Norse Security IDs 6, Including Ex-Employee, As Sony Hack Perpetrators

← Back to Stories (view on slashdot.org)

Norse Security IDs 6, Including Ex-Employee, As Sony Hack Perpetrators

Posted by timothy on Monday December 29, 2014 @01:09AM from the enough-blame-to-go-around dept.

chicksdaddy writes Alternative theories of who is responsible for the hack of Sony Pictures Entertainment have come fast and furious in recent weeks -- especially since the FBI pointed a finger at the government of North Korea last week. But Norse Security is taking the debate up a notch: saying that they have conclusive evidence pointing to group of disgruntled former employees as the source of the attack and data theft. The Security Ledger quotes Norse Vice President Kurt Stammberger saying that Norse has identified a group of six individuals — in the U.S., Canada, Singapore and Thailand — that it believes carried out the attack, including at least one 10-year employee of SPE who worked in a technical capacity before being laid off in May. Rather than starting from the premise that the Sony hack was a state sponsored attack, Norse researchers worked their investigation like any other criminal matter: starting by looking for individuals with the "means and motive" to do the attack.

HR files leaked in the hack provided the motive part: a massive restructuring in Spring, 2014, in which many longtime SPE employees were laid off. After researching the online footprint of a list of all the individuals who were fired and had the means to be able to access sensitive data on Sony's network, Norse said it identified a handful who expressed anger in social media posts following their firing. They included one former employee — a 10-year SPE veteran who he described as having a "very technical background." Researchers from the company followed that individual online, noting participation in IRC (Internet Relay Chat) forums where they observed communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia. According to Stammberger, the Norse investigation was eventually able to connect an individual directly involved in conversations with the Sony employee with a server on which the earliest known version of the malware used in the attack was compiled, in July, 2014.

158 comments

Min score:

Reason:

Sort:

Like an episode of 24... by Anonymous Coward · 2014-12-29 01:18 · Score: 4, Insightful

Cyber-hack against US subsidiary.
'Obvious' perpetrator targeted by hardliners in government who leverage the blood-lust of the populace, and who pressure the president into immediate action.
Actual perpetrators turn out to be a small group of disgruntled employees.
1. Re:Like an episode of 24... by Anonymous Coward · 2014-12-29 01:32 · Score: 0, Troll
  
  Sounds like 9/11
2. Re:Like an episode of 24... by ihtoit · 2014-12-29 01:34 · Score: 3, Insightful
  
  this was my first thought as well, nothing so well executed could be done without inside information.
  Now for those who didn't realise before, this is why safecrackers find out what their target safe is and buy a duplicate to practice on first.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
3. Re:Like an episode of 24... by mwvdlee · 2014-12-29 02:28 · Score: 1
  
  Really?
  So the fastest way to find whoever cracked a certain safe is to look in the purchase records for any middle-class individuals buying expensive safes?
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
4. Re:Like an episode of 24... by Anonymous Coward · 2014-12-29 02:40 · Score: 0
  
  Really?
  So the fastest way to find whoever cracked a certain safe is to look in the purchase records for any middle-class individuals buying expensive safes?
  Sure. Provided they bought it legitimately. After all, a criminal is only going commit the one crime when planning it out.
5. Re:Like an episode of 24... by PopeRatzo · 2014-12-29 03:35 · Score: 2
  
  You don't need the whole safe, just the lock.
  
  --
  You are welcome on my lawn.
6. Re:Like an episode of 24... by Anonymous Coward · 2014-12-29 04:04 · Score: 0
  
  Used ones that can reasonably be manipulated go for between 30 and 100 USD by the way. Others are available for dramatically more but destructive entry is faster on those models.
7. Re:Like an episode of 24... by wonkey_monkey · 2014-12-29 04:06 · Score: 1
  
  Like an episode of 24...
  Following the story on Slashdot is like watching all of the "Previouslies..." but none of the episodes.
  You pretty much get the gist and save a shitload of time.
  
  --
  systemd is Roko's Basilisk.
8. Re:Like an episode of 24... by Anonymous Coward · 2014-12-29 04:33 · Score: 1
  
  Like an episode of 24...
  Following the story on Slashdot is like watching "Groundhog Day"
  FTFY
9. Re:Like an episode of 24... by Anonymous Coward · 2014-12-29 04:36 · Score: 2, Insightful
  
  Group 2 Combination Locks are what are being discussed here. La Gard, S&G, Diebold, and Mosler are some of the common brands. S&G 6730 is the generic one I'm used to. Nice locks...
  "Autodialer" or "Soft Drill" if I was a bad guy. Drill and scope, or "through the spindle" tools would be my preferred tactics(if I knew the safe didn't have additional relockers). "Drilling the fence" or "drilling the bolt" are both pretty crude. You can also drill the back/bottom/sides/top of the container and then scope the "change key hole" just as effectively(unless there is a cover in the way).
  Let's be real: if I was a bad guy: I would have a motion activated hidden camera take video of the dialing process or bouncing an infrared laser.
  Hall effect, gyroscope,(or RF retroflector) based rotary encoder etc. hidden in a modified dial? None of that gamma-radiography bollocks. Could probably fit a small hearing aid battery, AVR and a MEMs gyroscope in a "Masterlock" dial. Big ass safe dial would be a piece of cake. Trick is getting alone with the thing long enough to do all this without it being tamper-evident.
  This is why I'm not a bad guy: James Bond gadget fetish, embedded programming skills, and locksmithing background pays a lot better in the private sector than jail. Gonna put down the "Lockmasters" catalog and write some "C" code now.
10. Re:Like an episode of 24... by Jeremiah+Cornelius · 2014-12-29 05:11 · Score: 1
  
  Neal Caffery? Is it you?
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
11. Re:Like an episode of 24... by Anonymous Coward · 2014-12-29 10:25 · Score: 0
  
  What are you thoughts on electronic-dials like the X-0n line of Kaba locks or really any electromechanical like the S&G 2740/2890?
12. Re:Like an episode of 24... by PopeRatzo · 2014-12-29 12:43 · Score: 1
  
  This is why I just keep all my valuables in my pocket.
  
  --
  You are welcome on my lawn.
13. Re:Like an episode of 24... by gzuckier · 2014-12-30 17:20 · Score: 2
  
  That can mean only one thing.... we need to invade Iraq.
  
