Category Archives: Department of Justice

Hearing for accused 9/11 plotters weighs alleged government meddling

Reuters: A U.S. military court on Wednesday tried to assess whether government agents interfered with the trial of five men charged with the Sept. 11, 2001, attacks on the United States by spying on defenses attorneys and their clients.

The judge halted the pre-trial hearing at the Guantanamo Bay, Cuba, military prison on Monday after one of the defendants said his interpreter had worked at a secret CIA prison.

When the hearing resumed on Wednesday, defenses attorneys contended the Federal Bureau of Investigation and Central Intelligence Agency had planted Arabic interpreters on the defenses team, bugged conversations between the attorneys and their clients and questioned their support staff.

Facebooktwittermail

FBI monitored and critiqued African American writers for decades

Alison Flood writes: Newly declassified documents from the FBI reveal how the US federal agency under J Edgar Hoover monitored the activities of dozens of prominent African American writers for decades, devoting thousands of pages to detailing their activities and critiquing their work.

Academic William Maxwell first stumbled upon the extent of the surveillance when he submitted a freedom of information request for the FBI file of Claude McKay. The Jamaican-born writer was a key figure in the Harlem Renaissance, author of the sonnet If We Must Die, supposedly recited by Winston Churchill, and Maxwell was preparing an edition of his complete poems. When the file came through from the FBI, it stretched to 193 pages and, said Maxwell, revealed “that the bureau had closely read and aggressively chased McKay” – describing him as a “notorious negro revolutionary” – “all across the Atlantic world, and into Moscow”.

Maxwell, associate professor of English and African American studies at Washington University in St Louis, decided to investigate further, knowing that other scholars had already found files on well-known black writers such as Langston Hughes and James Baldwin. He made 106 freedom of information requests about what he describes as “noteworthy Afro-modernists” to the FBI; 51 of those writers had files, ranging from three to 1,884 pages each. [Continue reading…]

Facebooktwittermail

Too big to jail — when justice deferred is justice denied

Jed S. Rakoff writes: So-called “deferred prosecutions” were developed in the 1930s as a way of helping juvenile offenders. A juvenile who had been charged with a crime would agree with the prosecutor to have his prosecution deferred while he entered a program designed to rehabilitate such offenders. If he successfully completed the program and committed no other crime over the course of a year, the charge would then be dropped.


The analogy of a Fortune 500 company to a juvenile delinquent is, perhaps, less than obvious. Nonetheless, beginning in the early 1990s and with increasing frequency thereafter, federal prosecutors began entering into “deferred prosecution” agreements with major corporations and large financial institutions. In the typical arrangement, the government agreed to defer prosecuting the company for various federal felonies if the company, in addition to paying a financial penalty, agreed to introduce various “prophylactic” measures designed to prevent future such crimes and to “rehabilitate” the company’s “culture.” The crimes for which prosecution was thus deferred included felony violations of the securities laws, banking laws, antitrust laws, anti-money-laundering laws, food and drug laws, foreign corrupt practices laws, and numerous provisions of the general federal criminal code.

The intellectual origins of this approach to corporate crime can be traced back at least to the 1980s, when various academics suggested that the best way to deter “crime in the suites” was to foster a culture within companies of acting ethically and responsibly. In practice, this meant encouraging companies not only to provide in-house ethical training but also to enlarge their internal compliance programs, so that responsible behavior would be praised and misconduct policed. The approach found favor not just with some corporations (notably General Electric under the guidance of its then general counsel, Ben Heineman), but also with the US Sentencing Commission, which, in promulgating the Corporate Sentencing Guidelines in 1991, made the overall adequacy of a company’s prior internal compliance programs the most important factor in reducing (by as much as 60 percent) the size of the fine to be imposed on a company found guilty of a federal criminal violation. [Continue reading…]

Facebooktwittermail

How the FBI trains terrorists

Lyric R Cabral and David Felix Sutcliffe write: People think that catching terrorists is just a matter of finding them – but, just as often, terrorists are created by the people doing the chase.

