US Links North Korea To Sony Hacking

← Back to Stories (view on slashdot.org)

US Links North Korea To Sony Hacking

Posted by samzenpus on Thursday December 18, 2014 @01:05AM from the who's-to-blame dept.

schwit1 writes Speaking off the record, senior intelligence officials have told the New York Times, CNN, and other news agencies that North Korea was "centrally involved" in the hack of Sony Pictures Entertainment. It is not known how the US government has determined that North Korea is the culprit, though it is known that the NSA has in the past penetrated North Korean computer systems. Previous analysis of the malware that brought down Sony Pictures' network showed that there were marked similarities to the tools used in last year's cyber-attack on South Korean media companies and the 2012 "Shamoon" attack on Saudi Aramco. While there was speculation that the "DarkSeoul" attack in South Korea was somehow connected to the North Korean regime, a firm link was never published.

16 of 182 comments (clear)

Min score:

Reason:

Sort:

I don't see the big deal here. by Anonymous Coward · 2014-12-18 01:10 · Score: 4, Interesting

Yes, it sucks for Sony. But it is Sony's responsibility to protect its data, not the US Government. Hell, Sony isn't really even an American company. Personally, I think it's pretty creative of DPRK to do this and funny. And I hope Sony, and all other Big Companies (tm), learn a lesson. It's not as expensive to spend the money to properly maintain your security than it is to have it massively breached and all your data stolen. Didn't they learn anything from the PSN breach?
1. Re:I don't see the big deal here. by khasim · 2014-12-18 01:42 · Score: 4, Interesting
  
  It's not as expensive to spend the money to properly maintain your security than it is to have it massively breached and all your data stolen.
  Not as expensive if you only count money.
  But in my experience, the problem is the upper executives and their insistence on special exceptions for them and their people who are doing work that is just so important that they cannot be burdened with following the security that applies to non-important people.
  
  And I hope Sony, and all other Big Companies (tm), learn a lesson.
  I think that this reinforces the wrong lesson. Everything is okay as long as you can find someone else to blame. Whether it's an employee or a hacker group or a country. The focus will be more on THEM rather than Sony executives who broke security so that they could feel more important than the nerds in IT.
2. Re:I don't see the big deal here. by DarkOx · 2014-12-18 01:44 · Score: 4, Insightful
  
  Right, I think that's the important difference here if there is one. In general I agree with the GP post cyber security should be the responsibility of the network/computer operator not the government. Costs should be born by the victims and their insurers; or by the perps when they can be identified and brought to justice as a general principle.
  In this case though we have a threat of violence and terror on top of the simpler criminal matter. These guys are not threatening to just empty a few bank accounts and embarrass some more celebrities. They have moved from the realm of nuisance crimes to violent crimes and the state definitely has an interest preserving public safety.
  As to how credible the threat is and should we be reacting to every threat to do violence out there, well I would say they have displayed at least enough capability to hack a major corporation that no doubt has a security team. They also have at least some financial resources backed by the DPRK. So this isn't an angsty 14 year old on facebook. Do I think they can project themselves into the physical world they way they claim, probably not, but its probably not worth risking that by just ignoring them entirely either.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
3. Re:I don't see the big deal here. by jellomizer · 2014-12-18 01:49 · Score: 4, Insightful
  
  If North Korea bombed Sony in Japan, It would be US responsibility.
  The bigger issue here is that there is an other country fighting to prevent free speech. By taking down and *Threatening* them. This isn't some small set of wackos but an actual government. So it is a big deal.
  I didn't want to see the movie, but now I do just to make a point.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Of course they do by silviuc · 2014-12-18 01:12 · Score: 5, Insightful

> It is not known how the US government has determined that North Korea is the culprit

Of course it's known. The same way they established that Iraq had chemical weapons. The method is known as "because we say so".
Speaking off the record by mwvdlee · 2014-12-18 01:22 · Score: 5, Insightful

Speaking off the record
Let me fix that for you...

Obviously speaking on the record, but with sufficient disclaimers to not be held legally accountable according to literal interpretation of the law

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
1. Re:Speaking off the record by AmiMoJo · 2014-12-18 01:34 · Score: 4, Insightful
  
  We can't take any US intelligence or claims seriously any more. WMD? Torture? Rendition? Sorry bro, you lied too many times.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
How do we know? by DoofusOfDeath · 2014-12-18 01:22 · Score: 4, Insightful

Why should we believe anything the "senior intelligence officials" tell us? They have a profound record of lying.
1. Re:How do we know? by DoofusOfDeath · 2014-12-18 02:13 · Score: 5, Funny
  
  That leads to my question- are you posting from Pyongyang?
  Yes, yes I am. After spending years scouring the Internet, my small team of l88t Haxors realized that only one account, on one site, had the propaganda value we needed. It was DoofusOfDeath@slashdot.org. We're sure to get a second serving of rice balls for this exploit! Long live the god Kim Jung Un!
Re:with what? by DarkOx · 2014-12-18 01:30 · Score: 4, Interesting

