James Clapper Claims That Sony Hack 'The Most Serious Cyberattack On The US Yet'; Which Suggests No Serious Cyberattacks
from the go-on-with-your-day dept
At a cybersecurity conference at Fordham university, Director of National Intelligence James Clapper apparently claimed that the Sony Hack was "the most serious cyberattack" made to date against the US. If that's true (and it's likely not), then that really kind of undermines all the claims about just how "serious" cyberattacks are to national security. Yes, the Sony Hack was incredibly embarrassing to Sony and some individuals and partners. Yes, it may cost Sony a significant amount of money in cleaning up the mess. But no one died. No serious long-term problems were created by it. No one has to "rebuild" a city. The actual impact of the hack on the day-to-day lives of most people is next to nothing. For years, people like Clapper have been warning of the pending "cyber Pearl Harbor," and if this is the best they've got so far... sorry, but that's just not that serious.At the same event, Clapper apparently insisted not only that he was sure North Korea was behind the hack, but that he knew who ordered it. He also revealed some more info on the (little known) fact that he had traveled to North Korea two weeks before the hack, where he met with the guy he now says is responsible. Marcy Wheeler raises some questions about whether Clapper's trip had something to do with the hack (if it really was done by North Korea).
Speaking of which, at the very same event, FBI director James Comey, once again, insisted that North Korea was responsible and claimed that the hackers "got sloppy" and revealed their own IP addresses. It could be that. Or whoever did it could have been slightly more sophisticated, leaving false markers pointing to North Korea. But, as of right now the FBI is sure that sloppiness is a better excuse.
Either way, it still seems like much more is being made of the Sony Hack than it deserves. Yes, it was a big hack, and yes, it revealed a ton of private documents that clearly has embarrassed Sony quite a bit. But if the future of war involves embarrassing big companies, rather than killing thousands of people -- I think I'd make that trade off.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, james clapper, odni, sony hack
Companies: sony
Reader Comments
Subscribe: RSS
View by: Time | Thread
Perhaps that's *why* the goverment claims N. Korea did it ....
If the US government asked N. Korea to hack Sony, then the US government would have some strong (but un-shareable) evidence that N. Korea was behind the hack.
[ link to this | view in thread ]
2009
In terms of predicting the future I'm not sure it matters who did it. We know there will he more, from all over and they will escalate.
[ link to this | view in thread ]
This is about a corporation that couldn't be bothered with trivial stuff like internet security. Nor does it appear it was willing to pay for the beef up it would take until their nose was rubbed in the puddle like a puppy being housebroken.
You have to take responsibility when it is your own damn fault it's so easy.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Wow
[ link to this | view in thread ]
Curious definition of "The US"
It wasn't. It was an attack on Sony. Admittedly, in this day of major corporations running nations my information may be out of date but the last time I checked, Sony was not the United States.
[ link to this | view in thread ]
Re: Wow
[ link to this | view in thread ]
Re: Wow
• The Sony Pictures Entertainment is based in Culver City, California.
• A federal crime was committed against them, in California.
• SPE's relationship as the daughter company of a Japanese parent adds a foreign policy dimension. The United States, ever since the end of WWII, has had an evolving strategic relationship with Japan.
• A foreign state which attacks Japan, attacks United States interests. The United States holds a nuclear umbrella.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Wow
The United States has perhaps not apologized deeply enough to its own citizens. But I had at least hoped that those racist attitudes were no longer considered acceptable.
[ link to this | view in thread ]
At least N. Korea has the decency to not attack it's so called allies. Let's not forget Stuxnet. Which was a US launched cyber attack against Iran.
I believe sanctions against the UK and US are in order. I have definitive evidence that links both the US and UK to the Stuxnet and Regin cyber attacks.I can't share the details with you, because the evidence is a secret. You'll just have to trust me on it.
[ link to this | view in thread ]
Re: Wow
[ link to this | view in thread ]
corperate pride hurt
And a US corporation made to look stupid - these people are major campaign donors.
This is far more important than infrastructure being destroyed or ordinary mere moral citizens being killed.
Get your priorities right for 21st century USA......
[ link to this | view in thread ]
Re: Re: Re: Wow
[ link to this | view in thread ]
IP addresses are not attribution
Everyone who's been paying attention to security issues over the past decade-plus knows that IP addresses, while indicative of where an attack is coming from, are not indicative of who is conducting the attack.
