[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

The Media Flips Over Tulsi & Matt Gaetz, Biden & Trump Take A Pic, & Famous People Leave Twitter!

4 arrested in California car insurance scam: 'Clearly a human in a bear suit'

Silk Road Founder Trusts Trump To 'Honor His Pledge' For Commutation

"You DESERVED to LOSE the Senate, the House, and the Presidency!" - Jordan Peterson

"Grand Political Theatre"; FBI Raids Home Of Polymarket CEO; Seize Phone, Electronics

Schoolhouse Limbo: How Low Will Educators Go To Better Grades?

BREAKING: U.S. Army Officers Made a Desperate Attempt To Break Out of The Encirclement in KURSK

Trumps team drawing up list of Pentagon officers to fire, sources say

Israeli Military Planning To Stay in Gaza Through 2025

Hezbollah attacks Israeli army's Tel Aviv HQ twice in one day

People Can't Stop Talking About Elon's Secret Plan For MSNBC And CNN Is Totally Panicking

Tucker Carlson UNLOADS on Diddy, Kamala, Walz, Kimmel, Rich Girls, Conspiracy Theories, and the CIA!

"We have UFO technology that enables FREE ENERGY" Govt. Whistleblowers

They arrested this woman because her son did WHAT?

Parody Ad Features Company That Offers to Cryogenically Freeze Liberals for Duration of TrumpÂ’s Presidency

Elon and Vivek BEGIN Reforming Government, Media LOSES IT

Dear Border Czar: This Nonprofit Boasts A List Of 400 Companies That Employ Migrants

US Deficit Explodes: Blowout October Deficit Means 2nd Worst Start To US Fiscal Year On Record

Gaetz Resigns 'Effective Immediately' After Trump AG Pick; DC In Full Blown Panic

MAHA MEME

noone2222 and John Bolton sitting in a tree K I S S I N G

Donald Trump To Help Construct The Third Temple?

"The Elites Want To ROB Us of Our SOVEREIGNTY!" | Robert F Kennedy

Take Your Money OUT of THESE Banks NOW! - Jim Rickards

Trump Taps Tulsi Gabbard As Director Of National Intelligence

DC In Full Blown Panic After Trump Picks Matt Gaetz For Attorney General

Cleveland Clinic Warns Wave of Mass Deaths Will Wipe Out Covid-Vaxxed Within ‘5 Years’

Judah-ism is as Judah-ism does

Danger ahead: November 2024, Boston Dynamics introduces a fully autonomous "Atlas" robot. Robot humanoids are here.

Trump names [Fox News host] Pete Hegseth as his Defense secretary


Science/Tech
See other Science/Tech Articles

Title: No, North Korea DidnÂ’t Hack Sony
Source: [None]
URL Source: http://www.thedailybeast.com/articl ... th-korea-didn-t-hack-sony.html
Published: Dec 26, 2014
Author: staff
Post Date: 2014-12-26 09:36:51 by Ada
Keywords: None
Views: 101
Comments: 1

The FBI and the President may claim that the Hermit Kingdom is to blame for the most high-profile network breach in forever. But almost all signs point in another direction.

So, “The Interview” is to be released after all.

The news that the satirical movie—which revolves around a plot to murder Kim Jong-Un—will have a Christmas Day release as planned, will prompt renewed scrutiny of whether, as the US authorities have officially claimed, the cyber attack on Sony really was the work of an elite group of North Korean government hackers.

All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.

I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world's leading mobile security company, Cloudflare, I think I am worth hearing out.

The FBI was very clear in its press release about who it believed was responsible for the attack: “The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” they said in their December 19 statement, before adding, “the need to protect sensitive sources and methods precludes us from sharing all of this information”.

With that disclaimer in mind, let’s look at the evidence that the FBI are able to tell us about.

The first piece of evidence described in the FBI bulletin refers to the malware found while examining the Sony Picture’s network after the hack.

“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”

So, malware found in the course of investigating the Sony hack bears “strong” similarities to malware found in other attacks attributed to North Korea.

This may be the case—but it is not remotely plausible evidence that this attack was therefore orchestrated by North Korea.

The FBI is likely referring to two pieces of malware in particular, Shamoon, which targeted companies in the oil and energy sectors and was discovered in August 2012, and DarkSeoul, which on June 25, 2013, hit South Korea (it was the 63rd anniversary of the start of the Korean War).

