James Clapper Claims That Sony Hack 'The Most Serious Cyberattack On The US Yet'; Which Suggests No Serious Cyberattacks
from the go-on-with-your-day dept
At a cybersecurity conference at Fordham university, Director of National Intelligence James Clapper apparently claimed that the Sony Hack was “the most serious cyberattack” made to date against the US. If that’s true (and it’s likely not), then that really kind of undermines all the claims about just how “serious” cyberattacks are to national security. Yes, the Sony Hack was incredibly embarrassing to Sony and some individuals and partners. Yes, it may cost Sony a significant amount of money in cleaning up the mess. But no one died. No serious long-term problems were created by it. No one has to “rebuild” a city. The actual impact of the hack on the day-to-day lives of most people is next to nothing. For years, people like Clapper have been warning of the pending “cyber Pearl Harbor,” and if this is the best they’ve got so far… sorry, but that’s just not that serious.
At the same event, Clapper apparently insisted not only that he was sure North Korea was behind the hack, but that he knew who ordered it. He also revealed some more info on the (little known) fact that he had traveled to North Korea two weeks before the hack, where he met with the guy he now says is responsible. Marcy Wheeler raises some questions about whether Clapper’s trip had something to do with the hack (if it really was done by North Korea).
Speaking of which, at the very same event, FBI director James Comey, once again, insisted that North Korea was responsible and claimed that the hackers “got sloppy” and revealed their own IP addresses. It could be that. Or whoever did it could have been slightly more sophisticated, leaving false markers pointing to North Korea. But, as of right now the FBI is sure that sloppiness is a better excuse.
Either way, it still seems like much more is being made of the Sony Hack than it deserves. Yes, it was a big hack, and yes, it revealed a ton of private documents that clearly has embarrassed Sony quite a bit. But if the future of war involves embarrassing big companies, rather than killing thousands of people — I think I’d make that trade off.
Filed Under: cybersecurity, james clapper, odni, sony hack
Companies: sony
Comments on “James Clapper Claims That Sony Hack 'The Most Serious Cyberattack On The US Yet'; Which Suggests No Serious Cyberattacks”
Perhaps that's *why* the goverment claims N. Korea did it ....
Perhaps the hack was done at the request of or agreement with the US government.
If the US government asked N. Korea to hack Sony, then the US government would have some strong (but un-shareable) evidence that N. Korea was behind the hack.
Re: Perhaps that's *why* the goverment claims N. Korea did it ....
I doubt the US government has much pull with N Korea.
However, the attack uses a number of avenues that are very likely already fully compromised by US intelligence. Because of this, the US has every reason to distract everyone from the fact that it might have been them who did it, or at least they could have prevented it had they had the desire to do so.
N Korea also has access to those attack avenues, and the US knows this. No idea why they’re so strenuously pointing it out though; I would have thought this was a perfect candidate for parallel reconstruction.
Re: Perhaps that's *why* the goverment claims N. Korea did it ....
secret evidence they cannot show has always been the basis for their illegal actions, nothing new
Re: Perhaps that's *why* the goverment claims N. Korea did it ....
so-o-o-o, they are apparently conceding that ANY inconvenience for a transnational korporation constitutes an ‘attack’ on amerika ? ? ?
’cause that sure seems like the takeaway…
are we not even going to pretend our warmaking is about preserving ‘freedom and democracy’, but merely preserving profits of transnational korporations ? ? ?
the last stages of Empire consolidation: the pretense is abandoned…
Empire must fall.
the sooner the fall,
the gentler for all…
2009
The 2009 attacks were much bigger, but most of the victims were never revealed.
In terms of predicting the future I’m not sure it matters who did it. We know there will he more, from all over and they will escalate.
Sony had ample time to beef their net security. It just wasn’t important to them until their secrets got spilled. Not once but twice it was reported after the hack that Sony had their passwords stored in the clear in a folder called Passwords.
