Slashdot Mirror
FBI: North Korean Hackers "Got Sloppy", Leaked IP Addresses
An anonymous reader writes "The FBI launched a PR counterattack against skeptics of the assertion by the US government that North Korean hackers were responsible for anonymous threats received by Sony before its scheduled premiere of the film The Interview. Sony initially cancelled the Christmas day release, but later relented after receiving extensive criticism. In a speech at a New York City cybersecurity conference hosted by Fordham University, FBI Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin. Comey also mentioned additional corroborative evidence, including patterns matching those seen in previous attacks known to have come from North Korea, but was guarded on details. Also at the Fordham conference, US Director of National Intelligence James Clapper mentioned recently meeting the Kim Yong Chol, the North Korean general in charge of cyberwarfare. Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."
How do they know that the connections from North Korea weren't proxied themselves?
If I was going to launch a hack as major as the Sony one, I'd absolutely 100% be sure to leave some breadcrumbs (perhaps even multiple trails) to cover my own tracks.
Cliche movie quote: "he's clean...too clean..."
Is this the same James Clapper who lied to Congress, and now expects us to believe him?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Yup, definitely North Korea! There is no possibility that anyone could have setup a proxy account on some North Korean IPs. Apparently that would never happen. Nope, not one iota of possibility. Those were definitely the originating IP addresses.
Here is what I see as possible:
1. North Korea managed to develop an acceptable army of hackers on their own in 5 years. (No internet in 2009, supposedly)
2. A group of hackers attacked Sony and North Korea managed to get tangled up in this with the release of the Interview.
3. China managed to help North Korea develop a group of hackers in 5 years.
4. Koreans from South Korea or Japan (There are several in Japan trying to get into government positions) who actually proxied into North Korea and executed the attack. (Samsung?)
5. Koreans in the US or elsewhere in the world managed to execute the this attack via proxy because they really don't like Sony?
6. Cyber Command or some other US agency decided to execute the attack, because let's rally the troops against North Korea because Syria is getting old?
7. Sony managed to pull off the entire thing because, "Rootkit 2005?"
More possibilities, but as this list grows longer, the realm of possibility gets less likely.
Place something witty here
The "got sloppy and leaked IP addrs" sounds like the same way the Silk Road server was found. I wonder what parallel construction existed (NSA?) telling the FBI where to look, and what to look for. Of course, we'll never hear those details because, "National Security".
"Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."
Well FUCK ME: if Kim Yong Chol can't take a little "jokey-joke" then obviously it was DPRK who stole the cookies from the cookie jar!
"FBI Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin."
Well SHIT: apparently when the attackers connect from Eastern Europe: "it's a proxy server" but if they connect from an IP address inside a regime the CIA has a hard-on for pressuring economically: it's a smoking gun.
"Comey also mentioned additional corroborative evidence, including patterns matching those seen in previous attacks known to have come from North Korea, but was guarded on details"
BLAH BLAH "secret evidence" BLAH: here's the problem with sticking your nose up everyone's ass Clapper, even when you "know" something is a fact: nobody believes you because the evidence was gathered through spying and deciept! Even if you manage to fabricate some "parallel" construction without revealing which routers on the TREASURE MAP are poisoned: nobody will fucking believe you because you've lost all credibility.
Essentially, the FBI is saying "Trust us: you know we're hacking everyone else so you can trust us when we say we have SECRET EVIDENCE that North Korea hacked Sony". Everything else is just confirmation bias bullshit.
I'm by no means a penn-tester, but I know the routine well enough to say that claims of attack heuristics having unique or distinct fingerprint are pretty fucking sketchy. 2/3rds of Penn-testers never have to do more than litter "SEX TAPE" cds/usb thumb drives in the parking lot, run a metasploit scan, set up a fake wifi hotspot, or ARP-Spoof the router to get everything they need for total network rape.
If a random hacker owns my box using these tactics, did North Korea do it because we've seen them run Metasploit scans before?