While making our film (T)ERROR, which tracks a single counter-terrorism sting operation over seven months, we realized that most people have serious misconceptions about FBI counter-terrorism efforts. They assume that informants infiltrate terrorist networks and then provide the FBI with information about those networks in order to stop terrorist plots from being carried out. That’s not true in the vast majority of domestic terrorism cases.

Since 9/11, as Human Rights Watch and others have documented, the FBI has routinely used paid informants not to capture existing terrorists, but to cultivate them. Through elaborate sting operations, informants are directed to spend months – sometimes years – building relationships with targets, stoking their anger and offering ideas and incentives that encourage them to engage in terrorist activity. And the moment a target takes a decisive step forward, crossing the line from aspirational to operational, the FBI swoops in to arrest him. [Continue reading…]

Facebooktwittermail

NSA on and off the trail of the Sony hackers

After cybersleuth Barack Obama saw the evidence pointing at North Korea’s responsibility for the cyberattacks against Sony, “he had no doubt,” the New York Times melodramatically reports.

He had no doubt about what? That his intelligence analysts knew what they were talking about? Or that he too when presented with the same evidence was forced to reach the same conclusion?

I have no doubt that had Obama been told by those same advisers that North Korea was not behind the attacks, he would have accepted that conclusion. In other words, on matters about which he lacks the expertise to reach any conclusion, he relies on the expertise of others.

A journalist who tells us about the president having “no doubt” in such as situation is merely dressing up his narrative with some Hollywood-style commander-in-chief gravitas.

When one of the reporters in this case, David Sanger, is someone whose cozy ties to government extend to being “an old friend of many, many years” of Ashton Carter, whose nomination as the next Secretary of Defense is almost certain to be approved, you have to wonder whose interests he really serves. Those of his readership or those of the government?

Since Obama and the FBI went out on a limb by asserting that they had no doubt about North Korea’s role in the attacks, they have been under considerable pressure to provide some compelling evidence to back up their claim.

That evidence now comes courtesy of anonymous officials briefing the New York Times and another document from the Snowden trove of NSA documents.

Maybe the evidence really is conclusive, but there are still important unanswered questions.

For instance, as Arik Hesseldahl asks:

why, if the NSA had so fully penetrated North Korea’s cyber operations, did it not warn Sony that an attack of this magnitude was underway, one that apparently began as early as September.

Officials with the NSA and the White House did not immediately respond to requests for comment about the report. A Sony spokeswoman had no comment.

On the one hand we’re being told that the U.S. knew exactly who was behind the Sony attacks because the hackers were under close surveillance by the NSA, and yet at the same time we’re being told that although the NSA was watching the hackers it didn’t figure out what they were doing.

If Hollywood everyone decides to create a satire out of this, they’ll need to come up with a modern-day reworking of the kind of scene that would come straight out of Get Smart — the kind where Maxwell Smart, Agent 86, would be eavesdropping on conversation between his North Korean counterparts, the only problem being, that he doesn’t understand Korean.

The Times report refers to the North Korean hackers using an “attack base” in Shenyang, in north east China. This has been widely reported with the somewhat less cyber-sexy name of the Chilbosan Hotel whose use for these purposes has been known since 2004.

If the attackers wanted to avoid detection, it’s hard to understand why they would have operated out of a location that had been known about for that long and that could so easily be linked to North Korea.

It’s also hard to fathom that having developed its cyberattack capabilities over such an extended period, North Korea would want to risk so much just to try and prevent the release of The Interview.

Michael Daly claims that the regime “recognizes that Hollywood and American popular culture in general constitute a dire threat” — a threat that has apparently penetrated the Hermit Kingdom in the “especially popular” form of Desperate Housewives.

Daly goes on to assert:

a glimpse of Wisteria Lane is enough to give lie to the regime’s propaganda that North Koreans live in a worker’s paradise while its enemies suffer in grinding poverty, driven by envy to plot against Dear Leader.