  --
  Star Trek transporters are just 3d printers.
IRC by azander · 2014-12-29 01:19 · Score: 0, Troll

IRC is not a FORUM. That is something different. It is a real-time chat, not a place to post messages.
Who is editing this crap? Some intern that hasn't used a computer?
Wow...fist post too!
1. Re:IRC by JMJimmy · 2014-12-29 01:25 · Score: 2, Informative
  
  forum
  fôrm/
  noun
  noun: forum; plural noun: forums; plural noun: fora
  1.
  a place, meeting, or medium where ideas and views on a particular issue can be exchanged.
Circumstantial at best ... by Anonymous Coward · 2014-12-29 01:23 · Score: 5, Insightful

Nothing anywhere near conclusive from the information provided.
1. Re:Circumstantial at best ... by ihtoit · 2014-12-29 01:37 · Score: 1
  
  but clearly excludes direct State involvement.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
2. Re:Circumstantial at best ... by d1on1x · 2014-12-29 02:12 · Score: 4, Insightful
  
  Nothing anywhere near conclusive from the information provided.
  While that is true, the same is true for the information released that suggested North-Korea is/was/would-be behind the hack.
3. Re:Circumstantial at best ... by zlives · 2014-12-29 05:30 · Score: 0
  
  NC clearly has cyber WMD's. quit drinking the communist/socialist coolaid and join the glorious warmachina.
4. Re: Circumstantial at best ... by Anonymous Coward · 2014-12-29 05:55 · Score: 2, Funny
  
  North Carolina should not act in such regard!
5. Re:Circumstantial at best ... by mysidia · 2014-12-29 07:32 · Score: 1
  
  Never publish your real evidence that could compromise the investigation, just the circumstantial bits to get the public interested.
  If it was just circumstantial bits, then they can't come to a conclusion, of course. The presumption is they have more info
6. Re:Circumstantial at best ... by NoKaOi · 2014-12-29 09:16 · Score: 1
  
  Nothing anywhere near conclusive from the information provided.
  More conclusive than, "A Korean IP address was involved, so it must have been the North Korean government!"
7. Re:Circumstantial at best ... by HiThere · 2014-12-29 09:33 · Score: 1
  
  You can presume they have more. Perhaps Norse has a good enough reputation to merit that presumption. The other party's reputation, however, is quite a bit poorer, and I do not make that presumption about them.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
8. Re:Circumstantial at best ... by bloodhawk · 2014-12-29 10:53 · Score: 1
  
  circumstantial yes, but far more substantial than the flimsy evidence the US Government used to declare it was NK.
9. Re: Circumstantial at best ... by Anonymous Coward · 2014-12-30 05:25 · Score: 0
  
  It's in our nature, sorry. Intrusive big government, the people of the state disagree.
10. Re: Circumstantial at best ... by gzuckier · 2014-12-30 17:22 · Score: 1
  
  North Carolina should not act in such regard!
  Neal Caffery?
  
  --
  Star Trek transporters are just 3d printers.
lemme guess by l0n3s0m3phr34k · 2014-12-29 01:23 · Score: 1

any of them SAP developers? Seems their SpiritWORLD media systems was at the heart of the penetration. Also, TFA talks about them being able to "sneak terabytes of data off of the network without arousing notice." If your malware could take all the info it collects and sticks it together into some fake "media files" then the data being transferred might never have been noticed.
1. Re:lemme guess by ancientt · 2014-12-29 02:23 · Score: 4, Interesting
  
  You're making this too hard. You can upload terabytes of data using good old SSL or encrypt files with zip tools like 7-zip and there is nothing in the stream of data that will be recognized... that's what encryption is for.
  The person wanting to get data out doesn't have to work hard at all to ensure it can't be recognized as it is being transmitted. The difficulty is in making sure that the users of the system don't notice the decrease in disk IO and loss of bandwidth. If they've got a good perimeter defense or the right heuristics for the server, they may notice "hey, that's more activity than usual" and respond, but that's about the only way to catch somebody in the act of transporting data out of a system.
  Unless they're stupid. Which, with Sony's security, they could have been.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
2. Re:lemme guess by ColdWetDog · 2014-12-29 03:11 · Score: 2
  
  Or unless sending terabytes of data out is routine. Sony Pictures makes movies. Movies are digital. Digital video loves disk space.
  So sending dozens of gigabytes a day to any random address may well be business as usual.
  
  --
  Faster! Faster! Faster would be better!
3. Re:lemme guess by Anonymous Coward · 2014-12-29 06:22 · Score: 0
  
  Note that many corporations proxy all SSL traffic precisely for this reason. This of course breaks any security provided by SSL. See Blue Coat's SSL Visibility Appliance for an example.
4. Re:lemme guess by cusco · 2014-12-29 09:37 · Score: 2
  
  I'd be surprised if they don't ship out big pile of bits for rendering on the AWS/Google/MS clouds, since it's so much cheaper than buying dedicated CPUs that will then sit unused until the next batch of rendering needs to be done. Much of the original Star Wars movies were actually rendered after hours on servers at Informix and ARC GIS networks, so it's nothing new.
  
  --
  "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
5. Re:lemme guess by l0n3s0m3phr34k · 2014-12-30 00:27 · Score: 1
  
  thanks, that's pretty much what I was saying. Huge data transfers are just part of their business.
6. Re:lemme guess by Anonymous Coward · 2014-12-30 00:32 · Score: 0
  
  Using good old SSL isn't worth the risk as most corporations have a SSL hijack and resign proxy within the enterprise, complete with client side certificates installed on all hardware.
7. Re:lemme guess by ancientt · 2014-12-30 13:26 · Score: 1
  
  You think Sony did?
  I doubt the value "most" in your statement.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
8. Re:lemme guess by ancientt · 2014-12-30 13:29 · Score: 1
  
  Some certainly do and that bothers me. It shouldn't be that hard to set the MITM proxy to reject invalid certificates and provide the reason for the rejection to the users, but I haven't seen it done right.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
9. Re:lemme guess by bhiestand · 2014-12-30 21:40 · Score: 1
  
  There are some cloud rendering solutions out there, but most studios have their own render farms in-house... and a lot of the companies you think are studios are mainly just production companies that outsource most of the heavy lifting to specialized shops (who work on multiple projects simultaneously and have no problem keeping a render farm busy).
  
  --
  SWM seeks new sig for a brief fling
10. Re:lemme guess by Optali · 2014-12-30 22:52 · Score: 2
  
  6-7 years ago I worked for the then biggest payment service provider, BIBIT, we were part of the Royal Bank of Scotland and had a massive datacentre in Scotland, I am now unable to tell how big, only that it was huge.
  Well every time Sony had a launch of some product (PS3, films, etc) they had to tell us in advance because they laid our whole datacentre flat. I recall once having to stay up in the middle of the night because we thought a massive DoS attack was going on as no other merchants were able to connect to our systems... and it was just that the idiots had forgotten to tell us in advance that they were going to send in payments for a new campaign.
  This gives you and idea of how big they were already back then (and payment data is not very "heavy", just XML) and how chaotic they operate.
  Sending out huge amounts of data would be of no concern at all for them, nobody would have noticed anything.
  
  --
  -- 29A the number of the Beast
11. Re:lemme guess by Optali · 2014-12-30 22:53 · Score: 1
  
  I mean obviously that "other merchants were _UNABLE_ to connect..."
  
  --
  -- 29A the number of the Beast
dem haxxorz by Anonymous Coward · 2014-12-29 01:25 · Score: 0

who be haxxin nao?
from TFA by jbmartin6 · 2014-12-29 01:28 · Score: 3, Insightful

Stammberger was careful to note that his company’s findings are hardly conclusive
Draw your own conclusion. At least he didn't throw in the old 'we have other information we won't reveal' claim the government always uses to mask its own speculation.

--
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Oh how great is this! by bickerdyke · 2014-12-29 01:33 · Score: 3, Interesting

Now being skilled and being laid of automatically makes you a crime suspect for having "means and motive".
For uns in IT business, we wouldn't be hired if we wouldn't have the knowledge that could also be used for blackhat purposes, and being laid of during a restructering is usually nothing an individual can control.
Thank you....

