McClatchy reports: A North Carolina blogger who became a major propagandist for al Qaida before he was killed in a U.S. drone strike in Yemen, was a subject of close FBI surveillance for years and a much bigger concern for U.S. authorities than previously known, according to records obtained by McClatchy.
Samir Khan, 25, was a big enough worry while he lived in Charlotte, N.C., that before he disappeared in 2009, federal agents asked the FBI’s special forces unit, Hostage Rescue Team, to help with a likely arrest, the files show. But no arrest was made, and Khan disappeared, reemerging months later in Yemen where he launched an English-language al Qaida magazine, Inspire, that has been influential in radicalizing and recruiting extremists worldwide. He was killed Sept. 30, 2011.
Khan’s case, along with those of the perpetrators of attacks that include the Boston Marathon bombings and the Charlie Hebdo murders in Paris, reflects a new reality for those seeking to thwart terrorism: Many of the lone wolf-style attacks authorities fear most are the work of people already known to U.S. and international intelligence agencies.
Experts say future terrorists are becoming radicalized under the very noses of intelligence officials, who struggle to balance civil liberties with stopping potentially dangerous individuals now being referred to as “known wolves.” [Continue reading…]
Patrick G. Eggerton writes: Last fall, when Apple and Google announced they were cleaning up their operating systems to ensure that their users’ information was encrypted to prevent hacking and potential data loss, FBI Director James Comey attacked both companies. He claimed the encryption would cause the users to “place themselves above the law.”
The tech community fired back. “The only actions that have undermined the rule of law,” Ken Gude wrote in Wired, “are the government’s deceptive and secret mass-surveillance programs.”
The battle resumed in February 2015. Michael Steinbach, FBI assistant director for counterterrorism, said it is “irresponsible” for companies like Google and Apple to use software that denies the FBI lawful means to intercept data.
Yet the FBI does have a lawful means to intercept it: the Foreign Intelligence Surveillance Act. Its scope was vastly expanded by Congress in the wake of the 9/11 attacks.
It’s worth noting that the FBI never asked Congress to force tech companies to build “back doors” into their products immediately after the 9/11 attacks. Only after Google and Apple took steps to patch existing security vulnerabilities did the bureau suddenly express concern that terrorists might be exploiting this encryption.
In fact, the bureau has a host of legal authorities and technological capabilities at its disposal to intercept and read communications, or even to penetrate facilities or homes to implant audio and video recording devices. The larger problem confronting the FBI and the entire U.S. intelligence community is their over-reliance on electronic technical collection against terrorist targets. [Continue reading…]
In a conversation recorded by the storytelling project StoryCorps just last summer, Yusor Abu-Salha, a victim from the recent Chapel Hill shooting, described her experience of being an American.
The Washington Post reports: The FBI is opening an inquiry into the shootings of three young Muslims in Chapel Hill, N.C., a move that followed multiple calls this week for authorities to investigate the violence as a hate crime.
On Friday, President Obama issued a statement on “the brutal and outrageous murders,” saying that the FBI would look to see if federal laws were broken during the shooting.
“No one in the United States of America should ever be targeted because of who they are, what they look like, or how they worship,” Obama said.
Police are investigating the shootings of three people — newlyweds Deah Barakat, 23, and Yusor Mohammad Abu-Salha, 21, and her sister, Razan Mohammad Abu-Salha, 19 — on Tuesday afternoon at a housing complex near the University of North Carolina.
As the shooting has attracted global attention, Obama has been criticized for not speaking out about it sooner.
“If you stay silent when faced with an incident like this, and don’t make a statement, the world will stay silent towards you,” Turkish President Tayyip Erdogan said during a visit to Mexico on Thursday, according to Reuters.
The Embassy of Jordan in Washington said Friday that Alia Bouran, the country’s ambassador to the United States, went to North Carolina on Friday. Jordan’s foreign ministry issued a statement a day earlier saying that the sisters killed in Chapel Hill also had Jordanian citizenship.
