FBI Still Standing By Its 'North Korea Did It!' Claims On The Sony Hack

from the still-pretty-sure dept

After the FBI formally named North Korea as being behind the Sony Hack, a lot of people in the cybersecurity community explained why they didn't find the evidence at all compelling. There was pretty widespread disbelief in the story -- though most admitted that it was possible that the FBI had additional evidence it wasn't sharing. In the past few days, a lot of attention has been paid to a theory coming out of Norse Security, that the attack really came from a group of people (not associated with North Korea) including, in particular, a disgruntled ex-Sony employee. On Monday, the FBI met with Norse to hear what the company had to say, but apparently came away unconvinced. The FBI continues to stand by its assertion that North Korea did it.
Asked about the meeting and criticism on Monday, the FBI declined to comment beyond a prepared statement that they are confident the North Koreans are behind the crippling Thanksgiving attack and there is “no credible information” to suggest otherwise.

Tuesday, a U.S. official familiar with the matter said after the three-hour meeting, law enforcement concluded that the company’s analysis “did not improve the knowledge of the investigation.”
Ouch. Once again, it is entirely possible that the FBI has access to even more information that it has not shared. However, it does seem rather clear at this point that the evidence it has shared publicly is just as unconvincing to cybersecurity experts as the information those security experts have shared is unconvincing to the FBI.

Filed Under: fbi, north korea, sony hack
Companies: norse security, sony, sony pictures


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Anonymous Coward, 31 Dec 2014 @ 1:27pm

    Insiders?

    Bruce Schneier wrote about this today, still many options on the table.

    https://www.schneier.com/blog/archives/2014/12/more_data_on_at.html

    reply to this | link to this | view in chronology ]

  • identicon
    Ricebowl, 31 Dec 2014 @ 1:33pm

    All part of the plan

    If the FBI can successfully, credibly or, more likely, continually, blame North Korea then they get to declare cyber-war on another (much vilified) country, or terrorists. But if people successfully show it was an act of, or started by, a 'disgruntled ex-employee' then all they get is another investigation.

    And the Feds have far more interesting things to do with their time, these days, than 'investigate.'

    reply to this | link to this | view in chronology ]

    • identicon
      sj, 31 Dec 2014 @ 2:00pm

      Re: All part of the plan

      Don't forget that the Sony Hack came at a really convenient time... just after all those torture attrocity suspicions were confirmed....

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 5 Jan 2015 @ 8:42am

      Re: All part of the plan

      "If the FBI can successfully, credibly [...]"

      There's the problem. Their claim has no credibility because they haven't backed it up with evidence. The FBI's default credibility isn't that high, so it's a bit weird that they actually expect us to take them at their word.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 1:42pm

    Because the FBI never lies and there is no way they were involved in the hacks in any way...
    Blaming NK is a political move. As i noticed in the last few years, every time the US says they have evidence to back up their claims but refuse to share it it turns out to be bullshit.

    reply to this | link to this | view in chronology ]

    • icon
      madasahatter (profile), 31 Dec 2014 @ 4:10pm

      Re:

      I think Occam's Razor applies here. The simplest explanation is that disgruntled (ex)-employees were heavily involved. The real question is why would NK want to hack and dump the information which acts more like revenge.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 1:43pm

    The FBI should refrain from making baseless accusations without any evidence to backup such claims. The whole "trust us, we have secret evidence", is hardly compelling or believable.

    If the FBI doesn't want to provide classified evidence to the public, in order to backup their claims. Then they would be wise refrain from making such baseless accusations in public.

    Obviously the FBI isn't acting wisely. In fact, they look pretty silly.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jan 2015 @ 11:52am

      Re:

      Well, the FBI, if they have 'SUPAH SEKRIT EVIDUNCE,' should reveal what their evidence is. This is not hard to comprehend in a remotely "just" society.

      reply to this | link to this | view in chronology ]

    • identicon
      me, 2 Jan 2015 @ 7:53am

      Re: these are the same guys who invent and solve their own plots.

      so of course we believe them. you keep thinking that,

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 1:45pm

    You mean like the weapons of mass destruction evidence...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jan 2015 @ 4:34am

      Re:

      Syrian gas attacks
      Malaysian plane

      Friendly reminder that the US still has evidence that proves that evil communists or dictators did those but refuse to share it. (syrian is comfirmed lie, gas was used by those who the US supports multiple times)

      reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 31 Dec 2014 @ 1:49pm

    It's an excuse to push through bad "Cyber Warfare" legislation. They want unfettered access to all electronic communications. Now they create an excuse to require backdoors.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 1:49pm

    Spin cycle

    Conservative hero Ben Carson on Sony: 'I am proud of the president' ”, by Jeremy Diamond, CNN, Dec 31, 2014
    Tea party favorite and potential 2016 presidential candidate Ben Carson gave President Barack Obama some rare praise for his response to the North Korean cyberattack that threatened the release of a Sony Pictures movie.

