FBI Formally Accuses North Korea Of The Sony Hack
from the h4x0r! dept
Just this morning, Tim Cushing (aka, Other Tim) wrote about how likely it was that the White House would make a statement today on the Sony hack, naming North Korea as the perpetrator and treating this all like a far bigger deal than they probably should be. However, the FBI beat them to the punch, becoming the first alphabet agency to formally accuse North Korea of being 56th in line in the great 12 year hackathon that’s been Sony’s corporate networks.
As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
-Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
-The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
-Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
Since the rumors that a formal accusation were on the way first began, the question on everyone’s mind has been exactly what evidence would be used to draw that conclusion. As it turns out, based on what the FBI is releasing, it seems fairly thin. Their press release makes it sound like the attacks upon which they’re drawing similarities are significantly alike, when a great deal of other reporting indicates that they simply use the same hacking software available on the black market and are routing through some locations known for their use by hackers. The similarity between the Sony attack and the attack on South Korea has more to do with the above plus the timing. The accusation that the hacks used were directly developed by North Korea are interesting, but meaningless without actual evidence. Simply saying it doesn’t make it so.
Regardless, even if North Korea does prove to have been responsible, there’s no excuse for saying things like:
North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.
While I’m generally loathe to blame a victim, when that victim takes so lax an attitude toward its own security as to be hacked roughly five times a year and still not bother to implement basic password policies, what else am I supposed to do? This doesn’t show the grave, mega-scary, super-threat of cyber-terrorism. It shows that Sony has some exceptionally lazy security and IT people. As for the attack posing a threat to a freedom of expression, well, we have Sony’s cowardice and the cowardice of the theater chains for that. It’s unbelievable that companies operating within the American system should self-censor this way. It’s surrender of the mind and the thought. It’s the same thing as the Danish cartoons and Salman Rushdie. Sony and the theaters are allowed to self-censor and to deprive the American people of the movie, but that doesn’t make it okay.
You should expect to see the White House touting the FBI’s report as gospel and to rattle several sabers in the direction of Pyongyang, for all the good it will do. Giving in to a regime that can’t manage to feed its own people seems like a mistake to me, but what do I know?
Update: And, almost as this post was finished being written, President Obama appeared before the press to condemn the attacks. He also indicated that it was the wrong move for Sony to censor the movie. In fact, he suggested that Sony should have consulted with the administration to assess the threat. Both comments, of course, are quite easy to make now that it’s Friday and the decision cannot be reversed.
Filed Under: emails, fbi, north korea, sony email hack, sony hack
Comments on “FBI Formally Accuses North Korea Of The Sony Hack”
Really, Sony gets a bit to much flak for “caving to terrorist” over this.
First, they already had theater chains dropping the movie over the threats which largely forced their hand. If a bunch of their distributors won’t release it, they’re pretty much forced to choose to either have an extremely haphazard release of the movie, hurting it’s potential profitability at the box office, or “cancel” the release and wait to do something with it later. They picked the second option, which financially is probably the better option for them.
Second, I highly doubt they “caved” to the very vague threats against the theaters. They were likely hoping to dissuade the hackers from the promised release of yet more embarrassing information: http://arstechnica.com/security/2014/12/hackers-promise-christmas-present-sony-pictures-wont-like/
We’ve already seen them start to take damage from what’s been released thus far. The slim chance that not releasing the movie will result in fewer embarrassing data releases is probably worth quite a bit to them at the moment. The movie release can easily wait until they’ve had more time for the fallout from the hack to settle, and people are no longer sitting around waiting for the next Sony embarrassing revelation.
So when do US troops start arriving in South Korea in preparation for the attack?
/Sarc
Re: Re:
Anyone know what’s going on out at NAS Whidbey Island?
Oops they did it again. ..etc etc
My local radio station had a caller admit to crashing their Xmas party.
"thin"?
“As it turns out, based on what the FBI is releasing, it seems fairly thin.”
Thin, as in “vaporous”, “elusive”, “insubstantial”, “entirely circumstantial”, “shaky”, “unconfirmed by independent analysis”, “contrived”, “likely planted”, “inconclusive”, “merely suggestive”, “convenient”. That kind of “thin”.
Re: "thin"?
Yes, but apparently it is enough to justify the saber rattling going on. Thinly veiled cold war tactics.
Government is Gaming the Public
I’ve worked as a public servant and seen time and time again how the government will make an issue out of some event and use it to pass legislation that will in the end be bad for the general public.