This shit was obviously a for-profit hack which went pear shaped, and then the State Deparment/defense Intelligence/cyber-warfare wing jumped on this shit like a bunch of opportunist dogs in heat. Not the case? Then how about some of that transparency Obama promised us and they can pull the viel off the SECRET EVIDENCE or STFU and quit wasting everyone's time pretending they need an excuse to put economic sanctions on North Korea.
Do it cause "glorious leader has a bad haircut" for all I care, but stop pissing on us and telling us it's raining: I'm sick of being lied to be these assholes.
"We know it, but won't tell you. Trust us".
Sorry, FBI, but I don't trust you this > much. Based on experience.
(Not that I trust -- or somehow like! North Korean regime, mind you).
Clapper lid to Congress under oath. What are the odds he'll tell the truth at a random conference?
I don't feel like looking it up, but I'm fairly sure I remember news stories about the FBI lying as well. (To the FISA court? I forget.) Anyway, their word is meaningless. They are without honor.
Playing devil's advocate, it's possible that it wasn't the North Koreans who '"got sloppy" and made direct connections, exposing their true IP addresses'. Another explanation would be that some other group is responsible and got clever, routing attacks via North Korea to shift the blame.
Bruce Schneier and Marc Rogers are two sources that should have convinced you. But they didn't. Because you didn't read their summaries on this. Because you're _not_ reading "article after article."
Actually I read those articles and all they introduced was plausible deniability. Which could be done with any hack ever performed. Congratulations. Meanwhile the US names the individuals they think are responsible and even explains how they came to those conclusions. Schneier and Rogers are brilliant and great unbiased reporters in all things technical. But they're not exactly hands on with the data forensics in this case which puts them at a disadvantage.
Let's rephrase the question: what exactly would the US Government have to release to you in order to believe it was the DPRK that committed this hack? Oh, you're so opposed to that idea that your theory of "North Korea is not involved in the attack" has no falsifiable scenario? Then these debates are pointless.
The CIA has learned over the decades that it really doesn't matter how many times you fuck up, or how awful and short-sighted your intelligence is, or even how many international incidents you cause or stupid wars you help start. All that matters is how well you bullshit the American people. And the American people are pretty easy to bullshit.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
Satire should NEVER be illegal.
Just go ask Salman Rushdie, a man who risked his own life by refusing to back down from his novel in the face of very real threats to his life. He'll tell you, like he did regarding the Charlie Hebdo attacks, that satire "has always been a force for liberty and against tyranny, dishonesty and stupidity." Neither you, me, a state, or a group of religious fanatics should get to say what speech is or is not acceptable.
Do you understand how impossible it is for your house to be robbed? Clearly you do not, you only have the one.
A better analogy would be "I have one tree that I have to monitor everyday. I know nobody is lurking in my tree because I can inspect it. You have an entire forest covering North America. How do you know there is no one lurking in that forest?"
North Korea is goddamn insane. I wouldn't be surprise if these connections don't allow SSL and have someone eyeball reading traffic that goes across each IP address and blocking it if they don't know what it is. Did you read the wikipedia article linked above? It's the government allocating these IP addresses to itself.
I just saw a documentary by PBS on North Korea. The only way they could get movies and music into North Korea was sneaker net across the border with China. Unreal.
Stupid logic is stupid.
I couldn't agree more.
I started doubting early on because this administration seems to love to blame visual media for everything. Remember when the Benghazi attack was provoked by a Youtube video almost no one saw?
Gamingmuseum.com: Give your 3D accelerator a rest.
You are correct in that it shouldn't need to be debated as it should outright be LEGAL. A "living leader" of any country is just a person; they are no different than any of us. Your only logical position would be to make it illegal to make a movie about assassinating any living person.
Everybody else? Hardly. Within the security community it is pretty hotly debated, and this latest revelation does not exactly help things.
Stop calling these self-promoting headline grabbers "security experts". They were wrong, and obviously so in a big way, even at the time. They two words "security expert" should never again be applied to these idiots who couldn't wait to call the FBI wrong. The Whitehouse had the resources of the USA including the NSA at their disposal. Anyone who thought their pet theory trumped that is by definition a "security moron".