While in North Carolina, Bouran met with the families of the victims and expressed the sympathies of Jordanian King Abdullah II. The embassy said Friday that it was “closely following the ongoing investigation” in North Carolina.
The FBI probe announced on Thursday stops short of being a full investigation, as had been reported in multiple media outlets since the inquiry was announced. Rather, it is a review that could ultimately become an investigation down the line. It was opened by the FBI, the Justice Department’s Civil Rights Division and the U.S. Attorney’s Office for the Middle district of North Carolina. [Continue reading…]
Reuters: A U.S. military court on Wednesday tried to assess whether government agents interfered with the trial of five men charged with the Sept. 11, 2001, attacks on the United States by spying on defenses attorneys and their clients.
The judge halted the pre-trial hearing at the Guantanamo Bay, Cuba, military prison on Monday after one of the defendants said his interpreter had worked at a secret CIA prison.
When the hearing resumed on Wednesday, defenses attorneys contended the Federal Bureau of Investigation and Central Intelligence Agency had planted Arabic interpreters on the defenses team, bugged conversations between the attorneys and their clients and questioned their support staff.
Alison Flood writes: Newly declassified documents from the FBI reveal how the US federal agency under J Edgar Hoover monitored the activities of dozens of prominent African American writers for decades, devoting thousands of pages to detailing their activities and critiquing their work.
Academic William Maxwell first stumbled upon the extent of the surveillance when he submitted a freedom of information request for the FBI file of Claude McKay. The Jamaican-born writer was a key figure in the Harlem Renaissance, author of the sonnet If We Must Die, supposedly recited by Winston Churchill, and Maxwell was preparing an edition of his complete poems. When the file came through from the FBI, it stretched to 193 pages and, said Maxwell, revealed “that the bureau had closely read and aggressively chased McKay” – describing him as a “notorious negro revolutionary” – “all across the Atlantic world, and into Moscow”.
Maxwell, associate professor of English and African American studies at Washington University in St Louis, decided to investigate further, knowing that other scholars had already found files on well-known black writers such as Langston Hughes and James Baldwin. He made 106 freedom of information requests about what he describes as “noteworthy Afro-modernists” to the FBI; 51 of those writers had files, ranging from three to 1,884 pages each. [Continue reading…]
Lyric R Cabral and David Felix Sutcliffe write: People think that catching terrorists is just a matter of finding them – but, just as often, terrorists are created by the people doing the chase.
While making our film (T)ERROR, which tracks a single counter-terrorism sting operation over seven months, we realized that most people have serious misconceptions about FBI counter-terrorism efforts. They assume that informants infiltrate terrorist networks and then provide the FBI with information about those networks in order to stop terrorist plots from being carried out. That’s not true in the vast majority of domestic terrorism cases.
Since 9/11, as Human Rights Watch and others have documented, the FBI has routinely used paid informants not to capture existing terrorists, but to cultivate them. Through elaborate sting operations, informants are directed to spend months – sometimes years – building relationships with targets, stoking their anger and offering ideas and incentives that encourage them to engage in terrorist activity. And the moment a target takes a decisive step forward, crossing the line from aspirational to operational, the FBI swoops in to arrest him. [Continue reading…]
After cybersleuth Barack Obama saw the evidence pointing at North Korea’s responsibility for the cyberattacks against Sony, “he had no doubt,” the New York Times melodramatically reports.
He had no doubt about what? That his intelligence analysts knew what they were talking about? Or that he too when presented with the same evidence was forced to reach the same conclusion?
I have no doubt that had Obama been told by those same advisers that North Korea was not behind the attacks, he would have accepted that conclusion. In other words, on matters about which he lacks the expertise to reach any conclusion, he relies on the expertise of others.
A journalist who tells us about the president having “no doubt” in such as situation is merely dressing up his narrative with some Hollywood-style commander-in-chief gravitas.