--
bickerdyke
1. Re:Oh how great is this! by ihtoit · 2014-12-29 01:42 · Score: 5, Interesting
  
  motive, means, opportunity:
  MOTIVE: disgruntled ex employees. Check.
  MEANS: prearmed with information on the machinations of SPE, not ordinarily known to the public. Check.
  OPPORTUNITY: High profile release with the potential to piss off a State leader and shift the blame onto him. Check.
  Yes, being a pissed off ex employee with inside information and the chance to make a high profile disruption to those who would risk your mortgage and pension with little to no personal risk is a big fucking bullseye.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
2. Re:Oh how great is this! by Anonymous Coward · 2014-12-29 01:44 · Score: 0
  
  But you don't understand -- the culprit was angry at being laid off! Surely she is capable of any deviltry in such a state.
3. Re:Oh how great is this! by ColdWetDog · 2014-12-29 01:49 · Score: 2
  
  That's absolutely correct. Again, means and motives. The intersection of those two sets would give you persons of interest. If a security researcher doesn't look at the admins in a breech, would you consider them competent?
  So you might be a 'suspect'. In the real word (as opposed the paranoid crazy version here) someone would politely sit down with you and discuss a few things. Then someone else might come over and discuss some more things. Your work logs might be reviewed. If you worked through home and preliminary review made you even more interesting, you might be asked to cough up bits of your home computers - which is why you want to isolate work from play.
  It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk. Again, it's how any investigation happens. If that really bugs you, get a job on a farm and stay the hell away from the fertilizer.
  
  --
  Faster! Faster! Faster would be better!
4. Re:Oh how great is this! by Lunix+Nutcase · 2014-12-29 01:56 · Score: 1
  
  How would it not? Having means and motive does not make you guilty, though. A subtlety missed by many.
5. Re:Oh how great is this! by Lunix+Nutcase · 2014-12-29 01:57 · Score: 1
  
  You act as if disgruntled (ex-)employees have never done such a thing before. You would be wrong.
6. Re:Oh how great is this! by bickerdyke · 2014-12-29 01:59 · Score: 4, Insightful
  
  Yes, but it shouldn't be THAT easy to produce people with those bullseyes.
  "Hey, let's fire a few IT guys. Just in case we need to bring up some capeable, disgruntled ex-employees as scapegoats if we ever get hacked."
  It's an effing huge diffrence if you are a suspect for something you are or do, or for something that someone else does to you.
  
  --
  bickerdyke
7. Re:Oh how great is this! by Nidi62 · 2014-12-29 02:03 · Score: 3, Insightful
  
  It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk.
  Unless the local Sheriff's Department just took delivery of that surplus MRAP and M4s and wants to try them out.
  
  --
  The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
8. Re:Oh how great is this! by Ol+Olsoc · 2014-12-29 02:09 · Score: 4, Funny
  
  You act as if disgruntled (ex-)employees have never done such a thing before. You would be wrong.
  Seems like they need to gruntle them then..
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
9. Re:Oh how great is this! by Ol+Olsoc · 2014-12-29 02:13 · Score: 4, Insightful
  
  It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk.
  And some times it does. Seems like the best thing is to make certain no one thinks you are disgruntled
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
10. Re:Oh how great is this! by bickerdyke · 2014-12-29 02:13 · Score: 2
  
  Yes, but that's not how it happens in real life.
  Even if the full SWAT team is a rather rare, it's not unheard of. And those people who will sit down and politely ask some questions still probably may well arrive in police cars parked in front of my house. May be enough to have to look for a new neighbourhood to move to.
  But even that isn't more as an unlikely nuissance. Your name will most likely leak somewhere and each and every script kiddie that couldn't log into PSN on Christmas (not related, I know. but they don't) will start to DDOS my current business, swamp my social networks with photoshopped pics of me beating my wife and pull every prank in the book. Nothing out of the "prank" range, but may get boring after being on the receiveing end of the 500th or so.
  Unfortunately, we're at a point where sometimes being a suspect is already part of the punishment.
  
  --
  bickerdyke
11. Re:Oh how great is this! by bickerdyke · 2014-12-29 02:20 · Score: 2
  
  Read the headline. It's obviously enough to be "identified [...] as perpetrator". I know, I'm not a native english speaker, but doesn't that imply at least some level of guilt? The missed subtlety that the public misses is if he is found guilty by a scandinavian antivirus-company or by judge and jury. So if the name of that suspect leaks somehow (which is more than likely), he will be guilty in the eyes of the public. Including future potential employers.
  Way to easy to have your life ruined without being guilty.
  
  --
  bickerdyke
12. Re:Oh how great is this! by ComputerGeek01 · 2014-12-29 02:27 · Score: 1
  
  "Hey, let's fire a few IT guys. Just in case we need to bring up some capeable, disgruntled ex-employees as scapegoats if we ever get hacked."
  It looks like somebody needs to look up the terms liable, slanderous and more then likely falsifying and suppressing evidence. The correct thing to do for anyone caught in the scenario you are describing is ... nothing. Just sit back and let them dig a hole so deep that you can comfortably retire.
13. Re:Oh how great is this! by ColdWetDog · 2014-12-29 03:13 · Score: 1
  
  That's what meth labs are for.
  Bonus points: They go BOOM when you shoot at them.
  
  --
  Faster! Faster! Faster would be better!
14. Re:Oh how great is this! by Jason+Levine · 2014-12-29 03:17 · Score: 2
  
  I think the point was that Norse Security looked at this as if it was a criminal investigation as opposed to a political finger pointing match. If the police were investigating a crime and found that an ex-employee had posted angry statements about being fired prior to the crime being committed (Motive) and had the means and opportunity to do so, they would definitely be investigated as a suspect. Rightfully so, too.
  Note that being investigated doesn't mean being charged with a crime. If the investigation showed that the person had a good alibi or uncovered evidence that pointed away from that person, then the police would drop that person from the list of suspects. If a company tried intentionally firing people to create a cover, they would risk those people having good alibis and not being suitable suspects.
  
  --
  My sci-fi novel, Ghost Thief, is now available from Amazon.com.
15. Re:Oh how great is this! by znrt · 2014-12-29 03:22 · Score: 1
  
  pissed off ex employee with inside information and the chance to make a high profile disruption to those who would risk your mortgage and pension with little to no personal risk is a big fucking bullseye.
  this simply narrows down your search, doesn't make anyone a suspect. it might turn out to be bogus and the motives totally different.
  but they claim to have found a connection, that's a lead. not a strong one, in my opinion, but they may have no better. anyone wondering how they got access to the irc content? duh ...
16. Re:Oh how great is this! by Anonymous Coward · 2014-12-29 03:26 · Score: 1
  
  Is that what they are calling it these days?
17. Re:Oh how great is this! by PopeRatzo · 2014-12-29 03:37 · Score: 1
  
  I think the point was that Norse Security looked at this as if it was a criminal investigation as opposed to a political finger pointing match.
  Except those weren't their fingers they were pointing and waggling at each other.
  
