Inside the hack of the century

Peter Elkind writes: On Monday, Nov. 3, 2014, a four-man team from Norse Corp., a small “threat-intelligence” firm based in Silicon Valley, arrived early for an 11:30 a.m. meeting on the studio lot of Sony Pictures Entertainment, in the Los Angeles suburb of Culver City. They were scheduled to see Sony’s top cybersecurity managers to pitch Norse’s services in defending the studio against hackers, who had been plaguing Sony for years.

After a quick security check at the front gate and then proceeding to the George Burns Building on the east side of the Sony lot, the Norse group walked straight into the unlocked first-floor offices of the information security department, marked with a small sign reading info sec. There was no receptionist or security guard to check who they were; in fact, there was no one in sight at all. The room contained cubicles with unattended computers providing access to Sony’s international data network.

The visitors found their way to a small sitting area outside the office of Jason Spaltro, Sony’s senior vice president for information security, settled in, and waited. Alone. For about 15 minutes.

“I got a little shocked,” says Tommy Stiansen, Norse’s co-founder and chief technology officer. “Their Info Sec was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department.” Adds Mickey Shapiro, a veteran entertainment attorney who helped set up the meeting and was present that day: “If we were bad guys, we could have done something horrible.”

Finally Spaltro, who’s worked at Sony since 1998, showed up and led them to a nearby conference room, where another studio information security executive was waiting. The meeting began, and as Stiansen described how Norse scopes out potential threats, Spaltro interrupted: “Boy, that could really help us with that North Korean film!” According to the four Norse representatives, Spaltro explained that he was worried about a Seth Rogen comedy called The Interview that the studio was preparing to release on Christmas Day. It featured a plot to assassinate Kim Jong-un, the country’s actual leader. Recalls Stiansen: “They said North Korea is threatening them.” (Sony denies any mention of a North Korean cyberthreat.)

After about an hour the Sony team declared the session “very productive,” according to the Norse team, and promised to be in touch. They departed, leaving the visitors to find their own way out.

Three weeks later — starting at about 7 a.m. Pacific time on Monday, Nov. 24 — a crushing cyberattack was launched on Sony Pictures. Employees logging on to its network were met with the sound of gunfire, scrolling threats, and the menacing image of a fiery skeleton looming over the tiny zombified heads of the studio’s top two executives.

Before Sony’s IT staff could pull the plug, the hackers’ malware had leaped from machine to machine throughout the lot and across continents, wiping out half of Sony’s global network. It erased everything stored on 3,262 of the company’s 6,797 personal computers and 837 of its 1,555 servers. To make sure nothing could be recovered, the attackers had even added a little extra poison: a special deleting algorithm that overwrote the data seven different ways. When that was done, the code zapped each computer’s startup software, rendering the machines brain-dead.

From the moment the malware was launched — months after the hackers first broke in — it took just one hour to throw Sony Pictures back into the era of the Betamax. The studio was reduced to using fax machines, communicating through posted messages, and paying its 7,000 employees with paper checks.

That was only the beginning of Sony’s horror story. [Continue reading…]

facebooktwittermail

U.S. tried Stuxnet-style campaign against North Korea but failed

Reuters reports: The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign.

The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.

According to one U.S. intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine.

But U.S. agents could not access the core machines that ran Pyongyang’s nuclear weapons program, said another source, a former high-ranking intelligence official who was briefed on the program. [Continue reading…]

facebooktwittermail

North Korea executes defense chief on treason charges: report

Reuters: North Korea has executed its defense chief on treason charges by putting him in front of an anti-aircraft gun at a firing range, Seoul’s National Intelligence Service (NIS) told lawmakers.

Hyon Yong Chol, 66, who headed the isolated country’s military, was purged late last month for disobeying Kim Jong Un and falling asleep during a meeting at which North Korea’s young leader was present, according to South Korean lawmakers briefed in a closed-door meeting with the spy agency on Wednesday.

His execution, the latest of a series of high-level purges since Kim took power in 2011, was watched by hundreds of people, they said.

facebooktwittermail

North Korean defectors are crucial — but sometimes unreliable — witnesses

Anna Fifield writes: Always get a second source. It’s one of the fundamental rules of journalism.

