Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Links North Korea To Sony Hacking

Posted by samzenpus on from the who's-to-blame dept.

schwit1 writes Speaking off the record, senior intelligence officials have told the New York Times, CNN, and other news agencies that North Korea was "centrally involved" in the hack of Sony Pictures Entertainment. It is not known how the US government has determined that North Korea is the culprit, though it is known that the NSA has in the past penetrated North Korean computer systems. Previous analysis of the malware that brought down Sony Pictures' network showed that there were marked similarities to the tools used in last year's cyber-attack on South Korean media companies and the 2012 "Shamoon" attack on Saudi Aramco. While there was speculation that the "DarkSeoul" attack in South Korea was somehow connected to the North Korean regime, a firm link was never published.

39 of 182 comments (clear)

  1. with what? by __aaacoe2998 · · Score: 3, Funny

    Their vic 20's?

    1. Re:with what? by DarkOx · · Score: 4, Interesting

      The official line so far is "The DPRK is responsible, but the attack originated from somewhere else".

      "Responsible" most likely means hired someone to do it. Knowing the DPRK they probably paid those someones in reasonably good quality counterfeit US currency. Though that is pure speculation on my part bast on past news events.

      The fact they won't tell us form where else means "China" again pure speculation on my part but common its not like DPRK has exactly normal relations with anywhere else. They would tell us if it was some other pariah regime some place, so I assume it has to be China as its the only place I can think of that DPRK would have access and would be to politically sensitive to name.

      Keep in mind, I can't recall if it was 2k11 or 2k12 but the Obama admin did not exactly dispute the pentagons view that "cyber" attacks could/should be viewed as an act of war. The "terror" threats against theaters have escalated things from a criminal matter, attack on a corporation, to a state matter attack on the public and order; therefore some kind of "response" is required. I am sure 0bama is trying to find a way to "do something" or appear to be without pissing off the Chinese.

      Which to now purely editorialize, I think pissing off the Chinese and souring trade relations would/could be the best possible outcome here for our nation but that is a different discussion.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    2. Re:with what? by _merlin · · Score: 4, Insightful

      Keep in mind, I can't recall if it was 2k11 or 2k12 but the Obama admin did not exactly dispute the pentagons view that "cyber" attacks could/should be viewed as an act of war. The "terror" threats against theaters have escalated things from a criminal matter, attack on a corporation, to a state matter attack on the public and order; therefore some kind of "response" is required. I am sure 0bama is trying to find a way to "do something" or appear to be without pissing off the Chinese.

      So the US has committed acts of war against Germany by tapping their head of state's phone, etc. Or is it only an act of war when it's against US interests?

    3. Re:with what? by Anonymous Coward · · Score: 3, Insightful

      Surveillance is surveillance, aggression is aggression. We have living spies in Germany and it isn't seen as grounds for war, and Germany has living spies in D.C. and it isn't seen as grounds for war.
      Modern diplomacy consists of a massive amount of non-destructive espionage, days of bickering between diplomats, and then 5-minute photo-opportunities between elected officials. The first two are not publicized, but are much more important to continued peace than the P.M. and President blathering on stage.

      "Cyber attacks" would be properly categorized as a subset of sabotage, which is seen as a very aggressive act even when no one is injured. Due to politicking, they're probably categorized as WMD usage, but the proper category would be sabotage.

    4. Re:with what? by Zontar_Thing_From_Ve · · Score: 4, Interesting

      The official line so far is "The DPRK is responsible, but the attack originated from somewhere else".

      "Responsible" most likely means hired someone to do it. Knowing the DPRK they probably paid those someones in reasonably good quality counterfeit US currency. Though that is pure speculation on my part bast on past news events.

      The fact they won't tell us form where else means "China" again pure speculation on my part but common its not like DPRK has exactly normal relations with anywhere else. They would tell us if it was some other pariah regime some place, so I assume it has to be China as its the only place I can think of that DPRK would have access and would be to politically sensitive to name.