Of course, as every American who has watched the show knows, Wisteria Lane represents anytown America and the cast could blend in unnoticed at any Walmart or shopping mall.

OK. I won’t deny that American propaganda is much more sophisticated than North Korea’s, but when an American journalist implies that Desperate Housewives offers ordinary North Koreans a glimpse into the lives of ordinary Americans, you have to ask: which population has been more perfectly been brainwashed?

In reality, the dire threat to the North Korean regime in terms of social impact comes not from American popular culture but from much closer: South Korean soap operas.

Facebooktwittermail

Role of FBI informant in eco-terrorism case probed after documents hint at entrapment

The Guardian reports: On the surface, she blended in very well. With a skull tattooed on her shoulder, a black-and-white keffiyeh around her neck, a shock of bright pink hair and her standard-issue dress of camouflage skirt and heavy boots, the energetic 17-year-old looked every bit the radical eco-activist she worked so hard to imitate.

But “Anna”, as she called herself, was no ordinary eco-protester. Really, she wasn’t one at all. She was an FBI informant under instructions to infiltrate fringe green groups and anti-capitalist networks and report back on their activities to the US government.

Now “Anna”, in her role at the center of a high-profile prosecution of alleged eco-terrorists in 2006-7, has been put under the spotlight following the embarrassing admission by the US Department of Justice that it failed to disclose crucial documents to defence attorneys at trial.

On Thursday, Eric McDavid, a radical green activist aged 37, was allowed to walk free after having served nine years of a 19-year federal prison sentence. Prosecutors had alleged that he was the ringleader in a small cell of eco-terrorists connected to the Earth Liberation Front (ELF) conspiring to bomb the Nimbus Dam in California, cellphone towers, science labs and other targets.

Last week’s dramatic scenes in a courtroom in Sacramento, California, have focused attention on the FBI’s use of undercover informants and prompted claims that the agency lured unsuspecting activists into criminal activity through blatant entrapment. [Continue reading…]

Facebooktwittermail

NYT reporter prevails in three-year fight over CIA leak

Bloomberg: New York Times reporter James Risen prevailed over the U.S. government in its three-year effort to force him to testify at trial about a confidential source as part of a CIA leak prosecution.

The request by prosecutors that Risen be dropped as a witness capped a longer battle to avoid revealing his sources. The fight reached the U.S. Supreme Court, focusing attention on the Obama administration’s aggressive pursuit of leaks. U.S. Attorney General Eric Holder reacted to the controversy by issuing guidelines last year restricting the use of subpoenas and search warrants for journalists.

Risen told a judge Jan. 5 he wouldn’t answer questions that could help identify the sources for his report on a bungled Central Intelligence Agency program to give Iran false nuclear weapon development data.

Facebooktwittermail

Former CBS News reporter sues U.S. government over computer intrusions

The Washington Post reports: For months and months, former CBS News investigative correspondent Sharyl Attkisson played an agonizing game of brinkmanship regarding her privacy: She strongly suggested that the federal government was behind a series of intrusions into her personal and work computers, though she has consistently hedged her wording to allow some wiggle room. In May 2013, for example, she told a Philadelphia radio host that there could be “some relationship” between her technology intrusions and the government snooping on Fox News reporter James Rosen. And in her book “Stonewalled,” she cites a source as saying that the breaches originated from a “sophisticated entity that used commercial, nonattributable spyware that’s proprietary to a government agency: either the CIA, FBI, the Defense Intelligence Agency, or the National Security Agency (NSA).”

No more wiggling around. Attkisson has filed a lawsuit in D.C. Superior Court, alleging the U.S. government’s “unauthorized and illegal surveillance of the Plaintiff’s laptop computers and telephones from 2011-2013.” The suit lists as plaintiffs Attkisson, who resigned from CBS last year, her husband, James Attkisson, and daughter Sarah Judith Starr Attkisson. Defendants include Attorney General Eric Holder and Postmaster General Patrick Donahoe as well as “UNKNOWN NAMED AGENTS OF the UNITED STATES, in their individual capacities.” Those folks, the suit alleges, violated several constitutional rights, including freedom of the press, freedom of expression and freedom from “unreasonable searches and seizures.”