When one of the reporters in this case, David Sanger, is someone whose cozy ties to government extend to being “an old friend of many, many years” of Ashton Carter, whose nomination as the next Secretary of Defense is almost certain to be approved, you have to wonder whose interests he really serves. Those of his readership or those of the government?
Since Obama and the FBI went out on a limb by asserting that they had no doubt about North Korea’s role in the attacks, they have been under considerable pressure to provide some compelling evidence to back up their claim.
That evidence now comes courtesy of anonymous officials briefing the New York Times and another document from the Snowden trove of NSA documents.
Maybe the evidence really is conclusive, but there are still important unanswered questions.
For instance, as Arik Hesseldahl asks:
why, if the NSA had so fully penetrated North Korea’s cyber operations, did it not warn Sony that an attack of this magnitude was underway, one that apparently began as early as September.
Officials with the NSA and the White House did not immediately respond to requests for comment about the report. A Sony spokeswoman had no comment.
On the one hand we’re being told that the U.S. knew exactly who was behind the Sony attacks because the hackers were under close surveillance by the NSA, and yet at the same time we’re being told that although the NSA was watching the hackers it didn’t figure out what they were doing.
If Hollywood everyone decides to create a satire out of this, they’ll need to come up with a modern-day reworking of the kind of scene that would come straight out of Get Smart — the kind where Maxwell Smart, Agent 86, would be eavesdropping on conversation between his North Korean counterparts, the only problem being, that he doesn’t understand Korean.
The Times report refers to the North Korean hackers using an “attack base” in Shenyang, in north east China. This has been widely reported with the somewhat less cyber-sexy name of the Chilbosan Hotel whose use for these purposes has been known since 2004.
If the attackers wanted to avoid detection, it’s hard to understand why they would have operated out of a location that had been known about for that long and that could so easily be linked to North Korea.
It’s also hard to fathom that having developed its cyberattack capabilities over such an extended period, North Korea would want to risk so much just to try and prevent the release of The Interview.
Michael Daly claims that the regime “recognizes that Hollywood and American popular culture in general constitute a dire threat” — a threat that has apparently penetrated the Hermit Kingdom in the “especially popular” form of Desperate Housewives.
Daly goes on to assert:
a glimpse of Wisteria Lane is enough to give lie to the regime’s propaganda that North Koreans live in a worker’s paradise while its enemies suffer in grinding poverty, driven by envy to plot against Dear Leader.
Of course, as every American who has watched the show knows, Wisteria Lane represents anytown America and the cast could blend in unnoticed at any Walmart or shopping mall.
OK. I won’t deny that American propaganda is much more sophisticated than North Korea’s, but when an American journalist implies that Desperate Housewives offers ordinary North Koreans a glimpse into the lives of ordinary Americans, you have to ask: which population has been more perfectly been brainwashed?
In reality, the dire threat to the North Korean regime in terms of social impact comes not from American popular culture but from much closer: South Korean soap operas.
The Guardian reports: On the surface, she blended in very well. With a skull tattooed on her shoulder, a black-and-white keffiyeh around her neck, a shock of bright pink hair and her standard-issue dress of camouflage skirt and heavy boots, the energetic 17-year-old looked every bit the radical eco-activist she worked so hard to imitate.
But “Anna”, as she called herself, was no ordinary eco-protester. Really, she wasn’t one at all. She was an FBI informant under instructions to infiltrate fringe green groups and anti-capitalist networks and report back on their activities to the US government.
Now “Anna”, in her role at the center of a high-profile prosecution of alleged eco-terrorists in 2006-7, has been put under the spotlight following the embarrassing admission by the US Department of Justice that it failed to disclose crucial documents to defence attorneys at trial.
On Thursday, Eric McDavid, a radical green activist aged 37, was allowed to walk free after having served nine years of a 19-year federal prison sentence. Prosecutors had alleged that he was the ringleader in a small cell of eco-terrorists connected to the Earth Liberation Front (ELF) conspiring to bomb the Nimbus Dam in California, cellphone towers, science labs and other targets.
