Slashdot Mirror
FBI: North Korean Hackers "Got Sloppy", Leaked IP Addresses
An anonymous reader writes "The FBI launched a PR counterattack against skeptics of the assertion by the US government that North Korean hackers were responsible for anonymous threats received by Sony before its scheduled premiere of the film The Interview. Sony initially cancelled the Christmas day release, but later relented after receiving extensive criticism. In a speech at a New York City cybersecurity conference hosted by Fordham University, FBI Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin. Comey also mentioned additional corroborative evidence, including patterns matching those seen in previous attacks known to have come from North Korea, but was guarded on details. Also at the Fordham conference, US Director of National Intelligence James Clapper mentioned recently meeting the Kim Yong Chol, the North Korean general in charge of cyberwarfare. Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."
Smoke weed every day
These guys have the skills to hack into Sony, steal sensitive data, cause extensive damage and a worldwide ruckus, but on occasion they just "got sloppy" and used their own IP address?
Seriously? Who writes this stuff?
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
How do they know that the connections from North Korea weren't proxied themselves?
If I was going to launch a hack as major as the Sony one, I'd absolutely 100% be sure to leave some breadcrumbs (perhaps even multiple trails) to cover my own tracks.
Cliche movie quote: "he's clean...too clean..."
Until now, I believed it was North Korea.
But the US government always lies. I'm starting to doubt!
Sometimes, Occam's razor comes to bear.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Listening to his speech is like sitting through a Transformers movie. You know the words, and you know the terms, but theyre all used in an entirely incoherent fashion. James seems to think hacking works just like a James Bond film in that its all about time. hackers that 'disconnect quickly' wont be found and those that 'get sloppy' will be detected by some ostentatious array of flashing lights and sirens attached to a mainframe.
James hasnt pulled his star wars head out of his NCIS ass and given any pertanent information like how hackers breeched sony, what attack vectors were used, what exploits were performed (if any) and what if any IDS or firewall technology was complicit in the breech. So given the lack of seriously technical information surrounding this leak its more than plausible by Occams Razor that Sony was the result of a simple phishing attack or bruteforce. Its also a little too convenient that a country which outright bans american films and that would never have to tolerate its citizenry watching it, happens to care enough to make a retaliatory strike against what for all intents and purposes is a nonthreat. What IS however quite possible is a disgruntled employee simply decided to dump the mail server to the pirate bay, and because you can as a business affect an insurance claim against hackers, its convenient to do so in the face of a movie that will in all likelyhood barely break even.
Good people go to bed earlier.
>And now the US' FBI has launched a rebuttal to crickets chirping on Slashdot.
Then you haven't read article after article, plain and simple.
Bruce Schneier and Marc Rogers are two sources that should have convinced you. But they didn't. Because you didn't read their summaries on this. Because you're _not_ reading "article after article."
North Korea denies North Korea attacked Sony. Everybody else pretty much agrees North Korea did it... including North Korea, who claimed Sony was committing an act of war...
http://www.beanleafpress.com
Is this the same James Clapper who lied to Congress, and now expects us to believe him?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Yup, definitely North Korea! There is no possibility that anyone could have setup a proxy account on some North Korean IPs. Apparently that would never happen. Nope, not one iota of possibility. Those were definitely the originating IP addresses.
Here is what I see as possible:
1. North Korea managed to develop an acceptable army of hackers on their own in 5 years. (No internet in 2009, supposedly)
2. A group of hackers attacked Sony and North Korea managed to get tangled up in this with the release of the Interview.
3. China managed to help North Korea develop a group of hackers in 5 years.
4. Koreans from South Korea or Japan (There are several in Japan trying to get into government positions) who actually proxied into North Korea and executed the attack. (Samsung?)
5. Koreans in the US or elsewhere in the world managed to execute the this attack via proxy because they really don't like Sony?
6. Cyber Command or some other US agency decided to execute the attack, because let's rally the troops against North Korea because Syria is getting old?
7. Sony managed to pull off the entire thing because, "Rootkit 2005?"
More possibilities, but as this list grows longer, the realm of possibility gets less likely.
Place something witty here
Yup, definitely North Korea! There is no possibility that anyone could have setup a proxy account on some North Korean IPs.
Do you understand how impossible it is to get "a proxy account" into or out of North Korea? Clearly you do not. The have only one single block of IPv4 addresses.
"the"? Is "Kim" a title of some kind?
The "got sloppy and leaked IP addrs" sounds like the same way the Silk Road server was found. I wonder what parallel construction existed (NSA?) telling the FBI where to look, and what to look for. Of course, we'll never hear those details because, "National Security".
"Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."
Well FUCK ME: if Kim Yong Chol can't take a little "jokey-joke" then obviously it was DPRK who stole the cookies from the cookie jar!
"FBI Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin."
Well SHIT: apparently when the attackers connect from Eastern Europe: "it's a proxy server" but if they connect from an IP address inside a regime the CIA has a hard-on for pressuring economically: it's a smoking gun.
"Comey also mentioned additional corroborative evidence, including patterns matching those seen in previous attacks known to have come from North Korea, but was guarded on details"
BLAH BLAH "secret evidence" BLAH: here's the problem with sticking your nose up everyone's ass Clapper, even when you "know" something is a fact: nobody believes you because the evidence was gathered through spying and deciept! Even if you manage to fabricate some "parallel" construction without revealing which routers on the TREASURE MAP are poisoned: nobody will fucking believe you because you've lost all credibility.
Essentially, the FBI is saying "Trust us: you know we're hacking everyone else so you can trust us when we say we have SECRET EVIDENCE that North Korea hacked Sony". Everything else is just confirmation bias bullshit.
I'm by no means a penn-tester, but I know the routine well enough to say that claims of attack heuristics having unique or distinct fingerprint are pretty fucking sketchy. 2/3rds of Penn-testers never have to do more than litter "SEX TAPE" cds/usb thumb drives in the parking lot, run a metasploit scan, set up a fake wifi hotspot, or ARP-Spoof the router to get everything they need for total network rape.