    "I am proud of the president of the United States for taking a tough stand on this issue," . . .

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jan 2015 @ 12:38pm

      Re: Spin cycle

      Oh, the tea party, you mean that movement that was about rejecting the official 911 story that was highjacked by wingnuts and the cock brothers who trademarked the organization? Yeah, those people are completely trustworthy.

      reply to this | link to this | view in chronology ]

  • identicon
    RR, 31 Dec 2014 @ 1:54pm

    Sad

    This attack LOL'd us better than anything Anonymous ever pulled off.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 2:04pm

    Washington Senators

    China involved in Sony attack? Senator says yes”, by CNN Wire, Q13 Fox News, Dec 29, 2014
    WASHINGTON– Sen. Lindsey Graham hinted at China’s involvement in the North Korean cyberattack on Sony Pictures . . .

    “I can’t imagine anything this massive happening in North Korea without China being involved or at least knowing about it,” [said] Graham, a Republican from South Carolina . . . .

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 31 Dec 2014 @ 2:15pm

    They have been given a whole couple truck loads of cash, and there is more if they can keep cyberattacks in their area of concern.
    If after jumping to a conclusion, which seems untethered from reality, someone might decide someone else should do the job.
    Also it helps consumer confidence that corporations are secure, and only nation states can hack them not 3 guys and Becki from accounting.
    Keeping everyone worried about the balance of power in the world and distracted from the truth is how the nation has functioned for a very long time now and why not DPRK? The odds of a land war are slim, so other than some posturing there can be no downside... except if the reports of nukes are true.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 Dec 2014 @ 8:55pm

      Nukes [was Re: ]

      ... except if the reports of nukes are true.

      Kim Jong Un Open to ‘Highest-Level’ Talks With South Korea”, by Sam Kim, Bloomberg, Dec 31, 2014
      Miniaturized Warheads

      North Korea’s capacity to miniaturize nuclear warheads is believed to have reached a “considerable” level in the eight years since its first underground test, South Korea’s Defense Ministry said in an e-mailed statement this week. Its longest-range missile, the KN-08, with an estimated reach of 12,000 kilometers (7,458 miles) -- enough to hit the continental U.S. -- remains under development, the ministry said. . . .

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 2:21pm

    Upcoming Hearing

    McCain to hold cybersecurity hearing after Sony attack”, by Jeremy Diamond, CNN, Dec 19, 2014
    Sen. John McCain, the incoming chairman of the Senate Armed Services Committee, will hold a hearing into the cyber attack on Sony Pictures in the first two weeks of the next Congress. . . .

    reply to this | link to this | view in chronology ]

  • identicon
    Guardian, 31 Dec 2014 @ 2:36pm

    space aliens did it

    NO I SAY SO , SO ITS TRUE

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 2:45pm

    Now they're also claiming the same hackers hacked some other company. Why would NK do that if they only cared about that movie?

    reply to this | link to this | view in chronology ]

  • identicon
    Jegerazade, 31 Dec 2014 @ 2:45pm

    False flag

    This looks to me like a classic false flag operation meant to distract from the torture report and boost support for CISPA/NSA surveillance/whatever they're calling it now. "This proves it. We must remove liability for corporate data sharing with the NSA or WE'LL ALL DIEEEEE!!!1" etc etc etc.

    reply to this | link to this | view in chronology ]

  • identicon
    Guardian, 31 Dec 2014 @ 2:47pm

    shall i quote 2 days of george bush

    sept 11 bush said hackers were terrorists
    so whoever i am i hacked the taliban website and told a mole of theirs....we knew of for LOL 8 bloody months....

    freaked the fooker never came back and bush came on tv a second time and said and i'll quote

    "[goofy lil laugh smile a his] ...ok hackers aren't terrorists...but please don't attack the talibans website, they might put information there"

    LIKE RETARD AHOY , LETS PUT OUR SUPER SECRET ATTACK PLAN ON A PUBLIC WEBSITE....and the fbi....
    they did attacks like this in the past we hackers know there operatis mottom so well we never got snared by there arrest of lolsec idiot....WE KNEW .....

    and we know and are truly every where

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 2:49pm

    i dont know any more than anyone else who was responsible but i wouldn't mind betting the accusation was thrown at N.Korea, just to give the excuse of starting some sort of action against it. it's not as if the USA has ever lied in such cases, is it!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 3:20pm

    from an organization that is supposed to protect its citizens from danger that goes around creating terrorism plots against americans.