The image I imagine is of some power hungry bureaucrats sitting around a table and one dude is greedily rubbing his hands together and with a sly look says, “This SPE hack is just the catalyst we need to pass our ____ legislation.”
Fill in the blank with PIPA, SOPA, government drone, or any other intrusive government legislative action.
Re: Government is Gaming the Public
Yes! I see the Republican Party as behind this in order to set up key issues for the 2016 election. They are covered by plausible deniability. After all, who could possibly believe the Republican Party is behind a massive hack claimed by the Guardians Of Peace (GOP). It is too transparent. Unless, it is the Democratic Party in a long con aimed at discrediting the Republicans. Although, I suppose the DPRK could be behind it but doxing doesn’t seem to be their style. Who’s style is that?
This is why I have trouble with politics. There is so much effort put into maintaining power and discrediting opponents. Why can’t people just look for real solutions to problems. This is why I am a nerd and not a politician.
Please have some evidence before blaming “lazy” IT. It is equally likely that management is loathe to have to learn more than one four-letter password, or has the requirement to not implement a security feature that would perceptibly change their world in any way (including icon colors). And is equally loathe to spend money on products which may improve security posture.
Re: Re:
Of course, backups were out of the question since a thumb drive couldn’t possibly be shoehorned into an office simultaneously occupied by a computer AND a Hollywood-sized ego.
Re: Re:
There’s some truth in this: a lot of security disasters happen not because IT staff are stupid or careless, but because management ORDERS them to do things that are stupid or careless. I know: been there, done that, got fired for refusing, successor did it (of course), and less than a year later they paid for it dearly. It’s a pretty common pattern.
I highly recommend reading: http://www.tenable.com/blog/ranums-rants-the-anatomy-of-security-disasters which goes into this in considerable depth. Ranum wrote this five and a half years ago, but he’s extremely insightful: I’ll bet lunch that he enumerated several of the root causes of the (latest) Sony hack without even trying.
Incidentally, it’s not necessary spend money on security products to have a reasonably secure operation: I run mine with 100% open-source software, so the only cost is the hardware to execute it.
Re: Re: Re:
“Incidentally, it’s not necessary spend money on security products to have a reasonably secure operation”
This is something that is essentially impossible to get many companies to understand. I think it’s because they don’t understand what “security” actually is. There is no technological magic bullet that will make you secure, no matter how much you spend. Security comes from behavior, not technology.
This movie was screened for the white house in June…
Does that strike anyone else as very unusual? This all reeks.
Good job calling out sony’s BS, Tim.
Re: Re:
Agreed. This is being used to push the release of The Interview into next year, so that its subtle, elegant humor and quiet dignity can’t sweep this year’s Oscars.
Or something.
oh please- someone left there laptop logged in at a coffee shop, and that account apparently had full access to everything- if that’s not lazy, then what would meet your definition?
huh! Obama didn’t and still isn’t condemning the attacks by the NSA, CIA, FBI and anyone else who was/is spying on citizens in and away from the USA, including the governments of nations supposedly allies to the USA!!
funny how when it does it, there’s nothing wrong but when any other nation does the same thing, it’s the most despicable act going, throwing doubt on to relationships between the nations, whether already strained or not!!
Re: Re:
That’s different. The NSA collecting everyone’s phone meta-data or listening to Chancellor Merkel cell phone calls doesn’t threaten anyone’s business model or profits.
Re: Re: Re:
Unless that is you are a US technology company, and this becomes known.
Expanding on the statement
“North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States.”
I’m sick of these boilerplate, “gravest threats” statements. If it were really that bad, they would’ve come up with a better description; maybe something like:
“North Korea’s attack on SPE reaffirms that what we are dealing with now can only be described as the cyber-war equivalent of the jetski level in Battletoads.”
Re: Expanding on the statement
Giving you first word strictly for the Battletoads reference….
This hack looks like a false flag from the beginning. What sets this hack apart from the South Korean disk wiper hack, is how loudly the hackers have taunted their victim.
Almost every single nation-state hack I’ve seen, attempts to be stealthy and low key. Nothing about the Guardians of Peace hack is low key.
The Sony hack looks like it was carried out by a hacking collective. A hack for the lolz if you will. Honestly, who justifies an attack by saying it’s about a comedy movie? Certainly not nation state hackers.