The complaint lays out a narrative familiar to close readers of “Stonewalled.” It speaks of Attkisson’s work for CBS throughout 2011 in uncovering facts about the U.S. government’s “Fast and Furious” gun-walking operation. Roundabout mid- to late-2011, notes the complaint, the Attkissons “began to notice anomalies” in how various electronic devices were operating in the household. “These anomalies included a work Toshiba laptop computer and a family Apple desktop computer turning on and off at night without input from anyone in the household, the house alarm chirping daily at difference times, often indicating ‘phone line trouble,’ and television problems, including interference,” notes the complaint. [Continue reading…]

Facebooktwittermail

We still don’t know who hacked Sony

Bruce Schneier writes: If anything should disturb you about the Sony hacking incidents and subsequent denial-of-service attack against North Korea, it’s that we still don’t know who’s behind any of it. The FBI said in December that North Korea attacked Sony. I and others have serious doubts. There’s countervailing evidence to suggest that the culprit may have been a Sony insider or perhaps Russian nationals.

No one has admitted taking down North Korea’s Internet. It could have been an act of retaliation by the U.S. government, but it could just as well have been an ordinary DDoS attack. The follow-on attack against Sony PlayStation definitely seems to be the work of hackers unaffiliated with a government.

Not knowing who did what isn’t new. It’s called the “attribution problem,” and it plagues Internet security. But as governments increasingly get involved in cyberspace attacks, it has policy implications as well. [Continue reading…]

Facebooktwittermail

Xenophobia inside the FBI

The New York Times reports: The F.B.I. is subjecting hundreds of its employees who were born overseas or have relatives or friends there to an aggressive internal surveillance program that started after Sept. 11, 2001, to prevent foreign spies from coercing newly hired linguists but that has been greatly expanded since then.

The program has drawn criticism from F.B.I. linguists, agents and other personnel with foreign language and cultural skills, and with ties abroad. They complain they are being discriminated against by a secretive “risk-management” plan that the agency uses to guard against espionage. This limits their assignments and stalls their careers, according to several employees and their lawyers.

Employees in the program — called the Post-Adjudication Risk Management plan, or PARM — face more frequent security interviews, polygraph tests, scrutiny of personal travel, and reviews of, in particular, electronic communications and files downloaded from databases.

Some of these employees, including Middle Eastern and Asian personnel who have been hired to fill crucial intelligence and counterterrorism needs, say they are being penalized for possessing the very skills and background that got them hired. They are notified about their inclusion in the program and the extra security requirements, but are not told precisely why they have been placed in it and apparently have no appeal or way out short of severing all ties with family and friends abroad. [Continue reading…]

Facebooktwittermail

Sony insider — not North Korea — likely involved in hack, experts say

The Los Angeles Times reports: Federal authorities insist that the North Korean government is behind the cyberattack on Sony Pictures Entertainment.

Cybersecurity experts? Many are not convinced.

From the time the hack became public Nov. 24, many of these experts have voiced their suspicions that a disgruntled Sony Pictures insider was involved.

Respected voices in the online security and anti-hacking community say the evidence presented publicly by the FBI is not enough to draw firm conclusions.

They argue that the connections between the Sony hack and the North Korean government amount to circumstantial evidence. Further, they say the level of the breach indicates an intimate knowledge of Sony’s computer systems that could have come from someone on the inside.

This week, prominent San Mateo, Calif., cybersecurity firm Norse Corp. — whose clients include government agencies, financial institutions and technology companies — briefed law enforcement officials on evidence it collected that pointed toward an inside job.