    Why exactly is anyone trusting their word at this point?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 31 Dec 2014 @ 4:37pm

      Credibility [was Re: ]

      Why exactly is anyone trusting their word at this point?
      Sony hacking: North Korea mystery continues”, Times of India (AFP), Dec 31, 2014
      "I'm amazed that people continue to have doubts," said James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies. "People love conspiracy theories.". . .

      "The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this," he said.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 31 Dec 2014 @ 4:52pm

        Re: Credibility [was Re: ]

        "The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this," he said.

        ... or had something to gain by sticking to the 'Those dastardly North Koreans did it!' narrative.

        Like, oh I dunno, to try and cram through the terrible(but great for the intelligence agencies) CISPA and CISPA clone bills, touted as being needed to 'protect' companies from cyber attacks, but which has been stomped flat the last couple of times they've tried to get it passed?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 31 Dec 2014 @ 5:47pm

          Re: Re: Credibility [was Re: ]

          The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this," he said.
          ... or had something to gain...

          Uncertainties cloud East Asia security prospects”, by Song Sang-ho, The Korean Herald, Dec 31, 2014
           . . . For both internal and external audiences, Kim, besieged by the international community, may be driven to carry out major provocations this year. They will be things with plausible deniability like the recent cyberattack on Sony Pictures, [Bruce] Bennett [a senior defense analyst at the think tank RAND Corporation] noted.

          “North Korea has traditionally done many of these provocations primarily for internal political purposes. Therefore, if North Korea carries out a provocation in 2015, Kim Jong-un will likely be showing that he is concerned about instability in North Korea,” he said. . . .

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 1 Jan 2015 @ 4:30am

            Re: Re: Re: Credibility [was Re: ]

            So basically the 'evidence' you keep posting basically sums up to 'NK did it because we said so'.

            How very compelling.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 1 Jan 2015 @ 12:07pm

              Re: Re: Re: Re: Credibility [was Re: ]

              How very compelling.
              Obama’s daunting new year”, by Nicholas Burns, Boston Globe, Jan 1, 2015
              As President Obama looks ahead, 2015 may be the most challenging and consequential year of his presidency on foreign policy. Here are some major global tests . . .

              Rebuild Brand America: Many Americans may not realize just how much our major asset — the trust others have in us — has taken a major hit overseas. . . .

              reply to this | link to this | view in chronology ]

            • icon
              nasch (profile), 3 Jan 2015 @ 4:05pm

              Re: Re: Re: Re: Credibility [was Re: ]

              So basically the 'evidence' you keep posting basically sums up to 'NK did it because we said so'.

              It's not clear he's trying to prove a point with these quotes. Some of them almost seem random.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 4 Jan 2015 @ 3:08am

                Re: Re: Re: Re: Re: Credibility [was Re: ]

                Some of them almost seem random.
                I appreciate your use of the word “almost.”

                reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 2 Jan 2015 @ 12:52pm

            Re: Re: Re: Credibility [was Re: ]

            Oh the RAND corp, the corporation that has computerized models of a perfect society where everyone is taking advantage of others at a level that is acceptable to each other, so basically a system on how make a viable world for psychopaths.

            No wonder they've only ever let one journalist look at their database of research.

            reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 5 Jan 2015 @ 8:46am

        Re: Credibility [was Re: ]

        "The intelligence community would never have let (Obama) stick his neck out on this unless they had a high degree of confidence about this," he said.