Even if these prior attacks were co-ordinated by North Korea—and plenty of security experts including me doubt that—the fact that the same piece of malware appeared in the Sony hack is far from being convincing evidence that the same hackers were responsible. The source code for the original “Shamoon” malware is widely known to have leaked. Just because two pieces of malware share a common ancestry, it obviously does not mean they share a common operator. Increasingly, criminals actually lease their malware from a group that guarantees their malware against detection. Banking malware and certain “crimeware” kits have been using this model for years.

So the first bit of evidence is weak.

But the second bit of evidence given by the FBI is even more flimsy:

“The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.”

What they are saying is that the Internet addresses found after the Sony Picture attack are “known” addresses that had previously been used by North Korea in other cyberattacks.

To cyber security experts, the naivety of this statement beggars belief. Note to the FBI: Just because a system with a particular IP address was used for cybercrime doesn’t mean that from now on every time you see that IP address you can link it to cybercrime. Plus, while sometimes IPs can be “permanent”, at other times IPs last just a few seconds.

It isn’t the IP address that the FBI should be paying attention to. Rather it’s the server or service that’s behind it.

As with much of this investigation our information is somewhat limited. The FBI haven’t released all the evidence, so we have to go by what information is available publicly. Perhaps the most interesting and indeed relevant of this is the C2 (or Command and Control) addresses found in the malware. These addresses were used by whoever carried out the attack to control the malware and can be found in the malware code itself. They are: ● 202.131.222.102—Thailand

● 217.96.33.164—Poland

● 88.53.215.64—Italy

● 200.87.126.116—Bolivia

● 58.185.154.99—Singapore

● 212.31.102.100—Cyprus

● 208.105.226.235—USA

Taking a look at these addresses we find that all but one of them are public proxies. Furthermore, checking online IP reputation services reveals that they have been used by malware operators in the past. This isn’t in the least bit surprising: in order to avoid attribution cybercriminals routinely use things like proxies to conceal their connections. No sign of any North Koreans, just lots of common, or garden, internet cybercriminals.

It is this piece of evidence—freely available to anyone with an enquiring mind and a modicum of cyber security experience—which I believe that the FBI is so cryptically referring to when they talk about “additional evidence” they can’t reveal without compromising “national security”.

Essentially, we are being left in a position where we are expected to just take agency promises at face value. In the current climate, that is a big ask.

If we turn the debate around, and look at some evidence that the North Koreans might NOT be behind the Sony hack, the picture looks significantly clearer.

1. First of all, there is the fact that the attackers only brought up the anti- North Korean bias of “The Interview” after the media did—the film was never mentioned by the hackers right at the start of their campaign. In fact, it was only after a few people started speculating in the media that this and the communication from North Korea “might be linked” that suddenly it did get linked. My view is that the attackers saw this as an opportunity for “lulz”, and a way to misdirect everyone. (And wouldn’t you know it? The hackers are now saying it’s okay for Sony to release the movie, after all.) If everyone believes it’s a nation state, then the criminal investigation will likely die. It’s the perfect smokescreen.

2. The hackers dumped the data. Would a state with a keen understanding of the power of propaganda be so willing to just throw away such a trove of information? The mass dump suggests that whoever did this, their primary motivation was to embarrass Sony Pictures. They wanted to humiliate the company, pure and simple.

3. Blaming North Korea offers an easy way out for the many, many people who allowed this debacle to happen; from Sony Pictures management through to the security team that were defending Sony Picture’s network.

4. You don’t need to be a conspiracy theorist to see that blaming North Korea is quite convenient for the FBI and the current U.S. administration. It’s the perfect excuse to push through whatever new, strong, cyber-laws they feel are appropriate, safe in the knowledge that an outraged public is fairly likely to support them.

5. Hard-coded paths and passwords in the malware make it clear that whoever wrote the code had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s (just) plausible that a North Korean elite cyber unit could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of a pissed-off insider. Combine that with the details of several layoffs that Sony was planning and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.

I am no fan of the North Korean regime. However I believe that calling out a foreign nation over a cybercrime of this magnitude should never have been undertaken on such weak evidence.

The evidence used to attribute a nation state in such a case should be solid enough that it would be both admissible and effective in a court of law. As it stands, I do not believe we are anywhere close to meeting that standard.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Ada (#0)

I really must ask, who really gives a good shit ???

"Honest, April 15th is April Fools Day".

noone222  posted on  2014-12-26   9:42:57 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]