But what do you do if the first source is an escapee from one of the most brutal prison camps on the planet, a camp so brutal that only one person is known to have escaped from it?

That was the conundrum facing Blaine Harden, the former Washington Post journalist who wrote Escape from Camp 14 about Shin Dong-hyuk, who said he was born in the North Korean total control camp, forced to watch his mother and brother be executed there, tortured there, and eventually escaped.

Now, Shin has admitted that he left out some key parts of the story – like the fact that he spent most of his childhood across the Taedong river in Camp 18, a less draconian prison (although in North Korea, that’s a matter of degree). But, he says, the torture he described to Harden all happened, just in a different place and at a different time. [Continue reading…]

facebooktwittermail

NSA on and off the trail of the Sony hackers

After cybersleuth Barack Obama saw the evidence pointing at North Korea’s responsibility for the cyberattacks against Sony, “he had no doubt,” the New York Times melodramatically reports.

He had no doubt about what? That his intelligence analysts knew what they were talking about? Or that he too when presented with the same evidence was forced to reach the same conclusion?

I have no doubt that had Obama been told by those same advisers that North Korea was not behind the attacks, he would have accepted that conclusion. In other words, on matters about which he lacks the expertise to reach any conclusion, he relies on the expertise of others.

A journalist who tells us about the president having “no doubt” in such as situation is merely dressing up his narrative with some Hollywood-style commander-in-chief gravitas.

When one of the reporters in this case, David Sanger, is someone whose cozy ties to government extend to being “an old friend of many, many years” of Ashton Carter, whose nomination as the next Secretary of Defense is almost certain to be approved, you have to wonder whose interests he really serves. Those of his readership or those of the government?

Since Obama and the FBI went out on a limb by asserting that they had no doubt about North Korea’s role in the attacks, they have been under considerable pressure to provide some compelling evidence to back up their claim.

That evidence now comes courtesy of anonymous officials briefing the New York Times and another document from the Snowden trove of NSA documents.

Maybe the evidence really is conclusive, but there are still important unanswered questions.

For instance, as Arik Hesseldahl asks:

why, if the NSA had so fully penetrated North Korea’s cyber operations, did it not warn Sony that an attack of this magnitude was underway, one that apparently began as early as September.

Officials with the NSA and the White House did not immediately respond to requests for comment about the report. A Sony spokeswoman had no comment.

On the one hand we’re being told that the U.S. knew exactly who was behind the Sony attacks because the hackers were under close surveillance by the NSA, and yet at the same time we’re being told that although the NSA was watching the hackers it didn’t figure out what they were doing.

If Hollywood everyone decides to create a satire out of this, they’ll need to come up with a modern-day reworking of the kind of scene that would come straight out of Get Smart — the kind where Maxwell Smart, Agent 86, would be eavesdropping on conversation between his North Korean counterparts, the only problem being, that he doesn’t understand Korean.

The Times report refers to the North Korean hackers using an “attack base” in Shenyang, in north east China. This has been widely reported with the somewhat less cyber-sexy name of the Chilbosan Hotel whose use for these purposes has been known since 2004.

If the attackers wanted to avoid detection, it’s hard to understand why they would have operated out of a location that had been known about for that long and that could so easily be linked to North Korea.

It’s also hard to fathom that having developed its cyberattack capabilities over such an extended period, North Korea would want to risk so much just to try and prevent the release of The Interview.

Michael Daly claims that the regime “recognizes that Hollywood and American popular culture in general constitute a dire threat” — a threat that has apparently penetrated the Hermit Kingdom in the “especially popular” form of Desperate Housewives.

Daly goes on to assert:

a glimpse of Wisteria Lane is enough to give lie to the regime’s propaganda that North Koreans live in a worker’s paradise while its enemies suffer in grinding poverty, driven by envy to plot against Dear Leader.

Of course, as every American who has watched the show knows, Wisteria Lane represents anytown America and the cast could blend in unnoticed at any Walmart or shopping mall.