“We can’t find any indication that North Korea either ordered, masterminded or funded this attack,” Kurt Stammberger, a senior vice president at Norse, said in an interview with The Times. Although conceding that his findings were not conclusive, Stammberger added: “Nobody has been able to find a credible connection to the North Korean government.”

Stammberger said a team of nine analysts dug through data including Norse’s worldwide network of millions of Web sensors, internal Sony documents and underground hacker chat rooms. Leads suggesting North Korea as the culprit turned out to be red herrings and dead ends, he said.

Instead, the data pointed to a former employee who may have collaborated with outside hackers. The employee, who left the studio in a May restructuring, had the qualifications and access necessary to carry out the crime, according to Stammberger.

Moreover, names of company servers and passwords were programmed into the malware that infiltrated the studio’s network, suggesting hackers had inside knowledge of the studio’s systems, Stammberger said. [Continue reading…]

Facebooktwittermail

FBI’s weak case against North Korea on Sony hacking gets weaker

Reuters reports: U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.

As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, the official said, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work. The official was not authorized to speak on the record about the investigation. [Continue reading…]

Facebooktwittermail

The Sony hack, fearless journalism and conflicts of interest

Given that The Intercept is a publication that trumpets its commitment to fearless journalism, you’d think they’d be all over the Sony hack story. National security threats, hacking, corporate power, cyberattacks — aren’t these more than enough ingredients for some hard-hitting investigative journalism?

Apparently not.

Instead we get Jana Winter (who before moving to The Intercept was a reporter at FoxNews.com for six years) recycling an old narrative about governmental negligence: “FBI warned Year Ago of impending Malware Attacks — But Didn’t Share Info with Sony.”

Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack.

But the FBI never sent Sony the report.

The Dec. 13, 2013 FBI Intelligence Assessment, “Potential Impacts of a Data-Destruction Malware Attack on a U.S. Critical Infrastructure Company’s Network,” warned that companies “must become prepared for the increasing possibility they could become victim to a data destruction cyber attack.”

How could Sony have been adequately prepared to meet this threat if the FBI had neglected to send them their report?!

Urrr… maybe Sony’s global chief information security officer Philip Reitinger knew something about the risks of a data destruction cyber attack. After all, directly before moving to Sony in 2011, Reitinger had been Deputy Under Secretary of the National Protection and Programs Directorate (NPPD) and Director of the National Cyber Security Center (NCSC) at the United States Department of Homeland Security. It seems likely that one way or another, Reitinger saw the FBI report.

Winter closes her “report” by quoting a source within the “information security industry” who said: “The question is, who dropped the ball?”

The Intercept in its headline and paragraph two doesn’t hesitate to answer that “question”: The FBI.

This is really a bizarrely irrelevant narrative to be spinning, given that there has already been so much reporting on Sony’s own negligence in handling cyber-security.

Winter makes the dubious assertion that in the eyes of the U.S. government, Sony is part of this nation’s “critical infrastructure” — the implication apparently being that the FBI is responsible for safeguarding the company’s cyber-security standards.

For The Intercept to want to portray the Sony story as a story about the failings of the U.S. government, is perhaps to be expected, given the ideological straightjacket inside which the publication remains trapped.

But maybe I’m just being cynical in thinking that there might be another explanation: that Glenn Greenwald hasn’t abandoned all hope Sony will produce his Snowden movie — even though a leaked November 14 email from Sony executive Doug Belgrad wrote that the Greenwald project “is unlikely to happen” — and so doesn’t want to embarrass his commercial partner.

Even if the Snowden movie has no bearing here, there is a deeper philosophical problem that the Sony hack story presents to The Intercept and everyone with a visceral fear of government.

American companies, fully aware of the government’s data collection capabilities want to see a more proactive partnership between the public and private sectors to improve information security and thwart cyberattacks. At the same time, libertarians and much of the public at large want to see these capabilities reined in, and businesses themselves don’t want to be burdened by overregulation.

Much as free-market economics promotes a myth of a self-balancing system that functions most efficiently by suffering the least governmental interference, the information economy sustains similar myths about its ability to self-organize.