If a random hacker owns my box using these tactics, did North Korea do it because we've seen them run Metasploit scans before?
This shit was obviously a for-profit hack which went pear shaped, and then the State Deparment/defense Intelligence/cyber-warfare wing jumped on this shit like a bunch of opportunist dogs in heat. Not the case? Then how about some of that transparency Obama promised us and they can pull the viel off the SECRET EVIDENCE or STFU and quit wasting everyone's time pretending they need an excuse to put economic sanctions on North Korea.
Do it cause "glorious leader has a bad haircut" for all I care, but stop pissing on us and telling us it's raining: I'm sick of being lied to be these assholes.
"We know it, but won't tell you. Trust us".
Sorry, FBI, but I don't trust you this > much. Based on experience.
(Not that I trust -- or somehow like! North Korean regime, mind you).
and yet ..every other security audit, says it was a chinese proxy server that was the end ip that could be found.....
fbi suck
Clapper lid to Congress under oath. What are the odds he'll tell the truth at a random conference?
I don't feel like looking it up, but I'm fairly sure I remember news stories about the FBI lying as well. (To the FISA court? I forget.) Anyway, their word is meaningless. They are without honor.
There you go. Pull the other one. Like my teacher said, "Show your work"
And it wasn't 'criticism' that motivated Sony to release the movie. That statement sounds more like some people are feeling all self important and stuff.
“He’s not deformed, he’s just drunk!”
It must be true, Colin Powell brought a vial to the United Nations Security Council, and claimed it contained a 99.9999% pure North Korean IP.
It has to be North Korea! A trusted inside source named Ahmed Chalabi told them so!
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Playing devil's advocate, it's possible that it wasn't the North Koreans who '"got sloppy" and made direct connections, exposing their true IP addresses'. Another explanation would be that some other group is responsible and got clever, routing attacks via North Korea to shift the blame.
teh fedz knowz aaaaaaaall about dem.
Bruce Schneier and Marc Rogers are two sources that should have convinced you. But they didn't. Because you didn't read their summaries on this. Because you're _not_ reading "article after article."
Actually I read those articles and all they introduced was plausible deniability. Which could be done with any hack ever performed. Congratulations. Meanwhile the US names the individuals they think are responsible and even explains how they came to those conclusions. Schneier and Rogers are brilliant and great unbiased reporters in all things technical. But they're not exactly hands on with the data forensics in this case which puts them at a disadvantage.
Let's rephrase the question: what exactly would the US Government have to release to you in order to believe it was the DPRK that committed this hack? Oh, you're so opposed to that idea that your theory of "North Korea is not involved in the attack" has no falsifiable scenario? Then these debates are pointless.
Satire should NEVER be illegal.
Just go ask Salman Rushdie, a man who risked his own life by refusing to back down from his novel in the face of very real threats to his life. He'll tell you, like he did regarding the Charlie Hebdo attacks, that satire "has always been a force for liberty and against tyranny, dishonesty and stupidity." Neither you, me, a state, or a group of religious fanatics should get to say what speech is or is not acceptable.
Not that I condone the illegal actions, but the Norks were just trying to save us all from a shitty movie.
Perhaps you never saw Naked Gun 2 1/2? Team America? If I really felt like it, I could dig up quite a few comedies where we assassinate the living leader of a country that is considered to be the bad guy. Strangely, you think you're unique and this occasion was unique. Not going to go on about free speech but the irony is pretty intense when you consider the lack of human rights in North Korea.
And none of the hosts behind those ipv4 addresses could be compromised?
So in affect, this is how to open relations after the rodman gambit? Or how to quell them?
After reading the accusations from both sides, I say, somebody is poking them in the eye with the big lie. Who? Follow the money. Who wins if we go to war? Any Asian country, or better yet any american multinational company? Security services here? Next remember all this is supplied by multinational security companies. There is no truth from a contractor. They are in security for your dollar, and not your security, theirs. Underline the theirs again. Now, all investigations, even by the FBI, are done by contractors. So, would you go to war, on a contractors information that cannot be verified? That's called a war crime.
Do you understand how impossible it is for your house to be robbed? Clearly you do not, you only have the one.
Stupid logic is stupid.
But it's not debatable that creating a movie about assassinating a living leader of a foreign country is morally reprehensible and should be made illegal. Strangely, no one complains about that because sheeple only like to parrot media.
Maybe you should actually ingest some media - watch some movies, read some books. You're part of an unusually interesting vocal minority that complains about this movie, claiming that killing a current world leader is somehow unusual or unprecedented, when it's happened in fiction over and over before. And yes, even to the US.
The FBI no longer has any credibility with the American public and the world. They have been caught in incompetence, lies, and criminal behaviour much too often over the last couple of decades to ever be trusted again.
Whether they hacked or not is debatable. But it's not debatable that creating a movie about assassinating a living leader of a foreign country is morally reprehensible and should be made illegal. Strangely, no one complains about that because sheeple only like to parrot media.
Well, how else would a bearded hipster (with "rescue dog" in tow) be able to show his patriotism? There's no one involved in this whole thing that I respect. The FBI counter attacking? When did they become military? "Federal Bureau of Investigation." I don't see a mandate to attack.
The FBI themselves have "solved" cases of their own creation; I see know reason to believe them. this is eerily similar to the claims made by Cheney that there WMDs in Iraq. We're still looking for those.
"Everybody else pretty much agrees North Korea did it... "
Wait, what? I was under the impression that -no one- thinks North Korea did it. I certainly don't, and that's in part because my government is so -focused- on getting us to believe they did.
And in part because the president is a democrat (pwned by Hollywood).
And in part because of what was hacked, what was released.
(another) data breach is embarrassing. An attack by NK garners sympathy. Also, without this hack The Interview would have made about a dollar.
No idea why 'North Korea did it' can possible be modded "Informative".
Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
Do you understand how impossible it is for your house to be robbed? Clearly you do not, you only have the one.
A better analogy would be "I have one tree that I have to monitor everyday. I know nobody is lurking in my tree because I can inspect it. You have an entire forest covering North America. How do you know there is no one lurking in that forest?"