  --
  You are welcome on my lawn.
18. Re:Oh how great is this! by bickerdyke · 2014-12-29 03:43 · Score: 2
  
  I think the point was that Norse Security looked at this as if it was a criminal investigation as opposed to a political finger pointing match. If the police were investigating a crime and found that an ex-employee had posted angry statements about being fired prior to the crime being committed (Motive) and had the means and opportunity to do so, they would definitely be investigated as a suspect. Rightfully so, too.
  Absolutely right. But let's think this through to the end. So, if I ever get laid off I would
  a) not have the right to be "disgruntled" unless
  b) I make sure I'll be surrounded by a potential witness just in case I'm investigated and need to produce an alibi for any time an attack on my ex-employer might have happend.
  As you said, If I can't do that I wouldn't be dropped from the list of suspects unless "the investigation showed that the person had a good alibi or uncovered evidence that pointed away from that person,"
  And there isn't a guarantee that there will be evidence at all that points to the true perpetrator. (and if you're single and umeployed, NOT having an alibi for most of your day is the norm).
  So while you're still absolutely right, only in an ideal world this would be enough to avoid additional hard times to laid of employees.
  
  --
  bickerdyke
19. Re:Oh how great is this! by Anonymous Coward · 2014-12-29 04:11 · Score: 0
  
  It also doesn't seem to fit well together with the malware having been compiled with Korean language libraries, or something along those lines, that was reported earlier - unless some of those employees are Korean, anyway. I dunno. Blaming North Korea immediately feels like a knee jerk reaction, but I don't have all of the information that the investigative folks do.
  Lots of employees run to social media and vent after being fired. That doesn't mean that they're the people responsible when something goes wrong.
  Lesson learned, though: Should I ever get fired, don't ever mention a word of it anywhere on the Internet. Knowing my luck something will happen at my previous employer's data center and I'll have my life turned upside down by people who think I am responsible because of a derpy, meaningless tweet.
20. Re:Oh how great is this! by Ol+Olsoc · 2014-12-29 04:52 · Score: 1
  
  Is that what they are calling it these days?
  Sounds like "dirty" fun doesn't it?
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
21. Re:Oh how great is this! by Glarimore · 2014-12-29 05:52 · Score: 1
  
  Except juries are well known to have convicted people of crimes which they haven't committed with less-than-bullet-proof evidence -- usually because the media had already crucified the defendant publicly before the trial even started.
  
  Are you really going to sit by and let it build up until it's too late? Yeah, most likely you'll get a fat settlement. The downside risk, however, is spending ten years in jail for a crime you didn't commit. That gamble isn't worth it.
22. Re:Oh how great is this! by cyberchondriac · 2014-12-29 06:16 · Score: 1
  
  It's still speculation, and only circumstantial evidence.
  
  --
  
  Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
23. Re:Oh how great is this! by cyberchondriac · 2014-12-29 06:18 · Score: 1
  
  I wanna be gruntled!
  
  --
  
  Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
24. Re:Oh how great is this! by gnasher719 · 2014-12-29 06:19 · Score: 1
  
  Read the headline. It's obviously enough to be "identified [...] as perpetrator". I know, I'm not a native english speaker, but doesn't that imply at least some level of guilt?
  
  That sentence, as written, implies guilt, without any doubt. If I was the engineer who was accused, and everything was in the UK, I would sue for libel, and I would win.
25. Re:Oh how great is this! by Noah+Haders · 2014-12-29 06:43 · Score: 1
  
  motive, means, opportunity:
  MOTIVE: Maniacal leader, irrationally hates movie. Check.
  MEANS: l33t haxor squad. Check.
  OPPORTUNITY: disgruntled IT person sells info on computer network. Check.
  See, it's fun to connect dots.
26. Re:Oh how great is this! by eth1 · 2014-12-29 07:21 · Score: 1
  
  So you might be a 'suspect'. In the real word (as opposed the paranoid crazy version here) someone would politely sit down with you and discuss a few things. Then someone else might come over and discuss some more things.
  If you're a 'suspect', and they want to talk to you, then at a minimum, you're forced to pay to retain counsel (unless you're stupid, and talk to them without one). So you're screwed no matter what at that point.
27. Re:Oh how great is this! by n3r0.m4dski11z · 2014-12-29 10:21 · Score: 1
  
  "Seems like the best thing is to make certain no one thinks you are disgruntled"
  I was thinking of saying something similar, about not using social media. However it occurred to me that they could just as easily read your email if they wanted to. So it would require never writing any email saying anything negative about your former company, to anyone... Well that is not freedom of communication in the slightest.
  You would end up having to _believe_ that you actually weren't discruntled to be able to hide it successfully. At that point, its 1984 and you are changing the way you think because of fear of persecution.
  What a great society we live in! Think nice thoughts!
  
  --
  -
28. Re:Oh how great is this! by Anonymous Coward · 2014-12-29 12:32 · Score: 0
  
  But you don't understand -- the culprit was angry at being laid off! Surely she is capable of any deviltry in such a state.
  Since you make the claim the suspect is a woman laid-off from the organisation and she must have been on her period to be capable of any devilry in such a state. Wow! Speculation is fun! Pass the tampons please.
29. Re:Oh how great is this! by ihtoit · 2014-12-29 23:03 · Score: 1
  
  ok. Cite your sources. Mine are all in the summary.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
30. Re:Oh how great is this! by Noah+Haders · 2014-12-30 03:51 · Score: 1
  
  I'm not going to cite sources for maniacal leader or l33t haxor squad. Those are well known. For disgruntled employee, I'm citing the summary as well. People laid off of work, complaining online, etc. The summary (and article) is conjecturing that disgruntledness alone is sufficient for carrying out a devastating attack. I'll conjecture that a NK operative located a disgruntled employee through web chats and bribed him to get the needed info. That's just as valid as your story.
31. Re:Oh how great is this! by david_thornley · 2014-12-30 04:49 · Score: 1
  
  You're right. In any serious investigation, there will be people investigated and harassed just on the basis of a few things. If your spouse is murdered, for example, the police are going to suspect and investigate you, and that's going to suck.
  What is likely to happen, if you're innocent, is that the police will not find sufficient evidence to indict, whether or not they find the guilty party. This isn't a Phoenix Wright game, where you can only get acquitted of murder if you can convince the judge some specific other person did it.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
32. Re:Oh how great is this! by bickerdyke · 2014-12-30 04:54 · Score: 1
  
  Yes. But it's not only judge and jury. Friends, Neighbours, employers, media..... to all of them you will stay the guy who never got convicted for the murder of his wife, if the guilty party can't be found.
  
  --
  bickerdyke
33. Re:Oh how great is this! by knorthern+knight · 2014-12-30 05:53 · Score: 1
  
  > a) not have the right to be "disgruntled" unless
  Note that the part of the post you quoted talks about posting "angry statements". E.g. don't publically claim you're gonna make them sorry. Stay off social media.
  BTW, this is not exclusive to cyberspace. In meatspace, if you go around badmouthing someone, talking about how you're "gonna make him pay", and that someone is soon found murdered, you're a potential suspect.
  
  --
  
  I'm not repeating myself
  I'm an X window user; I'm an ex-Windows user
34. Re:Oh how great is this! by gzuckier · 2014-12-30 17:24 · Score: 1
  
  "Your honor, I was plenty gruntled!"
  Neighbor, whispering "I dunno, he always only looked semigruntled to me"
  
  --
  Star Trek transporters are just 3d printers.
35. Re:Oh how great is this! by gzuckier · 2014-12-30 17:25 · Score: 1
  
  Or if you are of the Melanic persuasion.
  