OK. I won’t deny that American propaganda is much more sophisticated than North Korea’s, but when an American journalist implies that Desperate Housewives offers ordinary North Koreans a glimpse into the lives of ordinary Americans, you have to ask: which population has been more perfectly been brainwashed?

In reality, the dire threat to the North Korean regime in terms of social impact comes not from American popular culture but from much closer: South Korean soap operas.

facebooktwittermail

John McAfee: ‘I know who hacked Sony Pictures – and it wasn’t North Korea’

IBT: Anti-virus pioneer John McAfee claims to have been in contact with the group of hackers behind the devastating cyber-attack against Sony Pictures and guarantees they are not from North Korea.

Speaking to IBTimes UK about his current roster of security startups under his Future Tense brand – including secure messaging app Chadder – McAfee spoke about working with the FBI previously but said that, in this case, the agency was “wrong”.

“I can guarantee they are wrong. It has to do with a group of hackers – I will not name them – who are civil libertarians and who hate the confinement the restrictions the music industry and the movie industry has placed on art and so they are behind it.”

Sounds plausible — even more so if it was coming from a different source.

facebooktwittermail

Evidence points to continued existence of Syrian nuclear program

Der Spiegel reports: According to intelligence agency analysis, construction of the facility began back in 2009. The work, their findings suggest, was disguised from the very beginning, with excavated sand being disposed of at various sites, apparently to make it more difficult for observers from above to tell how deeply they were digging. Furthermore, the entrances to the facility were guarded by the military, which turned out to be a necessary precaution. In the spring of 2013, the region around Qusayr saw heavy fighting. But the area surrounding the project in the mines was held, despite heavy losses suffered by elite Hezbollah units stationed there.

The most recent satellite images show six structures: a guard house and five sheds, three of which conceal entrances to the facility below. The site also has special access to the power grid, connected to the nearby city of Blosah. A particularly suspicious detail is the deep well which connects the facility with Zaita Lake, four kilometers away. Such a connection is unnecessary for a conventional weapons cache, but it is essential for a nuclear facility.

But the clearest proof that it is a nuclear facility comes from radio traffic recently intercepted by a network of spies. A voice identified as belonging to a high-ranking Hezbollah functionary can be heard referring to the “atomic factory” and mentions Qusayr. The Hezbollah man is clearly familiar with the site. And he frequently provides telephone updates to a particularly important man: Ibrahim Othman, the head of the Syrian Atomic Energy Commission.

The Hezbollah functionary mostly uses a codename for the facility: “Zamzam,” a word that almost all Muslims know. According to tradition, Zamzam is the well God created in the desert for Abraham’s wife and their son Ishmael. The well can be found in Mecca and is one of the sites visited by pilgrims making the Hajj. Those who don’t revere Zamzam are not considered to be true Muslims.

Work performed at the site by members of Iran’s Revolutionary Guard is also mentioned in the intercepted conversations. The Revolutionary Guard is a paramilitary organization under the direct control of Iran’s Supreme Leader Ali Khamenei. It controls a large part of the Iranian economy and also plays a significant role in Iran’s own nuclear activities. Not all of its missions abroad are cleared with the government of moderate President Hassan Rohani. The Revolutionary Guard is a state within a state.

Experts are also convinced that North Korea is involved in Zamzam as well. Already during the construction of the Kibar facility, Ibrahim Othman worked closely together with Chou Ji Bu, an engineer who built the nuclear reactor Yongbyon in North Korea.

Chou was long thought to have disappeared. Some thought that he had fallen victim to a purge back home. Now, though, Western intelligence experts believe that he went underground in Damascus. According to the theory, Othman never lost contact with his shady acquaintance. And experts believe that the new nuclear facility could never have been built without North Korean know-how. The workmanship exhibited by the fuel rods likewise hints at North Korean involvement.

What approach will now be taken to Zamzam? How will the West, Assad and Syria’s neighbors react to the revelations?

The discovery of the presumed nuclear facility will not likely be welcomed by any of the political actors. It is an embarrassment for everybody. [Continue reading…]

facebooktwittermail

South Korean activist to drop Sony film in North by balloon

The Associated Press reports: A South Korean activist said Wednesday that he will launch balloons carrying DVDs of Sony’s “The Interview” toward North Korea to try to break down a personality cult built around dictator Kim Jong Un.

