Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI: North Korean Hackers "Got Sloppy", Leaked IP Addresses

Posted by samzenpus on from the who's-to-blame dept.

An anonymous reader writes "The FBI launched a PR counterattack against skeptics of the assertion by the US government that North Korean hackers were responsible for anonymous threats received by Sony before its scheduled premiere of the film The Interview. Sony initially cancelled the Christmas day release, but later relented after receiving extensive criticism. In a speech at a New York City cybersecurity conference hosted by Fordham University, FBI Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin. Comey also mentioned additional corroborative evidence, including patterns matching those seen in previous attacks known to have come from North Korea, but was guarded on details. Also at the Fordham conference, US Director of National Intelligence James Clapper mentioned recently meeting the Kim Yong Chol, the North Korean general in charge of cyberwarfare. Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."

6 of 219 comments (clear)

  1. Often, there is no grand conspiracy by rmdingler · · Score: 4, Informative

    Sometimes, Occam's razor comes to bear.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  2. Re:Countless Comments on Prior Articles & Now by happy_place · · Score: 3, Informative

    North Korea denies North Korea attacked Sony. Everybody else pretty much agrees North Korea did it... including North Korea, who claimed Sony was committing an act of war...

    --
    http://www.beanleafpress.com
  3. Re:Countless Comments on Prior Articles & Now by Anonymous Coward · · Score: 5, Informative

    Yup, definitely North Korea! There is no possibility that anyone could have setup a proxy account on some North Korean IPs.

    Do you understand how impossible it is to get "a proxy account" into or out of North Korea? Clearly you do not. The have only one single block of IPv4 addresses.

  4. Re:Countless Comments on Prior Articles & Now by visualight · · Score: 4, Informative

    "Everybody else pretty much agrees North Korea did it... "

    Wait, what? I was under the impression that -no one- thinks North Korea did it. I certainly don't, and that's in part because my government is so -focused- on getting us to believe they did.

    And in part because the president is a democrat (pwned by Hollywood).
    And in part because of what was hacked, what was released.

    (another) data breach is embarrassing. An attack by NK garners sympathy. Also, without this hack The Interview would have made about a dollar.

    No idea why 'North Korea did it' can possible be modded "Informative".

    --
    Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
  5. timeframe? by ramriot · · Score: 3, Informative

    This information leaked by Clapper and Comey while not exactly a lie is misleading at best. Without the exact timeframe of the "got Sloppy" IP's it is not possible to determine if this is actually NK actioning an attack or GOP making it look like NK after the fact.

    It all comes down to the fact that the NK / The Interview connection was not voiced by GOP until after the press had latched on to that link to point the finger at NK because of Sony pictures being the producer of The Interview. Now if the sloppy tradecraft (very unlikely) leaking a NK IP (175.45.176.0 – 175.45.179.255, 210.52.109.0 – 210.52.109.255 take your pick) prior to any mention of NK being responsible in the press then that would lend strong credence to that assertion. Otherwise it may point to GOP being unconnected with NK apart from PWNing either a machine within NK or via a BGP poisoning attack of a China Telecom router. Which neither China Telecom or NK are going to openly admit because of loosing face. Remember also that most of the machines in China & NK that run commercial OS's do so outside the ULA and are thus unable to keep patched and are thus open to being attacked by many known zero-day issues.

    In the end it all comes down to this, governments are very bad at doing business and whoever GOP owes their allegiance or funding to, the attack on Sony was a covert criminal act conducted possibly across international boundaries and thus it needs to be treated as such. So If and when their is conclusive proof of someone who is responsible then legal recompense needs to be sought. Unfortunately international law and covert actions being what it is, it seems unlikely that even given the first the second will reach some resolution. FWIW this is a teachable moment for all large corporations, so start listening to their CISOs and give them the funds and manpower to properly secure their networks in the current climate.

  6. Re:Got Sloppy? by Anonymous Coward · · Score: 2, Informative

    we do actually, because the pirate bay spoofed their IPs to appear to come from North Korea as a prank a year or two ago.

    TL;DR - They never had dealings in "Best" Korea, and it was a technical joke.