        This is the funniest thing I've read today.

        reply to this | link to this | view in chronology ]

  • identicon
    Applesauce, 31 Dec 2014 @ 3:26pm

    Need new federal legislation

    Clearly, offering evidence contrary to the findings of the FBI causes confusion and may lead to error and wrong decision-making. What we obviously need is federal legislation outlawing (with severe penalties) disputes with the expert findings of the honorable men of the FBI. /s

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 4:56pm

    FBI = Keystone CyberKops

    "The FBI May Have Made An Embarrassing Mistake While Investigating The Sony Hack"

    http://uk.businessinsider.com/the-fbi-may-have-made-a-huge-mistake-in-its-investigation-of-the- sony-hack-2014-12

    "a journalist who writes about cybersecurity stepped forward and claimed that he wrote the threat to CNN as a prank, copying another message that he found online and simply swapping some of the words."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 31 Dec 2014 @ 5:32pm

    This smells bad from the start. Hacker attacks typically take weeks and months to determine who, what, and where. Yet within days the FBI comes out with NK did it. A country that has troubles feeding its people and keeping the lights on.

    According to one article I read NK has 1 count it, 1 ISP. That comes from China.

    All the three letter agencies long ago lost all credibility to be believed over the lying done previously. Without proof it's just another scheme to divert unwanted attention from their real problems or a plan to push through another insane bill to open up yet more individual privacy matters.

    We've had too many examples of how this works to throw money at private corporations and too many examples of how to waste money on insane themes of unending wars. The real issues here are that those same 3 letter agencies have been responsible for many of the unpatched security concerns in software making much of the hacking possible.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jan 2015 @ 10:05am

    "Once again, it is entirely possible that the FBI has access to even more information that it has not shared."

    Or that they're to ashamed that the egg on their faces won't wash away.

    reply to this | link to this | view in chronology ]

  • identicon
    BlueLIghtMemory, 1 Jan 2015 @ 4:09pm

    Ha ha ha the FBI says

    The FBI says building 7 came down at free fall speed because of office fires. The FBI agrees that it was the magic bullet which killed Kennedy. The FBI sees no reason to arrest fast and furious, gun running Holder or the usurper Obama.

    And now the FBI says North Korea did the Sony hack. Well then, North Korea obviously did it because the FBI says so. Ha ha ha ha. The FBI really needs to be on Saturday Night Live. They are funny.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jan 2015 @ 7:08am

    If FBI knew or had evidence of North Korea, they would never had wasted 3 hours at Norse.

    reply to this | link to this | view in chronology ]

  • icon
    Sheogorath (profile), 2 Jan 2015 @ 8:44am

    Good evidence here

    The Son¥ hack was very likely to have been committed by a disgruntled former employee. After all, who is more likely to have known of their continuing shoddy 'security' practices?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Jan 2015 @ 11:11am

    Sanctions

    In Response to Sony Attack, U.S. Levies Sanctions on 10 North Koreans”, by Michael S. Schmidt and David E. Sanger, New York Times, Jan 2, 2015
    The Obama administration doubled down on Friday on its allegation that North Korea’s leadership was behind the hacking of Sony Pictures as it announced new sanctions . . .

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jan 2015 @ 11:34am

      Re: Sanctions

      United States Department of the Treasury press release: “Treasury Imposes Sanctions Against the Government of The Democratic People’s Republic Of Korea”, Jan 2, 2015
      In response to the Government of the Democratic People’s Republic of Korea’s numerous provocations, particularly the recent cyber-attack targeting Sony Pictures Entertainment and the threats against movie theaters and moviegoers, President Obama today signed an Executive Order (E.O.) authorizing the imposition of sanctions against the Government of North Korea and the Workers’ Party of Korea. . . .

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jan 2015 @ 11:47am

      Re: Sanctions

      The White House, Office of the Press Secretary: “Statement by the Press Secretary on the Executive Order Entitled ‘Imposing Additional Sanctions with Respect to North Korea’ ”, Jan 2, 2015
       . .  As the President has said, our response to North Korea's attack against Sony Pictures Entertainment will be proportional, and will take place at a time and in a manner of our choosing. Today's actions are the first aspect of our response.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 2 Jan 2015 @ 3:43pm

        Re: Re: Sanctions

        'Proportional'? Are they even listening to themselves? Assuming that they are right, and that NK is responsible for the Sony hack, one company got hacked, and the 'proportional' response is sanctions against an entire country?