I’m disappointed in the White House and FBI’s detective skills. Either they truly are ignorant, and think It’s N. Korea. Or they’re using N. Korea as a scapegoat, in order to push cyber-security legislation that will make no one safer, and end up making everyone less secure from hackers by sharing private customer information openly for the hackers to steal.
Re: Re:
This X1000. As someone else said, North Korea didn’t need to hack in order to make threats about releasing the movie. This whole thing reeks.
Gravest threats are merely window dressing as an excuse to take some more supposed freedoms of it’s citizens. Sony is not an American company.
Further Sony is getting a little just payback for it’s rootkit it hoisted off on the public unannounced. Sony dropped the movie premier because it is scared to death that these hacks will reveal something it doesn’t want the public to know and doesn’t want to deal with.
Hackers have no gain if they can’t use the info they took. So it will come out sooner or later. Sony will never be able to appease them forever.
In the meantime a Canadian movie theater has said it will show the movie. So at some time it will be available to download. Just a matter of time. I personally never planned to see this movie as it is just not something I am interested in, even with the hype. All the hype will not improve the movie’s quality.
Re: Re:
Vancouver, B.C. is not Vancouver, Washington.
Rootkit
I wonder what the response would be if some reporter ask Obama about Sony’s rootkits?
I expect a big “HUH?”
I haven’t figured it out yet, why does the movie getting pulled have to do with the hack? Wasn’t it someone threatening violence on theaters if the movie played? Couldn’t that have been done with the Sony Hack never occurring?
Re: Re:
While the need to protect sensitive sources and methods precludes me from sharing all of the relevant information information, One of the reasons “The Interview” was pulled from theaters is because the ultra-secret self-destruct codes for all of the MPAA approved digital projection systems in the US are contained in the compromised “passwords” folder – Apparently, all of the codes were cunningly set to “12345”, which is the kind of code an idiot would use on his luggage, but I digress…
The economic fallout alone – Which the MPAA estimates at a minimum of $1 billion / theater – from the use of the self destruct codes would end civilization as we know it.
Re: Re:
I would have thought it would be pulled because it was a Seth Rogen movie and thus no one would want to watch it.
North Korea?
It might be true, but it sounds like bullshit.
If memory serves, the first rule of investigative journalism is “follow the money”.
North Korea gets nothing useful out of this, beyond inconveniencing Sony.
If anything, it loses out, if the USA responds by increasing the money and authority it gives to its cyber-security divisions, as seems fairly likely.
Arch-FUD-peddlars the NSA, along with its corporate partners, are the organisations which stand to gain most from all of this.
I’m a lot more convinced by their clear profit-motive than I am by the vague and circumstantial evidence on display here.
Re: North Korea?
“If memory serves, the first rule of investigative journalism is “follow the money”.”
OK. Has anyone bothered to check who has been purchasing large quantities of “put” options on Sony stock over the past year or so?
Perhaps this flap has nothing to do with hacking or umbrage, but good, old-fashioned insider stock trading fraud.
Yes, yes, of course! It is North Korea which constantly threatens the ability of US citizens to express themselves. How did I never see this before?
Um. Get North Korea out of Ferguson now?
On location of "The Interview II"...
There’s a kind of informal strike going on:
The actors are holding up signs that say “Hands Up, Don’t Shoot!”
It’s not N.Korea that hacked Sony, it’s Boko Haram.
Re: Re:
I bet that my kid brother could hack Sony. And I don’t even have a kid brother.
Innocent Vs Guilty
I’m sure that the “truth” will be exposed soon. This type of hacking can be done by any expert hacker, they wouldn’t just “hack” without having a solid plan to get away with it, especially knowing they may have the FBI up on their tail.
North Korea? What about Sony insiders?
I thought that security gurus had decided this was an inside job. The result of a disgruntled employee or employees.
Have Sony allowed their in-house IT staff to return yet? Part of the justification for laying them off would be a loss of trust.
One question
If North Korea is indeed responsible for this hack, why haven’t they claimed credit for it? (And no, @DPRK_News doesn’t count.)
Given that regime’s usual style, you’d think be proclaiming their glorious victory to the world.
Re: One question
Maybe they’re too embarrassed about it?
I mean, given how pathetic Sony’s security was and is, hacking them isn’t exactly something to be overly proud of. It would be like someone bragging about their ‘awesome lockpicking skills’ for breaking into a building that had the key to the front door on a nail right next to the door.
