FBI Still Standing By Its 'North Korea Did It!' Claims On The Sony Hack

from the still-pretty-sure dept

After the FBI formally named North Korea as being behind the Sony Hack, a lot of people in the cybersecurity community explained why they didn’t find the evidence at all compelling. There was pretty widespread disbelief in the story — though most admitted that it was possible that the FBI had additional evidence it wasn’t sharing. In the past few days, a lot of attention has been paid to a theory coming out of Norse Security, that the attack really came from a group of people (not associated with North Korea) including, in particular, a disgruntled ex-Sony employee. On Monday, the FBI met with Norse to hear what the company had to say, but apparently came away unconvinced. The FBI continues to stand by its assertion that North Korea did it.

Asked about the meeting and criticism on Monday, the FBI declined to comment beyond a prepared statement that they are confident the North Koreans are behind the crippling Thanksgiving attack and there is ?no credible information? to suggest otherwise.

Tuesday, a U.S. official familiar with the matter said after the three-hour meeting, law enforcement concluded that the company?s analysis ?did not improve the knowledge of the investigation.?

Ouch. Once again, it is entirely possible that the FBI has access to even more information that it has not shared. However, it does seem rather clear at this point that the evidence it has shared publicly is just as unconvincing to cybersecurity experts as the information those security experts have shared is unconvincing to the FBI.

Filed Under: , ,
Companies: norse security, sony, sony pictures

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Still Standing By Its 'North Korea Did It!' Claims On The Sony Hack”

Subscribe: RSS Leave a comment
Ricebowl says:

All part of the plan

If the FBI can successfully, credibly or, more likely, continually, blame North Korea then they get to declare cyber-war on another (much vilified) country, or terrorists. But if people successfully show it was an act of, or started by, a ‘disgruntled ex-employee’ then all they get is another investigation.

And the Feds have far more interesting things to do with their time, these days, than ‘investigate.’

Anonymous Coward says:

The FBI should refrain from making baseless accusations without any evidence to backup such claims. The whole “trust us, we have secret evidence”, is hardly compelling or believable.

If the FBI doesn’t want to provide classified evidence to the public, in order to backup their claims. Then they would be wise refrain from making such baseless accusations in public.

Obviously the FBI isn’t acting wisely. In fact, they look pretty silly.

Anonymous Coward says:

Spin cycle

Conservative hero Ben Carson on Sony: ‘I am proud of the president’ ”, by Jeremy Diamond, CNN, Dec 31, 2014

Tea party favorite and potential 2016 presidential candidate Ben Carson gave President Barack Obama some rare praise for his response to the North Korean cyberattack that threatened the release of a Sony Pictures movie.

“I am proud of the president of the United States for taking a tough stand on this issue,” . . .

Anonymous Coward says:

Re: Re: Spin cycle

Yeah, those people are completely trustworthy.

Public scorn for LG, Samsung’s ‘washing’ battle”, by Se Young Lee, Asian Age, Jan 1, 2015

South Korea’s two top technology firms, Samsung Electronics and LG Electronics, have a history of bitter rivalry, but their latest spat over a handful of washing machines has prompted a barrage of public mockery.

Anonymous Coward says:

Washington Senators

China involved in Sony attack? Senator says yes”, by CNN Wire, Q13 Fox News, Dec 29, 2014

WASHINGTON– Sen. Lindsey Graham hinted at China’s involvement in the North Korean cyberattack on Sony Pictures . . .

“I can’t imagine anything this massive happening in North Korea without China being involved or at least knowing about it,” [said] Graham, a Republican from South Carolina . . . .

Anonymous Coward says:

Re: Re: Washington Senators

Well, he’s right about that.

U.S. suspects North Korea’s surveillance body was involved in Sony cyberattack via Shenyang”, Japan Times, Jan 1, 2015

Hackers linked to North Korea’s surveillance authority are believed to have sent threats to Sony Pictures Entertainment Inc. executives using an Internet Protocol address in Shenyang, northeastern China, a diplomatic source familiar with U.S. investigations said Wednesday. . . .

Anonymous Coward says:

Re: Re: Re:2 Washington Senators

And why do you believe him?