        Do they even pretend that they don't work directly for the large companies anymore?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 2 Jan 2015 @ 4:54pm

          Re: Re: Re: Sanctions

          ... sanctions against an entire country?
          The 39th president of the United States, Jimmy Carter, writing in the Washington Post, “Cuba, North Korea, and getting sanctions right” (Dec 26, 2014):
           . . . When non-military pressure on a government is considered necessary, economic sanctions should be focused on travel, foreign bank accounts and other special privileges of government officials who make decisions, not on destroying the economy that determines the living conditions of oppressed people.

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 2 Jan 2015 @ 6:01pm

          Re: Re: Re: Sanctions

          ... sanctions against an entire country?
          Obama administration imposes sanctions on North Korea, after Sony hack”, Fox News, Dec 2, 2015
           . . . Rep. Ed Royce, R-Calif., chairman of the House Foreign Affairs Committee, called for stronger measures.

          “It’s good to see the Administration challenging North Korea’s latest aggression - cyberattacks that can do grave damage,” he said in a statement. “But many of the North Koreans blacklisted today have already been targeted by U.S. sanctions. We need to go further to sanction those financial institutions in Asia and beyond that are supporting the brutal and dangerous North Korean regime, as was done in 2005.”

          reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 2 Jan 2015 @ 7:16pm

            Re: Re: Re: Re: Sanctions

            cyberattacks that can do grave damage

            And here's the million dollar question, one that never seems to be asked by politicians, but just taken as truth:

            What 'grave damage' would that be?

            I've read stories about some dirty laundry being aired, stories about a few people in various companies and organizations suddenly trying to get rid of the egg on their face, but I have yet to see a story about how Sony, and more importantly, the US, is suffering any 'grave damage' due to Sony being hacked. The way they're flipping out, you'd think that the DOJ/CIA's networks were broken into, not just a large electronics/entertainment company.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 2 Jan 2015 @ 7:32pm

              Re: Re: Re: Re: Re: Sanctions

              What 'grave damage' would that be?
              Does North Korea's Sony hacking qualify as an 'attack' on US?”, by Wyatt Olson, Stars and Stripes, Dec 23, 2014
              [T]he Sony hacking case illustrates how tricky it is to gauge a proportional response to cyber invasions.

              reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 2 Jan 2015 @ 8:10pm

              Re: Re: Re: Re: Re: Sanctions

              The way they're flipping out...
              U.S. Sanctions Seen as Warning to Nations Backing Cyber-Attacks”, by Jim Snyder, Bloomberg, Jan 2, 2015
               . . . For the U.S., the Sony attack was different because it wasn’t simply an attempt to disrupt traffic, spy or steal information, but to destroy data on a foreign network, said an administration official involved in the deliberations about how to respond.

              Line Crossed

              The latest penalties are intended as a signal to nations engaged in offensive cyber-activities that the attack on Sony crossed a line, according to the official, who asked for anonymity to discuss internal administration debates. . . .

              reply to this | link to this | view in chronology ]

              • icon
                That One Guy (profile), 3 Jan 2015 @ 9:07pm

                Re: Re: Re: Re: Re: Re: Sanctions

                but to destroy data on a foreign network

                And uh, what data was destroyed again?

                See, this is why it's so hard to believe their claims or take them seriously, time and time again they blow things completely out of proportion in order to serve their agenda. The hackers managed to make off with I believe 11 TB worth of data, if they'd really wanted to delete things, they could have easily done it, yet instead they just copied stuff.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 4 Jan 2015 @ 2:50am

                  Re: Re: Re: Re: Re: Re: Re: Sanctions

                  And uh, what data was destroyed again?

                  Update on Sony Investigation”, FBI press release, Dec 19, 2014
                  The attacks also rendered thousands of SPE’s computers inoperable . . .

                  •  . . . the data deletion malware used in this attack . . .


                  Sony Cyberattack, First a Nuisance, Swiftly Grew Into a Firestorm”, by Michael Cieply and Brooks Barnes, Dec 30, 2014
                   . . . internal data centers had been wiped clean, and 75 percent of the servers had been destroyed.



                  Top congressional Democrat asks Sony for hack details”, Reuters, Dec 23, 2014
                  The top Democrat on the powerful U.S. House Oversight and Government Reform Committee has asked Sony Pictures Entertainment to hand over details . . .

                  He [Rep. Elijah Cummings] also sought findings from any related forensic investigations or analyses . . .

                  He also requested a briefing by Jan. 19 from Sony's chief information security officer or similar top IT executive.

                  In his letter, he cited reports indicating that in addition to deploying destructive malware . . .