North Korea is goddamn insane. I wouldn't be surprise if these connections don't allow SSL and have someone eyeball reading traffic that goes across each IP address and blocking it if they don't know what it is. Did you read the wikipedia article linked above? It's the government allocating these IP addresses to itself.
I just saw a documentary by PBS on North Korea. The only way they could get movies and music into North Korea was sneaker net across the border with China. Unreal.
Stupid logic is stupid.
I couldn't agree more.
Seems like there would be logs upon logs of suspicious activity (or patterns) from both the time spent connected learning the system / figuring out whats what, and time spent leaching off 100TB, right? If that is how it happened as we're told. I also doubt Korea, but there has got to be a shit-ton of traffic logs that point somewhere.
You are correct in that it shouldn't need to be debated as it should outright be LEGAL. A "living leader" of any country is just a person; they are no different than any of us. Your only logical position would be to make it illegal to make a movie about assassinating any living person.
Everybody else? Hardly. Within the security community it is pretty hotly debated, and this latest revelation does not exactly help things.
Stop calling these self-promoting headline grabbers "security experts". They were wrong, and obviously so in a big way, even at the time. They two words "security expert" should never again be applied to these idiots who couldn't wait to call the FBI wrong. The Whitehouse had the resources of the USA including the NSA at their disposal. Anyone who thought their pet theory trumped that is by definition a "security moron".
What rock did you just crawl out from under?
Most are in agreement that North Korea did NOT do this.
I'm a Network Engineer. I have been in the I.T. field for 30 years and my specialty is information security. My Job is to break into networks, to make sure people can't break into networks. I'm a professional white hat hacker.
Part of my job is watching the hacking trends. I watch the forums, newsgroups, blogs, video channels, chat rooms, etc. etc. I do this to keep an eye out on the hackers to see if they are planning any cyber attacks on my customers. I also have been watching other cyber conflicts around the world, and Sony has been in a cyber war for nearly a dozen years. They have angered a lot of people.
Sony has a history of not treating their own employees very well, taking hostile acts against their customers, and this is usually a mixture for disgruntled employees.
Any large network would notice several terabytes going over the lines, and we are talking about a hundred times that. North Korea does not have the bandwidth for that, even if they can keep their electricity running, and they are not going to launch an attack on a stupid company over a stupid movie while Obama has been pointing fingers and threatening him for years.
In addition, I know at least 100 other people in my same field and our combined experience is well over 1200 years, and I am telling you, there is NO WAY North Korea was behind these attacks.
The FBI is full of it.
Do you understand how impossible it is to get "a proxy account" into or out of North Korea? Clearly you do not. The have only one single block of IPv4 addresses.
And they only have 3 computers which get shut off with the electricity at 6pm every night.
Every single packet in and out of NK is logged. Get over it dumies, you know shit about why the USA knows NK hacked Sony and they won't tell you. However we do know that these so-called security experts are full of shit.
It's handy for departmental empire building, cheap politics and demands for funds if it's North Korea instead of the ordinary bunch of criminals that it appeared to be until long after the actual hacks happened. North Korea complaining about a movie about the killing of their high priest of a cult to his dead ancestors (that place is weird) is a given whether they were involved or not and is not evidence of any kind. I'm sure they would have loved to have done it, but it's very unlikely that they did
This information leaked by Clapper and Comey while not exactly a lie is misleading at best. Without the exact timeframe of the "got Sloppy" IP's it is not possible to determine if this is actually NK actioning an attack or GOP making it look like NK after the fact.
It all comes down to the fact that the NK / The Interview connection was not voiced by GOP until after the press had latched on to that link to point the finger at NK because of Sony pictures being the producer of The Interview. Now if the sloppy tradecraft (very unlikely) leaking a NK IP (175.45.176.0 – 175.45.179.255, 210.52.109.0 – 210.52.109.255 take your pick) prior to any mention of NK being responsible in the press then that would lend strong credence to that assertion. Otherwise it may point to GOP being unconnected with NK apart from PWNing either a machine within NK or via a BGP poisoning attack of a China Telecom router. Which neither China Telecom or NK are going to openly admit because of loosing face. Remember also that most of the machines in China & NK that run commercial OS's do so outside the ULA and are thus unable to keep patched and are thus open to being attacked by many known zero-day issues.
In the end it all comes down to this, governments are very bad at doing business and whoever GOP owes their allegiance or funding to, the attack on Sony was a covert criminal act conducted possibly across international boundaries and thus it needs to be treated as such. So If and when their is conclusive proof of someone who is responsible then legal recompense needs to be sought. Unfortunately international law and covert actions being what it is, it seems unlikely that even given the first the second will reach some resolution. FWIW this is a teachable moment for all large corporations, so start listening to their CISOs and give them the funds and manpower to properly secure their networks in the current climate.
Routing attacks via NK? You're a moron.
" there is NO WAY North Korea was behind these attacks."
Thanks Mr Anon. We'll all take your word on the subject even though it's based on having absolutely ZERO inside knowledge of ANYTHING related to this situation.
If you do not understand that every packet in and out of NK is logged then hand in your geek badge. If you do not understand that major efforts over the last few years have focused on being able to scrutinize all that traffic successfully then hand in your geek badge. If you do not understand that all activity including packet size packet count and timing information through NSA managed Tor nodes can be used to trace an attack especially one transferring such massive quantities of data making it impossible to hide even with obfuscation then hand in your geek badge, you truly are an idiot who slept through the Snowden revelations. They KNOW who conducted this attack and they will never tell you why for good reason. Some "security expert" claiming otherwise if no such thing, but you're always find some dummy looking for a headline.
Trivial.
Set up a really good firewall.
On one interface, install a porn server.
On the other interface, set up a LAN party of teenage boys.
Wait. It won't take the whole 5 years.
Log in or piss off.
I like it when the FBI harasses emotionally unstable and impressionable kids for weeks so they can frame them in a fake bomb plot.
Yes, but they're mostly used by foreigners visiting the place. Which means it's possible they were occasionally proxying through one of those foreign machines. That's far more likely than North Korea actually, though it's also possible North Korean hackers went in (proxy-less) and dug around after the initial breach.