      Russia also fits the bill, although I'm not surprised that you didn't know that. Russia still has reasonably friendly relations with North Korea and shares a small border with it where North Korean "guest workers" (really slave labor) do logging and perhaps some other manual work on the Russian side for little pay and without any choice in the matter. Putin just recently said he was looking to improve relations between the two countries. North Korea spent years playing its patrons the Soviet Union and China off each other. The USSR and China had strained relations for many years and North Korea leaned towards whichever side at the time it could get more money out of. The Soviet Union gave them their first nuclear reactor and the training necessary that put them, if unintentionally, on the path to getting nuclear weapons. Boris Yeltsin had the good sense a long time ago to stop all payments to North Korea, basically saying "Too bad. So sad." They've never been resumed. So he left China holding the bag for being 100% responsible for financially propping up the regime. Kim Jong-Un's father was actually born in Russia, although official reports in North Korea deny this. And his grandfather was a Russian military officer during the 2nd World War and became the eventual dictator of North Korea because Russia's first choice for the job turned it down and grandpa Kim seemed loyal enough to the Soviet Union to be a really good back up choice. So while Russian-North Korean ties don't get much press, Russia gets all of the benefits, whatever they are, of being "friends" with North Korea without any of the costs that China got stuck with.

    5. Re:with what? by Cigarra · · Score: 5, Insightful

      What about Stuxnet? Is that an act of war that merits a "response" from Iran?

      --
      I don't have a sig.
    6. Re:with what? by Moof123 · · Score: 3

      Yes.

    7. Re:with what? by zioncat · · Score: 2

      So the US has committed acts of war against Germany by tapping their head of state's phone, etc. Or is it only an act of war when it's against US interests?

      That story was a hoax.

      No proof so far that NSA bugged Merkel's phone: prosecutor

      Germany's top public prosecutor said an investigation into suspected tapping of Chancellor Angela Merkel's mobile phone by U.S. spies had so far failed to find any concrete evidence.

      On Wednesday he said however, "the document presented in public as proof of an actual tapping of the mobile phone is not an authentic surveillance order by the NSA. It does not come from the NSA database.

      "There is no proof at the moment which could lead to charges that Chancellor Merkel's phone connection data was collected or her calls tapped."

  2. I don't see the big deal here. by Anonymous Coward · · Score: 4, Interesting

    Yes, it sucks for Sony. But it is Sony's responsibility to protect its data, not the US Government. Hell, Sony isn't really even an American company. Personally, I think it's pretty creative of DPRK to do this and funny. And I hope Sony, and all other Big Companies (tm), learn a lesson. It's not as expensive to spend the money to properly maintain your security than it is to have it massively breached and all your data stolen. Didn't they learn anything from the PSN breach?

    1. Re:I don't see the big deal here. by brunes69 · · Score: 2, Informative

      Sony Pictures Entertainment and Sony Computer Entertainment are two totally separate companies that for all intents and purposes are completely disconnected at all but the most senior executive levels (the C-Suite).

    2. Re:I don't see the big deal here. by khasim · · Score: 4, Interesting

      It's not as expensive to spend the money to properly maintain your security than it is to have it massively breached and all your data stolen.

      Not as expensive if you only count money.

      But in my experience, the problem is the upper executives and their insistence on special exceptions for them and their people who are doing work that is just so important that they cannot be burdened with following the security that applies to non-important people.

      And I hope Sony, and all other Big Companies (tm), learn a lesson.

      I think that this reinforces the wrong lesson. Everything is okay as long as you can find someone else to blame. Whether it's an employee or a hacker group or a country. The focus will be more on THEM rather than Sony executives who broke security so that they could feel more important than the nerds in IT.

    3. Re:I don't see the big deal here. by DarkOx · · Score: 4, Insightful

      Right, I think that's the important difference here if there is one. In general I agree with the GP post cyber security should be the responsibility of the network/computer operator not the government. Costs should be born by the victims and their insurers; or by the perps when they can be identified and brought to justice as a general principle.

      In this case though we have a threat of violence and terror on top of the simpler criminal matter. These guys are not threatening to just empty a few bank accounts and embarrass some more celebrities. They have moved from the realm of nuisance crimes to violent crimes and the state definitely has an interest preserving public safety.

      As to how credible the threat is and should we be reacting to every threat to do violence out there, well I would say they have displayed at least enough capability to hack a major corporation that no doubt has a security team. They also have at least some financial resources backed by the DPRK. So this isn't an angsty 14 year old on facebook. Do I think they can project themselves into the physical world they way they claim, probably not, but its probably not worth risking that by just ignoring them entirely either.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    4. Re:I don't see the big deal here. by jellomizer · · Score: 4, Insightful

      If North Korea bombed Sony in Japan, It would be US responsibility.
      The bigger issue here is that there is an other country fighting to prevent free speech. By taking down and *Threatening* them. This isn't some small set of wackos but an actual government. So it is a big deal.

