FBI Formally Accuses North Korea Of The Sony Hack
from the h4x0r! dept
Just this morning, Tim Cushing (aka, Other Tim) wrote about how likely it was that the White House would make a statement today on the Sony hack, naming North Korea as the perpetrator and treating this all like a far bigger deal than they probably should be. However, the FBI beat them to the punch, becoming the first alphabet agency to formally accuse North Korea of being 56th in line in the great 12 year hackathon that’s been Sony’s corporate networks.
As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
-Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
-The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
-Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
Since the rumors that a formal accusation were on the way first began, the question on everyone’s mind has been exactly what evidence would be used to draw that conclusion. As it turns out, based on what the FBI is releasing, it seems fairly thin. Their press release makes it sound like the attacks upon which they’re drawing similarities are significantly alike, when a great deal of other reporting indicates that they simply use the same hacking software available on the black market and are routing through some locations known for their use by hackers. The similarity between the Sony attack and the attack on South Korea has more to do with the above plus the timing. The accusation that the hacks used were directly developed by North Korea are interesting, but meaningless without actual evidence. Simply saying it doesn’t make it so.
Regardless, even if North Korea does prove to have been responsible, there’s no excuse for saying things like:
North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.
While I’m generally loathe to blame a victim, when that victim takes so lax an attitude toward its own security as to be hacked roughly five times a year and still not bother to implement basic password policies, what else am I supposed to do? This doesn’t show the grave, mega-scary, super-threat of cyber-terrorism. It shows that Sony has some exceptionally lazy security and IT people. As for the attack posing a threat to a freedom of expression, well, we have Sony’s cowardice and the cowardice of the theater chains for that. It’s unbelievable that companies operating within the American system should self-censor this way. It’s surrender of the mind and the thought. It’s the same thing as the Danish cartoons and Salman Rushdie. Sony and the theaters are allowed to self-censor and to deprive the American people of the movie, but that doesn’t make it okay.
You should expect to see the White House touting the FBI’s report as gospel and to rattle several sabers in the direction of Pyongyang, for all the good it will do. Giving in to a regime that can’t manage to feed its own people seems like a mistake to me, but what do I know?
Update: And, almost as this post was finished being written, President Obama appeared before the press to condemn the attacks. He also indicated that it was the wrong move for Sony to censor the movie. In fact, he suggested that Sony should have consulted with the administration to assess the threat. Both comments, of course, are quite easy to make now that it’s Friday and the decision cannot be reversed.