This is about a corporation that couldn’t be bothered with trivial stuff like internet security. Nor does it appear it was willing to pay for the beef up it would take until their nose was rubbed in the puddle like a puppy being housebroken.
You have to take responsibility when it is your own damn fault it’s so easy.
Re: Re:
Given Clapper’s set of ethics when it comes to oaths and truth telling I would not believe this man if his hand was on a stack of bibles.
Wow
Movies were published, the network was taken down (as far as I know) of a PRIVATE company. So…maybe I am slow here so please correct me, how exactly is this a cyberattack (sry for using cyber) on the United States of America? Does Sony rule the USA? I always thought they were a japanese company. Does Japan belong to the USA? Im from Europe so please excuse my confusion.
Re: Wow
I was too slow with my comment! Great minds think alike.
Re: Re: Wow
Fenderson— during WWII, when the U.S. West Coast felt threatened, many American citizens were rounded up based on their Japanese ancestry. It was racist. It was also wrong.
The United States has perhaps not apologized deeply enough to its own citizens. But I had at least hoped that those racist attitudes were no longer considered acceptable.
Re: Re: Re: Wow
Is Techdirt doing a “Theme of the Week” thing now? If so, is this week “Ambiguous Satire,” or is it “Comically Missing the Point”?
Re: Re: Re:2 Wow
Could be … or maybe this week it is
– Get a Crackhead to Comment –
Re: Re: Re:3 Wow
Ambiguity it is, then.
Re: Re: Re: Wow
… rounded up based on their Japanese ancestry. It was racist. It was also wrong … But I had at least hoped that those racist attitudes were no longer considered acceptable.
WTF are you on about? Even among those who still cling to the idea of different human races (scientific consensus is that racial groups cannot be biologically defined.) they still don’t imagine “Japanese” as a race.
Aside from that, how the hell is factually pointing out that Sony is a private company not from the US but from Japan racist or insensitive or anything but just a simple fact?
Re: Re: Re: Wow
Racism in no way enters into this.
Re: Re: Re:2 Wow
Thank you.
People in California are guaranteed equal protection of the laws.
Re: Wow
• The Sony Pictures Entertainment is based in Culver City, California.
• A federal crime was committed against them, in California.
• SPE’s relationship as the daughter company of a Japanese parent adds a foreign policy dimension. The United States, ever since the end of WWII, has had an evolving strategic relationship with Japan.
• A foreign state which attacks Japan, attacks United States interests. The United States holds a nuclear umbrella.
Re: Re: Wow
A foreign state which attacks Japan, attacks United States interests. The United States holds a nuclear umbrella.
What a load of utter unadulterated Bullshit!
In that case the USA should be going after the Australian people because we attacked Japan in the World court for it’s Whaling practices.
You sir instead are an idiot and have no clue about anything. The US govt is stating that this is an attack on the USA for one and only one reason. It is in their current interest to make people fearful and serves THEIR and definitely no one elses agenda!
Re: Re: Re: Wow
The Australian position is welcome.
Re: Re: Wow
Regarding your last bulletpoint – yer right. As the US has interest in any state and it´s resources – everywhere US interests are being attacked – the US is under attack. That´s the reason why article 5 of the NATO which has been invoked in 2001 rightfully is still ongoing.
Re: Re: Re: Wow
In what form do these “attacks” occur?
Did someone call someone else a poopy head? Because that is an attack – right?
Re: Re: Wow
The Sony Pictures Entertainment is based in Culver City, California.
So what? Sony Pictures Entertainment Inc. (SPE) is the American entertainment subsidiary of Japanese multinational technology and media conglomerate Sony.
Garshk, I hope I’m not being racist! /sarcasm
Re: Re: Re: Wow
All depends on context.
If the next thing you’re going to say is, ‘The Irish beat cop should just ignore Asian on Asian crime in Chinktown’, well, that’s almost as bad as having the Mick’s Wop partner just grabbing the first likely suspect to slam against the wall.