  --
  Star Trek transporters are just 3d printers.
36. Re:Oh how great is this! by gzuckier · 2014-12-30 17:29 · Score: 1
  
  So you might be a 'suspect'. In the real word (as opposed the paranoid crazy version here) someone would politely sit down with you and discuss a few things. Then someone else might come over and discuss some more things.
  If you're a 'suspect', and they want to talk to you, then at a minimum, you're forced to pay to retain counsel (unless you're stupid, and talk to them without one). So you're screwed no matter what at that point.
  You make that sound like a bad thing. Plead guilty, get free room and board and medical care and education, plus learn useful skills like locksmithing and self-defense. By the time you get out, the economy will be back to full employment, what with the Republicans in the senate and house and all. If you're lucky, you ight even have a religious conversion.
  
  --
  Star Trek transporters are just 3d printers.
37. Re:Oh how great is this! by Optali · 2014-12-30 22:57 · Score: 1
  
  For uns in IT business, [...]
  Bisste Deutscher? LOL
  
  --
  -- 29A the number of the Beast
38. Re:Oh how great is this! by Agripa · 2014-12-31 09:10 · Score: 1
  
  If you're a 'suspect', and they want to talk to you, then at a minimum, you're forced to pay to retain counsel (unless you're stupid, and talk to them without one).
  Since law enforcement cannot be trusted, there is no reason to talk to them or answer their questions at all. The Miranda warning is literal; everything you say can and will be used against you however what is unsaid is that anything you say which would exonerate you is just hearsay and not admissible in court.
This is impossible! by fuzzyfuzzyfungus · 2014-12-29 01:43 · Score: 5, Insightful

I was assured by numerous talking heads that this particular network intrusion against a Japanese multinational was not only state-sponsored; but an act of Cyber-terror-war against America and the Homeland, and something that could only be answered in a suitably apocalyptic fashion, lest our nation's honor be soiled!

How could it possibly be something as pedestrian as upset employees?
1. Re:This is impossible! by Anonymous Coward · 2014-12-29 01:52 · Score: 0
  
  Thanks. This just sums it up. (I wish each of us would get a turn at kicking one of those talking heads in the nuts each time they're so blatantly wrong).
2. Re:This is impossible! by Anonymous Coward · 2014-12-29 02:03 · Score: 3, Interesting
  
  Because in corporate America they are the same thing.
3. Re:This is impossible! by d1on1x · 2014-12-29 02:14 · Score: 0
  
  I was assured by numerous talking heads that this particular network intrusion against a Japanese multinational was not only state-sponsored; but an act of Cyber-terror-war against America and the Homeland, and something that could only be answered in a suitably apocalyptic fashion, lest our nation's honor be soiled! How could it possibly be something as pedestrian as upset employees?
  I SO hope you are very sarcastic here.
4. Re:This is impossible! by Anonymous Coward · 2014-12-29 02:22 · Score: 0
  
  I SO hope you are very sarcastic here.
  Ya think?
5. Re:This is impossible! by slimshady76 · 2014-12-29 02:34 · Score: 1
  
  Darn, wish I had mod points... Somebody please mod this up!
6. Re:This is impossible! by ColdWetDog · 2014-12-29 03:15 · Score: 3, Funny
  
  answered in a suitably apocalyptic fashion
  Cool. So the rumors that Kayne West and Kim Kardiashian are moving to Pyongyang are true?
  
  --
  Faster! Faster! Faster would be better!
7. Re:This is impossible! by fuzzyfuzzyfungus · 2014-12-29 04:03 · Score: 1
  
  Given Kim's alleged approach to celebrity controversy, they would probably be well advised not to...
8. Re:This is impossible! by fuzzyfuzzyfungus · 2014-12-29 04:06 · Score: 2
  
  It chills me that any other possibility would not be ruled out automatically; but thankfully, I am. Unfortunately, that apparently makes me saner than parts of congress, never mind talk radio, and I'm a guy who impersonates a fungus on the internet for fun, FFS.
9. Re:This is impossible! by zlives · 2014-12-29 05:33 · Score: 1
  
  move along ACitizen nothing to see here. just be thankful that your glorious leaders has protected you from heinous and continuing cyber terror.
  also mod +1
10. Re:This is impossible! by fremsley471 · 2014-12-29 05:53 · Score: 2
  
  Bang on the money. The well reasoned arguments here: http://marcrogers.org/2014/12/...
  were made before the DPRK link was fixed in the news cycle. It was then instructive to watch workings of the new McCarthyist cheerleaders, even (especially) here on Slashdot. People seriously writing 'the FBI have all the incriminating evidence, they just can't share it with you' type-comments.
  The eleven years since the non-existence of WMDs may seem long time for the kiddies running the military's multiple personality software, but most people here won't ever buy that crap again.
Told you it wasn't North Korea by Nyder · 2014-12-29 01:56 · Score: 4, Interesting

And yet I was called a North Korean and other things for saying what is obvious.
Love the internet. So fuck you all. I was right and you FBI/President believing dumb fucks are wrong, again.
As I said before, the USA owes the NK a big fucking apology.

--
Be seeing you...
1. Re:Told you it wasn't North Korea by ihtoit · 2014-12-29 02:22 · Score: 1
  
  but they won't. Sony won't even offer KJU any royalty for using his likeness in an entertainment (term used loosely) without his express consent. Why should they? No, seriously, why? Enquiring minds wish to know.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
2. Re:Told you it wasn't North Korea by Anonymous Coward · 2014-12-29 02:35 · Score: 0, Troll
  
  This is /. and you DARED oppose the great Obama, the creator of the great Obamacare. You should be glad you were only called a North Korean. Back in my day when I questioned something Obama did, I was told I was a racist and ran lynch mobs killing blacks by the hundreds, uphill both ways in the snow.
3. Re:Told you it wasn't North Korea by CrimsonAvenger · 2014-12-29 02:40 · Score: 5, Insightful
  
  Umm, you think that the inconclusive opinions of a subsidiary of Monoc Security are positive proof?
  Seems to me you're doing exactly what the guys you're poo-pooing were doing - using your own opinions to turn next to no data into proof positive that you were right.
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
4. Re:Told you it wasn't North Korea by Anonymous Coward · 2014-12-29 02:45 · Score: 0
  
  How many real life characters, in the course of over a century, have been portrayed in Hollywood movies? Care to draw a list? And then find out which of them received a payment for the use of their likenesses, and which did not. And then calculate the amount of damages / compensation / royalties / bribes / whatever all of them are still owed.
  And then tell Kim Jong Fucking Un to grab a number and stand in line. He can get in behind his late daddy who will rise back up from the grave to stake his claim over Team America (the one I can think of off the top of my head, at least).
5. Re:Told you it wasn't North Korea by meta-monkey · 2014-12-29 02:45 · Score: 4, Funny
  
  That sounds just like something a North Korean would say...
  