Hackers don't "get sloppy" technologically. They have scripts to prevent that. They get sloppy in the real world.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
Let's rephrase the question: what exactly would the US Government have to release to you in order to believe it was the DPRK that committed this hack?
Unedited video of Apollo 11 going to the moon where Neil Armstrong found a second gunman guarding Obama's birth certificate.
I've not seen anything that the government has released regarding this. I have heard speculation that this was North Korea, but haven't been shown any actual evidence. So to your questions answer: I'd need evidence. IP logs, exploits used written in proprer north korean grammar or something. Anything other than Comey and Clapper saying it was them the bad koreans ... they did it.
The trust of the intelligence community was proven to be broken repeatedly by the FBI/DOJ/FISA/NSA/CIA/IRS. Blind faith isn't an option any longer. Proof or it didn't happen.
eerily similar to the claims made by Cheney that there WMDs in Iraq. We're still looking for those.
You appear to have missed recent news reports stating that ISIS is using chemical weapons they obtained from storage locations in Iraq, where they had been put by the Saddam regime.
The truth is that all men having power ought to be mistrusted. James Madison
"The proxy account" would be a compromised North Korean computer running arbitrary code. No hacker in the world would use legitimate proxy servers to carry out attacks as you can bet that they hold logs.
Your a fucking idiot someone could proxy through north korea and it wouldnt matter how much traffic is logged in and out all that logging would do is say a connection from north korea was made at some point. We know computers in NK can become compromised and have seen proxy attacks originating from there before. All the FBI has asserted is that a connection was made from NK at times and that doesn't mean or say shit about if that was the actual origination of the attack or was just another dead end proxy the true perpetrators of this used to cover there tracks. The FBI's entire case is based on circumstantial evidence and feelings and very little actual hard evidence.
Right now there is a controversy going on in India. A top Muslim actor played the lead role in a movie that makes fun of Hindu godmen, has scenes where the prime Hindu deity Shiva gets chased down the streets of India, losing his clothes and ends up in underwear. Many Hindu organizations are outraged, but none of them have urged any of their followers to kill anyone. They petitioned the courts to ban the movie. India has a board of film censors, it approved the movie. The head of the board is a Catholic Christian. She has been quick in the past to ban movies that "hurt the sentiments of the Christian/Muslim communities and might endanger communal harmony". Courts have refused to ban the movie. And all the Hindu organizations are being lectured on tolerance, freedom of expression etc.
My problem with the West is that never find good things to encourage and praise. With all that caste, linguistic, religious divisions and abject poverty India is struggling to be a democracy, to uphold values of freedom of expression etc etc. Ostensibly West wants to promote these values. But most stories about India are about its problems.
In the face of Paris outrage, as part of denouncing terrorism, if they have shown a token respect for India/Hindus, that would send shock waves among the Muslim communities. "You attack us violently, we will show sympathy and support for your enemies, the Hindus" is an angle that might play well.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Comment removed based on user account deletion
That's a great point Anonymous North Korean Coward... :D
http://www.beanleafpress.com
How about the one thing it hasn't released solid proof . Words are fine but when there is nothing to back them up then you expect me to take your word in trust or faith alone. Sorry but you Government does not have a good track record in either of those areas.
Even then, there's no reason to control what people should make movies about at all. There could be a reason to control what people do in the if they're filming in the United States. For example you can't be filming in the United States and commit actual crimes, like robbing a bank and then filming it in order for a movie.maybe you could open up yourself to problems by filming a movie about specific actual people who are not what they call persons of famous people. But these may be civil claims I see torts, rather then criminal claims.
"Do you understand how impossible it is to get "a proxy account" into or out of North Korea? Clearly you do not."
So the North Korean computers are completely hack proof, and not a single one is a member of a botnet, despite sanctions making access to patches more difficult. Wow, they must be really advanced, we should get them to fix our computers while they're at it....
This is just another example of the flimsy evidence that the FBI base cases around. Next they'll be linking the IP packets back to North Korea based on the IP batch. And attaching lie detectors to the packets to determine if the evil bit is set. If you stop believing Hollywood, and start looking at history, you'd see that the FBI has a terrible history of politically based investigations and cases built on later discredited evidence.
It's good to see the FBI doing it's job as the Federal Bureau of Investigation to continue their investigating and not be side-tracked into trying to sway the court of public opinion. Because as we all know, the FBI has no recourse in any way against the North Korean actors because they're foreginers. It's why after 9/11 we never went and captured related terrorists. It's why we never imprisoned them.
Oh, right, no. Now we don't have anything but tainted evidence that can't be used to legally imprison any actors involved we identify. Or the countless times we've heard "ongoing investigation" as a basis not to leak information is utter bullshit. To me, this utter political bullshit that's been pulled should be pointed out more than the relatively minor details of the source of the attack. In the end, it seems clear the FBI isn't going to act (except on the pulpit) so it doesn't much matter what they reveal. At that point it all is pretty well equivalent to a production of propaganda no matter what the actual evidence is. It seems clear the propaganda is to justify actions againt North Korea.
I guess I'm just frustrated that it's not news that the FBI is more about politics than justice.
Yup, definitely North Korea! There is no possibility that anyone could have setup a proxy account on some North Korean IPs.
Do you understand how impossible it is to get "a proxy account" into or out of North Korea? Clearly you do not. The have only one single block of IPv4 addresses.
Why would DPRK hackers be using the DPRK IPv4 address space when they are reportedly set up in China ? When I visited North Korea 6 months ago, the largest, most modern, and most prestigious hotel in the largest and most prestigious city (Pyongyang) was using dialup for internet access. To a Chinese ISP.
There are too many inconsistencies in the FBI's story. There are too many liars and too many suspects on all sides. Unless someone takes credit, there is no way to know who did the hacking.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
"Everybody else pretty much agrees North Korea did it"
You misspelled "Nobody but the FBI thinks North Korea did it"
Look, the FBI won't release ANY evidence. Meanwhile half a dozen bloggers who have looked at the data have pointed out that the preponderance of evidence shows that it was an insider. Like timestamps showing the data was copied at USB 2.0 speeds, for example. How are people missing this information? Are there really THAT many people living under proverbial rocks and posting on /. ?