Sony Hacking: After Seeing ‘The Interview, US Intel Chief Says North Koreans ‘Don’t Have a Sense of Humor’ ”, By Aaron Katersky, ABC News, Jan 7, 2015

Director of National Intelligence James Clapper revealed in a speech at Fordham Law School in New York today that he saw “The Interview” over the weekend, admitting that “it’s obvious to me the North Koreans don’t have a sense of humor.” . . .

Anonymous Coward says:

Re: Re: Re:3 Washington Senators

DNI Clapper: “… the North Koreans don’t have a sense of humor.”

GOP senator calls for Sony hack hearing”, by Cory Bennett, The Hill, Dec 21, 2014

Sen. Mark Kirk (R-Ill.) called on Congress to hold hearings on the destructive cyberattack that forced Sony Pictures to cancel the theatrical release of its controversial comedy, “The Interview.” . . .

Anonymous Coward says:

Re: Re: Re:4 Washington Senators

Sen. Mark Kirk (R-Ill.) called on Congress to hold hearings…

US intelligence director: Sony cyberattack demonstrates new North Korean threat”, Fox News (AP), Jan 7, 2015

 . . .  [Director of National Intelligence James] Clapper says the [North Korean] general made it clear North Koreans believe their country is under siege by the U.S. and that they are “deadly serious” about affronts to their “supreme leader.”

Anonymous Coward says:

Re: Washington Senators

Lindsay Graham is one crazy ginger head, that’s what I know. Just the way he speaks has a creepy ring about it, I wouldn’t be surprised he’s up high in the hierarchy of those high ranking politician pedophile circles.

My farts are better contribution to the survival of the human race than anything he says.

That Anonymous Coward (profile) says:

They have been given a whole couple truck loads of cash, and there is more if they can keep cyberattacks in their area of concern.
If after jumping to a conclusion, which seems untethered from reality, someone might decide someone else should do the job.
Also it helps consumer confidence that corporations are secure, and only nation states can hack them not 3 guys and Becki from accounting.
Keeping everyone worried about the balance of power in the world and distracted from the truth is how the nation has functioned for a very long time now and why not DPRK? The odds of a land war are slim, so other than some posturing there can be no downside… except if the reports of nukes are true.

Anonymous Coward says:

Re: Nukes [was ]

… except if the reports of nukes are true.

Kim Jong Un Open to ‘Highest-Level’ Talks With South Korea”, by Sam Kim, Bloomberg, Dec 31, 2014

Miniaturized Warheads

North Korea’s capacity to miniaturize nuclear warheads is believed to have reached a “considerable” level in the eight years since its first underground test, South Korea’s Defense Ministry said in an e-mailed statement this week. Its longest-range missile, the KN-08, with an estimated reach of 12,000 kilometers (7,458 miles) — enough to hit the continental U.S. — remains under development, the ministry said. . . .

Guardian says:

shall i quote 2 days of george bush

sept 11 bush said hackers were terrorists
so whoever i am i hacked the taliban website and told a mole of theirs….we knew of for LOL 8 bloody months….

freaked the fooker never came back and bush came on tv a second time and said and i’ll quote

“[goofy lil laugh smile a his] …ok hackers aren’t terrorists…but please don’t attack the talibans website, they might put information there”

they did attacks like this in the past we hackers know there operatis mottom so well we never got snared by there arrest of lolsec idiot….WE KNEW …..

and we know and are truly every where

Anonymous Coward says:

Re: Credibility [was ]

Why exactly is anyone trusting their word at this point?

Sony hacking: North Korea mystery continues”, Times of India (AFP), Dec 31, 2014

“I’m amazed that people continue to have doubts,” said James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies. “People love conspiracy theories.”. . .

“The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this,” he said.

That One Guy (profile) says:

Re: Re: Credibility [was ]

“The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this,” he said.

… or had something to gain by sticking to the ‘Those dastardly North Koreans did it!’ narrative.

Like, oh I dunno, to try and cram through the terrible(but great for the intelligence agencies) CISPA and CISPA clone bills, touted as being needed to ‘protect’ companies from cyber attacks, but which has been stomped flat the last couple of times they’ve tried to get it passed?

Anonymous Coward says:

Re: Re: Re: Credibility [was ]

The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this,” he said.

… or had something to gain…

Uncertainties cloud East Asia security prospects”, by Song Sang-ho, The Korean Herald, Dec 31, 2014

 . . . For both internal and external audiences, Kim, besieged by the international community, may be driven to carry out major provocations this year. They will be things with plausible deniability like the recent cyberattack on Sony Pictures, [Bruce] Bennett [a senior defense analyst at the think tank RAND Corporation] noted.