Re: Re: One question
On the other hand, we’re talking about North Korea here. When have they ever been too embarrassed to do anything?
Tin Foil hat time.
I don’t trust that the US would know their own ass from a hole in the ground. I would not be too hard for enough hackers to stage and attack from any nation with enough effort. A line of code matching shit means nothing.
Now… for my tin foil hat routine… I am getting closer and closer to thinking that the US itself would stage and attack on Sony for some BS reason, maybe it was a bet? and made it look like a turd muffin country did it. Multiple benefits can be had.
1. Scare more stupid and cowardly citizens into letting the goobermint take more liberties/privacy away in the name of safety.
2. Drum up public support for exploding accused nation.
3. Reap kudos from the chicken shit population, which is circular with #1.
Hell, maybe Israel is not feeling very trusting with the US and pull this shit off to sucker someone else into handling a turd muffin nation, but it would make more sense if it was Iran on the hook… then again… South Korea anyone?
If North Korea did hack Sony. Glorious Leader would have claimed victory by now.
Didn’t the FBI make a statement several months ago they were choosing to ignore criminals and were instead only focusing on terrorism?
limiting liability
don’t most insurance coverages have exceptions for “acts of God [sic], war, …”. seems Sony is using govt not only to change the subject from their ineptitude but covering their liability ass as well.
Publicity Stunt?
Sorry for being late, been off line.
This Sony thing smacks me as a big publicity stunt. Buying off Washington is merely pocket change for Sony. But the free advertizing, in all the hype, is priceless. I’m betting that the movie will be released as normal, quite soon.
Not, of course, that I will waste my money.
Just in case I’m wrong, it’s happened before. I must congratulate North Korea on their restrained response. Remember, the USA sends predator drones and hellfire missiles against those they don’t like. N. Korea’s response is rather tame.
Many people learn that free speech has repercussions. Bad mouth your boss online and expect something unpleasant. Sony is just learning that they too have limitations!
Look! Over there! Behind you!! he he he he he he he
False Flag Warning.
All the evidence that has been presented “proving” North Korea as the culprit, would also be evidence of a CIA false flag operation, since anyone “in the know” could have used these same code snippets, hacker wares and tech resources, to pull off this attack, including and especially the CIA, NSA, FBI and other less know secret federal agencies of the USG.
And the rationale behind the USG doing a false flag operation to make the public think that NK is behind it is simple:
“North Korea’s attack on SPE reaffirms that what we are dealing with now can only be described as the cyber-war equivalent of the jetski level in Battletoads.”
To get more public support and taxpayer funding and new spy-enabling legislation for the on-going Cyber War that the USG is already operating, by “reaffirming” that the FUD is really for really real, honest injun!!!!
And, by screaming Evil Korean Empire and Global Cyber War at the top of their lungs, they also drown out all the public discourse about the actual content of the material taken from Sony’s servers, concerning their on-going bribery of Attorneys General and their assault on Google and the Internet in general.
Giving all the above, I would say that the chances of this being a CIA op is likely 10 times greater than that of it being a completely Korean op.
Then again, one cannot rule out the idea that its a joint effort by the USG and the Korean Government either, since almost all visible animosity between foreign governments is purely public relations, as their goals of mass surveillance and population control are identical nation to nation.
Starting an international cyber war would easily benefit the spy agencies and corporate interests of every nation on earth (especial five eyes nations), as the public would then be called upon to foot the bill fully, as it does for any declared war, and the kid gloves would come off and the surveillance state would be a legally guaranteed sure thing.
The constitution would be completely cancelled.
Legally.
For the war effort.
Once again.
—
Re: Look! Over there! Behind you!! he he he he he he he
The mass media corporations shout the same phony tale. To the extent that the wikipedia article (that is based on quotes from the mass media) doesn’t mention any wrongdoing by Sony. Only celebrity gossip and other fluff!
Re: Re: Look! Over there! Behind you!! he he he he he he he
Isn’t Wikipedia “the free encyclopedia that anyone can edit.”? Or is that “anyone can edit” part just another corporate slogan… dreamedup by marketdroids…
Re: Re: Re: Look! Over there! Behind you!! he he he he he he he
Someone is working very hard to make this about North Korea, and not about buying attorney generals. If the media cartels is able to direct attention towards a movie instead of their wrong doing they will be happy.