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 4 Jan 2015 @ 4:11am

                    Re: Re: Re: Re: Re: Re: Re: Re: Sanctions

                    Followup:

                    FBI memo warns of malware possibly linked to hack at Sony Pictures”, by Steve Ragan, CSO (“Salted Hash” webcolumn), Dec 1, 2014
                    A Flash Alert issued by the FBI on Monday is warning those within its distribution circle about a type of malware that has the ability to destroy any system it infects. The memo, #A-000044-MW, was obtained by Salted Hash from a source that wishes to remain anonymous.

                    Those who have seen the memo, including the group where it was first shared, are speculating that it's related to the incident at Sony Pictures. . . .


                    Mandiant to Sony Pictures: Nothing could have prepared you for this”, by Steve Ragan, CSO (“Salted Hash” webcolumn), Dec 8, 2014
                     . . . Mandia's letter also makes mention of a recent FBI memo, confirming that it was in fact related to the malware discovered on the Sony Pictures network – something that was suspected the day the memo was circulated in the security community. . . .

                    reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 4 Jan 2015 @ 4:30am

                    Re: Re: Re: Re: Re: Re: Re: Re: Sanctions

                    Additional Followup:

                    Alert (TA14-353A): Targeted Destructive Malware, US-CERT, Dec 19, 2014
                    Overview

                    US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company. This SMB Worm Tool is equipped with a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. . . .

                    Destructive Hard Drive Tool: This tool is a tailored hard-drive wiping tool . . .


                    (“Hackers Used Sophisticated SMB Worm Tool to Attack Sony”, by Mike Lennon, Security Week, Dec 19, 2014)

                    reply to this | link to this | view in chronology ]

                  • icon
                    That One Guy (profile), 4 Jan 2015 @ 5:37pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Sanctions

                    So, they might have actually gotten a little more than a black eye out of the fiasco after all. Unfortunate, but I can't really feel too sorry for them, after the whole Sony Rootkit thing a few years back.

                    Also, unless they were completely and utterly hopeless at data security, saying a bunch of data centers had been wiped clean, and servers destroyed, should be nothing more than a temporary problem, as they replace the compromised hardware, and restore what was lost from backups(they do have backups, right?).

                    Annoying and costly sure, but hardly apocalyptic level disaster.

                    reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 4 Jan 2015 @ 7:58am

                  Re: Re: Re: Re: Re: Re: Re: Sanctions

                  ...time and time again they blow things completely out of proportion in order to serve their agenda.
                  Menendez urges broader U.S. crackdown on North Korea”, by Jon Prior, Politico, Jan 4, 2015
                  “The one thing I disagree with the president on is when he characterized the action here against Sony by North Korea as an act of vandalism,” [outgoing Senate Foreign Relations Committee Chairman Robert] Menendez said. “Vandalism is when you break a window. Terrorism is when you destroy a building.”

                  In this case, Menendez said, North Korea “landed a virtual bomb on Sony’s parking lot.”

                  reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 4 Jan 2015 @ 6:39am

                Re: Re: Re: Re: Re: Re: Sanctions

                Bloomberg... Line Crossed

                Compare with: “Experts: Sony hackers 'have crossed the line' ”, by Elizabeth Weise, KAGS News (USATODAY), Dec 17, 2014 (original story no longer readily available online at USA Today)
                 . . . With a physical threat made, "the gloves are off," said Philip Lieberman, a security expert with Lieberman Software.

                "This is a well-known bright line and I can't believe they crossed it," Lieberman said. He called it "a tactical mistake" on the part of the hackers. . . .

                reply to this | link to this | view in chronology ]

              • icon
                John Fenderson (profile), 5 Jan 2015 @ 8:51am

                Re: Re: Re: Re: Re: Re: Sanctions

                ". . . For the U.S., the Sony attack was different because it wasn’t simply an attempt to disrupt traffic, spy or steal information, but to destroy data on a foreign network, said an administration official involved in the deliberations about how to respond. "


                Interesting. So, deleting data, which -- assuming that there is even a minimally competent backup program in place -- is an act that isn't all that damaging, is over "the line" but the more damaging activities of spying and copying that information is not? Bizarre.

                reply to this | link to this | view in chronology ]

  • icon
    Ed (profile), 3 Jan 2015 @ 7:28am

    Isn't it a sad notion that, at this point, I believe statements from North Korea more than I believe the FBI of the United States? The FBI, a part of the DoJ, is trying to sell something to Congress and the American people. It's a con job that is rather despicable and craven.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Jan 2015 @ 8:38am

      Re:

      ... at this point, I believe statements from North Korea more than I believe the FBI of the United States...