“North Korea has traditionally done many of these provocations primarily for internal political purposes. Therefore, if North Korea carries out a provocation in 2015, Kim Jong-un will likely be showing that he is concerned about instability in North Korea,” he said. . . .

Anonymous Coward says:

Re: Re: Re:3 Credibility [was ]

How very compelling.

Obama’s daunting new year”, by Nicholas Burns, Boston Globe, Jan 1, 2015

As President Obama looks ahead, 2015 may be the most challenging and consequential year of his presidency on foreign policy. Here are some major global tests . . .

Rebuild Brand America: Many Americans may not realize just how much our major asset — the trust others have in us — has taken a major hit overseas. . . .

Anonymous Coward says:

Re: Re: Re:2 Credibility [was ]

Oh the RAND corp, the corporation that has computerized models of a perfect society where everyone is taking advantage of others at a level that is acceptable to each other, so basically a system on how make a viable world for psychopaths.

No wonder they’ve only ever let one journalist look at their database of research.

Anonymous Coward says:

FBI = Keystone CyberKops

“The FBI May Have Made An Embarrassing Mistake While Investigating The Sony Hack”


“a journalist who writes about cybersecurity stepped forward and claimed that he wrote the threat to CNN as a prank, copying another message that he found online and simply swapping some of the words.”

Anonymous Coward says:

This smells bad from the start. Hacker attacks typically take weeks and months to determine who, what, and where. Yet within days the FBI comes out with NK did it. A country that has troubles feeding its people and keeping the lights on.

According to one article I read NK has 1 count it, 1 ISP. That comes from China.

All the three letter agencies long ago lost all credibility to be believed over the lying done previously. Without proof it’s just another scheme to divert unwanted attention from their real problems or a plan to push through another insane bill to open up yet more individual privacy matters.

We’ve had too many examples of how this works to throw money at private corporations and too many examples of how to waste money on insane themes of unending wars. The real issues here are that those same 3 letter agencies have been responsible for many of the unpatched security concerns in software making much of the hacking possible.

BlueLIghtMemory says:

Ha ha ha the FBI says

The FBI says building 7 came down at free fall speed because of office fires. The FBI agrees that it was the magic bullet which killed Kennedy. The FBI sees no reason to arrest fast and furious, gun running Holder or the usurper Obama.

And now the FBI says North Korea did the Sony hack. Well then, North Korea obviously did it because the FBI says so. Ha ha ha ha. The FBI really needs to be on Saturday Night Live. They are funny.

Anonymous Coward says:

Re: Sanctions

United States Department of the Treasury press release: “Treasury Imposes Sanctions Against the Government of The Democratic People’s Republic Of Korea”, Jan 2, 2015

In response to the Government of the Democratic People’s Republic of Korea’s numerous provocations, particularly the recent cyber-attack targeting Sony Pictures Entertainment and the threats against movie theaters and moviegoers, President Obama today signed an Executive Order (E.O.) authorizing the imposition of sanctions against the Government of North Korea and the Workers’ Party of Korea. . . .

Anonymous Coward says:

Re: Sanctions

The White House, Office of the Press Secretary: “Statement by the Press Secretary on the Executive Order Entitled ‘Imposing Additional Sanctions with Respect to North Korea’ ”, Jan 2, 2015

 . .  As the President has said, our response to North Korea’s attack against Sony Pictures Entertainment will be proportional, and will take place at a time and in a manner of our choosing. Today’s actions are the first aspect of our response.

That One Guy (profile) says:

Re: Re: Sanctions

‘Proportional’? Are they even listening to themselves? Assuming that they are right, and that NK is responsible for the Sony hack, one company got hacked, and the ‘proportional’ response is sanctions against an entire country?

Do they even pretend that they don’t work directly for the large companies anymore?

Anonymous Coward says:

Re: Re: Re: Sanctions

… sanctions against an entire country?

The 39th president of the United States, Jimmy Carter, writing in the Washington Post, “Cuba, North Korea, and getting sanctions right” (Dec 26, 2014):

 . . . When non-military pressure on a government is considered necessary, economic sanctions should be focused on travel, foreign bank accounts and other special privileges of government officials who make decisions, not on destroying the economy that determines the living conditions of oppressed people.