Re: Wow
Sony Pictures Entertainment is an American subsidiary of multinational Sony. In America, corporations are people with freedom of speech. Speech and money are equivalent (much like mass/energy in relativity), and corporations are very talkative. They also form “The Lobby,” which is our fourth branch of government. Hope this helps.
Re: Wow
Merger of global and state. I think some italian guy who was president 100 years ago invented the concept. Starts with the letter F, if I would think so myself.
Re: Re: Wow
merger of corporations and state
post half ruined now, meh
Curious definition of "The US"
Of all of the things that irritate me about this Sony hack business — and there are several — perhaps topping the list is that government officials keep painting it as an attack on the US.
It wasn’t. It was an attack on Sony. Admittedly, in this day of major corporations running nations my information may be out of date but the last time I checked, Sony was not the United States.
Re: Curious definition of "The US"
Sony bribes US officials…
Any attack on Sony is considered an attack on the people Sony bribes.
The US Gov had indisputable evidence that weapons of mass destruction were in Iraq too. We all know how that turned out. Fool me once, shame on you. Fool me twice, shame on me.
Re: Re:
Fool me once … shame on you.
Fool me – can’t get fooled again.
Re: Re: Re:
Mission Accomplished
Re: Re: Re: Re:
At least with Dubya, we have a large volume of quotes that are hilarious or crazy. Now I know the man broke his brain with cocaine (brought in the US by his dad nonetheless, but also his political “enemy” (lol yeah right) Bill Clinton).
If an attack on Sony constitutes an attack on US national security. Then that means when UK launched their Regin malware attack against Belgacom telecommunications. It also constitutes an attack against Belgium’s nation security.
At least N. Korea has the decency to not attack it’s so called allies. Let’s not forget Stuxnet. Which was a US launched cyber attack against Iran.
I believe sanctions against the UK and US are in order. I have definitive evidence that links both the US and UK to the Stuxnet and Regin cyber attacks.I can’t share the details with you, because the evidence is a secret. You’ll just have to trust me on it.
Re: Re:
There are claims of NK IP Addr being used, this does not mean it could not have been originated elsewhere. The evidence presented / leaked is quite circumstantial.
corperate pride hurt
But some intellectual property was stolen !
And a US corporation made to look stupid – these people are major campaign donors.
This is far more important than infrastructure being destroyed or ordinary mere moral citizens being killed.
Get your priorities right for 21st century USA……
IP addresses are not attribution
Speaking of which, at the very same event, FBI director James Comey, once again, insisted that North Korea was responsible and claimed that the hackers “got sloppy” and revealed their own IP addresses.
Everyone who’s been paying attention to security issues over the past decade-plus knows that IP addresses, while indicative of where an attack is coming from, are not indicative of who is conducting the attack.
One massive and ongoing example of this is the unceasing torrent (heh) of spam flowing from compromised systems all over the planet. Everyone who runs a mail server and pays attention to the logs has been watching this ever since SoBig and its variants began taking over Windows systems and installing spam-distributing malware on them. There are several hundred million of these systems out there, right now, and their putative owners — that is, the people who think those systems belong to them — are almost entirely unaware of this. The real owners — the people who are controlling them — have taken pains to make sure of that.
In the time it took me to write that paragraph, these systems all tried delivering spam:
78.186.118.79.static.ttnet.com.tr [78.186.118.79]
ip250594c8.dynamic.kabel-deutschland.de [37.5.148.200]
bzq-126-168-31-214.red.bezeqint.net [31.168.126.214]
87.Red-81-45-228.staticIP.rima-tde.net [81.45.228.87]
They’re in Turkey, Germany, Israel and Spain, respectively. They’re almost certainly end-user systems deployed on cable/DSL/fiber, and the people sitting in front of them tonight have no idea that this is going on. They would be equally unaware if those systems were repurposed to launch an SSH brute-force attack or to exfiltrate data from a corporation or anything else.
