FBI Formally Accuses North Korea Of The Sony Hack
from the h4x0r! dept
Just this morning, Tim Cushing (aka, Other Tim) wrote about how likely it was that the White House would make a statement today on the Sony hack, naming North Korea as the perpetrator and treating this all like a far bigger deal than they probably should be. However, the FBI beat them to the punch, becoming the first alphabet agency to formally accuse North Korea of being 56th in line in the great 12 year hackathon that's been Sony's corporate networks.
As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:Since the rumors that a formal accusation were on the way first began, the question on everyone's mind has been exactly what evidence would be used to draw that conclusion. As it turns out, based on what the FBI is releasing, it seems fairly thin. Their press release makes it sound like the attacks upon which they're drawing similarities are significantly alike, when a great deal of other reporting indicates that they simply use the same hacking software available on the black market and are routing through some locations known for their use by hackers. The similarity between the Sony attack and the attack on South Korea has more to do with the above plus the timing. The accusation that the hacks used were directly developed by North Korea are interesting, but meaningless without actual evidence. Simply saying it doesn't make it so.
-Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
-The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
-Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
Regardless, even if North Korea does prove to have been responsible, there's no excuse for saying things like:
North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.While I'm generally loathe to blame a victim, when that victim takes so lax an attitude toward its own security as to be hacked roughly five times a year and still not bother to implement basic password policies, what else am I supposed to do? This doesn't show the grave, mega-scary, super-threat of cyber-terrorism. It shows that Sony has some exceptionally lazy security and IT people. As for the attack posing a threat to a freedom of expression, well, we have Sony's cowardice and the cowardice of the theater chains for that. It's unbelievable that companies operating within the American system should self-censor this way. It's surrender of the mind and the thought. It's the same thing as the Danish cartoons and Salman Rushdie. Sony and the theaters are allowed to self-censor and to deprive the American people of the movie, but that doesn't make it okay.
You should expect to see the White House touting the FBI's report as gospel and to rattle several sabers in the direction of Pyongyang, for all the good it will do. Giving in to a regime that can't manage to feed its own people seems like a mistake to me, but what do I know?
Update: And, almost as this post was finished being written, President Obama appeared before the press to condemn the attacks. He also indicated that it was the wrong move for Sony to censor the movie. In fact, he suggested that Sony should have consulted with the administration to assess the threat. Both comments, of course, are quite easy to make now that it's Friday and the decision cannot be reversed.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: emails, fbi, north korea, sony email hack, sony hack
Reader Comments
The First Word
“Expanding on the statement
"North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States."I'm sick of these boilerplate, "gravest threats" statements. If it were really that bad, they would've come up with a better description; maybe something like:
"North Korea’s attack on SPE reaffirms that what we are dealing with now can only be described as the cyber-war equivalent of the jetski level in Battletoads."
Subscribe: RSS
View by: Time | Thread
First, they already had theater chains dropping the movie over the threats which largely forced their hand. If a bunch of their distributors won't release it, they're pretty much forced to choose to either have an extremely haphazard release of the movie, hurting it's potential profitability at the box office, or "cancel" the release and wait to do something with it later. They picked the second option, which financially is probably the better option for them.
Second, I highly doubt they "caved" to the very vague threats against the theaters. They were likely hoping to dissuade the hackers from the promised release of yet more embarrassing information: http://arstechnica.com/security/2014/12/hackers-promise-christmas-present-sony-pictures-wont-like/
We 've already seen them start to take damage from what's been released thus far. The slim chance that not releasing the movie will result in fewer embarrassing data releases is probably worth quite a bit to them at the moment. The movie release can easily wait until they've had more time for the fallout from the hack to settle, and people are no longer sitting around waiting for the next Sony embarrassing revelation.
[ link to this | view in chronology ]
/Sarc
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Oops they did it again. ..etc etc
[ link to this | view in chronology ]
"thin"?