One massive and ongoing example of this is the unceasing torrent (heh) of spam flowing from compromised systems all over the planet. Everyone who runs a mail server and pays attention to the logs has been watching this ever since SoBig and its variants began taking over Windows systems and installing spam-distributing malware on them. There are several hundred million of these systems out there, right now, and their putative owners -- that is, the people who think those systems belong to them -- are almost entirely unaware of this. The real owners -- the people who are controlling them -- have taken pains to make sure of that.
In the time it took me to write that paragraph, these systems all tried delivering spam:
78.186.118.79.static.ttnet.com.tr [78.186.118.79]
ip250594c8.dynamic.kabel-deutschland.de [37.5.148.200]
bzq-126-168-31-214.red.bezeqint.net [31.168.126.214]
87.Red-81-45-228.staticIP.rima-tde.net [81.45.228.87]
They're in Turkey, Germany, Israel and Spain, respectively. They're almost certainly end-user systems deployed on cable/DSL/fiber, and the people sitting in front of them tonight have no idea that this is going on. They would be equally unaware if those systems were repurposed to launch an SSH brute-force attack or to exfiltrate data from a corporation or anything else.
So the fact that -- allegedly -- some portion of the Sony attacks originated from IP addresses in North Korea means nothing. Just as a spammer in the US could be the one really behind those four IP addresses, an attacker in Denmark could be behind the addresses in North Korea.
[ link to this | view in thread ]
Now everything we've already done can be retroactively be deemed "legal" and have an easier time from this point on
[ link to this | view in thread ]
The various allegations as we know them
Two US spies were captured in North Korea. The US sends the most disreputable envoy imaginable (Spymaster Clapper) to North Korea, which releases these spies to him for, supposedly, nothing in exchange (other than the goodwill of the US). North Korea then hacks a US company making a movie of two spies in North Korea to kill their leader. This hack exposes that the US State Department helped shape the ending of the film. The US instantly names North Korea as the perpetrator and possibly retaliates by temporarily disrupting the internet in the country (which, if it happened to us, would be a lot more of an economic disaster than any Sony doxing).
I have no plans to see the Sony movie - real life in this case seem way more fascinating than any movie could be. I need some popcorn.
[ link to this | view in thread ]
Re: Curious definition of "The US"
Any attack on Sony is considered an attack on the people Sony bribes.
[ link to this | view in thread ]
Re: Perhaps that's *why* the goverment claims N. Korea did it ....
However, the attack uses a number of avenues that are very likely already fully compromised by US intelligence. Because of this, the US has every reason to distract everyone from the fact that it might have been them who did it, or at least they could have prevented it had they had the desire to do so.
N Korea also has access to those attack avenues, and the US knows this. No idea why they're so strenuously pointing it out though; I would have thought this was a perfect candidate for parallel reconstruction.
[ link to this | view in thread ]
Sony hack attack on US?
[ link to this | view in thread ]
Re: IP addresses are not attribution
An excellent point! Courts have also recognized this fact to be true. Unfortunately, the Executive branch doesn't seem to be interested in facts right now. "Trust us" is the overruling narrative of the day.
[ link to this | view in thread ]
Re: Sony hack attack on US?
The U.S.M.C. III Marine Expeditionary Force Headquarters is based at Camp Courteny on Okinawa.
[ link to this | view in thread ]
Sony hack attack on US?
[ link to this | view in thread ]
Re: Sony hack attack on US?
[ link to this | view in thread ]
Re: Re: Re: Re: Wow
- Get a Crackhead to Comment -
[ link to this | view in thread ]
Re: The various allegations as we know them
I have no plans to see this movie and highly doubt it is worth the ticket price to see it. In today's movie world only 2 maybe 3 movies a year are worth watching, the rest are trash trying to cash in on some other mark of success that another movie triggered.
[ link to this | view in thread ]
Re:
Fool me - can't get fooled again.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: IP addresses are not attribution
[ link to this | view in thread ]
Re: Re: The various allegations as we know them
People want something to talk about. Whatever floats your boat.
[ link to this | view in thread ]
Re: Re: The various allegations as we know them
[ link to this | view in thread ]
[ link to this | view in thread ]
I'm sorry to inform you corporations, but I think you will first have to submit the paperwork, wait a long time and then pass a citizenship test.