So the fact that — allegedly — some portion of the Sony attacks originated from IP addresses in North Korea means nothing. Just as a spammer in the US could be the one really behind those four IP addresses, an attacker in Denmark could be behind the addresses in North Korea.
Re: IP addresses are not attribution
Re: Re: IP addresses are not attribution
I doubt Jimmy can claim to have the backing of the executive in everything he mutters.
Re: IP addresses are not attribution
I clicked insightful, although pretty much everyone here knows this. Your post should be distributed to all media, even the fake alternative media and the real alternative media. (fake alternative means funded by people who fun large tv broadcasters while funding democracynow for example…)
Reading between the lines
Now everything we’ve already done can be retroactively be deemed “legal” and have an easier time from this point on
The various allegations as we know them
(Granted, we don’t know the veracity of much here)
Two US spies were captured in North Korea. The US sends the most disreputable envoy imaginable (Spymaster Clapper) to North Korea, which releases these spies to him for, supposedly, nothing in exchange (other than the goodwill of the US). North Korea then hacks a US company making a movie of two spies in North Korea to kill their leader. This hack exposes that the US State Department helped shape the ending of the film. The US instantly names North Korea as the perpetrator and possibly retaliates by temporarily disrupting the internet in the country (which, if it happened to us, would be a lot more of an economic disaster than any Sony doxing).
I have no plans to see the Sony movie – real life in this case seem way more fascinating than any movie could be. I need some popcorn.
Re: The various allegations as we know them
While Sony got great hype on the movie over this, I have no plans to see the movie either. When I first heard of it, my opinion was that it was at best a B grade movie and in all probability didn’t rank that high. Nothing in all this has changed my mind that the movie has gotten any better than when it was released.
I have no plans to see this movie and highly doubt it is worth the ticket price to see it. In today’s movie world only 2 maybe 3 movies a year are worth watching, the rest are trash trying to cash in on some other mark of success that another movie triggered.
Re: Re: The various allegations as we know them
Perhaps this is more to your taste in conversation pieces?: “Art review: ‘Zen, Tea and Chinese Art in Medieval Japan’ at Freer Gallery”.
People want something to talk about. Whatever floats your boat.
Re: Re: The various allegations as we know them
Awwwww, and this after Sony spend so much political currency on their marketing campaign?
Re: The various allegations as we know them
This is very interesting. The first part, I didn’t know of, or forgotten it through the avalanche of news, mostly bad, we have our brains crammed with and I have ADD so meditation to clear my head is out of question.
Sony hack attack on US?
Last I checked, Sony was based in Tokyo, Japan.
Re: Sony hack attack on US?
So what?
The U.S.M.C. III Marine Expeditionary Force Headquarters is based at Camp Courteny on Okinawa.
Re: Re: Sony hack attack on US?
and your head seems to be based in your arse… your point?
Re: Re: Re: Sony hack attack on US?
AC was alluding to empire. You don’t need to be a dick just because you don’t get something.
Sony hack attack on US?
Much respect to the Corps, but that still doesn’t make it American soil.
Re: Sony hack attack on US?
Culver City, California —where Sony Pictures Entertainment is based— is Japanes soil now? Does that mean the Marines on Okinawa have been cut off?
Re: Re: Sony hack attack on US?
Sony Corporation (ソニー株式会社 Sonī Kabushiki Gaisha?), commonly referred to as Sony, is a Japanese multinational conglomerate corporation headquartered in Kōnan Minato, Tokyo, Japan.
Re: Re: Sony hack attack on US?
Your post is disingenuous to the point of being misleading. That is commonly called a “lie”.
Re: Re: Re: Sony hack attack on US?
I am sorry you see it that way. A person does not always wish to tell the truth to random strangers one finds on the internet.
