North Korea Not Hacker?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Ian McColgin
    Senior Member
    • Apr 1999
    • 51646

    North Korea Not Hacker?

    [IMc - This seemed so likely from the start that I wonder exactly how North Korea got blamed in the first place. I'll not be surprised if the hack involved a disgruntled Sony employee and the North Korea blame game involves Sony marketing.]

    From New York Times

    New Study Adds to Skepticism Among Security Experts That North Korea Was Behind Sony Hack

    By NICOLE PERLROTH DECEMBER 24, 2014 5:17 PM December 24, 2014 5:17 pm

    Government officials have claimed that attacks against Sony were retaliation for “The Interview,” a feature film about two bumbling journalists hired by the C.I.A. to assassinate North Korea’s leader. Credit Damian Dovarganes/Associated Press
    A number of private security researchers are increasingly voicing doubts that the hack of Sony‘s computer systems was the work of North Korea.

    President Obama and the F.B.I. last week accused North Korea of targeting Sony and pledged a “proportional response” just hours before North Korea’s Internet went dark without explanation. But security researchers remain skeptical, with some even likening the government’s claims to those of the Bush administration in the build-up to the Iraq war.

    Fueling their suspicions is the fact that the government based its findings, in large part, on evidence that it will not release, citing the “need to protect sensitive sources and methods.” The government has never publicly acknowledged doing so, but the National Security Agency has begun a major effort to penetrate North Korean computer networks.

    Because attributing the source of a cyberattack is so difficult, the government has been reluctant to do so except in the rarest of circumstances. So the decision to have President Obama charge that North Korea was behind the Sony hack suggested there is some form of classified evidence that is more conclusive than the indicators that the F.B.I. made public on Friday. “It’s not a move we made lightly,” one senior administration official said after Mr. Obama spoke.

    Still, security researchers say they need more proof. “Essentially, we are being left in a position where we are expected to just take agency promises at face value,” Marc Rogers, a security researcher at CloudFlare, the mobile security company, wrote in a post Wednesday. “In the current climate, that is a big ask.”

    Mr. Rogers, who doubles as the director of security operations for DefCon, an annual hacker convention, and others like Bruce Schneier, a prominent cryptographer and blogger, have been mining the meager evidence that has been publicly circulated, and argue that it is hardly conclusive.

    For one, skeptics note that the few malware samples they have studied indicate the hackers routed their attack through computers all over the world. One of those computers, in Bolivia, had been used by the same group to hack targets in South Korea. But that computer, as well as others in Poland, Italy, Thailand, Singapore, Cyprus and the United States, were all freely available to anyone to use, which opens the list of suspects to anyone with an Internet connection and basic hacking skills.

    For another, Sony’s attackers constructed their malware on computers configured with Korean language settings, but skeptics note that those settings could have been reset to deflect blame. They also note the attackers used commercial software wiping tools that could have been purchased by anyone.

    They also point out that whoever attacked Sony had a keen understanding of its computer systems — the names of company servers and passwords were all hard-coded into the malware — suggesting the hackers were inside Sony before they launched their attack. Or it could even have been an inside job.

    And then there’s the motive. Government officials claim the Sony attacks were retaliation for “The Interview,” a feature film about two bumbling journalists hired by the C.I.A. to assassinate North Korea’s leader. In a letter last June, North Korea’s ambassador to the United Nations called the film “an act of war.” But naysayers point out that, as far as they can tell, Sony’s attackers did not mention the film as motivation until that theory percolated in the media.

    The simpler explanation is that it was an angry “insider,” Mr. Rogers wrote. “Combine that with the details of several layoffs that Sony was planning, and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.”

    On Wednesday, one alternate theory emerged. Computational linguists at Taia Global, a cybersecurity consultancy, performed a linguistic analysis of the hackers’ online messages — which were all written in imperfect English — and concluded that based on translation errors and phrasing, the attackers are more likely to be Russian speakers than Korean speakers.

    Such linguistic analysis is hardly foolproof. But the practice, known as stylometry, has been used to contest the authors behind some of history’s most disputed documents, from Shakespearean sonnets to the Federalist Papers.