Thin, as in "vaporous", "elusive", "insubstantial", "entirely circumstantial", "shaky", "unconfirmed by independent analysis", "contrived", "likely planted", "inconclusive", "merely suggestive", "convenient". That kind of "thin".
[ link to this | view in chronology ]
Re: "thin"?
[ link to this | view in chronology ]
Government is Gaming the Public
The image I imagine is of some power hungry bureaucrats sitting around a table and one dude is greedily rubbing his hands together and with a sly look says, "This SPE hack is just the catalyst we need to pass our ____ legislation."
Fill in the blank with PIPA, SOPA, government drone, or any other intrusive government legislative action.
[ link to this | view in chronology ]
Re: Government is Gaming the Public
This is why I have trouble with politics. There is so much effort put into maintaining power and discrediting opponents. Why can't people just look for real solutions to problems. This is why I am a nerd and not a politician.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I highly recommend reading: http://www.tenable.com/blog/ranums-rants-the-anatomy-of-security-disasters which goes into this in considerable depth. Ranum wrote this five and a half years ago, but he's extremely insightful: I'll bet lunch that he enumerated several of the root causes of the (latest) Sony hack without even trying.
Incidentally, it's not necessary spend money on security products to have a reasonably secure operation: I run mine with 100% open-source software, so the only cost is the hardware to execute it.
[ link to this | view in chronology ]
Re: Re:
This is something that is essentially impossible to get many companies to understand. I think it's because they don't understand what "security" actually is. There is no technological magic bullet that will make you secure, no matter how much you spend. Security comes from behavior, not technology.
[ link to this | view in chronology ]
Does that strike anyone else as very unusual? This all reeks.
Good job calling out sony's BS, Tim.
[ link to this | view in chronology ]
Re:
Or something.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
funny how when it does it, there's nothing wrong but when any other nation does the same thing, it's the most despicable act going, throwing doubt on to relationships between the nations, whether already strained or not!!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Expanding on the statement
I'm sick of these boilerplate, "gravest threats" statements. If it were really that bad, they would've come up with a better description; maybe something like:
"North Korea’s attack on SPE reaffirms that what we are dealing with now can only be described as the cyber-war equivalent of the jetski level in Battletoads."
[ link to this | view in chronology ]
Re: Expanding on the statement
[ link to this | view in chronology ]
Almost every single nation-state hack I've seen, attempts to be stealthy and low key. Nothing about the Guardians of Peace hack is low key.
The Sony hack looks like it was carried out by a hacking collective. A hack for the lolz if you will. Honestly, who justifies an attack by saying it's about a comedy movie? Certainly not nation state hackers.
I'm disappointed in the White House and FBI's detective skills. Either they truly are ignorant, and think It's N. Korea. Or they're using N. Korea as a scapegoat, in order to push cyber-security legislation that will make no one safer, and end up making everyone less secure from hackers by sharing private customer information openly for the hackers to steal.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Further Sony is getting a little just payback for it's rootkit it hoisted off on the public unannounced. Sony dropped the movie premier because it is scared to death that these hacks will reveal something it doesn't want the public to know and doesn't want to deal with.
Hackers have no gain if they can't use the info they took. So it will come out sooner or later. Sony will never be able to appease them forever.
In the meantime a Canadian movie theater has said it will show the movie. So at some time it will be available to download. Just a matter of time. I personally never planned to see this movie as it is just not something I am interested in, even with the hype. All the hype will not improve the movie's quality.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Rootkit
I expect a big "HUH?"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The economic fallout alone - Which the MPAA estimates at a minimum of $1 billion / theater - from the use of the self destruct codes would end civilization as we know it.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
North Korea?
If memory serves, the first rule of investigative journalism is "follow the money".
North Korea gets nothing useful out of this, beyond inconveniencing Sony.
If anything, it loses out, if the USA responds by increasing the money and authority it gives to its cyber-security divisions, as seems fairly likely.
Arch-FUD-peddlars the NSA, along with its corporate partners, are the organisations which stand to gain most from all of this.
I'm a lot more convinced by their clear profit-motive than I am by the vague and circumstantial evidence on display here.