When the distraction is pushed to this extent, it is almost a given that the Wikipedia article reflects this. I expect the Wikipedia article to improve. Already Sonys lax security is mentioned.
Re: Re: Re: Look! Over there! Behind you!! he he he he he he he
Please, do go investigate. Do an experiment, and report back your results. It’s a moral imperative! You must enlighten, else you’re helping the forces of Darkness.
[You noticed I capitalized “Darkness”, I hope.]
I’m not at all sure where I’m going with this. Have fun!
Re: Re: Re:2 Look! Over there! Behind you!! he he he he he he he
Well, the question may be, ‘Where are you now?’ But as long as we’re contemplating the forces of D™arkness…
“Canada avoids wrath of North Korea over B.C.-made ‘The Interview’ ”, by John R. Kennedy, Global News, Dec 22, 2014
...lack of sufficient coffee no doubt...
Ooops. Wrong quote there.
Then again, since I think it is a false flag op, perhaps the “Jetski level in Battletoads” is a far more appropriate phrase than “… pose one of the gravest national security dangers to the United States.” 🙂
—
Sony attacks
Real boon for the security people. Without any risk to the public, the North Korean operatives are flushed out into the open, and our security people have an opportunity to assess both their capabilities and at least a chance to identify their operatives.
If I were still in security, I would be popping a bottle of champagne.
Credit where credit's due?
I want to believe that’s unjustified. Everything I’ve read points to Sony being exceptionally cheap, resenting having to actually employ sufficient staff! Perhaps they had good people, but they had no-where near enough to handle the operation. Am I mistaken? Did they have enough people with the necessary skills, and they got lazy? Where’s the proof?
Why the issue?
The one thing that has struck me about this is why is the USA government getting involved in this issue?
First of all Sony is a Japanese based company, and yes it does have USA based subsidiaries,
https://en.wikipedia.org/wiki/Sony
But an attack on Sony is an attack on a foreign based company, not an attack on the USA.
So why does the USA government give so much priority to this?
The stink of corruption is overwhelming
Re: Why the issue?
Treaty of Mutual Cooperation and Security between the United States and Japan
It is North Korea which constantly threatens the ability of US citizens to express themselves. How did I never see this before?
I really think the movie should still be released. Maybe not in theatres but through some other medium. As another article on the subject I read talked about, this will just set a precedent for future hackers. If you can silence one of the biggest companies in the US through a hack, what’s to stop hackers in the future from taking down other big corporations when they are not happy with something.
It’s just asking for more trouble in the future if the hackers “win”.
Re: Re:
The American conception of free expression comprehends both the right to speak—and the right not to speak. Compelled speech is as much an infringement as compelled silence.
Sony Pictures parent company may be in the best position to determine whether releasing the movie would cause an utterly intolerable loss of face for DPRK leadership.
In any event, whether or not they are truly in the best position to assess the cultural impact of the movie—in the end, it is up to the moviemakers to decide whether to speak or remain silent. They have the final word.
So citizens can be surveyed but the almighty companies cant
I take back that companies shouldnt have the rights of a person…….they shouldnt have rights SUPERIOR to a person
With the unintended transparancy, all this has taught me is that we need MORE “sony” hacks not less……until their not needed, which depends on these corporate governments getting some sense of a moral compass IN ALL FIELDS, because just even ONE bad apple will ruin the crop
Fixed it for them!
Media strategy
A good question—— “Why did the Sony hackers spend so much time leaking celebrity gossip?”, by Todd VanDerWerff, Vox, December 22, 2014
Intriguing theory. Not sure I believe it.
Please define "gravest threat"
Like other people are saying, how does the FBI define “gravest threat”?
Some hackers hacked into an insecure *private* company, threatened “something, something, movie theaters” and suddenly this is a “grave threat”.
But that’s good- keep up the hyperbole and soon everyone will be so dulled by every “gravest threat” that no one will listen.
It’s almost like they’ve never heard the story about the boy who cried wolf.
On the other hand, this is excellent cover to move away from the torture report.
Bombing The Interview
I read it somewhere quoting #GOP that if you even lived near a theatre showing it, you’re too close. Pretty stupid, but perfect if you want to discredit them. Who said it really?
We always like to blame others....
It’s so easy to point the finger and in serious situations like the Sony hack we need closure, we want to blame someone. It’s a natural human thing, I think if we want to be proactive in the future we need to get past the idea of everything needs to be blamed on something.
Great read!
Jullian