Anonymous Coward says:

Re: Re: Re: Sanctions

… sanctions against an entire country?

Obama administration imposes sanctions on North Korea, after Sony hack”, Fox News, Dec 2, 2015

 . . . Rep. Ed Royce, R-Calif., chairman of the House Foreign Affairs Committee, called for stronger measures.

“It’s good to see the Administration challenging North Korea’s latest aggression – cyberattacks that can do grave damage,” he said in a statement. “But many of the North Koreans blacklisted today have already been targeted by U.S. sanctions. We need to go further to sanction those financial institutions in Asia and beyond that are supporting the brutal and dangerous North Korean regime, as was done in 2005.”

That One Guy (profile) says:

Re: Re: Re:2 Sanctions

cyberattacks that can do grave damage

And here’s the million dollar question, one that never seems to be asked by politicians, but just taken as truth:

What ‘grave damage’ would that be?

I’ve read stories about some dirty laundry being aired, stories about a few people in various companies and organizations suddenly trying to get rid of the egg on their face, but I have yet to see a story about how Sony, and more importantly, the US, is suffering any ‘grave damage’ due to Sony being hacked. The way they’re flipping out, you’d think that the DOJ/CIA’s networks were broken into, not just a large electronics/entertainment company.

Anonymous Coward says:

Re: Re: Re:3 Sanctions

The way they’re flipping out…

U.S. Sanctions Seen as Warning to Nations Backing Cyber-Attacks”, by Jim Snyder, Bloomberg, Jan 2, 2015

 . . . For the U.S., the Sony attack was different because it wasn’t simply an attempt to disrupt traffic, spy or steal information, but to destroy data on a foreign network, said an administration official involved in the deliberations about how to respond.

Line Crossed

The latest penalties are intended as a signal to nations engaged in offensive cyber-activities that the attack on Sony crossed a line, according to the official, who asked for anonymity to discuss internal administration debates. . . .

That One Guy (profile) says:

Re: Re: Re:4 Sanctions

but to destroy data on a foreign network

And uh, what data was destroyed again?

See, this is why it’s so hard to believe their claims or take them seriously, time and time again they blow things completely out of proportion in order to serve their agenda. The hackers managed to make off with I believe 11 TB worth of data, if they’d really wanted to delete things, they could have easily done it, yet instead they just copied stuff.

Anonymous Coward says:

Re: Re: Re:5 Sanctions

And uh, what data was destroyed again?

Update on Sony Investigation”, FBI press release, Dec 19, 2014

The attacks also rendered thousands of SPE’s computers inoperable . . .

•  . . . the data deletion malware used in this attack . . .

Sony Cyberattack, First a Nuisance, Swiftly Grew Into a Firestorm”, by Michael Cieply and Brooks Barnes, Dec 30, 2014

 . . . internal data centers had been wiped clean, and 75 percent of the servers had been destroyed.

Top congressional Democrat asks Sony for hack details”, Reuters, Dec 23, 2014

The top Democrat on the powerful U.S. House Oversight and Government Reform Committee has asked Sony Pictures Entertainment to hand over details . . .

He [Rep. Elijah Cummings] also sought findings from any related forensic investigations or analyses . . .

He also requested a briefing by Jan. 19 from Sony’s chief information security officer or similar top IT executive.

In his letter, he cited reports indicating that in addition to deploying destructive malware . . .

Anonymous Coward says:

Re: Re: Re:6 Sanctions


FBI memo warns of malware possibly linked to hack at Sony Pictures”, by Steve Ragan, CSO (“Salted Hash” webcolumn), Dec 1, 2014

A Flash Alert issued by the FBI on Monday is warning those within its distribution circle about a type of malware that has the ability to destroy any system it infects. The memo, #A-000044-MW, was obtained by Salted Hash from a source that wishes to remain anonymous.

Those who have seen the memo, including the group where it was first shared, are speculating that it’s related to the incident at Sony Pictures. . . .

Mandiant to Sony Pictures: Nothing could have prepared you for this”, by Steve Ragan, CSO (“Salted Hash” webcolumn), Dec 8, 2014

 . . . Mandia’s letter also makes mention of a recent FBI memo, confirming that it was in fact related to the malware discovered on the Sony Pictures network – something that was suspected the day the memo was circulated in the security community. . . .