[ link to this | view in chronology ]
Re: North Korea?
OK. Has anyone bothered to check who has been purchasing large quantities of "put" options on Sony stock over the past year or so?
Perhaps this flap has nothing to do with hacking or umbrage, but good, old-fashioned insider stock trading fraud.
[ link to this | view in chronology ]
Um. Get North Korea out of Ferguson now?
[ link to this | view in chronology ]
On location of "The Interview II"...
The actors are holding up signs that say "Hands Up, Don't Shoot!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Innocent Vs Guilty
[ link to this | view in chronology ]
North Korea? What about Sony insiders?
Have Sony allowed their in-house IT staff to return yet? Part of the justification for laying them off would be a loss of trust.
[ link to this | view in chronology ]
One question
Given that regime's usual style, you'd think be proclaiming their glorious victory to the world.
[ link to this | view in chronology ]
Re: One question
I mean, given how pathetic Sony's security was and is, hacking them isn't exactly something to be overly proud of. It would be like someone bragging about their 'awesome lockpicking skills' for breaking into a building that had the key to the front door on a nail right next to the door.
[ link to this | view in chronology ]
Re: Re: One question
[ link to this | view in chronology ]
Tin Foil hat time.
Now... for my tin foil hat routine... I am getting closer and closer to thinking that the US itself would stage and attack on Sony for some BS reason, maybe it was a bet? and made it look like a turd muffin country did it. Multiple benefits can be had.
1. Scare more stupid and cowardly citizens into letting the goobermint take more liberties/privacy away in the name of safety.
2. Drum up public support for exploding accused nation.
3. Reap kudos from the chicken shit population, which is circular with #1.
Hell, maybe Israel is not feeling very trusting with the US and pull this shit off to sucker someone else into handling a turd muffin nation, but it would make more sense if it was Iran on the hook... then again... South Korea anyone?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
limiting liability
[ link to this | view in chronology ]
Publicity Stunt?
This Sony thing smacks me as a big publicity stunt. Buying off Washington is merely pocket change for Sony. But the free advertizing, in all the hype, is priceless. I'm betting that the movie will be released as normal, quite soon.
Not, of course, that I will waste my money.
Just in case I'm wrong, it's happened before. I must congratulate North Korea on their restrained response. Remember, the USA sends predator drones and hellfire missiles against those they don't like. N. Korea's response is rather tame.
Many people learn that free speech has repercussions. Bad mouth your boss online and expect something unpleasant. Sony is just learning that they too have limitations!
[ link to this | view in chronology ]
Look! Over there! Behind you!! he he he he he he he
All the evidence that has been presented "proving" North Korea as the culprit, would also be evidence of a CIA false flag operation, since anyone "in the know" could have used these same code snippets, hacker wares and tech resources, to pull off this attack, including and especially the CIA, NSA, FBI and other less know secret federal agencies of the USG.
And the rationale behind the USG doing a false flag operation to make the public think that NK is behind it is simple:
"North Korea’s attack on SPE reaffirms that what we are dealing with now can only be described as the cyber-war equivalent of the jetski level in Battletoads."
To get more public support and taxpayer funding and new spy-enabling legislation for the on-going Cyber War that the USG is already operating, by "reaffirming" that the FUD is really for really real, honest injun!!!!
And, by screaming Evil Korean Empire and Global Cyber War at the top of their lungs, they also drown out all the public discourse about the actual content of the material taken from Sony's servers, concerning their on-going bribery of Attorneys General and their assault on Google and the Internet in general.
Giving all the above, I would say that the chances of this being a CIA op is likely 10 times greater than that of it being a completely Korean op.
Then again, one cannot rule out the idea that its a joint effort by the USG and the Korean Government either, since almost all visible animosity between foreign governments is purely public relations, as their goals of mass surveillance and population control are identical nation to nation.
Starting an international cyber war would easily benefit the spy agencies and corporate interests of every nation on earth (especial five eyes nations), as the public would then be called upon to foot the bill fully, as it does for any declared war, and the kid gloves would come off and the surveillance state would be a legally guaranteed sure thing.