  --
  We don't have a state-run media we have a media-run state.
6. Re:Told you it wasn't North Korea by Anonymous Coward · 2014-12-29 02:54 · Score: 0
  
  "An entertainment"? That's not even English, Dear Leader.
7. Re:Told you it wasn't North Korea by jeffmeden · 2014-12-29 03:01 · Score: 1
  
  And yet I was called a North Korean and other things for saying what is obvious.
  Love the internet. So fuck you all. I was right and you FBI/President believing dumb fucks are wrong, again.
  As I said before, the USA owes the NK a big fucking apology.
  So some information comes out that it might be someone outside of NK or sponsored by NK (at least based on this little bit of information that isn't really even classifiable as evidence) and you are ready to beat your chest about how right you were? Sounds like you are exactly as right as everyone who said it was NK last week. I would start a slow clap, but...
8. Re:Told you it wasn't North Korea by Deadstick · 2014-12-29 03:05 · Score: 4, Insightful
  
  OK, let's see. A government agency issues an opinion on who did it: Obviously a lie.
  A commercial security company issues an opinion on who did it: Case closed.
  Love the Internet.
9. Re:Told you it wasn't North Korea by PopeRatzo · 2014-12-29 03:41 · Score: 1
  
  OK, that's funny. I'd give you mod points, but I traded them for crack.
  
  --
  You are welcome on my lawn.
10. Re:Told you it wasn't North Korea by T.E.D. · 2014-12-29 03:42 · Score: 1
  
  As I said before, the USA owes the NK a big fucking apology.
  We just released a movie starring their beloved leader. Is that not enough?
11. Re:Told you it wasn't North Korea by ihtoit · 2014-12-29 06:31 · Score: 1
  
  "This Is (An Entertainment)" is a play by Tenessee Williams, so it's about as fucking English as it gets, you fucking tool.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
12. Re:Told you it wasn't North Korea by ihtoit · 2014-12-29 06:33 · Score: 1
  
  you have access to the same tools as I do, so if you would please to answer your own question, I have better things to do than satisfy your pedantry.
  
  --
  Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
13. Re: Told you it wasn't North Korea by Anonymous Coward · 2014-12-29 06:59 · Score: 0
  
  The FBI has been caught with lies before, ADAIK Norse Security have not. Also the FBI simply says "Trust Us" and shows no evidence.
14. Re:Told you it wasn't North Korea by HiThere · 2014-12-29 09:52 · Score: 1
  
  While you are correct that the opinions aren't conclusive, THEY ADMIT THAT. For that reason I'm willing to give their opinions reasonable credence, and scoff at those who believe the spokesman for the FIB.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
15. Re:Told you it wasn't North Korea by Anonymous Coward · 2014-12-30 00:38 · Score: 0
  
  OK, let's see. A government agency issues an opinion on who did it: Obviously a lie.
  A commercial security company issues an opinion on who did it: Case closed.
  Love the Internet.
  More like common sense given the fact that governments these days are only known to lie, lie, and lie some more.
Sigh by drinkypoo · 2014-12-29 02:06 · Score: 4, Insightful

starting by looking for individuals with the "means and motive" to do the attack.
The problem is that Sony is- I wanted to say incredibly lax about security, but that's clearly not right — egregiously careless about security, and also typically, boringly evil so the people with motive are legion. You could find people with motive and opportunity under any rock.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
1. Re:Sigh by HiThere · 2014-12-29 09:55 · Score: 1
  
  Yes. The "conclusions" are "This is not conclusive.", and I believe that. It's also a reasonable scenario, with reasonable amount of data (that's checkable if you care enough). This quite different from the pronouncement by the government.
  Your point, that it could be any number of other groups I also believe to be correct, though I haven't investigated.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
um... by Charliemopps · 2014-12-29 02:10 · Score: 1

Wait what?
They searched through Sonys files, found a layoff... and that's a surprise?
And then they found that there were some with "Technical background" that were laid off at the same time?
Then they found that one of those had access to one of the first servers that got penetrated?
Oh no! They were in a "hacking IRC channel"!!! That's like all... of the IRC channels. And he used his real name in the channel? I doubt that...
In summary, they found out that Sony had a layoff that affected at least 1 sysadmin and that sysadmin had access to some gateway server... So they're guilty? As with any company Sony's size, I suspect they have layoffs every 6 months or more. And I suspect that those layoffs frequently include people with a "Technical background" and often even "Sysadmins" And it's a surprise that such a person would have access to some random piece of hardware?!? It was his job to have access to ALL of the hardware.
Unless they have more evidence, this is nothing more than a PR stunt, and whomever this individual is, he's probably already looking for a Lawyer.
1. Re:um... by dhaen · 2014-12-29 03:53 · Score: 2
  
  Nevertheless it's slightly more credible than N.K. having done it.
2. Re:um... by Anonymous Coward · 2014-12-29 14:53 · Score: 0
  
  https://securityledger.com/2014/12/new-clues-in-sony-hack-point-to-insiders-away-from-dprk/
  
  Stammberger was careful to note that his company’s findings are hardly conclusive, and may just add wrinkles to an already wrinkled picture of what happened at Sony Pictures. He said Norse employees will be briefing the FBI on Monday about their findings.
  I don't think the slashdot editors know what "hardly" means.
BUT the fbi says its north korea by Anonymous Coward · 2014-12-29 02:16 · Score: 0

shows you what the USA game is don't it.....
Told you it wasn't North Korea by Anonymous Coward · 2014-12-29 02:18 · Score: 5, Funny

I just talked with all the rest of the guys here on Slashdot, and we all agree: how could we be so stupid? We're all sorry and it definitely won't happen again; we'll pay really close attention to everything you say from here on out.
So what does this say about Obama? by Anonymous Coward · 2014-12-29 02:18 · Score: 0

TFS paints a pretty credible picture that fits the known facts better than "The NorKs did it!"
North Korea would not have started out trying to extort money from Sony. Threats against The Interview only appeared after that had been discussed as a possible motive.
And yet Obama blamed North Korea, even going so far as to apparently take out NorK internet services.
1. Re:So what does this say about Obama? by __aanbvm4272 · 2014-12-29 02:58 · Score: 1
  
  El Presidente should be reading /. Like most of us knew, it was NOT NKorea. FBI needs a few good tech agents. Maybe they could pull one off the NCIS show. Or find the disgruntled SPE employee and mind meld him over to their side.
2. Re:So what does this say about Obama? by Anonymous Coward · 2014-12-29 03:51 · Score: 0
  
  "FBI needs a few good tech agents."
  America is a feminist country. It can hire tech women.
3. Re:So what does this say about Obama? by HiThere · 2014-12-29 09:58 · Score: 1
  
  I've always suspected that had more to do with reported NK threats against SK nuclear reactors. I still suspect that. Do note, however, that US culpability in the shutdown of NKs internet connetion is, while quite plausible (and I suspect orchestrated with China's acquiescence) is not proven.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
4. Re:So what does this say about Obama? by david_thornley · 2014-12-30 05:06 · Score: 1
  
  Actually, I still don't know it wasn't North Korea. It may be that the FBI has solid evidence they aren't going to release at this time, and the people indicated by Norse Security did nothing against Sony, despite having motive and means. I find Norse Security more believable than the FBI here, but they are identifying suspects rather than saying anybody in particular was responsible.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Propaganda by koan · 2014-12-29 02:23 · Score: 2

Your choice, co-ordinated propaganda campaign or massive incompetence.