The comedy depicting an assassination attempt on Kim is at the center of tension between North Korea and the U.S., with Washington blaming Pyongyang for crippling hacking attacks on Sony Entertainment. Pyongyang denies that and has vowed to retaliate.

Activist Park Sang-hak said he will start dropping 100,000 DVDs and USBs with the movie by balloon in North Korea as early as late January. Park, a North Korean defector, said he’s partnering with the U.S.-based non-profit Human Rights Foundation, which is financing the making of the DVDs and USB memory sticks of the movie with Korean subtitles.

Park said foundation officials plan to visit South Korea around Jan. 20 to hand over the DVDs and USBs, and that he and the officials will then try to float the first batch of the balloons if weather conditions allow.

“North Korea’s absolute leadership will crumble if the idolization of leader Kim breaks down,” Park said by telephone.

If carried out, the move was expected to enrage North Korea, which expressed anger over the movie. In October, the country opened fire at giant balloons carrying anti-Pyongyang propaganda leaflets floated across the border by South Korean activists, trigging an exchange of gunfire with South Korean troops. [Continue reading…]

facebooktwittermail

FBI’s weak case against North Korea on Sony hacking gets weaker

Reuters reports: U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.

As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, the official said, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work. The official was not authorized to speak on the record about the investigation. [Continue reading…]

facebooktwittermail

South Korea says North may be behind nuclear plant cyber-attack; three workers later die in construction accident

Bloomberg reports: South Korea is investigating the possible involvement of North Korea in the recent hacking attack on its nuclear power network, Justice Minister Hwang Kyo Ahn said yesterday during a session of the National Assembly.

His remarks came after investigators said an IP address of a suspected hacker was traced to Shenyang city in China, a known location of North Korean computer experts, according to a report in the Chosun Ilbo newspaper today.

“We are investigating without ruling out the possibility that North Korea may be behind the attack,” Minister Ahn said.

The leaks of partial blueprints and operating manuals for South Korean reactors began last week on a blog and were later posted to a Twitter account under the profile “president of anti-nuclear reactor group.” The group also demanded Korea Hydro & Nuclear Power Co., the nation’s nuclear plant operator, halt three facilities by today. The latest postings on Twitter were on Dec. 23. [Continue reading…]

The Associated Press reports: Three South Korean workers died Friday after apparently inhaling toxic gas at a construction site for a nuclear plant being built by South Korea’s monopoly nuclear power company, which has come under recent threats by hackers, a company official said.

The accident at the construction site in the southeastern city of Ulsan came as the state-run Korea Hydro and Nuclear Power Co. was on high alert over a series of threats by hackers who claim they can disable the control systems of its plants. Choi Hee-ye, a company spokeswoman, said there was no reason to believe that Friday’s accident was linked to the cyberattack threats.

The victims were working at the construction site when they fell unconscious and were taken to a hospital, where they later died, Choi said. [Continue reading…]

facebooktwittermail

Chinese viewers mostly give thumbs up for The Interview

The New York Times: Even before Americans began flocking to theaters on Christmas Eve to see “The Interview” — Sony Pictures’ comedy about a C.I.A. plot to kill the North Korean leader, Kim Jong-un — Chinese film fans by the thousands were downloading mostly pirated versions of the movie on domestic video-sharing websites. By midday on Friday, more than 300,000 people had seen the film and the reviews, by and large, were favorable.

“Perfect, the greatest film in history, all hail Sony,” read one online comment. Said another, “Their ability to amuse is out of this galaxy,” referring to the film’s stars, Seth Rogen and James Franco.

In one sign of the enthusiasm for the film, whose theatrical release was initially held up after a hacking attack on the studio, “The Interview” scored an 8.0 rating on the Chinese Internet movie database Douban, with more than 10,000 people posting reviews. In their comments, some people acknowledged having not seen the film, but wanted to show their support for what many approvingly described as an act of subversion against North Korea. [Continue reading…]

facebooktwittermail

Cyberwar on North Korea could be illegal

Shane Harris reports: North Korea’s limited connection to the Internet was temporarily severed Monday, just three days after President Barack Obama promised a “proportional” response for what he said was Pyongyang’s brazen hacking of Sony.