Obligatory "you got lucky that a n00b modded you all the way up to 5" song and dance
"having absolutely ZERO inside knowledge of ANYTHING related to this situation."
Except people downloaded and actually looked at the data. Zero, huh?
Go back to living under that rock, etc etc.
Remember when U.S./Britain said Iraq was hiding chemical/bio/nuclear weapons of mass destruction? They never found any and that the key reasons U.S./Britain started the war and invaded Iraq.
I don't trust FBI/NSA to tell us something without providing all the facts from many references we ordinary people in the world can verify ourselves. As it stands it's FBI manure.
I think his point is that there is no possible way that Iraq could have made NEW chemical weapons at any point after victory was declared in May 2003 (end to major combat operations, etc).
You and I know that those chemical weapons were known about because they were cataloged and not moved after Gulf War I in the 90's. You and I know that chlorine wasn't a "WMD" that the Bush administration referred to. You and I know those things. But a sizable block of the general public has simply been fooled into thinking that whatever is found NOW in Iraq is proof positive that Saddam was developing WMDs (the Bush admin meant Uranium-fulled weapons like nukes) in 2002.
Next he'll tell us that Saddam flew those planes into the buildings himself and parachuted out at the last minute.
I wonder what the Great Leader is going to do to his staffers who "got sloppy" and forgot to use proxies? That drop-chair scene from Austin Powers comes to mind.
Table-ized A.I.
> apparently when the attackers connect from Eastern Europe: "it's a proxy server" but if they connect from an IP address inside a regime the CIA has a hard-on for pressuring economically: it's a smoking gun.
Actually, in this case it actually is good evidence. Eastern Europe is full of open proxies, and you can tell they are open proxies by actually using them as proxies. North Korea has a total of 1024 IP addresses assigned, and fewer than that in use. US intelligence has mapped most of those to individual people or offices. So yeah, when messages come from the IP of the appropriate NK government offices, it actually is reasonably strong evidence.
Like timestamps showing the data was copied at USB 2.0 speeds, for example.
So if I hack into a machine with an attached USB drive, what speed would you expect the sucking from that drive to occur at?
North Korea, with its tiny allocation, is not exactly the bastion of well-secured machines. It's entirely plausible that a false flag operation launched some (likely trivial) part of the operation from a compromised machine in North Korea because they knew that as soon as the FBI found a North Korean IP in their traffic they'd stop bothering to look any further.
I am TheRaven on Soylent News
(the Bush admin meant Uranium-fulled weapons like nukes)
If they had meant only nuclear weapons, they would have SAID nuclear weapons. They meant WMDs, including chemical weapons. The Bush Administration was condemned because they said Saddam had WMDs, and supposedly none were found when the U.S. invaded. Yet, now ISIS is reported to have WMDs they obtained from storage facilities in Iraq. Of course, all of this overlooks the fact that the primary reason which the Bush Administration gave for invading Iraq was that Saddam was egregiously violating almost every aspect of the agreement which ended Gulf War I.
The truth is that all men having power ought to be mistrusted. James Madison
Hackers don't "get sloppy" technologically. They have scripts to prevent that. They get sloppy in the real world.
Clearly you have never dealt with actual hackers. Every one I have ever seen has gotten sloppy at some stage, and that was with hackers up to Advance Persistent Threat level. Or did you mean any sloppiness was by the hacker and not by the script, including the hacker's sloppiness writing the script, so the ever-present sloppiness is in the real world? If that is what you meant then I agree. The scripts/programs always do exactly what they were programmed to do, even if that is not what the programmer intended.
...in the late '80s and early '90s.
They've been going on about the "elite" hackers North Korea has supposedly trained and deployed, but now they supposedly made an amateur mistake like not covering their trail through proxies?
Shit, man, the US "intelligence" services just provide more and more comedy for the world as time goes on... what a freakin' JOKE.
I do not fail; I succeed at finding out what does not work.
What is more, 100 terabytes of company data is a lot to download. That didn't happen in a couple weeks. In fact, a fair amount of it might have been taken PHYSICALLY from Sony's servers.
Again... hack was in progress for more then a year.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin.
Nation state hacking would be set up so that couldn't happen, this is more fabrication.
Lets hope it was Mr Comey that made the spelling error.
"If any question why we died, Tell them because our fathers lied."
I read here that they have a single IPv4 block.
At 100mb/s (with nothing else using it) it would take 3 months to download the "100TB" that is said to have been downloaded. At 10mb/s it would take 30 months. (All approximate). This is end-to-end bandwidth, including all of the hops in between, like these proxies (for when they weren't sloppy).
This so-called freedom is speech and expression is a load of crock because it is often used to attack/offend enemies under the guise of harmless art and freedom of expression. I'm not against freedom of speech, but am simply pointing out that it can and is used maliciously.
As an example, I'm the GGP AC whose comment is modded down to -1. Why are the mods attacking my right to freedom of speech? /. is a site that purportedly supports freedom of speech, but apparently it only does so as long as the speech is aligned with its groupthink point-of-view.
Probably about as impossible as North Korea having the entire network map, certificates, and hardcoded passwords in their script they used. One? Maybe. All three? No a fucking chance.
So, you realize that releasing information could give away the techniques used to gather said data. And, in doing so, allow those targeted to take steps to prevent such collection.
Now, if you don't believe these agencies should be collecting info from countries like DPRK, I can't help you. And, I'm not trying to defend anything regarding collection of metadata on non-military/citizens. But, if you acknowledge that intelligence gathering against enemies is an necessity, then you have to accept that some things simply can not be released.
Just another day in Paradise
I made the original comment you are replying to.
Thanks for the reply, and you are correct and I was mistaken: Rushdie did in fact make the comment before the murders in France. However, I happen to follow him on Twitter, and if you read his posts regarding the Charlie Hebdo attacks, you can see that he directly supports Charlie Hebdo. In fact, he "retweeted" the quote I used and taggged it with Charlie Hebdo, which is why I thought he had made it recently.