Last week’s dramatic scenes in a courtroom in Sacramento, California, have focused attention on the FBI’s use of undercover informants and prompted claims that the agency lured unsuspecting activists into criminal activity through blatant entrapment. [Continue reading…]
The Washington Post reports: For months and months, former CBS News investigative correspondent Sharyl Attkisson played an agonizing game of brinkmanship regarding her privacy: She strongly suggested that the federal government was behind a series of intrusions into her personal and work computers, though she has consistently hedged her wording to allow some wiggle room. In May 2013, for example, she told a Philadelphia radio host that there could be “some relationship” between her technology intrusions and the government snooping on Fox News reporter James Rosen. And in her book “Stonewalled,” she cites a source as saying that the breaches originated from a “sophisticated entity that used commercial, nonattributable spyware that’s proprietary to a government agency: either the CIA, FBI, the Defense Intelligence Agency, or the National Security Agency (NSA).”
No more wiggling around. Attkisson has filed a lawsuit in D.C. Superior Court, alleging the U.S. government’s “unauthorized and illegal surveillance of the Plaintiff’s laptop computers and telephones from 2011-2013.” The suit lists as plaintiffs Attkisson, who resigned from CBS last year, her husband, James Attkisson, and daughter Sarah Judith Starr Attkisson. Defendants include Attorney General Eric Holder and Postmaster General Patrick Donahoe as well as “UNKNOWN NAMED AGENTS OF the UNITED STATES, in their individual capacities.” Those folks, the suit alleges, violated several constitutional rights, including freedom of the press, freedom of expression and freedom from “unreasonable searches and seizures.”
The complaint lays out a narrative familiar to close readers of “Stonewalled.” It speaks of Attkisson’s work for CBS throughout 2011 in uncovering facts about the U.S. government’s “Fast and Furious” gun-walking operation. Roundabout mid- to late-2011, notes the complaint, the Attkissons “began to notice anomalies” in how various electronic devices were operating in the household. “These anomalies included a work Toshiba laptop computer and a family Apple desktop computer turning on and off at night without input from anyone in the household, the house alarm chirping daily at difference times, often indicating ‘phone line trouble,’ and television problems, including interference,” notes the complaint. [Continue reading…]
Bruce Schneier writes: If anything should disturb you about the Sony hacking incidents and subsequent denial-of-service attack against North Korea, it’s that we still don’t know who’s behind any of it. The FBI said in December that North Korea attacked Sony. I and others have serious doubts. There’s countervailing evidence to suggest that the culprit may have been a Sony insider or perhaps Russian nationals.
No one has admitted taking down North Korea’s Internet. It could have been an act of retaliation by the U.S. government, but it could just as well have been an ordinary DDoS attack. The follow-on attack against Sony PlayStation definitely seems to be the work of hackers unaffiliated with a government.
Not knowing who did what isn’t new. It’s called the “attribution problem,” and it plagues Internet security. But as governments increasingly get involved in cyberspace attacks, it has policy implications as well. [Continue reading…]
The New York Times reports: The F.B.I. is subjecting hundreds of its employees who were born overseas or have relatives or friends there to an aggressive internal surveillance program that started after Sept. 11, 2001, to prevent foreign spies from coercing newly hired linguists but that has been greatly expanded since then.
The program has drawn criticism from F.B.I. linguists, agents and other personnel with foreign language and cultural skills, and with ties abroad. They complain they are being discriminated against by a secretive “risk-management” plan that the agency uses to guard against espionage. This limits their assignments and stalls their careers, according to several employees and their lawyers.
Employees in the program — called the Post-Adjudication Risk Management plan, or PARM — face more frequent security interviews, polygraph tests, scrutiny of personal travel, and reviews of, in particular, electronic communications and files downloaded from databases.