It’s too soon to say whether the United States knocked the Hermit Kingdom offline, or persuaded China to do it, or whether the North Koreans did it to themselves. One hacktivist group appears to be taking responsibility for the denial-of-service strike that targeted mostly North Korean government-operated sites.

But the outage has raised the question of what that proportional response would look like, and whether it would be legal. [Continue reading…]

facebooktwittermail

Did North Korea really attack Sony?

Bruce Schneier writes: I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.

Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.

In reality, there are several possibilities to consider: [Continue reading…]

facebooktwittermail

Chinese general anticipates North Korea’s ‘collapse’

The New York Times reports: When a retired Chinese general with impeccable Communist Party credentials recently wrote a scathing account of North Korea as a recalcitrant ally headed for collapse and unworthy of support, he exposed a roiling debate in China about how to deal with the country’s young leader, Kim Jong-un.

For decades China has stood by North Korea, and though at times the relationship has soured, it has rarely reached such a low point, Chinese analysts say. The fact that the commentary by Lt. Gen. Wang Hongguang, a former deputy commander of an important military region, was published in a state-run newspaper this month and then posted on an official People’s Liberation Army website attested to how much the relationship had deteriorated, the analysts say.

“China has cleaned up the D.P.R.K.’s mess too many times,” General Wang wrote in The Global Times, using the initials of North Korea’s formal name, the Democratic People’s Republic of Korea. “But it doesn’t have to do that in the future.”

Of the government in North Korea, he said: “If an administration isn’t supported by the people, ‘collapse’ is just a matter of time.” Moreover, North Korea had violated the spirit of the mutual defense treaty with China, he said, by failing to consult China on its nuclear weapons program, which has created instability in Northeast Asia. [Continue reading…]

facebooktwittermail

Why there’s still reason to doubt North Korea was behind the Sony attack

Why would the FBI say it has “enough information to conclude that the North Korean government is responsible for these actions,” if that’s not really true?

Firstly, the FBI and the U.S. government as a whole is always reluctant to present itself as ignorant. Presenting itself as having privileged access to secret information is something every government does in order to bolster its image of power. The FBI can’t tell us exactly how it knows what it claims to know because “the need to protect sensitive sources and methods precludes us from sharing all of this information” — trust us; we know; we’re the FBI.

Secondly, the only way that North Korea can convincingly refute the accusation is to identify the real culprits — and they have no means of doing that.

Given the appalling reputation of the leaders of the hermit kingdom, there is a prevailing assumption of guilt even in the absence of compelling evidence, which makes the FBI’s accusation an easy sell.

Sean Gallagher recently wrote: “Based on the amount of data stolen, and the nature of the malware itself, it’s likely the attackers had physical access to the network and that the attack may have been ongoing for months…”

Are we to imagine that North Korea not only instigated the attack but was also able to recruit inside collaboration?

I can see this as central to the plot that numerous Hollywood screenwriters must currently be working on for a blockbuster thriller about how an evil dictator tries to destroy Hollywood, but I can’t really see it in real life.

Michael Hiltzik writes:

The North Korea/”Interview” narrative is comforting in several ways. It feeds into the tendency to attribute almost God-like capabilities to an adversary, especially a secretive one; that’s very much a scenario favored by Hollywood. (Think of the all-time definitive James Bond movie line, from “Dr. No”: “World domination–same old dream.”) And it helps Sony executives deflect blame — how could anyone expect them to defend against an attack by such a sinister, all-powerful enemy? You can expect to see more coverage, like this piece from CNN, about North Korea’s shadowy “Bureau 121,” purportedly its Cyberattack Central.

There are great dangers in mistaken attribution — it shifts attention from the real perpetrators, for one thing. A counterattack against North Korea could needlessly provoke the regime, wrecking the few diplomatic initiatives taking place.

Here’s a rundown of the counter-narrative.