--
"If any question why we died, Tell them because our fathers lied."
The meaning of the world "conclusive?" by Anonymous Coward · 2014-12-29 02:28 · Score: 0

Call me strange, but what I think the word "conclusive" means seems to be very different... it seems like they have a lot of "circumstantial" evidence, but not "conclusive" evidence.
Really, really weak evidence by plsuh · 2014-12-29 02:30 · Score: 4, Informative

Folks,
The evidence here is really, really weak. The connection is tenuous enough and the original pool of possible suspects via their methodology is large enough that I sure as heck wouldn't rule out a connection via random chance. Until we get better evidence, this isn't worth very much.
Norse Security says as much in The Fine Article:

Stammberger was careful to note that his company's findings are hardly conclusive, and may just add wrinkles to an already wrinkled picture of what happened at Sony Pictures. He said Norse employees will be briefing the FBI on Monday about their findings.
"They're the investigators," Stammberger said. "We're going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That's not our job to determine, it is theirs," he said of the FBI.
--Paul
1. Re:Really, really weak evidence by Anonymous Coward · 2014-12-29 02:46 · Score: 1
  
  So now we have two competing theories with equally tepid evidence. One hopes, however, that it will make the administration either put up or shut up: they must raise with revealing more strong evidence, if they have it. If they don't have it, hiding behind the state's secret veil is not going to do them much good. Personally, I find the ex-employee theory more plausible; I expected something like that. How much of their hand is the government going to be willing to show? One assumes as little as possible.
2. Re:Really, really weak evidence by Anonymous Coward · 2014-12-29 03:39 · Score: 0
  
  > "They're the investigators," Stammberger said. "We're going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That's not our job to determine, it is theirs," he said of the FBI.
  which makes you wonder why they're fielding investigators in "online surveillance" based on somebody making pissed off comments after getting the shaft...
  is that all it takes these days? LOL.
3. Re:Really, really weak evidence by g0bshiTe · 2014-12-29 04:12 · Score: 1
  
  Wonder if anyone thought to ask the NSA?
  
  With their rampant spying surely they have the missing key evidence, that is of course unless their spying doesn't extend to corporate interests.
  
  --
  I am Bennett Haselton! I am Bennett Haselton!
4. Re: Really, really weak evidence by Anonymous Coward · 2014-12-29 07:02 · Score: 0
  
  They are too busy spying on Americans tjese days and have no time to spy on foreign countries.
Work Environment by MrKaos · 2014-12-29 02:41 · Score: 2

Is working for Sony that bad?

--
My ism, it's full of beliefs.
1. Re:Work Environment by Lothar+0 · 2014-12-29 06:16 · Score: 1
  
  If SPE fires talented people with a long tenure of service and puts them at risk of homelessness because reasons, then yes, I would say they probably are a bad company to work for, which is why I will not purchase any of SPE's products ever again. I will also favor changes in policies to give workers who are fulfilling their duties in the private sector more (not absolute) job security through concrete actions via lobbying officials at opportune moments and contributing capital to political movements that align with this goal.
  It does not matter what I post on Slashdot. It matters (to a small degree) what I do off of Slashdot.
  
  --
  "Anonymous Coward" is for whistleblowers, not unpopular opinions.
2. Re:Work Environment by Areyoukiddingme · 2014-12-29 06:21 · Score: 1
  
  Is working for Sony that bad?
  Deja vu. This exact question was asked the last time Sony made the news.
  Yes. Yes it is.
3. Re:Work Environment by Anonymous Coward · 2014-12-29 09:17 · Score: 0
  
  It's worse.
Told you it wasn't North Korea by Anonymous Coward · 2014-12-29 02:50 · Score: 2, Funny

I like how you worked both "I told you so" and "I was right, you were wrong" in there. Wait, are you my girlfriend? Baby, is that you? Come back to bed honey, I didn't mean any of those awful things I said.
Why was is so easy for an ex-employee to do this? by Anonymous Coward · 2014-12-29 02:50 · Score: 0

I always imagined (not being security-inclined my self, with basic understanding of some secure stuff like ssh, https, multi-factor etc) that when it comes to huge companies like this they have strict and audited security infrastructure and processes in place.
When a key employee leaves it should be as easy as doing a few mouse clicks and everyone gets "password expired" emails or stuff, right?
And not only I see this as being easy to use (not necessary easy to implement, but we're talking about tens of millions here) but also compulsory to do after someone is fired.
Why does it matter if a certain individual has a strong technical background (what does that even mean today? Can he format a HDD using command line tools or can he write his own file system?) as long as all his credentials are gone?
I'm sure they didn't get in speculating bugs in the ssh protocol.
After reading TFA... by QuietLagoon · 2014-12-29 03:03 · Score: 4, Insightful

... it looks like Norse found what they wanted to find, and not necessarily the reality of what happened.
1. Re:After reading TFA... by Anonymous Coward · 2014-12-29 07:06 · Score: 0
  
  "... it looks like Norse found what they wanted to find, and not necessarily the reality of what happened."
  Sure. And the same could be said of the current U.S. administration pressuring the FBI for a nice, tidy explanation that aligns with foreign policy, no?
  I am no friend of the DPRK and their horrible death camps. But think about this logically: The goal of any repressive regime is to stay in power. Therefore, most regimes target their own people with strong propaganda messages. With that in mind, why would the regime repeatedly deny involvement in one of the most destructive cyber attacks on U.S. soil to date? It cannot be fear of reprisals.. they post videos of nuclear weapons destroying the U.S. mainland all day long. Humiliating a U.S. (DPRK public enemy #1) subsidiary of a Japanese (DPRK public enemy #2) company with impunity seems like a dream come true for the regime. It just doesn't make sense.
Re:Why was is so easy for an ex-employee to do thi by g0bshiTe · 2014-12-29 04:18 · Score: 1

While your method would work would it also cover firmware on a switch that would mask as user credentials to forward the data intended to be mined to where it was supposed to go?

Of course this would be a far stretch.

Personally I never thought it NK, what would they gain by going after Sony other than some retribution for Japanese occupation of Korea.

--
I am Bennett Haselton! I am Bennett Haselton!
Re:"equally tepid evidence" by Anonymous Coward · 2014-12-29 04:45 · Score: 0

The chosen one? Has Harry Potter made a statement?
Re: They'd be doing you a favor. by Anonymous Coward · 2014-12-29 05:07 · Score: 0

APK, please go back to posting the host file nonsense. Maybe FTW you could link myUncleanPC and hosts file editing with wife beating and child sex/molestation. Maybe in a few years, you'll upgrade your hosts file solution to into a database, a 'local DNS solution'. Then maybe you can distribute it, also! You can re-implement OpenDNS!

I'd like to take your OT reference and update it with a NT one; the message on the Mount of Olives where Jesus said, (Matt 5:17, 27-28) "Think not that I am come to destroy the law, or the prophets: I am not come to destroy, but to fulfil. ... Ye have heard that it was said by them of old time, Thou shalt not commit adultery: But I say unto you, That whosoever looketh on a woman to lust after her hath committed adultery with her already in his heart."
Translation: Hey, look, I know you Jewish folks have some laws in the OT, that's great and all, but God's Law trumps all. Let me add to it a bit: Not only can you not cheat on your wife, you cannot even look at another woman for the purpose of extramarital excitement without cheating on her. So take your out of context, out of place woman hating OT stuff somewhere else.
Interesting you mention Ba'al, too. Didn't 400 of his best priests get bested by one man of God?