Some of these employees, including Middle Eastern and Asian personnel who have been hired to fill crucial intelligence and counterterrorism needs, say they are being penalized for possessing the very skills and background that got them hired. They are notified about their inclusion in the program and the extra security requirements, but are not told precisely why they have been placed in it and apparently have no appeal or way out short of severing all ties with family and friends abroad. [Continue reading…]
The Los Angeles Times reports: Federal authorities insist that the North Korean government is behind the cyberattack on Sony Pictures Entertainment.
Cybersecurity experts? Many are not convinced.
From the time the hack became public Nov. 24, many of these experts have voiced their suspicions that a disgruntled Sony Pictures insider was involved.
Respected voices in the online security and anti-hacking community say the evidence presented publicly by the FBI is not enough to draw firm conclusions.
They argue that the connections between the Sony hack and the North Korean government amount to circumstantial evidence. Further, they say the level of the breach indicates an intimate knowledge of Sony’s computer systems that could have come from someone on the inside.
This week, prominent San Mateo, Calif., cybersecurity firm Norse Corp. — whose clients include government agencies, financial institutions and technology companies — briefed law enforcement officials on evidence it collected that pointed toward an inside job.
“We can’t find any indication that North Korea either ordered, masterminded or funded this attack,” Kurt Stammberger, a senior vice president at Norse, said in an interview with The Times. Although conceding that his findings were not conclusive, Stammberger added: “Nobody has been able to find a credible connection to the North Korean government.”
Stammberger said a team of nine analysts dug through data including Norse’s worldwide network of millions of Web sensors, internal Sony documents and underground hacker chat rooms. Leads suggesting North Korea as the culprit turned out to be red herrings and dead ends, he said.
Instead, the data pointed to a former employee who may have collaborated with outside hackers. The employee, who left the studio in a May restructuring, had the qualifications and access necessary to carry out the crime, according to Stammberger.
Moreover, names of company servers and passwords were programmed into the malware that infiltrated the studio’s network, suggesting hackers had inside knowledge of the studio’s systems, Stammberger said. [Continue reading…]
Reuters reports: U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.
As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, the official said, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work. The official was not authorized to speak on the record about the investigation. [Continue reading…]
Given that The Intercept is a publication that trumpets its commitment to fearless journalism, you’d think they’d be all over the Sony hack story. National security threats, hacking, corporate power, cyberattacks — aren’t these more than enough ingredients for some hard-hitting investigative journalism?
Instead we get Jana Winter (who before moving to The Intercept was a reporter at FoxNews.com for six years) recycling an old narrative about governmental negligence: “FBI warned Year Ago of impending Malware Attacks — But Didn’t Share Info with Sony.”
Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack.
But the FBI never sent Sony the report.
The Dec. 13, 2013 FBI Intelligence Assessment, “Potential Impacts of a Data-Destruction Malware Attack on a U.S. Critical Infrastructure Company’s Network,” warned that companies “must become prepared for the increasing possibility they could become victim to a data destruction cyber attack.”
How could Sony have been adequately prepared to meet this threat if the FBI had neglected to send them their report?!
Urrr… maybe Sony’s global chief information security officer Philip Reitinger knew something about the risks of a data destruction cyber attack. After all, directly before moving to Sony in 2011, Reitinger had been Deputy Under Secretary of the National Protection and Programs Directorate (NPPD) and Director of the National Cyber Security Center (NCSC) at the United States Department of Homeland Security. It seems likely that one way or another, Reitinger saw the FBI report.
Winter closes her “report” by quoting a source within the “information security industry” who said: “The question is, who dropped the ball?”
The Intercept in its headline and paragraph two doesn’t hesitate to answer that “question”: The FBI.
This is really a bizarrely irrelevant narrative to be spinning, given that there has already been so much reporting on Sony’s own negligence in handling cyber-security.
Winter makes the dubious assertion that in the eyes of the U.S. government, Sony is part of this nation’s “critical infrastructure” — the implication apparently being that the FBI is responsible for safeguarding the company’s cyber-security standards.