–“Whitehat” hacker and security expert Marc W. Rogers argues that the pattern of the attack implies that the attackers “had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time … Occam’s razor suggests the simpler explanation of an insider,” perhaps one out for workplace revenge. (N.B. “Occam’s razor” is the principle that the simplest explanation for something is often the best.)

–The assertion that the attack was uniquely sophisticated, which is an element of the accusation against North Korea, is both untrue and incompatible with the North Korea narrative. It presupposes that a nation-state without a native computer infrastructure could launch an unprecedented assault. More to the point, very similar hacking technology has been used in earlier hacks in Saudi Arabia and elsewhere. The consulting firm Risk Based Security has a discussion of these and other aspects of the Sony affair.

It’s worth noting that Risk Based Security’s team isn’t entirely convinced by the FBI statement. In an update to their commentary Friday, they observed that the agency has “not released any evidence to back these claims.” They add: “While the FBI certainly has many skilled investigators, they are not infallible. Remember, this agency represents the same government that firmly stated that Iraq had weapons of mass destruction, leading the U.S. into a more than ten year conflict, which was later disproven.

Finally, Caroline Baylon from Chatham House, in an interview with ITN, laid out the reasons why the North Korean government was probably not behind the hack:

facebooktwittermail

Feds release new details about malware targeting Sony

Ars Technica reports: The highly destructive malware believed to have hit the networks of Sony Pictures Entertainment contained a cocktail of malicious components designed to wreak havoc on infected networks, according to new technical details released by federal officials who work with private sector security professionals.

An advisory published Friday by the US Computer Emergency Readiness Team said the central malware component was a worm that propagated through the Server Message Block protocol running on Microsoft Windows networks. The worm contained brute-force cracking capabilities designed to infect password-protected storage systems. It acted as a “dropper” that then unleashed five components. The advisory, which also provided “indicators of compromise” that can help other companies detect similar attacks, didn’t mention Sony by name. Instead, it said only that the potent malware cocktail had targeted a “major entertainment company.” The FBI and White House have pinned the attack directly on North Korea, but so far have provided little proof. [Continue reading…]

facebooktwittermail

Who hacked Sony? It probably wasn’t North Korea

Regardless of who is responsible, the president views this as a serious national security matter — that is a very close paraphrase of White House Press Secretary Josh Earnest answering questions this afternoon about the Sony hacking.

OK. That’s it. The United States can now be declared certifiably insane!

The hacking may well have nothing to do with North Korea — it may indeed involve disgruntled Sony employees — and yet this is a serious national security matter?!

The only way that claim could marginally make sense would be if one fudged the definition of national security and said that it should include cybercrime committed by Americans targeting Americans — though by that definition, all crime would thence become an issue of national security.

Hollywood, the media, and the public all like stories. Narratives convey meaning in its most easily digestible form: a plot.

Sony Pictures made a movie, The Interview — a political action comedy which ends with the assassination of North Korean leader Kim Jong-un — and the North Koreans didn’t think it was funny. Indeed, they were so outraged they set about trying to make sure the movie would never be released. By yesterday afternoon they seemed to have succeeded.

The problem with this story is it’s probably a work of fiction — and maybe that shouldn’t be any surprise, given its source.

There’s one compelling reason to believe that the real story here has nothing to do with North Korea: in all likelihood the hackers were busy at work before anyone in the Democratic People’s Republic had even heard of Seth Rogen and James Franco.

Sebastian Anthony writes:

The hackers managed to exfiltrate around 100 terabytes of data from Sony’s network — an arduous task that, to avoid detection, probably took months. Given how long it would’ve taken to gain access to Sony Pictures, plus the time to exfiltrate the data, I think the wheels started turning long before North Korea heard about The Interview.

Even if we take the movie out of the equation, the hack just doesn’t feel like something that would be perpetrated by a nation state. The original warnings and demands feel like the attacker has a much more personal axe to grind — a disenfranchized ex employee, perhaps, or some kind of hacktivist group makes more sense, in my eyes.

So far, the sole purpose behind the Sony Pictures hack appears to be destruction — the destruction of privacy for thousands of employees, and the destruction of Sony’s reputation. Much in the same way that murder is a crime of passion, so was the hack on Sony Pictures. Bear in mind that the hackers gained access to almost every single piece of data stored on Sony’s network, including the passwords to bank accounts and other bits of information and intellectual property that could’ve been sold to the highest bidder. The hackers could’ve made an absolute fortune, but instead opted for complete annihilation. This all feels awfully like revenge.

