Slashdot Mirror
Sony Employees Receive Email Threat From Hackers: 'Your Family Will Be In Danger
MojoKid writes: Things are going from bad to worse when it comes to the recent Sony Pictures Entertainment breach. Not only has sensitive financial information been released — including the salaries of high-ranking Sony executives — but more damaging personal information including 47,000 Social Security numbers of employees and actors have been leaked to the internet. We're now learning some even more disturbing details, unfortunately. Guardians of Peace (GOP), the hackers claiming responsibility for infiltrating Sony's computer network, are now threatening to harm the families of Sony employees. GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger."
Guardians of Peace (GOP) [...] are now threatening to harm the families of Sony employees.
You keep using that word. I don't think it means what you think it means.
What is their motivation against Sony Pictures? Those "hackers" seem like monsters who just want to see Sony burn. What a bunch of soulless dickheads.
I'm really disappointed that this sensationalist crap is considered news. I would completely ignore these, as with most anonymous clowns who are trying to tie together the feeble threads of corporate responsibility to physical violence. It doesn't happen and there is no credible danger. Quit giving these nutjobs a platform.
I realize that Sony has done some extremely dickish things, And they should have learned, as a company, about the importance of security after the PSN debacle. But even so, this is asinine behavior on the part of whoever is making these threats.
So now we get to see how powerful the FBI and Japanese equivalent are at actually tracking down cyber criminals.
Ethics and journalism do not belong in the same sentence without negation, e.g., "There is no ethics in journalism."
Good, inexpensive web hosting
Yes, because corporate-funded (cyber-)terrorism against a soveriegn nation has *no* potential down sides, right? ( :
~Knowledge is knowing that a tomato is a fruit, but Wisdom is knowing not to put it in a fruit salad.
The issue is that the SSN is used for identification. In Belgium we also have a national number. Pretty easy. in Dutch yet this only links to you and does not identify you as such.
Everybody above 12 needs to have an ID. Checking vadility is free and the chip on it is opensource
Oh and if you are a financial company, you can do verification at the national bank where you can check if you are allowed to give people a credit or not and add that you gave people a credit.
With just the number, you can do nothing. You would at least have the (valid) ID card as well.
Don't fight for your country, if your country does not fight for you.
Yes, because corporate-funded (cyber-)terrorism against a soveriegn nation has *no* potential down sides, right? ( :
It absolutely has downsides; the problem is a game-theory one, not a turn-the-other-cheek one. Mutual phased reduction in hostilities is the goal. The net benefit of escalation for the aggressor at any time must be outweighed by the net cost, so a threat is necessary.
Is it actually being attacked by north korea? If i were to do this, i'd compromise somebody else's computer and attack from there. Jumping to conclusions is much more fun though.
True; all signs point to North Korea but it could be a false flag operation, or just someone they trained, for example. However, motive, opportunity, and skill fingerprint are pointing to them. While we are engineers trained to think in counterexamples and recognize the possibility that it was someone else, it seems highly unlikely.
That being said, I do think the "wait and see" from the UN Mission Rep from North Korea, despite seeming to implicate them, was more of an "I have no clue whether we did it or not."
I would be seriously tempted to both lobby for and bankroll offensive cyber-operations against North Korea. (Lobby for ones on the public dime from every country where SONY has a sizeable presence; bankroll one from some country where it's legal.)
Whether through cyberoperations or plain old believable threats, SONY has to come up with a way to show North Korea (or perhaps independent actors in North Korea) that there's a penalty for this kind of behavior. So does the developed world generally--attacks like this cost a fortune in productivity and potentially lost jobs, and reputation. SONY is in a better position to recover than many businesses (notably in the financial or legal sectors, where the loss of trust could be fatal), but even so.
There are no independent actors in North Korea with access to the internet. Either you have internet in North Korea as part of your official duties, or you are so high (and it would have to be very high) in the government that you can get it anyhow. Although I haven't seen a lot of evidence to prove it was North Korea behind of all of this anyway.
If you had a grudge against Sony (and lots of computer-savvy people do), the imminent release of an anti-North Korea movie is a very convenient scapegoat.
Another clue is the grammatical style used. I have to think that any official DPRK hacking group would have close ties to the government, and any press releases or emails would be written by someone with the official news/media services there. The writing style of official North Korean agents tends to ramble and include a lot of words that aren't necessary. Official North Korean writing usually includes colorful analogies which make sense in Korean but seem "funny" in English. Words are generally the "right" words and spelled correctly. This has none of those characteristics.
My personal opinion is that this was done by some other international group, or perhaps North Korean sympathizers not connected to the government working out of China or Russia. It just doesn't seem to be integrated well into other North Korean agencies, which it likely would be if they were actually working out of that country.
Yeah... and actually threatening people's lives is really such an effective way to accomplish that.
Or are you suggesting that computer piracy has much more in common with conventional piracy than most might think?
File under 'M' for 'Manic ranting'
Yes, because corporate-funded (cyber-)terrorism against a soveriegn nation has *no* potential down sides, right? ( :
Being a "sovereign nation" doesn't make you more powerful. Only power makes you powerful: manpower, materials, and moral strength. North Korea (if they're the aggressors here) has no meaningful way to project military power, and in a purely "cyber" war, a corporation with a larger budget than N Korea has an advantage. OTOH, Sony hasn't had it's shit together since the founder left, and likely can't act effectively in its own defense.
N Korea could be completely shut down here by simply isolating them from the internet, which really isn't that hard unless China decides to defend them.
Socialism: a lie told by totalitarians and believed by fools.
I'm wondering this as well... there's reference to requests or demands, but absolutely no indication of what they are.
I cannot for the life of me imagine what on earth an apparent terrorist organization would want from an entertainment company.
File under 'M' for 'Manic ranting'
Was there a demand? The abstract doesn't say.
Seriously, you don't know what this is about?
Sony made a movie called "The interview" who's plot is that Seth Rogan gets the chance to interview Kim Jung un (Dictator of North Korea) and the CIA enlists them to kill him.
North Korea took offence to that and demanded that Sony stop making the movie.
Sony refused.
The hacker group is suspect of being part of the North Korean military.
I'm wondering this as well... there's reference to requests or demands, but absolutely no indication of what they are.
I cannot for the life of me imagine what on earth an apparent terrorist organization would want from an entertainment company.
Apparently there is an unreleased M. Night Shyamalan movie in Sony's archive and the terrorists plan to publish it.
Any insufficiently advanced magic is indistinguishable from technology.
You already are bankrolling cyber ops against NK. It's called taxes.
Hackers using Google translate?
It's Sony's fault, they chose to store things the way they did in this day and age, fuck em.
"If any question why we died, Tell them because our fathers lied."
GoP are good. They have to be. The level of pwnage achieved is simply far beyond anything script kiddies could pull of. Not just the scale of the breach in total data, but in variety. Email, employee records, media from production - data from several divisions, and they even leaked it out through computers that host Playstation infrastructure, a completly different part of the organisation. Whoever GoP are, they have a very high level of skill.
This group then sends some idiotic threats, badly written at that, to low-level employees? I believe I detect the faint smell of fish. It just seems out of character.
I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation. This would achieve two things they must be much desiring of right now. First, it casts GoP in a bad light - makes sure they are seen by the rest of the world as violent thugs and criminals, rather than being venerated as grassroots hackers who defeated a loathed mega-corporation. Secondly, a threat of physical harm brings a lot more attention from law enforcement - the FBI will devote more resources to aiding in the investigation, as will the corresponding law enforcement agencies in other countries.
Oh bullshit. So long as you don't preface the word with "yellow" there is plenty of ethics in journalism. The issue is that there's very little in the news business - or more accurately, "the business of news." In the vast majority of cases, reporters receive their assignments from editors who receive "guidance" from their editors who, in turn, receive their marching orders from company/corporate owners (who in turn receive them from stockholders). Now I think it can be argued that there's a difference between "journalists" and "reporters" but that argument goes both ways: In effect all journalists should be "reporters" in that they report whatever has/is occurred/occurring. On the flip side both journalists and reporters want one thing: The big story, either for lofty ideals or to get promoted to a higher-ranking position.
Bark less. Wag more.
The truth about Islam is too painful to be public knowledge.
Yeah, I'm tired of this mythological make believe BS. Imagine if Christianity had crazy stuff life zombie coming back from the dead, or blood drinking cults or any of that nuttiness...
Yeah, exactly. Imagine if Christianity called itself the Religion of Tolerance. Or imagine if SJW's called themselves "The Group That Doesn't Use Logical Fallacies".
Just make sure to leave Sinanju alone. Don't want to piss off Chiun.
Another clue is the grammatical style used. I have to think that any official DPRK hacking group would have close ties to the government, and any press releases or emails would be written by someone with the official news/media services there.
Not necessarily. This isn't an official communique from the N. Korean government. Remember, they denied involvement. My gut feeling is that it was written by the head of cyber warfare unit.
I do think they're capable of it. Their cyber warfare unit has plenty of experience hacking S. Korean targets. They are not noob at all. They employ thousands and the competition to join is fierce. Cyber warfare unit members get top-notch treatment such as getting enough food to eat and your own apartment, which are rare luxuries there. Even though we tend to think of N.Korea as a dirt-poor stone age nation, they have their own nukes and missiles. They managed to put a satellite in orbit. They send their best and brightest to Russia and China for training.