For The Intercept to want to portray the Sony story as a story about the failings of the U.S. government, is perhaps to be expected, given the ideological straightjacket inside which the publication remains trapped.
But maybe I’m just being cynical in thinking that there might be another explanation: that Glenn Greenwald hasn’t abandoned all hope Sony will produce his Snowden movie — even though a leaked November 14 email from Sony executive Doug Belgrad wrote that the Greenwald project “is unlikely to happen” — and so doesn’t want to embarrass his commercial partner.
Even if the Snowden movie has no bearing here, there is a deeper philosophical problem that the Sony hack story presents to The Intercept and everyone with a visceral fear of government.
American companies, fully aware of the government’s data collection capabilities want to see a more proactive partnership between the public and private sectors to improve information security and thwart cyberattacks. At the same time, libertarians and much of the public at large want to see these capabilities reined in, and businesses themselves don’t want to be burdened by overregulation.
Much as free-market economics promotes a myth of a self-balancing system that functions most efficiently by suffering the least governmental interference, the information economy sustains similar myths about its ability to self-organize.
But on the cyber frontier, threats from the likes of North Korea are probably smaller than those posed by agents whose identities remain forever concealed and whose motives may be as difficult to discern.
This year, hackers caused “massive damage” to a steel factory in Germany by gaining access to control systems that would have generally been expected to be physically separated from the internet, yet the emerging Internet of Things in which as many as 30 billion devices are expected to be connected by the end of the decade, suggests that physically destructive cyberattacks are destined to become much more commonplace.
The politics of information security right now favors an approach in which everyone is expected to maintain their own systems of fortification and yet the protection of collective interests may demand that we live in a world where there is much greater data transparency.
As things stand right now on the information highways, none of the vehicles are licensed, no one has insurance, most of the drivers are robots, and most of the robots are employed by crooks.
CBS News reports: Cybersecurity experts are questioning the FBI’s claim that North Korea is responsible for the hack that crippled Sony Pictures. Kurt Stammberger, a senior vice president with cybersecurity firm Norse, told CBS News his company has data that doubts some of the FBI’s findings.
While Norse is not involved in the Sony case, it has done its own investigation.
“We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history,” said Stammberger.
He says Norse data is pointing towards a woman who calls herself “Lena” and claims to be connected with the so-called “Guardians of Peace” hacking group. Norse believes it’s identified this woman as someone who worked at Sony in Los Angeles for ten years until leaving the company this past May. [Continue reading…]
The New York Times adds: A number of private security researchers are increasingly voicing doubts that the hack of Sony’s computer systems was the work of North Korea.
President Obama and the F.B.I. last week accused North Korea of targeting Sony and pledged a “proportional response” just hours before North Korea’s Internet went dark without explanation. But security researchers remain skeptical, with some even likening the government’s claims to those of the Bush administration in the build-up to the Iraq war.
Fueling their suspicions is the fact that the government based its findings, in large part, on evidence that it will not release, citing the “need to protect sensitive sources and methods.” The government has never publicly acknowledged doing so, but the National Security Agency has begun a major effort to penetrate North Korean computer networks.
Because attributing the source of a cyberattack is so difficult, the government has been reluctant to do so except in the rarest of circumstances. So the decision to have President Obama charge that North Korea was behind the Sony hack suggested there is some form of classified evidence that is more conclusive than the indicators that the F.B.I. made public on Friday. “It’s not a move we made lightly,” one senior administration official said after Mr. Obama spoke.
Still, security researchers say they need more proof. “Essentially, we are being left in a position where we are expected to just take agency promises at face value,” Marc Rogers, a security researcher at CloudFlare, the mobile security company, wrote in a post Wednesday. “In the current climate, that is a big ask.”