But on the cyber frontier, threats from the likes of North Korea are probably smaller than those posed by agents whose identities remain forever concealed and whose motives may be as difficult to discern.

This year, hackers caused “massive damage” to a steel factory in Germany by gaining access to control systems that would have generally been expected to be physically separated from the internet, yet the emerging Internet of Things in which as many as 30 billion devices are expected to be connected by the end of the decade, suggests that physically destructive cyberattacks are destined to become much more commonplace.

The politics of information security right now favors an approach in which everyone is expected to maintain their own systems of fortification and yet the protection of collective interests may demand that we live in a world where there is much greater data transparency.

As things stand right now on the information highways, none of the vehicles are licensed, no one has insurance, most of the drivers are robots, and most of the robots are employed by crooks.

Facebooktwittermail

Was the FBI wrong on North Korea?

CBS News reports: Cybersecurity experts are questioning the FBI’s claim that North Korea is responsible for the hack that crippled Sony Pictures. Kurt Stammberger, a senior vice president with cybersecurity firm Norse, told CBS News his company has data that doubts some of the FBI’s findings.

While Norse is not involved in the Sony case, it has done its own investigation.

“We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history,” said Stammberger.

He says Norse data is pointing towards a woman who calls herself “Lena” and claims to be connected with the so-called “Guardians of Peace” hacking group. Norse believes it’s identified this woman as someone who worked at Sony in Los Angeles for ten years until leaving the company this past May. [Continue reading…]

The New York Times adds: A number of private security researchers are increasingly voicing doubts that the hack of Sony’s computer systems was the work of North Korea.

President Obama and the F.B.I. last week accused North Korea of targeting Sony and pledged a “proportional response” just hours before North Korea’s Internet went dark without explanation. But security researchers remain skeptical, with some even likening the government’s claims to those of the Bush administration in the build-up to the Iraq war.

Fueling their suspicions is the fact that the government based its findings, in large part, on evidence that it will not release, citing the “need to protect sensitive sources and methods.” The government has never publicly acknowledged doing so, but the National Security Agency has begun a major effort to penetrate North Korean computer networks.

Because attributing the source of a cyberattack is so difficult, the government has been reluctant to do so except in the rarest of circumstances. So the decision to have President Obama charge that North Korea was behind the Sony hack suggested there is some form of classified evidence that is more conclusive than the indicators that the F.B.I. made public on Friday. “It’s not a move we made lightly,” one senior administration official said after Mr. Obama spoke.

Still, security researchers say they need more proof. “Essentially, we are being left in a position where we are expected to just take agency promises at face value,” Marc Rogers, a security researcher at CloudFlare, the mobile security company, wrote in a post Wednesday. “In the current climate, that is a big ask.”

Mr. Rogers, who doubles as the director of security operations for DefCon, an annual hacker convention, and others like Bruce Schneier, a prominent cryptographer and blogger, have been mining the meager evidence that has been publicly circulated, and argue that it is hardly conclusive. [Continue reading…]

Facebooktwittermail

No, North Korea didn’t hack Sony

Marc Rogers writes: All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.

I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world’s leading mobile security company, Cloudflare, I think I am worth hearing out.

The FBI was very clear in its press release about who it believed was responsible for the attack: “The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” they said in their December 19 statement, before adding, “the need to protect sensitive sources and methods precludes us from sharing all of this information”.

With that disclaimer in mind, let’s look at the evidence that the FBI are able to tell us about. [Continue reading…]

Facebooktwittermail

Did North Korea really attack Sony?

Bruce Schneier writes: I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.

Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.

In reality, there are several possibilities to consider: [Continue reading…]

Facebooktwittermail

Why there’s still reason to doubt North Korea was behind the Sony attack

Why would the FBI say it has “enough information to conclude that the North Korean government is responsible for these actions,” if that’s not really true?

Firstly, the FBI and the U.S. government as a whole is always reluctant to present itself as ignorant. Presenting itself as having privileged access to secret information is something every government does in order to bolster its image of power. The FBI can’t tell us exactly how it knows what it claims to know because “the need to protect sensitive sources and methods precludes us from sharing all of this information” — trust us; we know; we’re the FBI.

Secondly, the only way that North Korea can convincingly refute the accusation is to identify the real culprits — and they have no means of doing that.

Given the appalling reputation of the leaders of the hermit kingdom, there is a prevailing assumption of guilt even in the absence of compelling evidence, which makes the FBI’s accusation an easy sell.

Sean Gallagher recently wrote: “Based on the amount of data stolen, and the nature of the malware itself, it’s likely the attackers had physical access to the network and that the attack may have been ongoing for months…”

Are we to imagine that North Korea not only instigated the attack but was also able to recruit inside collaboration?

I can see this as central to the plot that numerous Hollywood screenwriters must currently be working on for a blockbuster thriller about how an evil dictator tries to destroy Hollywood, but I can’t really see it in real life.

Michael Hiltzik writes:

The North Korea/”Interview” narrative is comforting in several ways. It feeds into the tendency to attribute almost God-like capabilities to an adversary, especially a secretive one; that’s very much a scenario favored by Hollywood. (Think of the all-time definitive James Bond movie line, from “Dr. No”: “World domination–same old dream.”) And it helps Sony executives deflect blame — how could anyone expect them to defend against an attack by such a sinister, all-powerful enemy? You can expect to see more coverage, like this piece from CNN, about North Korea’s shadowy “Bureau 121,” purportedly its Cyberattack Central.

There are great dangers in mistaken attribution — it shifts attention from the real perpetrators, for one thing. A counterattack against North Korea could needlessly provoke the regime, wrecking the few diplomatic initiatives taking place.

Here’s a rundown of the counter-narrative.

–“Whitehat” hacker and security expert Marc W. Rogers argues that the pattern of the attack implies that the attackers “had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time … Occam’s razor suggests the simpler explanation of an insider,” perhaps one out for workplace revenge. (N.B. “Occam’s razor” is the principle that the simplest explanation for something is often the best.)

–The assertion that the attack was uniquely sophisticated, which is an element of the accusation against North Korea, is both untrue and incompatible with the North Korea narrative. It presupposes that a nation-state without a native computer infrastructure could launch an unprecedented assault. More to the point, very similar hacking technology has been used in earlier hacks in Saudi Arabia and elsewhere. The consulting firm Risk Based Security has a discussion of these and other aspects of the Sony affair.

It’s worth noting that Risk Based Security’s team isn’t entirely convinced by the FBI statement. In an update to their commentary Friday, they observed that the agency has “not released any evidence to back these claims.” They add: “While the FBI certainly has many skilled investigators, they are not infallible. Remember, this agency represents the same government that firmly stated that Iraq had weapons of mass destruction, leading the U.S. into a more than ten year conflict, which was later disproven.

Finally, Caroline Baylon from Chatham House, in an interview with ITN, laid out the reasons why the North Korean government was probably not behind the hack:

Facebooktwittermail

Feds release new details about malware targeting Sony

Ars Technica reports: The highly destructive malware believed to have hit the networks of Sony Pictures Entertainment contained a cocktail of malicious components designed to wreak havoc on infected networks, according to new technical details released by federal officials who work with private sector security professionals.

An advisory published Friday by the US Computer Emergency Readiness Team said the central malware component was a worm that propagated through the Server Message Block protocol running on Microsoft Windows networks. The worm contained brute-force cracking capabilities designed to infect password-protected storage systems. It acted as a “dropper” that then unleashed five components. The advisory, which also provided “indicators of compromise” that can help other companies detect similar attacks, didn’t mention Sony by name. Instead, it said only that the potent malware cocktail had targeted a “major entertainment company.” The FBI and White House have pinned the attack directly on North Korea, but so far have provided little proof. [Continue reading…]

Facebooktwittermail