind of environment that fosters high-energy physicists, but we're talking about a regime that has indigenously developed nuclear weapons.
The NK government already has an "official" Linux distro, "Red Star OS," indicating at least some level of technical ... well, let's not say prowess, let's say comprehension. (Likewise, the proliferation of cheap high-tech goods smuggled over the Chinese border has forced the NK government to announce its own smartphone, though few people believe the factory to be anything other than a Potemkin fab, with the actual phones shipped over from China.)
You have to assume that a nation state, even one as impoverished as NK, can mobilize the kind of cash necessary to train a few hundred (at most) hackers, using Chinese or Russian instructors. It's much cheaper than hiring Makeyev OKB to design another ballistic missile system, and, unlike nuclear and missile tests, the international community doesn't have a unified playbook for dealing with target hacks, particularly against non-governmental systems. No one's going to war for Sony, but if NK is behind (or believed to be behind) the attack, you can bet that the USG has found Sony's experience to be rather bracing.
Having said that, I agree that the evidence favoring NK as the culprit is circumstantial and hazy at best. Even the best evidence they're provided is dependent on a chain of assumptions that I think haven't been properly validated.
This isn't a "WMD in Iraq" situation, because the USG would have loved for the Sony hack to be a bunch of anons doing it for the lulz (though now that the government has committed to the NK story, it's hard to backtrack). After all, we couldn't do much over NK's nuclear program, which is a crisis many, many orders of magnitude more serious than the Sony hack; calling out NK for this just underscores the fact that we don't have many levers to move against Pyongyang.
A minor quibble, but North Korea did not indigenously develop nuclear weapons - they acquired most of their knowledge and capabilities from Pakistan via the Khan network. They most certainly spent a great deal of effort internally to convert said knowledge into functional nuclear devices, but by no means did they develop everything internally.
I looked for the name Guardians of Peace prior to that meme starting, and after the George Clooney article came out, I looked again. While Nixon did use the phrase Guardians of Peace a number of times, I was unable to find it in conjunction with Korea. As far as I can tell, the only source saying Guardians of Peace is a SK reference is George Clooney.
Frankly this backs up what you are saying.
Given this fact: http://iowa.barstoolsports.com/random-thoughts/sony-paid-kev... I'm not willing to trust George Clooney at his word.
Same as with Iraq's WMDs, or Syria's chemical weapons.
[1] http://www.democracynow.org/2014/12/23/ex_bush_official_us_t...
>data is pointing towards a woman who calls herself "Lena" [...] someone who worked at Sony in Los Angeles for ten years until leaving the company this past May.
So we may actually get a proper answer as to who did it. Maybe.
http://www.cbsnews.com/news/did-the-fbi-get-it-wrong-on-nort...
That alone really pokes a hole in the official narrative.
http://regmedia.co.uk/2014/12/08/sony_hack.jpg
http://cdn.arstechnica.net/wp-content/uploads/2014/11/sonypi...
These are the two original defaces on Sony's computer systems. Neither mention money, just vague "obey our demands or we will expose all your data". The first one explicitly mentions a "great effort to peace of the world", in line with the name "Guardians of Peace".
Why would a disgruntled insider make something up about world peace if they just wanted money?
Not saying that means it's necessarily North Korea, but I'm pretty sure the actors either had The Interview as a real motive, or used the movie as a pretext, from day 1.
Why would someone extorting a company attempt to be deceptive? We're really asking that question?
>It's worth noting that the original demand of the hackers was for money from Sony in exchange for not releasing embarrassing information. There was no mention of the movie "The Interview"
It very well could be an extortionist, but I think they clearly intended to give the impression that it was allegedly about The Interview, first subtly then explicitly. No public message, or leaked private message, was ever released that showed the hackers asking for money. It is possible they sent a private demand for money to Sony which has yet to be released, but that would just be speculation.
Their group name, constant requests to "preserve world peace", releasing all sorts of movies and scripts except anything relating to The Interview, and then explicitly calling The Interview a "movie of terrorism" seems to show that they intended to use the movie as a bargaining chip from day 1.
>We’ve got great damage by Sony Pictures.
>The compensation for it, monetary compensation we want.
>Pay the damage, or Sony Pictures will be bombarded as a whole.
>You know us very well. We never wait long.
>You’d better behave wisely.
>From God’sApstls
So she is Russian. How convenient. We can blame NK and Russia.
> Lena Söderberg (born 31 March 1951 in Sweden)
My conspiracy theory is devastated.
...but it's plausible they may have paid other people to do it; or at least seed funded some third party (eg. russian hackers).
To be fair to the NSA; they're not retards.
Evil... maybe. But stupid? I don't think so.
If they (via the FBI) say it was NK, they probably have something to back that up (eg. intercepted communications or money trail that leads back to the NK).
Interesting point drops out of it though; I'd say it's pretty obvious the NK were never in control of the data or malware. If they paid for it, are they still to blame? Or are the people who actually did the hack to blame...?
And we keep saying NK doesn't have enough capable human talent but they developed nukes and launched a mid range ballistic missile. Surely they can lock up some men in a building and teach how to run malwares?
IF NK paid for it, they are responsible still.
It's actually quite possible. The Shamoon/Destover family borrows a lot of code from commercial products, with some standard command & control functionality added. This is not Stuxnet style malware: Stuxnet was designed to spread perniciously and send precise commands to SCADA controllers; this malware is designed to wipe drives and capture basic information and files at the behest of an operator.
Many groups could have made this malware, nation-state or otherwise, including NK.
Detonate a nuclear device somewhere isolated where you already detonate nuclear stuff for fun. However, this time say that it wasn't planned at all.
Proceed to fabricate a story where the nuclear warheads were connected to the internet but with extremely high security measures. Why? Because, who knows, maybe the president is someday in the middle of a world crisis and the only way to launch nuclear retaliation is through some internet channel. Then proceed to say that North Korea and his world-class elite terrorist hackers (with the help of some insider scapegoat that you can take from jail) managed to HACK (it is important that you use this term) into the system and launch the nuclear device; fortunately they were programmed to strike on desolated terrain, god bless us all :'). Clearly, this is a direct attack towards american ground and it's people; without a doubt, a formal declaration of war. #KIMISBAD, #STOPNK2015, etc... ensues. Invade the country then, with the public's approval. And finally accomplish your goal: a military base in the outskirts of China.
The only times the state has been caught lying!