Mr. Rogers, who doubles as the director of security operations for DefCon, an annual hacker convention, and others like Bruce Schneier, a prominent cryptographer and blogger, have been mining the meager evidence that has been publicly circulated, and argue that it is hardly conclusive. [Continue reading…]
Marc Rogers writes: All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.
I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company, Cloudflare, I think I am worth hearing out.
The FBI was very clear in its press release about who it believed was responsible for the attack: “The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” they said in their December 19 statement, before adding, “the need to protect sensitive sources and methods precludes us from sharing all of this information”.
With that disclaimer in mind, let’s look at the evidence that the FBI are able to tell us about. [Continue reading…]
Bruce Schneier writes: I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.
Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.
In reality, there are several possibilities to consider: [Continue reading…]
Why would the FBI say it has “enough information to conclude that the North Korean government is responsible for these actions,” if that’s not really true?
Firstly, the FBI and the U.S. government as a whole is always reluctant to present itself as ignorant. Presenting itself as having privileged access to secret information is something every government does in order to bolster its image of power. The FBI can’t tell us exactly how it knows what it claims to know because “the need to protect sensitive sources and methods precludes us from sharing all of this information” — trust us; we know; we’re the FBI.
Secondly, the only way that North Korea can convincingly refute the accusation is to identify the real culprits — and they have no means of doing that.
Given the appalling reputation of the leaders of the hermit kingdom, there is a prevailing assumption of guilt even in the absence of compelling evidence, which makes the FBI’s accusation an easy sell.
Sean Gallagher recently wrote: “Based on the amount of data stolen, and the nature of the malware itself, it’s likely the attackers had physical access to the network and that the attack may have been ongoing for months…”
Are we to imagine that North Korea not only instigated the attack but was also able to recruit inside collaboration?
I can see this as central to the plot that numerous Hollywood screenwriters must currently be working on for a blockbuster thriller about how an evil dictator tries to destroy Hollywood, but I can’t really see it in real life.
Michael Hiltzik writes:
The North Korea/”Interview” narrative is comforting in several ways. It feeds into the tendency to attribute almost God-like capabilities to an adversary, especially a secretive one; that’s very much a scenario favored by Hollywood. (Think of the all-time definitive James Bond movie line, from “Dr. No”: “World domination–same old dream.”) And it helps Sony executives deflect blame — how could anyone expect them to defend against an attack by such a sinister, all-powerful enemy? You can expect to see more coverage, like this piece from CNN, about North Korea’s shadowy “Bureau 121,” purportedly its Cyberattack Central.
There are great dangers in mistaken attribution — it shifts attention from the real perpetrators, for one thing. A counterattack against North Korea could needlessly provoke the regime, wrecking the few diplomatic initiatives taking place.
Here’s a rundown of the counter-narrative.
–“Whitehat” hacker and security expert Marc W. Rogers argues that the pattern of the attack implies that the attackers “had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time … Occam’s razor suggests the simpler explanation of an insider,” perhaps one out for workplace revenge. (N.B. “Occam’s razor” is the principle that the simplest explanation for something is often the best.)
–The assertion that the attack was uniquely sophisticated, which is an element of the accusation against North Korea, is both untrue and incompatible with the North Korea narrative. It presupposes that a nation-state without a native computer infrastructure could launch an unprecedented assault. More to the point, very similar hacking technology has been used in earlier hacks in Saudi Arabia and elsewhere. The consulting firm Risk Based Security has a discussion of these and other aspects of the Sony affair.
It’s worth noting that Risk Based Security’s team isn’t entirely convinced by the FBI statement. In an update to their commentary Friday, they observed that the agency has “not released any evidence to back these claims.” They add: “While the FBI certainly has many skilled investigators, they are not infallible. Remember, this agency represents the same government that firmly stated that Iraq had weapons of mass destruction, leading the U.S. into a more than ten year conflict, which was later disproven.
Finally, Caroline Baylon from Chatham House, in an interview with ITN, laid out the reasons why the North Korean government was probably not behind the hack: