You would think that by now, after all the lies that we have been told by the US government in its efforts to take the country into various wars, we would all have a healthy skepticism when officials blandly assert without providing the evidence that some country that they perceive as the enemy is responsible for some action. And yet here we are, with the media accepting at face value the assertions by US officials that North Korea is behind the Sony hack.
North Korea may be the culprit but there are other plausible actors who have motives:
- A nation state, most likely North Korea
- Supporters of North Korean regime, based in China
- Hackers with a money-making motive
- Hackers or a lone individual with another motive, such as revenge
So surely we should ask for evidence and independent corroboration by outside computer experts before jumping to conclusions based purely on the discredited word of the US government?
Meanwhile North Korea has denied any involvement and taken the opportunity to take a jab at the US.
On Saturday, an unidentified North Korean Foreign Ministry spokesman in Pyongyang proposed the joint investigation with the U.S., saying the North knows how to prove it’s not responsible for the hacking. He also said Washington was slandering Pyongyang by spreading unfounded rumors.
“The U.S. should bear in mind that it will face serious consequences in case it rejects our proposal for joint investigation and presses for what it called countermeasures while finding fault with” North Korea, the spokesman said in a statement carried by Pyongyang’s official Korean Central News Agency, or KCNA.
“We have a way to prove that we have nothing to do with the case without resorting to torture, as the CIA does,” he said, adding that the U.S. lacks any specific evidence tying North Korea to the hacking. [My italics-MS]
Yes, the North Korean government is needling the US for its human rights abuses.
The US has summarily rejected the call by the North Koreans for a joint investigation. “The proposal was seen by analysts as a typical ploy by the North to try to show that it is sincere, even though it knows the U.S. would never accept its offer for a joint investigation.”
But why shouldn’t the US accept this offer? If they think the North Koreans are bluffing, why not call them on it? Why not explore every avenue to get to the bottom of this?
The real problem is that the US media continues to uncritically accept anything said by the US government against its official enemies, however much they have been blatantly lied to in the past. It is a triumph of the propaganda system.
This mess is eye-rolling epic stupid. The movie angle only cropped up 3 days into the attack, at which point the attackers latched onto it like a bunch of gamergaters who’d found another excuse for misogyny. Prior to the movie angle, there was no North Korea evidence, then it starts popping up. Meanwhile, the malware in use is not specifically North Korean -- it’s run of the mill stuff using techniques that were notoriously used in the ‘shamoon’ attack against Saudi Aramco (does that make it Israeli?) the “common elements” the FBI boneheads are talking about is the disk wipe module, which is the most popular scriptable disk wipe; I’ve used it myself. Please, nobody point the finger at me for this attack in spite of the “common elements”
This bears all the hallmarks of a bunch of sociopathic American hackers; more like something from the former “anti-sec” crew than anything state-sponsored. I’m guessing the FBI doesn’t want to talk about those “common elements” because anti-sec was being run by the FBI when they attacked Brazilian police and oil exploration assets.
If we ever find out who’s behind it, my money is on some badly adjusted American nihilists in the 20-30yo unemployed trouble-maker or “security consultant” demographic. These attacks are not sophisticated; what makes them so bad is that they got a very deep foothold in Sony before they started causing trouble, and Sony’s infrastructure was deeply compromised. Most American companies, attacked in a focused manner, would fall just like Sony has.
But why shouldn’t the US accept this offer?
1) Because they are afraid they’ll look like dumbasses
2) Because they might reveal information about what they collect from other peoples’ networks; they are probably going from traces collected by NSA penetrating S Korean and/or Japanese telco systems, which would provoke all the wrong kinds of laughter if discovered
To be frank, I would not be surprised if it turned out it was either a single hacker or a small group of hackers simply trolling Sony and the US. I guarantee you there’s a person or small group of persons out there having a good laugh over what they’ve caused.
Why wouldn’t the US accept? I think Marcus nailed it. The US is still doing damage control after the Snowden leaks. I promise you, any joint investigation with North Korea would only make things worse for this country.