Regarding these global issues of Westernization, I cannot speak with any authority or even rudimentary knowledge on Indian affairs, but I can say I believe that the freedom of speech is a human right, not simply a Western concept that we must be careful not to push on others (as others have stated in many popular debates going on today). I also believe, speaking as an American, that it's our duty (and everyone's duty) to criticize ourselves before we criticize others, because we at least have the ability to do something about that. Beyond that, it ought to be made clear that we (as individuals) stand for human rights whever the humans in question are. In a nutshell, I agree with Salman Rushdie.
James Clapper mentioned recently meeting the Kim Yong Chol, the North Korean general in charge of cyberwarfare. Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."
Maybe Kim just doesn't like being lied to?
Like I believe the FBI, that the hackers "got sloppy". They did that good a job, *then* got sloppy? There's no chance, of course, that whoever actually did it *delberately* put those false trails in, no, no....
mark
"Seriously people, the US would not commit such a provocative action unless they were absolutely sure."
For fuck sake. Have you not been paying attention?
http://en.wikipedia.org/wiki/Military%E2%80%93industrial_complex
http://en.wikipedia.org/wiki/Iraq_and_weapons_of_mass_destruction
There is "NO WAY" they are involved? That's quite hyperbolic, wouldn't you say? As a security professional myself, I have my doubts but, alas, it's impossible to say from this vantage point. You're 1200 years of collective experience fails you all if you believe you have enough information and insight to say for sure. In your mind who DID preform the attack? Just a disgruntled employee willing to shine light on their own day to day professional dealings? No one really gained from this attack outright, so the list of suspects grows.
For example you can't be filming in the United States and commit actual crimes, like robbing a bank and then filming it in order for a movie.
I think you are confused. Actually, filming a real bank robbery (even if you film it yourself) is perfectly fine. The mere act of filming your action (e.g., the bank robbery) does not make the crime legal, however. I doubt that such a film can even be excluded as evidence against you by self incrimination since the camera is not you (although it may be more difficult to establish a chain of custody). People get caught on "tape" by their own security cameras all the time and that is not problem as far as I know.
For the most part, there is no laws in the US to control what people should make movies about. The only filming that appears to be out of bounds today from a legal point of view is child pornography and sadly the laws against this do not stop it either...
Not the same AC.
The US government did it. It's a false flag operation designed to:
1: Gain support for actions against North Korea.
2: Allow the creation of new "cyber crimes" and tougher penalties against hackers and leakers. This is the "digital 9/11", and we're all going to lose a lot of freedom in its name. Such hacks and leaks will be declared actions of war. Future Snowdens and Assanges will have no where to hide. They will be executed outright via drone or bagged and tortured to be made an example of before being trotted out in a highly publicized farce of a trial to dispense "justice", ultimately ending in "suicide".
Sony wasn't just a patsy - they met with the powers that be many months before this happened and arranged everything carefully. Enough employee info would be leaked to make the attack look real and enough juicy info (about executives insulting celebrities) would be drip fed to the media to keep people's attention. Sony won't be out of business as a result of any lawsuits brought forward after the leaked data. There was never going to be any big reveal on Christmas. There were never any threats against Sony employees, movie theaters, or movie goers.
During the invasion: yellow cake and aluminum tubes
After the invasion: mobile biological labs
Yeah I see your point, it was totally always about WMD.
You obviously did not read the post because all the experiance and background was included.
and the data therein tells no lies.
I'm sure all the Windows boxes they are running over there are completely legit, properly licensed, and fully patched...
I'll only accept it as evidence if it shows Neil shot first.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
we're saying the same thing. if you rob an actual bank in the course of filming a movie, you're breaking a law - bank robbery. I did not phrase my OP well. tbh I dictated the whole post via siri dictation so it kind of came out garbled. maybe even some verb tenses got changed, I don't know.
Bullshit. Release the evidence for 3rd party perusal. Personally, I feel like right wing activists in the fbi are responsible for these bad investigations. Trying to make the Obama administration look bad. People take this as partisan and start defending when they should be trying to find the truth. Remember, the right wing hates North Korea? Either way, this thing stinks. The FBI needed to come up with a little bit more than this to prove it was North Korea.
No. A lot of people don't believe North Korea did it. 100 tb, with cans and string? It's just not possible. Downloading 100tb would kill the whole countries internet for a year.
Especially when they know the FBI wouldn't want to look further, and it's a logical thing to do. There are a lot of explanations. Most likely it was chan related. North Korea just doesn't have the resources to pull that off. If it wasn't 100tb of data, I would still be skeptical, but I would probably be more willing to accept more some of these stories better.
Sure, they get sloppy, but this just defies logic on every level. It will take iron clad evidence with third party collaboration to convince most people this could possibly have been North Korea.
And downloading 100tb of data over dial up. Don't forget that.
Clapper: “We could see that the IP addresses that were being used to post and to send e-mails were coming from IPs that were exclusively used by the North Koreans.”
Is he claiming that the NSA was watching the attack and data exfiltration while it was happening? Could they or should they have stopped it?
Sure, they get sloppy, but this just defies logic on every level.
What defies logic? Do you not believe North Korea has the ability or motivation to hack Sony as a result of this movie's production and imminent release (or for any other reason that regime may have given how much logic they appear to employ in their decisions)? Unless you believe the North Koreans were incapable of performing the hack, then there is no problem with logic, only that the evidence that you have personally seen doesn't meet what you demand in order to satisfy you of their likely guilt.
The real problem with your statement is this part:
It will take iron clad evidence with third party collaboration to convince most people this could possibly have been North Korea.
First, note your telling use of the word "possibly", not even the word "probably".