      Seth Rogen movie an ‘act of war,’ North Korea says”, by Choe Sang-Hun, Boston Globe, June 25, 2014
      SEOUL, South Korea — North Korea on Wednesday [June 25, 2014] warned against the release of a Hollywood comedy film about a plot to assassinate its leader, Kim Jong Un, calling the movie an “act of war.”

      “If the United States administration tacitly approves or supports the release of this film, we will take a decisive and merciless countermeasure,” a spokesman for its Foreign Ministry said in a statement carried by the state-run Korean Central News Agency. . . .

      reply to this | link to this | view in chronology ]

  • icon
    John85851 (profile), 5 Jan 2015 @ 10:20am

    Didn't we learn from Iraq

    It seems like our government is ready to blame North Korea for the hacks the same way they blamed Iraq for 9/11.

    And like people are saying, why does the US government have to "do something" when Sony is a Japanese *company*? It's not like the hackers hacked into a government agency.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Jan 2015 @ 11:14pm

      Re: Didn't we learn from Iraq

      And like people are saying, why does the US government have to "do something" when Sony is a Japanese *company*?
      So let me get this straight. You feel that the U.S. government should not be concerned when a federal crime occurs in California.

      And the reason why the U.S. government should not concern itself with this particular federal crime is because the victim is the American daughter company of a Japanese parent corporation? Is that right? The American daughter of a Japanese parent is not protected against federal crimes occurring in California.

      reply to this | link to this | view in chronology ]

      • icon
        nasch (profile), 6 Jan 2015 @ 6:14am

        Re: Re: Didn't we learn from Iraq

        Is there any other case of international sanctions being applied due to a federal crime being committed in the US? And if so, how long was the investigation?

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 6 Jan 2015 @ 8:03am

          Re: Re: Re: Didn't we learn from Iraq

          Is there any other case of international sanctions being applied due to a federal crime being committed in the US?
          Yes.

          reply to this | link to this | view in chronology ]

          • icon
            nasch (profile), 6 Jan 2015 @ 9:27am

            Re: Re: Re: Re: Didn't we learn from Iraq

            9/11 huh? So are you referring to sanctions delivered via Tomahawk missile? In any case, if that's the category that this Sony hack is being put in, that's just one more piece of evidence that the government is overreacting.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 6 Jan 2015 @ 9:47am

              Re: Re: Re: Re: Re: Didn't we learn from Iraq

              So are you referring to sanctions delivered via Tomahawk missile?
              W80

              reply to this | link to this | view in chronology ]

              • icon
                nasch (profile), 6 Jan 2015 @ 10:04am

                Re: Re: Re: Re: Re: Re: Didn't we learn from Iraq

                I'm not sure what your point is in linking to a weapon that has never been used.

                reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 6 Jan 2015 @ 10:09am

                  Re: Re: Re: Re: Re: Re: Re: Didn't we learn from Iraq

                  I'm not sure what your point is in linking to a weapon that has never been used.
                  The exact situation that we find ourselves in happens to be somewhat unprecedented.

                  reply to this | link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 6 Jan 2015 @ 11:23am

                  Re: Re: Re: Re: Re: Re: Re: Didn't we learn from Iraq

                  Seoul Less Sure Than U.S. General of Pyongyang’s Nuclear Weapons Progress”, by Jeyup S. Kwaak, Wall Street Journal (blog), Jan 6, 2015
                  How advanced is North Korea’s nuclear weapons program? Seoul appears less sure about its progress than the head of the U.S. military in Korea.

                  South Korea’s defense ministry said Tuesday that Pyongyang’s ability to produce a nuclear warhead was “at a significant level” and that North Korea had “the capability to threaten the contiguous U.S. with a long-range ballistic missile.”

                  But a ministry spokesman later said . . .

                  reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Jan 2015 @ 10:14am

    Confidence

    FBI Director Confident North Korea Was Behind Cyberattack”, ABC News (AP), Jan 7, 2015
     . . . [FBI Director James]Comey said Wednesday that threats made against Sony were traced to IP addresses used exclusively by the North Koreans. . . .


    Earlier Wednesday, Director of National Intelligence James Clapper said . . .

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.