      I didn't want to see the movie, but now I do just to make a point.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    5. Re:I don't see the big deal here. by ColdWetDog · · Score: 2

      Japan HAS a military. Or at least a navy.

      History. It's an interesting concept.

      --
      Faster! Faster! Faster would be better!
  3. Of course they do by silviuc · · Score: 5, Insightful

    > It is not known how the US government has determined that North Korea is the culprit

    Of course it's known. The same way they established that Iraq had chemical weapons. The method is known as "because we say so".

  4. What to do? by AndyKron · · Score: 2

    So what are we going to do about it? Blast AC/DC over the load speakers at them? Send over some message balloons?

    1. Re:What to do? by will_die · · Score: 2

      I'll go with balloons http://www.google.com/url?sa=t...

  5. Speaking off the record by mwvdlee · · Score: 5, Insightful

    Speaking off the record

    Let me fix that for you...

    Obviously speaking on the record, but with sufficient disclaimers to not be held legally accountable according to literal interpretation of the law

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    1. Re:Speaking off the record by AmiMoJo · · Score: 4, Insightful

      We can't take any US intelligence or claims seriously any more. WMD? Torture? Rendition? Sorry bro, you lied too many times.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Speaking off the record by sexconker · · Score: 2

      This.
      I'd like to see some actual evidence that NK was behind this, and not evidence put forth by Sony or the US government.
      Until then I'll believe any the following are more likely scenarios.

      Some hacker group unaffiliated with any government just wanted to fuck Sony.
      Some Sony employees just wanted to fuck Sony.
      The US government wanted to false flag North Korea. The timing of this (and the Cuba fiasco) is hilariously convenient - Congress just approved the ridiculous budget, there are no more elections for Obama to worry about, and Congress is out of session (AKA taking a well-undeserved vacation after shitting up the country as usual).

      Regardless of how it happened, the US government will use it as the digital 9-11.
      There will be more spying, less freedom, more cyber "crimes" invented to put more citizens in jail, and hey, let's go ahead and invade North Korea. Defense contracts for 2015-2030 need a boost.

  6. How do we know? by DoofusOfDeath · · Score: 4, Insightful

    Why should we believe anything the "senior intelligence officials" tell us? They have a profound record of lying.

    1. Re:How do we know? by DoofusOfDeath · · Score: 5, Funny

      That leads to my question- are you posting from Pyongyang?

      Yes, yes I am. After spending years scouring the Internet, my small team of l88t Haxors realized that only one account, on one site, had the propaganda value we needed. It was DoofusOfDeath@slashdot.org. We're sure to get a second serving of rice balls for this exploit! Long live the god Kim Jung Un!

  7. It's a media company. by Anonymous Coward · · Score: 2, Funny

    First, by media company's accounting standard (GAMSB), this hack cost the USA and Sony many trillions of dollars. Why we are not all running around naked and in the dark is because of the quick thinking of the FBI and other Feds to protect us from this horrendous crime against humanity.

    I am so glad they did because we all know that hacks against media companies are the true threats to the security and freedom of the USA and NOT violent bombings, attacks on our interests in other countries, and attacks on our infrastructure; but attacks on foreign controlled companies that distribute shitty stoner movies.

    Why Seth Rogen himself, expresssing his deep deep remorse over this said, "Duuuuude!"

    I for one am appalled at your lack and inability to see the significance of this attack and the fine fine work that our government is doing to protect the assets and IP of foreign corporations at the expense of our own safety and security.

    You un-American scum!

  8. An alternative is.... by SternisheFan · · Score: 2
    Instead of "The Interview", a theater in Texas has decided to show "Team America" instead....

    http://www.hollywoodreporter.c...

    1. Re:An alternative is.... by PopeRatzo · · Score: 3, Funny

      Instead of "The Interview", a theater in Texas has decided to show "Team America" instead....

      Except in Texas they think Team America World Police is a documentary.

      --
      You are welcome on my lawn.
  9. Sad to say by PopeRatzo · · Score: 4, Interesting

    I don't know what to believe. On one hand, we have Sony. On the other, North Korea. Finally, the FBI.