    Shlomo Argamon, Taia’s Global’s chief scientist, said in an interview Wednesday that the research was not a quantitative, computer analysis. Mr. Argamon said he and a team of linguists had mined hackers’ messages for phrases that are not normally used in English and found 20 in total. Korean, Mandarin, Russian and German linguists then conducted literal word-for-word translations of those phrases in each language. Of the 20, 15 appeared to be literal Russian translations, nine were Korean and none matched Mandarin or German phrases.

    Mr. Argamon’s team performed a second test of cases where hackers used incorrect English grammar. They asked the same linguists if five of those constructions were valid in their own language. Three of the constructions were consistent with Russian; only one was a valid Korean construction.

    “Korea is still a possibility, but it’s much less likely than Russia,” Mr. Argamon said of his findings.

    Even so, Taia Global’s sample size is small. Similar computerized attempts to identify authorship, such as JStylo, a computerized software tool, requires 6,500 words of available writing samples per suspect to make an accurate finding. In this case, hackers left less than 2,000 words between their emails and online posts.

    It is also worth noting that other private security researchers say their own research backs up the government’s claims. CrowdStrike, a California security firm that has been tracking the same group that attacked Sony since 2006, believes they are located in North Korea and have been hacking targets in South Korea for years.

    But without more proof, skeptics are unlikely to simply demur to F.B.I. claims. “In the post-Watergate post-Snowden world, the USG can no longer simply say ‘trust us’,” Paul Rosenzweig, the Department of Homeland Security’s former deputy assistant secretary for policy, wrote on the Lawfare blog Wednesday. “Not with the U.S. public and not with other countries. Though the skepticism may not be warranted, it is real.”

    Mr. Rosenzweig argued that the government should release more persuasive evidence.

    “Otherwise it should stand silent and act (or not) as it sees fit without trying to justify its actions. That silence will come at a significant cost, of course — in even greater skepticism. But if the judgment is to disclose, then it must be more fulsome, with all the attendant costs of that as well.”

    # # #
  • Paul Pless
    pinko commie tree hugger
    • Oct 2003
    • 124838

    #2
    Re: North Korea Not Hacker?

    This seemed so likely from the start that I wonder exactly how North Korea got blamed in the first place. I'll not be surprised if the hack involved a disgruntled Sony employee and the North Korea blame game involves Sony marketing.
    you seem to be suggesting a certain level of either ineptitude or collusion on the part of Obama's Justice Department and FBI. . .
    Simpler is better, except when complicated looks really cool.

    Comment

    • hanleyclifford
      low information voter
      • Jun 2010
      • 9272

      #3
      Re: North Korea Not Hacker?

      But are we not able to believe what our President says? Have we been schnooked? Is this yet another SKANDAL in the brewing?
      Conferences at the top level are always courteous. Name calling is left to the foreign ministers. (Averell Harriman)

      Comment

      • Ian McColgin
        Senior Member
        • Apr 1999
        • 51646

        #4
        Re: North Korea Not Hacker?

        It seems that many stampeeded to blame North Korea but at least Obama called it vandelism, not terrorism, and said there would be a "porportionate response" once we know for sure. And while many are assuming that US intelligence hackers brought down the North Korean internet access, that also remains undemonstrated. This whole bit could be a bunch of pimply faced thirteen year olds having fun. Or not.

        Comment

        • John Smith
          Senior Member
          • Mar 2009
          • 48714

          #5
          Re: North Korea Not Hacker?

          As with all things, patience is good. One day we my know the truth, and it may well surprise us.

          Question is will GOP hold more hearings.
          "Banning books in spite of the 1st amendment, but refusing to regulate guns in spite of "well regulated militia' being in the 2nd amendment makes no sense. Can't think of anyone ever shot by a book

          Comment

          • slug
            Banned
            • Dec 2012
            • 8131

            #6
            Re: North Korea Not Hacker?

            Ive heard it speculated that it was an inside job. A sony employee who hired a hack gang to do the job

            Comment

            • JimD
              Senior Mumbler
              • Feb 2002
              • 29704

              #7
              Re: North Korea Not Hacker?

              Clearly a diversionary tactic. Keep you eye on the ball. Benghazi Benghazi Benghazi. Or was that Ebola?
              There is no rational, logical, or physical description of how free will could exist. It therefore makes no sense to praise or condemn anyone on the grounds they are a free willed self that made one choice but could have chosen something else. There is no evidence that such a situation is possible in our Universe. Demonstrate otherwise and I will be thrilled.