The official line so far is "The DPRK is responsible, but the attack originated from somewhere else".
"Responsible" most likely means hired someone to do it. Knowing the DPRK they probably paid those someones in reasonably good quality counterfeit US currency. Though that is pure speculation on my part bast on past news events.
The fact they won't tell us form where else means "China" again pure speculation on my part but common its not like DPRK has exactly normal relations with anywhere else. They would tell us if it was some other pariah regime some place, so I assume it has to be China as its the only place I can think of that DPRK would have access and would be to politically sensitive to name.
Keep in mind, I can't recall if it was 2k11 or 2k12 but the Obama admin did not exactly dispute the pentagons view that "cyber" attacks could/should be viewed as an act of war. The "terror" threats against theaters have escalated things from a criminal matter, attack on a corporation, to a state matter attack on the public and order; therefore some kind of "response" is required. I am sure 0bama is trying to find a way to "do something" or appear to be without pissing off the Chinese.
Which to now purely editorialize, I think pissing off the Chinese and souring trade relations would/could be the best possible outcome here for our nation but that is a different discussion.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Sad to say by PopeRatzo · 2014-12-18 01:36 · Score: 4, Interesting

I don't know what to believe. On one hand, we have Sony. On the other, North Korea. Finally, the FBI.
Shit, they're probably all lying their asses off.

--
You are welcome on my lawn.
Dubious because facts by Jesrad · 2014-12-18 01:42 · Score: 5, Informative

Marc Rogers disagrees strongly, and poitns at a long list of evidence that make it much more likely that it was a vengeful inside-job badly disguised into a Nork attack for unrelated publicity added-value:
- elements of language that do not fit north-korean lingo
- hardcoded filepaths indicating insider knowledge
- social-network savvyness unlike anything the DPRK ever did
- no mention of The Interview movie until after the possible tie with DPRK was suggested ... and more.

--
Maybe we deserve this world ?
Re:with what? by _merlin · 2014-12-18 02:15 · Score: 4, Insightful

Keep in mind, I can't recall if it was 2k11 or 2k12 but the Obama admin did not exactly dispute the pentagons view that "cyber" attacks could/should be viewed as an act of war. The "terror" threats against theaters have escalated things from a criminal matter, attack on a corporation, to a state matter attack on the public and order; therefore some kind of "response" is required. I am sure 0bama is trying to find a way to "do something" or appear to be without pissing off the Chinese.
So the US has committed acts of war against Germany by tapping their head of state's phone, etc. Or is it only an act of war when it's against US interests?
Re:with what? by Zontar_Thing_From_Ve · 2014-12-18 03:21 · Score: 4, Interesting

The official line so far is "The DPRK is responsible, but the attack originated from somewhere else".
"Responsible" most likely means hired someone to do it. Knowing the DPRK they probably paid those someones in reasonably good quality counterfeit US currency. Though that is pure speculation on my part bast on past news events.
The fact they won't tell us form where else means "China" again pure speculation on my part but common its not like DPRK has exactly normal relations with anywhere else. They would tell us if it was some other pariah regime some place, so I assume it has to be China as its the only place I can think of that DPRK would have access and would be to politically sensitive to name.
Russia also fits the bill, although I'm not surprised that you didn't know that. Russia still has reasonably friendly relations with North Korea and shares a small border with it where North Korean "guest workers" (really slave labor) do logging and perhaps some other manual work on the Russian side for little pay and without any choice in the matter. Putin just recently said he was looking to improve relations between the two countries. North Korea spent years playing its patrons the Soviet Union and China off each other. The USSR and China had strained relations for many years and North Korea leaned towards whichever side at the time it could get more money out of. The Soviet Union gave them their first nuclear reactor and the training necessary that put them, if unintentionally, on the path to getting nuclear weapons. Boris Yeltsin had the good sense a long time ago to stop all payments to North Korea, basically saying "Too bad. So sad." They've never been resumed. So he left China holding the bag for being 100% responsible for financially propping up the regime. Kim Jong-Un's father was actually born in Russia, although official reports in North Korea deny this. And his grandfather was a Russian military officer during the 2nd World War and became the eventual dictator of North Korea because Russia's first choice for the job turned it down and grandpa Kim seemed loyal enough to the Soviet Union to be a really good back up choice. So while Russian-North Korean ties don't get much press, Russia gets all of the benefits, whatever they are, of being "friends" with North Korea without any of the costs that China got stuck with.
Re:Are You Joking? by Hydian · 2014-12-18 03:32 · Score: 4, Informative

But that wasn't the claim. The claim was that Iraq had a program and was building new weapons. They claimed that Iraq was dodging the UN weapon inspectors by giving them the US made munitions and keeping their new program in trailer based mobile facilities. No evidence to back up any of those claims was ever found. As far as I know, every chemical weapon that has been found in Iraq has been accounted for under the US sales program.
Re:with what? by Cigarra · 2014-12-18 04:16 · Score: 5, Insightful

What about Stuxnet? Is that an act of war that merits a "response" from Iran?

--
I don't have a sig.