    Shit, they're probably all lying their asses off.

    --
    You are welcome on my lawn.
  10. Are getting ready to bomb them? by pesho · · Score: 2

    Ah, the unsubstantiated assertions ... The pile of bad links to unrelated hacks by Iran, Russia and China ... Where have I seen that before? Wasn't that a part of preparing the public opinion to some other war? BTW, why isn't the fact that Sony's IT security was simply laughable not front page in NYT? They even have their CIO talking obvious nonsense on in an interview titled Your guide to good enough compliance. And we are not talking any sophisticated stuff here. Just basic things like changing you password and not keeping a file titled "passwords" on your hard rive.

  11. Dubious because facts by Jesrad · · Score: 5, Informative

    Marc Rogers disagrees strongly, and poitns at a long list of evidence that make it much more likely that it was a vengeful inside-job badly disguised into a Nork attack for unrelated publicity added-value:
    - elements of language that do not fit north-korean lingo
    - hardcoded filepaths indicating insider knowledge
    - social-network savvyness unlike anything the DPRK ever did
    - no mention of The Interview movie until after the possible tie with DPRK was suggested ... and more.

    --
    Maybe we deserve this world ?
    1. Re:Dubious because facts by OzPeter · · Score: 3, Insightful

      One thing mentioned in Marc Rogers article that I am also surpassed at is how do you miss that much data flying out of your network?

      A couple of years ago I was a customer site and had to download and install some updates onto an HMI system. Less than 5 minutes after starting this, my client's IT people had connected to the system in question and were poking around trying see why that device had suddenly started consuming network resources. Their attempts to shut it down were annoying to me, but at least they were on the ball when it came to knowing what was normal and what was not normal on their network.

      --
      I am Slashdot. Are you Slashdot as well?
    2. Re:Dubious because facts by Xest · · Score: 3, Interesting

      Honestly, Marc Rogers' analysis is fucking awful. It's entirely speculation - it's no different to your average Slashdot post where someone is just stating their opinion and passing it off as fact. Examples:

      "1. The broken English looks deliberately bad and doesnâ(TM)t exhibit any of the classic comprehension mistakes you actually expect to see in âoeKonglishâ. i.e it reads to me like an English speaker pretending to be bad at writing English."

      Really? Please expand on that. Please give examples. To me it looks like just about every other piece of broken English I've seen online. Simply declare it not such without explaining why is not an argument.

      "2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they donâ(TM)t speak traditional âoeKoreanâ in North Korea, they speak their own dialect and traditional Korean is forbidden."

      Interesting, but hardly stone cold evidence. If it was a North Korean spy that's trained in South Korean because they were behind the past hacks on South Korea then they may find that this is the easiest configuration for them. Is the North Korean dialect even a configuration option? If not then what else could they use? English? I'd guess not given how broken their English is.

      "3. Itâ(TM)s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sonyâ(TM)s internal architecture and access to key passwords. While itâ(TM)s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occamâ(TM)s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as."

      Again, entirely just speculation, poor use of Occam's razor. Occam's razor doesn't suggest it was an insider out to get Sony any more than it suggests the attackers simply spent a bit of time surveilling their target before following through with the hack. This argument again adds nothing.

      "4. Whoever did this is in it for revenge. The info and access they had could have easily been used to cash out, yet, instead, they are making every effort to burn Sony down."

      Isn't this an argument FOR it being North Korea rather than against given that North Korea has vocally made it clear that they're unhappy with Sony over the film? If anything this is an argument in favour of it being North Korea.

      "5. The attackers only latched onto âoeThe Interviewâ after the media did â" the film was never mentioned by GOP right at the start of their campaign."

      Sure and North Korea spent a few days figuring out whether to admit responsibility or not rather than outright denying it. It's now becoming the defining point of their campaign which seemed to be something North Korea was keen on - if it was the internal employee theory then why has Rogers' now changed his mind about maximising damage? Simply making Sony cancel a $42million film is small fry damage - an inside job would focus on continuing to be far more damaging than that. But to follow on this same point:

      "After all, if everyone believes itâ(TM)s a nation state, then the criminal investigation will likely die."

      What? Why? The FBI will just give up if it's thought to be a nation state? No, on the contrary it'll be escalated to the CIA and NSA. This point doesn't even make sense.