              Comment

              • Ted Hoppe
                Irritant, Level 2
                • Nov 2006
                • 21933

                #8
                Re: North Korea Not Hacker?

                we are witnessing the age of Facebook nation - Proving the US government was able to practice social media rectal rehydration for more American held demographically challenged suspects in the face of floundering, expensive, bad Sony comedies and poor studio decision makers who make sizable campaign contributions all in the name of getting common people to talk about an impotent identifiable dictator and drive important new movie revenues through innovative, online streaming services.
                Last edited by Ted Hoppe; 12-26-2014, 10:36 AM.
                Without friends none of this is possible.

                Comment

                • Arizona Bay
                  Molecules of Freedom
                  • Feb 2011
                  • 6524

                  #9
                  Re: North Korea Not Hacker?

                  Originally posted by Ted Hoppe
                  we are witnessing the age of Facebook nation - Proving the US government was able to practice social media rectal rehydration for more American held demographically challenged suspects in the face of floundering, expensive, bad Sony comedies and poor studio decision makers who make sizable campaign contributions all in the name of getting common people to talk about an impotent identifiable dictator and drive important new movie revenues through innovative, online streaming services.
                  Yeah, Sony hacked it themselves... PR nation.
                  Greg H. - from before the great crash, 20th century member 108

                  "(T)he Republican Party no longer recognizes the legitimacy of any opposition."

                  Comment

                  • Jim Bow
                    Normcore
                    • Jul 2008
                    • 24003

                    #10
                    Re: North Korea Not Hacker?

                    The ex-Anonymous hacker, who has been featured on CBS (pick up grain of salt at this point) said that the sheer volume of data that has been stolen, would have easily been detected by even the most basic security software, if it were copied over the internet. He'd put his money on someone inside Sony using a portable hard drive inside the network.
                    “Come, come, my conservative friend, wipe the dew off your spectacles and see the world is moving" - Elizabeth Cady Stanton

                    Comment

                    • PeterSibley
                      Senior Member
                      • Dec 2001
                      • 70993

                      #11
                      Re: North Korea Not Hacker?

                      Originally posted by Ted Hoppe
                      we are witnessing the age of Facebook nation - Proving the US government was able to practice social media rectal rehydration for more American held demographically challenged suspects in the face of floundering, expensive, bad Sony comedies and poor studio decision makers who make sizable campaign contributions all in the name of getting common people to talk about an impotent identifiable dictator and drive important new movie revenues through innovative, online streaming services.
                      You mean , how to get world wide free advertising for a really poor movie ? Whodathunkit ?
                      '' You ain't gonna learn what you don't want to know. ''
                      Grateful Dead

                      Comment

                      • Arizona Bay
                        Molecules of Freedom
                        • Feb 2011
                        • 6524

                        #12
                        Re: North Korea Not Hacker?

                        Successful marketing of a really, really poor movie.


                        Reality is much better.



                        Greg H. - from before the great crash, 20th century member 108

                        "(T)he Republican Party no longer recognizes the legitimacy of any opposition."

                        Comment

                        • Nicholas Scheuer
                          Senior Member
                          • Aug 2006
                          • 13579

                          #13
                          Re: North Korea Not Hacker?

                          How'bout this for a comedy film scene; The "AWOOOGGAAAA" horn sounds, the chubby guy in the pic above is the last through the hatch, only he doesn't fit and his midsection jams in the hatch. The sub dives anyway, and the water-tight fit saves the sub from swamping at sea. "Blub, blub, blub" are his words of immortality.

                          Comment

                          • hanleyclifford
                            low information voter
                            • Jun 2010
                            • 9272

                            #14
                            Re: North Korea Not Hacker?

                            Is that stuff in the barrel soylent green?
                            Conferences at the top level are always courteous. Name calling is left to the foreign ministers. (Averell Harriman)

                            Comment

                            • hanleyclifford
                              low information voter
                              • Jun 2010
                              • 9272

                              #15
                              Re: North Korea Not Hacker?

                              Somebody just yanked the sales tag off that grab rail.
                              Conferences at the top level are always courteous. Name calling is left to the foreign ministers. (Averell Harriman)

                              Comment

                              Working...