But wouldn’t it be polite for you explain the significance of the location of the parent corporation’s headquarters? In relation to the attack against the daughter company.
Your initial question looms over us, but I have already provided collateral. Unless you accuse the New York Times.
sony, america? what?
Re: Re:
My thoughts, exactly. Even the next Super-HD TV that all companies, Japanese or not will be implenting (1080p to 4000p)will be a multinational event.
Since corporations are now “people”, I suppose they think they automatically get citizenship in whatever country they maintain a presence, office, or toxic dump site.
I’m sorry to inform you corporations, but I think you will first have to submit the paperwork, wait a long time and then pass a citizenship test.
Also – if your plans include getting your grubby hands upon that sweet sweet taxpayer money, you maybe required to pass a drug test and show proof you are looking for employment.
“For years, people like Clapper have been warning of the pending “cyber Pearl Harbor,” and if this is the best they’ve got so far… sorry, but that’s just not that serious.”
I’m still more devastated about the loss of the SS Minnow.
???
Sony, main location is in the USA???
DONT THINK SO..
Last I heard most of it happened to Sony Brazil..where the main servers are..
Re: ???
eVEN IF IT ISNT..
They were running 1999 server software,
Avoided recommendations from server admins,
And NO ONE noticed people SITTING on the server for DAYS at a time..
Re: ???
“Sony Cyberattack, First a Nuisance, Swiftly Grew Into a Firestorm”, by Michael Cieply and Brooks Barnes, New York Times, Dec 30, 2014
Insert ” a bag of shit said” and that would qualify for most US government officials when they try to defend their illegal behaviour
Excuse me for noticing, but the term “sloppy” should applied liberally and richly to the morons in Sony that were responsible for Network Security and what they laughingly call work.
Re: Re:
The network guys can only do what management allows them to do. And if they were slacking off, it’s still management’s role to ensure the work is done.
The only reason why this is being deemed the most serious cyberattack comes down to the fact that we, once again, have irrefutable proof corporations are doing illegal things and got caught doing them.
This is the “Snowden” effect of the MPAA: using AGs illegally for a business model long overdue for an overhaul.
With so many pants down right now, of course the FBI will see it as serious.
After all, the FBI is the police force of the movie industry (for reasons that are still unexplained).
He really admited that he talked with the guy who did it just two weeks before?
That alone should get him on every single watchlist they ever had and a ticket to gitmo. This was the biggest terrurist cyber attack ever and he is in the middle of it, he is cyber osama ffs.
Who cares
Clapper is a traitor who lied to Congress as well as deluded felon. As dumbassed as Dick Cheney when he insisted that there were WMD’s in Iraq. (Still havent found those). Senior officials make policy based on lies should face felony charges.
Hypocrisy..
The damage that the NSA and GCHQ has done to citizens and various companies around the world with their hacks, is far more serious for global security than what happend to Sony.. For some reason that seems to be forgotten.. It’s ok for the US to do the hacking around the world, but if someone tries to do the same to the US, then all hell breaks loose.. Don’t get it :/
James Clapper is a fucking liar – under oath. Nothing he says can be trusted.
With this remark it is clear that as a government employee, Clapper is either to ignorant to express an opinion, is in violation of his oath of office, or most likely both.
clapper
clapper is an useful idiot…
Credibility Lost
As this is the same guy who gave the “least untruthful” answer when questioned by the Senate Intelligence Committee, I treat these latest comments as very likely to be some sort of fabrication (very likely the least untruthful of what he could have said).
Once a liar, always a liar.
The Pandering Politician and the Rise of the Police State
These comments by government officials emphasise who they believe are the real citizens of the U.S. and guess what: It isn’t 99% of those living in their country.
Sony is not a country. It’s a Japanese conglomerate. Fuck are these people imbeciles. If you want to attack North Korea of hacking, point at this : http://arstechnica.com/security/2015/01/surprise-north-koreas-official-news-site-delivers-malware-too/