Really, though, the biggest indicator that it was an inside job is that the malware used during the attack used hard-set paths and passwords — the attacker knew the exact layout of the Sony Pictures network, and had already done enough legwork to discover the necessary passwords. This isn’t to say that North Korea (or another nation state) couldn’t have done the legwork, but it would’ve taken a lot of time and effort — perhaps months or even years. A far more likely option is that the attack was carried out by someone who already had access to (or at least knowledge of) the internal network — an employee, a contractor, a friend of an employee, etc.

Before the hacking became public, Sony executives received what looked like a fairly straightforward extortion demand — a demand that made no reference to The Interview.

In the digital variant of a note pasted together from letters cut out of a newspaper, the extortion note came in broken English.

We’ve got great damage by Sony Pictures.
The compensation for it, monetary compensation we want.
Pay the damage, or Sony Pictures will be bombarded as a whole.
You know us very well. We never wait long.
You’d better behave wisely.
From God’sApstls

Maybe there are indeed some telltale signs in the syntax or maybe the author took advantage of Google and Bing’s translation-mangling capabilities by writing in English, translating in Korean (or any other language) and then translating back into English.

If the story here is really about extortion, then to recast it as political probably serves the interests of all parties — including North Korea.

No corporation wants to be publicly exposed as having capitulated to extortion demands — it would much rather hand over the money in secret while portraying itself as a political victim of the hostile foreign government. The North Koreans get the double reward of being credited with a hugely successful act of cyberwar while also getting removed from Hollywood’s list of favorite countries to target. And the Obama administration is able to sidestep a much larger a thornier issue: how to protect the American economy from the relentlessly growing threat of from global cybercrime whose points of origin are notoriously difficult to trace.

Finally, there is another theory about the real identity and motive of the hackers: they are Sony employees begging that no more Adam Sandler movies be made.

facebooktwittermail

North Korea is not funny

After The Interview got shelved, Adrian Hong writes: This film is not an act of courage. It is not a stand against totalitarianism, concentration camps, mass starvation, or state-sponsored terror. It is, based on what we know of the movie so far, simply a comedy, made by a group of talented actors, writers, and directors, and intended, like most comedies, to make money and earn laughs. The movie would perhaps have been better off with a fictitious dictator and regime; instead, it appears to serve up the latest in a long line of cheap and sometimes racism-tinged jokes, stretching from Team America: World Police to ongoing sketches on Saturday Night Live.

Humor can be a powerful tool for surviving in a closed society, and lampooning dictators can lend latent popular movements the confidence they need to challenge their oppressors. In Libya, dissidents heaped mockery on the Qaddafi family in the early stages of their Arab Spring revolution. In the Soviet Union, activists like Natan Sharansky employed dark humor to weather persecution and labor camps. In a “confrontation with evil,” Sharansky once observed, it is important “to take yourself and everything that’s happening very seriously, to understand that you are part of a very important historical process, and that’s why everything [that] you’ll say and do has tremendous importance for the future.” Nevertheless, he added, “it’s very important not to take anything seriously, to be able to laugh at everything, at the absurdity of this regime, at this KGB prison, and even at yourself.”

Yes, North Korea has long been ruled by an eccentric dynasty of portly dictators with bad haircuts. Yes, the propaganda the regime regularly trumpets to shore up its cult of personality is largely ridiculous. And yes, we on the outside know better, and can take comfort in pointing fingers and chuckling at the regime’s foibles.

But it takes no valor and costs precious little to joke about these things safely oceans away from North Korea’s reach. When a North Korean inmate in a political prison camp or a closely monitored Pyongyang apparatchik pokes fun at Kim Jong Un and the system he represents—that is an act of audacity. It very literally can cost the person’s life, and those of his or her family members. To pretend that punchlines from afar, even in the face of hollow North Korean threats, are righteous acts is nonsense. [Continue reading…]

facebooktwittermail