ProTip: ba'alah means mistress in Semitic. The one you are using refers to men/boys.
MINISTRY OF TRUTH SAYS by Jeremiah+Cornelius · 2014-12-29 05:09 · Score: 4, Insightful

Oceania has ALWAYS BEEN AT WAR with East Asia.

--
"Flyin' in just a sweet place,
Never been known to fail..."
1. Re:MINISTRY OF TRUTH SAYS by zlives · 2014-12-29 05:28 · Score: 1
  
  apparently the north korea ploy did not sell enough tickets for sony. next time they will do better.
2. Re:MINISTRY OF TRUTH SAYS by Anonymous Coward · 2014-12-30 02:19 · Score: 0
  
  Doubleplusgood
3. Re:MINISTRY OF TRUTH SAYS by Optali · 2014-12-30 22:41 · Score: 1
  
  Yeah, they could put a hawt chick as dictator of NK, this would sell better than the fat boy and his band of idiots.
  
  --
  -- 29A the number of the Beast
Oh so just lay the blame on some poor sap by future+assassin · 2014-12-29 05:19 · Score: 2

and see where the stones fall, then post a disclaimer on the article saying "Well it might not be him" ????? Profit?

--
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Did the hackers hack themselves? by Anonymous Coward · 2014-12-29 06:17 · Score: 0

I would presume that the Norse group of hacker-hackers has been poring through every byte of data released by G.O.P., right? There's lot of information there about the firings (cost-cutting, it's referred to often.)
A couple of questions I have:
1) Bob Osher is the Sony "President, Sony Pictures Digital Productions". He has been instrumental in Sony's recent cost-cutting reorganization. If the hackers really were insiders upset with how Sony was laying off people, I would expect that they would be focused on him, not Pascal and Lynton. Osher is mentioned only occasionally.
2) If it wasn't about North Korea, then why were so many pre-released films distributed in the 25GB first dump, but The Interview held back? It's clearly been "in the can" for quite some time.
Thad
If true, they will walk! by anwyn · 2014-12-29 06:41 · Score: 1

The US gov can not afford to admit a mistake, after executing a DOS attack against NK.
"Conclusive" by Anonymous Coward · 2014-12-29 06:58 · Score: 0

Hi guys.
I'm afraid this article implies a level of certainty that we at Norse do not share, yet.
We don't have "conclusive" evidence yet. Our investigations are ongoing. They *are* focusing on a small set of individuals, some of whom are ex-Sony employees, and some of whom are connected to pro-piracy groups. We see datapoints and indicators they MAY have communicated and worked together. We have not concluded anything yet, but we're working hard to pull together as many connections as we can to see where the data leads.
Best
Kurt Stammberger
SVP
Norse
1. Re:"Conclusive" by Raystonn · 2014-12-29 09:33 · Score: 1
  
  Someone mod this up so it's not lost.
2. Re:"Conclusive" by HiThere · 2014-12-29 10:05 · Score: 1
  
  Thanks. That's what I got out of the summary, but apparently many others got something else.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
asymmetry is scary for govvies by vpness · 2014-12-29 07:29 · Score: 1

The thought that a few, decently intelligent , disgruntled *individuals* , coupled with the 'destructive' nature of the attacks I think scares the crap out of govvies. Call it cyber-vandalism, -terrorism, or -war, the act of public destruction and 'outing' is what has made this attack a 'game changer.' State funded threat actors have been spying for years. They've mostly - the stuxnets aside - have stopped short of destruction that they're all capable of, and 'just' xfilled credit cards, or secret formulas. Think what the Target attackers could have wrought by bricking the POS terminals. So if you're a govvie, it's natural to presume that a whacky - but funded - state threat actor is behind this, as the thought of a handful of individuals is just too scary. Do any /. ers know what security product stuff that Sony deployed (which missed all of this )? I'd love to know their host based AV and HIPS, and their network FW, IPS, 'APT ' detectors/protectors.
It was never North Korea by nadass · 2014-12-29 07:46 · Score: 1

It was obviously never NK (and I've personally expressed as much to my coworkers) when their bandwidth (nationally equivalent to a 56Kbps dial-up modem) is provided by AOL Korea and depends on sponsored ads edited using PaintShop Pro 3 on an Windows 98 Second Edition PC. Their collective disk storage capacities are probably no more than your run-of-the-mill WD 5400rpm disk storage arrays.

Okay, okay. Seriously, though, NK neither had the motive nor the means to carry out such a sophisticated cyber-attack comprising of several GB's of HR files. Why would NK give a crap about some mid-level executive's salary bonus? Why would they make terroristic threats against thousands of movie theaters on American soil when they cannot even obtain a passport and boarding pass onto an airplane?

TL;DR somebody at the FBI is getting fired.
Norse Security Sucks by khelms · 2014-12-29 08:34 · Score: 1

They haven't even figured out Loki is masquerading as Odin!
Was the SSN of that person released? by Anonymous Coward · 2014-12-29 09:55 · Score: 0

Quickest way to disprove it. Was that ex-employees SSN released? He/She would be crazy to release their own just to piss off Sony.
innocent until proven guilty by Anonymous Coward · 2014-12-29 09:57 · Score: 0

Like a alot of slashdotters i also have a technical background, growing up in the 80s PBX + BBS HPACTV scene, running my own boards, and when the internet came of age, running ftp sites, maintaining myself on efnet. There is a culture that exists with alot of technical people that lean them toward what we collectively would agree is harmless if not a bit self serving, but comes off as scary to the general public. I think for the most of us, the older we get, we become more responsible and turn away from taking shit up to the next level like we did when we were kids. Mostly because we have kids that depend on us not to fuck around with stupid shit.
What scares me is companies like this see this type of activity and freak out. I think in any critical infrastructure job it would horrify certain people to know that the guy that runs the firewall was an ex member of a scene, wrote an article in Phrack or contributed to wardials back the day. you shine a spotlight on the lead network geek, unix geek etc you will find similiar behaviors and similiar pasts. This background does not immediately implicate someone into a crime. I am very hestitant to talk about things like this with coworkers for example, becuase i felt the prejudice first hand in the 90s when everyone was getting into IT. It starts off like "whoa dude thats awesome you got mad knowledge" and then later when hacking occurs and its "magic" to them, the tone changes.."hey...did you have anything to do with this". I know this is an age old problem. Sorry if im ranting. Just feel sorry for this dude if he is legit.
Details of Sony malware? by lippydude · 2014-12-29 10:22 · Score: 1

DHS NCIC spread of FBI Flash warning
Sponsor vs actor by Anonymous Coward · 2014-12-29 18:31 · Score: 0

Who did the deed and who paid them to do it are separate questions anyway.
I have always maintained that the deed was not done directly by NK but that NK may kill them if there is a risk of them getting caught and spilling the beans as to who the job was done for.
Why didn't Norse take their opinions to the right people an not let NK know what was going on? Now people could end up dead rather then just imprisoned.