Unless you had a bunch of surveillance cameras watching every move as a hack was done, and probably not even then, "iron clad evidence" doesn't exist in this virtual world of the Internet. No matter what evidence is collected, someone will say it could have been faked, misinterpreted, or lied about, and technically they are right. This means the standards you say most people will demand in order to believe North Korea was the driving force behind this are not obtainable, even if North Korea is guilty. Of course the same holds true for evidence in any crime, which is why in the US the standard is beyond a reasonable doubt, not as I have heard many say, beyond a shadow of a doubt. The first is obtainable, the second isn't, after all, for any given crime, prove that advanced space aliens didn't do it and create all the evidence to implicate the accused, including planting false memories? At some point the evidence is convincing and you believe the implicated party is guilty, at least for those who don't have a need to believe otherwise. If all you see is conspiracy theories, then that is the lens you will use to interpret everything, and bend the interpretation to what you desire the reality to be.
Perhaps you never saw Naked Gun 2 1/2? Team America? If I really felt like it, I could dig up quite a few comedies where we assassinate the living leader of a country that is considered to be the bad guy. Strangely, you think you're unique and this occasion was unique. Not going to go on about free speech but the irony is pretty intense when you consider the lack of human rights in North Korea.
I'd love to see what would happen if someone made a movie about the assassination of Obama, while he is still in office, and how the assassination is really funny.
I can't believe that the Secret Service would just turn a blind eye to it on the grounds of 'free speech'. My suspicion is that just writing the screenplay for such a movie would attract a lot of unwanted attention from several 3-letter agencies in the USA.
In the free world the media isn't government run; the government is media run.
No. A lot of people don't believe North Korea did it. 100 tb, with cans and string? It's just not possible. Downloading 100tb would kill the whole countries internet for a year.
That is like saying since I own a Fiat, I could not possibly have been the party who burglarized a warehouse and stole a lot of boxes of goods. Sure they may not fit in my car, but perhaps I employed another larger vehicle to do the work, perhaps one I "borrowed" from someone else without their knowledge or permission? Oh, you looked at my house and decided almost none of the boxes could fit through any of its doors which surely proves I am not the crook? Perhaps I took them somewhere else I had access to and stored them there, like another warehouse with poor or no security. Who said the hackers must have sucked all the data back to their source location directly over over their Internet link?
These days it's not an unreasonable assumption that the NSA intercepts, collects, and stores every frame of IP data routed through any publicly addressable router on planet Earth. I don't think it would really be giving anything away to disclose some packet logs.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Nothing happened to the people that made the exact movie you describe about Bush.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Learn the difference between government stifling your speech and moderators on a private website modding your posts down (not even deleting them, which would also be different from government censorship).
This so-called freedom is speech and expression is a load of crock
Why don't you just move to North Korea? You can have all the hurt feelings laws you want in that authoritarian hellhole.
In all fairness, the ability to access the data isn't necessarily the same as knowing what to look for. If I tell the world how I caught you breaking into my network, you also potentially know where you screwed up so you can avoid making the same mistake in the future. That's not to say they shouldn't tell us why, or provide enough reasonable evidence without tipping their entire hand. In some ways it mirrors other problems of disclosure in the network security realm. The hackers read the same stuff we do. That doesn't mean you never disclose, you just don't do so unthinkingly.
I do hope they cough up more information though. I'm curious to know why he's so confident, since high confidence attribution is normally very difficult from a given breach/incident.
Not only that but they're suggesting that the NSA doesn't have as good a tap on the global networking infrastructure as Edward Snowden revealed.
Think again about whether it's easier to agitate for funding against a perceived military threat or a bunch of script kiddies ripping off credit card numbers. If you had a choice which squeaky wheel would you pick to demand some oil?
Do you even know anything about the FBI? Obama literally gets to appoint its leaders, from the Chief of Staff to the Attorney General. And I don't know if you keep up with current events, but the AG is A) Very loyal to Obama B) Doesn't give a shit about actual justice C) Is a total dick. Painting a false picture is right up his alley, just like how he tried to find a way to charge George Zimmerman with a crime after he was acquitted (hence why I say he doesn't give a shit about actual justice.)
In fact the Assistant Director of the FBI recently wrote an open letter to Obama complaining about how much of an overall antagonist Eric Holder is. It may or may not be coincidence, but he is resigning soon, only waiting for Obama to appoint a new AG before he leaves.
(the Bush admin meant Uranium-fulled weapons like nukes)
If they had meant only nuclear weapons, they would have SAID nuclear weapons. They meant WMDs, including chemical weapons. The Bush Administration was condemned because they said Saddam had WMDs, and supposedly none were found when the U.S. invaded. Yet, now ISIS is reported to have WMDs they obtained from storage facilities in Iraq.
Of course, all of this overlooks the fact that the primary reason which the Bush Administration gave for invading Iraq was that Saddam was egregiously violating almost every aspect of the agreement which ended Gulf War I.
But they can't move the oil that was there? Oh you meant to twist the point. Yeah 100% realiable are the FBI, except when they are not, but disregard those times and, 100% reliable. There your biased opinion justified, objectivity what's that?
So according to Clapper, the North Koreans connected to Sony's network through proxies, except when they didn't, also we're still trying to determine how the North Koreans accessed Sony's network. Clapper just sounds completely out of his depth here, no clue about what went on and probably doesn't even understand the briefings he will have been given.
Why should the FBI release the evidence? It's common not to release information on an unresolved case. In the meantime, I really don't need to know who hacked Sony.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
1. North Korea managed to develop an acceptable army of hackers on their own in 5 years. (No internet in 2009, supposedly)
The same way the VPAF (North Vietnam) went from no air force in 1959 to a combat capable air force flying Russian jet fighters in 1964... They sent their pilots to be trained in the Soviet Union.
Calling someone a "hater" only means you can not rationally rebut their argument.
Network speeds if it's over the network.
USB speed if it's USB, and you're SITTING THERE AND DOING IT LOCALLY. And then you take the copied data away. Because you'd be an insider.
Are you getting it yet? No?
Okay. And if you reached the machine over the network and it had a USB drive attached? It would be network speeds because it's...
[audience in unison]
OVER! THE! NETWORK!