Granted, the path the US is taking isn’t any better. I think it’s safe to say that we’ve been thoroughly destroyed since the Snowden leaks, and the US really doesn’t know where to go from here, so we’re just waiting for any excuse to attack anyone at a useless attempt at regaining our power over the rest of the world… which is going to fail by default.
Frankly, between the Snowden leaks, the torture reports, and more, I think the US’s best option is going back to the pre-WWI policy of Isolation. But that’s never going to happen… at least, not voluntarily…
Marcus you forgot a group. Disgruntled ex-employees.
Sony Entertainment is an US corporation that is almost independent of Sony itself (to the point that this hack isn’t even a blip on the radar in Japan). From what people have been letting know it treats anyone not in upper management appallingly.
All that was needed to get the hack going as it did now was/is 1 person with administrator rights to the system (the altering of the background on every computer on their network indicates that kind of access).
we’re just waiting for any excuse to attack anyone
We are currently in a major war with Russia. If you don’t think that the Saudis and US aren’t deliberately pushing down the price of oil, to crater the Russian economy, you’ve been sleeping under a rock. The catastrophic damage the Ruble suffered last week is going to get worse; Putin is just as unhappy about this as if we had bombed some of his family, you betcha. There will be a response from Russia. Dunno what. I’m not as cunning as Putin by a long shot but if I was Vlad, I’d pay the US back by creating a quagmire out of the middle east, starting by giving ISIS some MANPADs and going downhill from there.
Disgruntled ex-employees.
The penetrations don’t line up with that. Initially the attackers came in through an exterior flaw and did a fair bit of exploring and privilege escalation, before they blew the doors off. Insider attacks usually are more narrowly targeted and take advantage of information that is not public.
(the altering of the background on every computer on their network indicates that kind of access)
The initial breach was through an SQL injection attack; the attackers, from there, escalated privilege and discovered that Sony’s configuration management system was controlled using basic privileges.
http://russia-insider.com/en/2014/12/20/2070
Unfortunately, I suspect the administration staff aren’t feeling that they have stung in the ‘oh my I have been caught doing somethine shameful’ sense, so much as ‘this i going to take a lot of PR work to explain away’.
‘this i going to take a lot of PR work to explain away’.
I suspect that the hackers who are doing it are probably thinking they have a “get out of jail free” card. If the gov’t ever catches them, it would have to go public with the fact that they were utterly wrong about Korea, in order to prosecute them. So, the government will just …. pretend it never happened and let the accusations against North Korea stand.
Regarding the “joint probe” thing, NK does have a history of doing this even when they’re obviously guilty, so it’s actually one of the first pieces of evidence to make me think they were significantly involved:
http://www.bloomberg.com/news/2010-08-11/north-korea-seeks-joint-probe-with-u-s-accuser-on-sinking-of-south-s-ship.html
I still find the idea of a lulzsec/anonymous type group far more plausible, particularly, as Marcus noted, they tended to simply mimic whatever the media was saying (they also didn’t mention 9/11 until the media ran stories on how Howard Stern was so utterly wrong for comparing the attack to 9/11).
NK may well have the capacity to hack Sony, but the way the information was released after the attack represents a significant departure from their usual method of operation, which is why I think it’s likely someone else doing a pretty good job of misleading the intelligence community.
I also find it really odd that it took what, 3 months to figure out who was behind the Target breach, but only 2 weeks to figure out that NK hacked Sony? So either NK were REALLY sloppy, or there was just enormous pressure to finger a suspect and NK was the most convenient for all involved.
The NSA may well have slam dunk evidence that NK were controlling the C&C infrastructure used in the attack (which seems odd, why would you use the same servers used in your previous attacks, you know that the west must be monitoring them?) but they’re not going to share it, so we’re left with “It was North Korea, trust us” from the FBI, which doesn’t exactly have a great track record in this arena (blindly trusting the US Intelligence Community also hasn’t exactly worked out brilliantly for us in the past).
Thanks Marcus for the extra information on where the hack started. It does make it less likely that an insider did this.