About the threats to Sony: seems to me like it was written by a Korean with a poor book learning of English. Also seems like a dictionary translation. I've seen English written by such people, and this has the same flavor.
"It's your false if you think this crisis will be over after some time." - this definitely sounds like something a Korean would write while looking up words in a Korean-English dictionary. He's probably thinking of "shil-soo" which means a mistake, but if you look it up in a 1960's paperbound dictionary, "false" is one of the entries! "Some time" is also commonly used by dictionary Koreans because there's a specific noun in Korean that means "Short interval of time", but English has no such noun. A fluent English speaker would use an adjective or an adverb to express himself, but a dictionary Korean would look for an equivalent noun and use whatever he found in the dictionary.
Thus "It's your mistake if you think this crisis will be over shortly" becomes "It's your false if you think this crisis will be over after some time."
It would be kind of pointless because there is nothing to "cyber-attack" in North Korea.
Well there's one camp very actively pushing the speculation that North Koreans did this because they're butthurt about "The Interview." At the same time, several articles report there's evidence that the breach may have been ongoing for more than a year. These two things don't line up; "The Interview" hadn't been promoted or even publicly announced a year ago, so there would have been nothing for the North Koreans to be upset about.
I'm still waiting for the official announcement from Sony and Mandiant (wasn't that supposed to have happened already?) but in any event I'm not sold on the whole Nork idea.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
You'd have to shut down significant parts of south-eastern China and South Korea to be able to effectively cut off internet to North Korea.
China could give or deny N Korea access through China - but if China isn't backing them, then it's easy enough to cut off the rest.
From the non-China direction, you do realize the most heavily militarized border in the world, 4km across, separates N and S Korea right? This is one DMZ that's not a metaphor! A cantenna can only do so much, and N Korea just doesn't have much going for it, connection wise, that doesn't depend on China. The might have some loyal followers out-country, but it seems unlikely they'd have more than a handful.
Socialism: a lie told by totalitarians and believed by fools.
Where's the evidence, then? Besides someone's say-so.
The analysis of the malware suggested that it was compiled on a computer configured to use Korean language and the code itself contacted command & control servers and recycled previous methodology used in attacks attributed to North Korea. Could it be a false flag? Sure, but you'd think there would be better targets you could go after than hacking Sony and distributing unreleased movies and employees 401k contribution records. Sounds more like someone pissed off at Sony, maybe like someone who previously threatened “stern” and “merciless” retaliation...
I would be thrilled if any Seth Rogan movie even *HAD* a plot....
Have you READ the official North Korean press releases? They threaten to drown their enemies in a sea of fire. A SEA OF FIRE, my friend.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Plot twist... what if it was Microsoft or another one of their tech competitors?
What effect would that really have? http://www.northkoreatech.org/...
It would screw up the rulers, and possibly the military. However, seeing as most of the aircraft they "fly" are still using vacuum tubes, they're fairly well EMP hardened. It's probably safe to say that a lot of their military equipment is EMP hardened by virtue of using obsolete* technologies.
* I'm sure somebody will say that vacuum tubes aren't obsolete.
That's bullshit.
Most analysts indicate that the hack had been ongoing for over a year. I.e., before that fetid corpse of a movie had even been announced.
Blaming it on the Norks is just more of the same old "hate the axis of evil" shite we've been getting a steady diet of for about a decade and a half now.
Which part is bullshit? I'd be interested to read your reverse engineering analysis of the malware that contradicts that written by other security professionals.
Until recently Christians didn't identify themselves as such. They identified themselves as Catholic, Protestant, Baptist, Lutheran, Calvinist, Episcopal, Armenian, etc.
It's probably safe to throw the tolerant label on a few of them.
Disclaimer: I don't identify to a religious belief and am probably best described as atheist.
Should just cut North Korea off the internet anyway, not like ordinary people there can access it so it would only harm the ruling elite. Preventing Fat Kim from watching lolcatz videos on YouTube would probably be a far more effective sanction than anything else anyway.
Could we put it past Sony to fake such a letter so as to, say, prompt some additional action on the part of law enforcement or even to try and preempt war on someone or something?
(Not saying this is the case, merely speculating at the possibility of the injured party disseminating, for lack of a better word - "propaganda" - to try and garner sympathy from regular people because OH NO H4CK3R5 R BAAAAAAAAAD).
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)
Oh, I don't know... the whole Take down the movie that threatens our beloved leader or we release all your data! threat kind of gave it away for me...
http://variety.com/2014/film/n...