Also - if your plans include getting your grubby hands upon that sweet sweet taxpayer money, you maybe required to pass a drug test and show proof you are looking for employment.
[ link to this | view in thread ]
I'm still more devastated about the loss of the SS Minnow.
[ link to this | view in thread ]
???
DONT THINK SO..
Last I heard most of it happened to Sony Brazil..where the main servers are..
[ link to this | view in thread ]
Re: ???
They were running 1999 server software,
Avoided recommendations from server admins,
And NO ONE noticed people SITTING on the server for DAYS at a time..
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Wow
[ link to this | view in thread ]
Re: ???
[ link to this | view in thread ]
Re: Re: Wow
What a load of utter unadulterated Bullshit!
In that case the USA should be going after the Australian people because we attacked Japan in the World court for it's Whaling practices.
You sir instead are an idiot and have no clue about anything. The US govt is stating that this is an attack on the USA for one and only one reason. It is in their current interest to make people fearful and serves THEIR and definitely no one elses agenda!
[ link to this | view in thread ]
Re: Re: Sony hack attack on US?
[ link to this | view in thread ]
Re: Re: Re: Wow
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Perhaps that's *why* the goverment claims N. Korea did it ....
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Wow
[ link to this | view in thread ]
This is the "Snowden" effect of the MPAA: using AGs illegally for a business model long overdue for an overhaul.
With so many pants down right now, of course the FBI will see it as serious.
After all, the FBI is the police force of the movie industry (for reasons that are still unexplained).
[ link to this | view in thread ]
That alone should get him on every single watchlist they ever had and a ticket to gitmo. This was the biggest terrurist cyber attack ever and he is in the middle of it, he is cyber osama ffs.
[ link to this | view in thread ]
Who cares
[ link to this | view in thread ]
Re: Re: Re: Wow
Did someone call someone else a poopy head? Because that is an attack - right?
[ link to this | view in thread ]
Hypocrisy..
[ link to this | view in thread ]
Re: Re: Re: Wow
WTF are you on about? Even among those who still cling to the idea of different human races (scientific consensus is that racial groups cannot be biologically defined.) they still don't imagine "Japanese" as a race.
Aside from that, how the hell is factually pointing out that Sony is a private company not from the US but from Japan racist or insensitive or anything but just a simple fact?
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Perhaps that's *why* the goverment claims N. Korea did it ....
'cause that sure seems like the takeaway...
are we not even going to pretend our warmaking is about preserving 'freedom and democracy', but merely preserving profits of transnational korporations ? ? ?
the last stages of Empire consolidation: the pretense is abandoned...
Empire must fall.
the sooner the fall,
the gentler for all...
[ link to this | view in thread ]
[ link to this | view in thread ]
clapper
[ link to this | view in thread ]
Re: Re: Re: Wow
[ link to this | view in thread ]
Re: Re: Re: Sony hack attack on US?
[ link to this | view in thread ]
Credibility Lost
Once a liar, always a liar.
[ link to this | view in thread ]
Re: Re: Re: Re: Wow
People in California are guaranteed equal protection of the laws.
[ link to this | view in thread ]
The Pandering Politician and the Rise of the Police State
[ link to this | view in thread ]
Re: Re: Wow
So what? Sony Pictures Entertainment Inc. (SPE) is the American entertainment subsidiary of Japanese multinational technology and media conglomerate Sony.
Garshk, I hope I'm not being racist! /sarcasm
[ link to this | view in thread ]
Re: Re: Re: Wow
If the next thing you're going to say is, ‘The Irish beat cop should just ignore Asian on Asian crime in Chinktown’, well, that's almost as bad as having the Mick's Wop partner just grabbing the first likely suspect to slam against the wall.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Wow
[ link to this | view in thread ]
Re: Re: Wow
post half ruined now, meh
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: IP addresses are not attribution
[ link to this | view in thread ]
Re: The various allegations as we know them
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Sony hack attack on US?
[ link to this | view in thread ]
Re: Re: Sony hack attack on US?
[ link to this | view in thread ]
Re: Re: Re: Sony hack attack on US?
But wouldn't it be polite for you explain the significance of the location of the parent corporation's headquarters? In relation to the attack against the daughter company.
Your initial question looms over us, but I have already provided collateral. Unless you accuse the New York Times.
[ link to this | view in thread ]