Unless they copied it to another location on the machine to aggregate before sending on, or to another machine on the local network over that gigabit link which is faster than USB 2.0, again to aggregate, which is the normal modus operandi for these kinds of exfiltrations. And you are right, that is a local copy and so happens at local copy speed, just that it is initiated by a person not "SITTING THERE AND DOING IT LOCALLY". Your argument has another obvious flaw, which is all the evidence from the network logs has already shown that the data left Sony over the network, so what is your claim here? An on-site person copied it to a local USB 2.0 hard disk which they could then easily walk out with, but decided to ship it out over the network instead, obviously to make detection of their illegal activities a lot easier and make the data exfiltration take a lot longer? At least think before you hit that return key.
I stand by the many findings outlined on Schneier's blog. The huge preponderance of evidence points to an insider. There is a LOT more in play than the USB speeds, but you want to take up one point I cited and rest all of your rebuttals on it? Just that ONE?
But _you_ told _me_ to "think" before replying. [sigh]
As you will not, for whatever reason, Google the terms, here's the link.
https://www.schneier.com/blog/...
Read it, or don't and continue to debate me on one example I quoted. Knock yourself out, deep thinker.
Hell even more joy.
https://www.schneier.com/blog/...
http://www.foodnetwork.com/rec...!
(Of course, all of this overlooks the fact that the primary reason which the Bush Administration gave for invading Iraq was that Saddam was egregiously violating almost every aspect of the agreement which ended Gulf War I.
You do realise that 'Gulf War I' was an unjust war too, right?
Because, firstly, "freedom of speech" includes their mod points, which is no less a freedom of exprssion than your ability to run at the mouth. Secondly, and more relevant to your point, is that freedom of speech merely means that government A, B, or C won't silence you just because of what you have to say, not that a publisher or other third party needs to help you present your view-point to the widest audience. You're free to set up a site to share your views, your views aren't inherently protected if you're on some one elses site, using their money, property, and bandwidth to spout off.
You do realise that 'Gulf War I' was an unjust war too, right?
Well, that is one viewpoint. Good luck convincing most people that it would have been a good idea to allow Saddam to conquer any neighboring country whose military was too weak to stop him.
The truth is that all men having power ought to be mistrusted. James Madison
There is a LOT more in play than the USB speeds, but you want to take up one point I cited and rest all of your rebuttals on it? Just that ONE?
I did not rest all on the one point, it is simply that you only cited that one specific example in your original posting, so yes, I addressed the example you cited. You took offense, and began using condescending and childish language to respond, but that is your problem, not mine. Also, in your original post, you did not mention the Schneier blog by name so now invoking it to explain away your earlier lapse is at best lame. Additionally, I have met Schneier a few times. He is a bright guy. He is also quite opinionated and tends to see things in the way that fit his opinions, but that is human nature I guess. I called him on it once and he admitted to me that he had done it. The problem is when people cite such individuals as the proof to support their own beliefs.
What would really answer the question, especially after this "got sloppy" speech, would be a statistically significant blip in the purging of hackers in North Korea, versus the level of giggling from hackers in Russia.
Bob Stein, http://bobste.in
I'm a 32nd-degree Master Mason and I promise we had nothing to do with this... really. Absolutely nothing. Not a blip.
It is an IP address. If they cannot muster proof that the attack and IP's are incontrovertible proof, then all the posturing about NK attacking the US is BS. Would you go to war based off of data on an invisible enemy?
We were very confident in building up weapons of mass destruction claims to provoke an excuse for war with Iraq.
Turns out faulty evidence was faulty. My theory is if they can't share evidence that is proof then they can't go to war.
Actually, there _were_ WMD's (chemical weapons) in Iraq: left over from pre Gulf War I/Desert Storm. However, it's been covered up (even to our troops) since it doesn't match the narrative http://www.nytimes.com/interac...
So, you realize that releasing information could give away the techniques used to gather said data. And, in doing so, allow those targeted to take steps to prevent such collection.
Perhaps. Perhaps not.
As things stand, the majority of Americans who care about this are willing to accept that the North Koreans did this. The Venn Diagram showing People Accepting This + People Who Have Technical Knowledge of This Area seems to be a null set. (Please keep in mind that saying publicly "X is the Gospel truth" and believing it are two different things.)
The people in charge of communicating this information seem fine with that. They probably have spent enough time and energy to insure that this story doesn't play major havoc with any coming election that they have a reasonable amount of confidence in that outcome. Some substantial percentage of the people running this show really only care about that, about the "average" public perception in the voting population. The second set of individuals from the above cited diagram are just not satisfied. Chances are this group will not be satisfied until the powers that be decide it is worth their while to provide genuine evidence in lieu of the narrative, innuendo or circumstantial evidence proffered so far.
So, maybe doing that would be disastrous. Or, maybe, it would simply lead to a different approach by bad actors that would then have to be dealt with by the "Good Guys" (ie, hackers on our payrolls) which means it wouldn't be easy, and there would be financial cost associated with it. Or, presumably, not. I mean, I would hope we actually have people on staff who are paying attention to this area, anyway. If they have to do a little more work to deal with a modified tactic, doesn't that seem like it might make us more safe, rather than less? Why is it better that they should maintain a status quo that apparently did not keep us all safe from this in the first place?
Which may make it sound like I have a rather cavalier attitude about security. I do not. But, I do have confidence in a well motivated counter-force's ability to maintain a secure environment, given a decent management structure. So far, I am not seeing that in this so much as I am seeing the marketing department trying to tamp it down.
--- Say something clever. Pretend it was me. Thanks.
So, you do you have some basis for this imaginary Venn diagram? I'm not saying you're wrong, but without evidence you're playing the same game.
Now, let's say you're right about the diagram. Considering that politicians from both parties seem to be on the same wavelength on this, your hypothesis regarding the election becomes void. Also, while we may not like it, the government is under no obligation to provide the proof many of us would like to see. Now, unless we're about to declare war over this, I'm willing to take them at their word. It's not a court of law, and DKRP would suffer no consequences if found guild. That said, we were all burned by the whole WMD bullshit, so that's where I draw the line.
As to your defensive tactic discussion, the government is only allowed (by law) to share certain information with industries. I believe I heard that there's an effort to change that.