The constitution would be completely cancelled.
Legally.
For the war effort.
Once again.
---
[ link to this | view in chronology ]
Re: Look! Over there! Behind you!! he he he he he he he
The mass media corporations shout the same phony tale. To the extent that the wikipedia article (that is based on quotes from the mass media) doesn't mention any wrongdoing by Sony. Only celebrity gossip and other fluff!
[ link to this | view in chronology ]
Re: Re: Look! Over there! Behind you!! he he he he he he he
[ link to this | view in chronology ]
Re: Re: Re: Look! Over there! Behind you!! he he he he he he he
When the distraction is pushed to this extent, it is almost a given that the Wikipedia article reflects this. I expect the Wikipedia article to improve. Already Sonys lax security is mentioned.
[ link to this | view in chronology ]
Re: Re: Re: Look! Over there! Behind you!! he he he he he he he
Please, do go investigate. Do an experiment, and report back your results. It's a moral imperative! You must enlighten, else you're helping the forces of Darkness.
[You noticed I capitalized "Darkness", I hope.]
I'm not at all sure where I'm going with this. Have fun!
[ link to this | view in chronology ]
Re: Re: Re: Re: Look! Over there! Behind you!! he he he he he he he
“Canada avoids wrath of North Korea over B.C.-made ‘The Interview’ ”, by John R. Kennedy, Global News, Dec 22, 2014
[ link to this | view in chronology ]
...lack of sufficient coffee no doubt...
Then again, since I think it is a false flag op, perhaps the "Jetski level in Battletoads" is a far more appropriate phrase than "... pose one of the gravest national security dangers to the United States." :)
---
[ link to this | view in chronology ]
Sony attacks
If I were still in security, I would be popping a bottle of champagne.
[ link to this | view in chronology ]
Credit where credit's due?
I want to believe that's unjustified. Everything I've read points to Sony being exceptionally cheap, resenting having to actually employ sufficient staff! Perhaps they had good people, but they had no-where near enough to handle the operation. Am I mistaken? Did they have enough people with the necessary skills, and they got lazy? Where's the proof?
[ link to this | view in chronology ]
Why the issue?
First of all Sony is a Japanese based company, and yes it does have USA based subsidiaries,
https://en.wikipedia.org/wiki/Sony
But an attack on Sony is an attack on a foreign based company, not an attack on the USA.
So why does the USA government give so much priority to this?
The stink of corruption is overwhelming
[ link to this | view in chronology ]
Re: Why the issue?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It's just asking for more trouble in the future if the hackers "win".
[ link to this | view in chronology ]
Re:
Sony Pictures parent company may be in the best position to determine whether releasing the movie would cause an utterly intolerable loss of face for DPRK leadership.
In any event, whether or not they are truly in the best position to assess the cultural impact of the movie—in the end, it is up to the moviemakers to decide whether to speak or remain silent. They have the final word.
[ link to this | view in chronology ]
I take back that companies shouldnt have the rights of a person.......they shouldnt have rights SUPERIOR to a person
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Fixed it for them!
[ link to this | view in chronology ]
Media strategy
Intriguing theory. Not sure I believe it.
[ link to this | view in chronology ]
Please define "gravest threat"
Some hackers hacked into an insecure *private* company, threatened "something, something, movie theaters" and suddenly this is a "grave threat".
But that's good- keep up the hyperbole and soon everyone will be so dulled by every "gravest threat" that no one will listen.
It's almost like they've never heard the story about the boy who cried wolf.
On the other hand, this is excellent cover to move away from the torture report.
[ link to this | view in chronology ]
Bombing The Interview
I read it somewhere quoting #GOP that if you even lived near a theatre showing it, you're too close. Pretty stupid, but perfect if you want to discredit them. Who said it really?
[ link to this | view in chronology ]
We always like to blame others....
Great read!
Jullian
[ link to this | view in chronology ]