      "6. Whoever is doing this is VERY net and social media savvy. That, and the sophistication of the operation, do not match with the profile of DPRK up until now."

      Um, you mean they can use Twitter? So can half the child population of this world. Unless there's a suggestion that North Koreans are inferior people with IQ's less than your average child and who couldn't possibly look at what's worked for other succesful hacker groups like anonymous then this point is monumentally stupid.

      "7. Finally, blaming North Korea is the easy way

    3. Re:Dubious because facts by DarkOx · · Score: 2

      That was my reaction as well a week ago when the new broke. I actually heard on the NBC Nightly news first and the moment Williams said TB of data; the first thought I had was how do you ex-filtrate that much info without it being noticed by the NOC team?

        The only think I can think of is that largish transfers are probably very common for them as they push media assets out to contractors etc. Still you wonder why are they not MTIMing everything in what is essentially an all IP business and why can't their IPS/IDS system tell the difference between a 2TB of raw YUV video and their HR database?

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  12. The implications could be dire by rainer_d · · Score: 2
    http://uk.reuters.com/article/...

    We've seen the US go to war from much less "evidence". Can you say "WMD in Iraq"?

    --
    Windows 2000 - from the guys who brought us edlin
  13. Between the lines by cloud.pt · · Score: 2
    What should be seen from these blaming statements is one of two inevitable conclusions:
    • - either US is trying to set up North Korea's public opinion in order to excuse some new (military or cyber-) incursion to them, or...
    • - they are actually making honest statements, in which case China is surely helping these cyber-attacks. It should be obvious that North Korea doesn't have the IT background necessary for such attacks... Unless Kim Jong-Un took some hardcore CS crash-course back in his Switzerland days.

    In any case, Korea is deepening its role of battleground in the economical and social proxy-war between China and the US. This is nothing more than a turn of that chess game, but this time I'm pretty sure I heard "check" from the "red" side...

  14. Are You Joking? by eldavojohn · · Score: 3, Interesting

    > It is not known how the US government has determined that North Korea is the culprit

    Of course it's known. The same way they established that Iraq had chemical weapons. The method is known as "because we say so".

    Are you joking? I thought it was well established that there were chemical weapons in Iraq we just only found weapons designed by us, built by Europeans in factories in Iraq. And therefore the US didn't trumpet their achievements. In the case of Iraqi chemical weapons, the US established that Iraq had chemical weapons not because they said so but because Western countries had all the receipts.

    --
    My work here is dung.
    1. Re:Are You Joking? by Hydian · · Score: 4, Informative

      But that wasn't the claim. The claim was that Iraq had a program and was building new weapons. They claimed that Iraq was dodging the UN weapon inspectors by giving them the US made munitions and keeping their new program in trailer based mobile facilities. No evidence to back up any of those claims was ever found. As far as I know, every chemical weapon that has been found in Iraq has been accounted for under the US sales program.

  15. Make fun of them as much as possible by photonic · · Score: 2

    Some years ago, an advertisement for a Dutch insurance company made fun of some Stalinist dictator, without mentioning North Korea by name. As far as I know, this did not cause any large-scale hacking warfare against the involved company, but Korean diplomats were not amused. Watch it here while you still can. This regime cannot be ridiculed enough, Sony should just release the whole movie for free.

    --
    karma police: arrest this man, he talks in maths; he buzzes like a fridge, he's like a detuned radio. [radiohead]
  16. Re:Sooner or Later ... by lq_x_pl · · Score: 2

    Unfortunately, that someone will also have to deal with a very angry China.
    China may be frustrated with the DPRK, but by-and-large, China is able to control the stability of most of the entire pacific rim region by proxy through North Korea.
    Someone else already mentioned the inevitable razing of Seoul that will occur when the Korean war goes hot again. The situation is a mess, and the only resolution that won't result in the ROK getting toasted is a slow decaying collapse in the North. :-(

    --
    An internal system operation returned the error "The operation completed successfully.".
  17. Or by carrier+lost · · Score: 2

    To quote Mike Masnick of Techdirt:

    I can't help but feel that there's a kid in a basement somewhere yelling, "OMFG, I killed a movie!"

    --
    XKCD:Xeric Knowledge Comically Dispen
  18. bah by sociocapitalist · · Score: 2

    Where is Team America when you really need them?

    --
    blindly antisocialist = antisocial