Anonymous Coward says:

Re: Re: Re:6 Sanctions

Additional Followup:

Alert (TA14-353A): Targeted Destructive Malware, US-CERT, Dec 19, 2014


US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped with a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. . . .

Destructive Hard Drive Tool: This tool is a tailored hard-drive wiping tool . . .

(“Hackers Used Sophisticated SMB Worm Tool to Attack Sony”, by Mike Lennon, Security Week, Dec 19, 2014)

That One Guy (profile) says:

Re: Re: Re:6 Sanctions

So, they might have actually gotten a little more than a black eye out of the fiasco after all. Unfortunate, but I can’t really feel too sorry for them, after the whole Sony Rootkit thing a few years back.

Also, unless they were completely and utterly hopeless at data security, saying a bunch of data centers had been wiped clean, and servers destroyed, should be nothing more than a temporary problem, as they replace the compromised hardware, and restore what was lost from backups(they do have backups, right?).

Annoying and costly sure, but hardly apocalyptic level disaster.

Anonymous Coward says:

Re: Re: Re:5 Sanctions

…time and time again they blow things completely out of proportion in order to serve their agenda.

Menendez urges broader U.S. crackdown on North Korea”, by Jon Prior, Politico, Jan 4, 2015

“The one thing I disagree with the president on is when he characterized the action here against Sony by North Korea as an act of vandalism,” [outgoing Senate Foreign Relations Committee Chairman Robert] Menendez said. “Vandalism is when you break a window. Terrorism is when you destroy a building.”

In this case, Menendez said, North Korea “landed a virtual bomb on Sony’s parking lot.”

Anonymous Coward says:

Re: Re: Re:4 Sanctions

Bloomberg… Line Crossed

Compare with: “Experts: Sony hackers ‘have crossed the line’ ”, by Elizabeth Weise, KAGS News (USATODAY), Dec 17, 2014 (original story no longer readily available online at USA Today)

 . . . With a physical threat made, “the gloves are off,” said Philip Lieberman, a security expert with Lieberman Software.

“This is a well-known bright line and I can’t believe they crossed it,” Lieberman said. He called it “a tactical mistake” on the part of the hackers. . . .

John Fenderson (profile) says:

Re: Re: Re:4 Sanctions

“. . . For the U.S., the Sony attack was different because it wasn’t simply an attempt to disrupt traffic, spy or steal information, but to destroy data on a foreign network, said an administration official involved in the deliberations about how to respond. “

Interesting. So, deleting data, which — assuming that there is even a minimally competent backup program in place — is an act that isn’t all that damaging, is over “the line” but the more damaging activities of spying and copying that information is not? Bizarre.

Anonymous Coward says:

Re: Re:

… at this point, I believe statements from North Korea more than I believe the FBI of the United States…

Seth Rogen movie an ‘act of war,’ North Korea says”, by Choe Sang-Hun, Boston Globe, June 25, 2014

SEOUL, South Korea — North Korea on Wednesday [June 25, 2014] warned against the release of a Hollywood comedy film about a plot to assassinate its leader, Kim Jong Un, calling the movie an “act of war.”

“If the United States administration tacitly approves or supports the release of this film, we will take a decisive and merciless countermeasure,” a spokesman for its Foreign Ministry said in a statement carried by the state-run Korean Central News Agency. . . .

Anonymous Coward says:

Re: Didn't we learn from Iraq

And like people are saying, why does the US government have to “do something” when Sony is a Japanese *company*?

So let me get this straight. You feel that the U.S. government should not be concerned when a federal crime occurs in California.

And the reason why the U.S. government should not concern itself with this particular federal crime is because the victim is the American daughter company of a Japanese parent corporation? Is that right? The American daughter of a Japanese parent is not protected against federal crimes occurring in California.

Anonymous Coward says:

Re: Re: Re:5 Didn't we learn from Iraq

Seoul Less Sure Than U.S. General of Pyongyang’s Nuclear Weapons Progress”, by Jeyup S. Kwaak, Wall Street Journal (blog), Jan 6, 2015

How advanced is North Korea’s nuclear weapons program? Seoul appears less sure about its progress than the head of the U.S. military in Korea.

South Korea’s defense ministry said Tuesday that Pyongyang’s ability to produce a nuclear warhead was “at a significant level” and that North Korea had “the capability to threaten the contiguous U.S. with a long-range ballistic missile.”

But a ministry spokesman later said . . .

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...