Routing attacks via NK? You're a moron.
" there is NO WAY North Korea was behind these attacks."
Thanks Mr Anon. We'll all take your word on the subject even though it's based on having absolutely ZERO inside knowledge of ANYTHING related to this situation.
If you do not understand that every packet in and out of NK is logged then hand in your geek badge. If you do not understand that major efforts over the last few years have focused on being able to scrutinize all that traffic successfully then hand in your geek badge. If you do not understand that all activity including packet size packet count and timing information through NSA managed Tor nodes can be used to trace an attack especially one transferring such massive quantities of data making it impossible to hide even with obfuscation then hand in your geek badge, you truly are an idiot who slept through the Snowden revelations. They KNOW who conducted this attack and they will never tell you why for good reason. Some "security expert" claiming otherwise if no such thing, but you're always find some dummy looking for a headline.
I've not seen anything that the government has released regarding this. I have heard speculation that this was North Korea, but haven't been shown any actual evidence. So to your questions answer: I'd need evidence. IP logs, exploits used written in proprer north korean grammar or something. Anything other than Comey and Clapper saying it was them the bad koreans ... they did it.
The trust of the intelligence community was proven to be broken repeatedly by the FBI/DOJ/FISA/NSA/CIA/IRS. Blind faith isn't an option any longer. Proof or it didn't happen.
North Korea, with its tiny allocation, is not exactly the bastion of well-secured machines. It's entirely plausible that a false flag operation launched some (likely trivial) part of the operation from a compromised machine in North Korea because they knew that as soon as the FBI found a North Korean IP in their traffic they'd stop bothering to look any further.
I am TheRaven on Soylent News
This so-called freedom is speech and expression is a load of crock because it is often used to attack/offend enemies under the guise of harmless art and freedom of expression. I'm not against freedom of speech, but am simply pointing out that it can and is used maliciously.
As an example, I'm the GGP AC whose comment is modded down to -1. Why are the mods attacking my right to freedom of speech? /. is a site that purportedly supports freedom of speech, but apparently it only does so as long as the speech is aligned with its groupthink point-of-view.
Due to the Smith Mundt Act, the US government was forbidden from targeting its citizens with false propaganda. The propaganda had to at least be believable given what the government actually knows. In 2013 the Smith Mundt act was amended to remove the requirement for plausibility. In other words: It's open season for propagandists to lie to the public in order to better Manufacture Consent.
Given this recent blatant reduction in requirement for honesty combined with proof of prior actions of the FBI, and Snowden's revelations about GCHQ / NSA methods for manipulation of online discourse, I think it's safe to assume it could be any one of the US government agencies peddling the BS.
IMO, it looks like the USA is trying to keep up with Russia, et. al. on the propaganda front, and North Korea is going to be one of the the new prominent boogie men since their new leader might have his head screwed on tighter than his father.
If things like the French coup against fascists, and the recent #GamerGate scandal have shown us anything, it's that when you try to censor art it really gets the fans attention. From a statecraft standpoint the propaganda is executed quite well, however, from a technical standpoint it's utterly flawed in that we can see so much evidence that this was an inside job: From the ~5000 employees Sony recently laid off (including their entire digital division), hardcoded file paths in the attack code, the data transfer rate of the files at USB speeds, etc.
Thus, this seems like an organic co-opting, not a "grand" preconceived conspiracy. E.g., "Hey, how can we use this disgruntled Sony 'hacker' to our advantage? Well, it fits with our anti-NK propaganda, and the media thinks this might be retaliation, let's run with it by giving them more credence with a FBI report... Shit, most knowledgeable IT staff believed us, and they're telling their friends, what should we do? Put out another press release hinting at nebulous "proof" that it was NK? Scan the IP address logs, Sony's a big company it's got to have SOME traffic from there, right?"
Of course, as a rationalist I don't believe anything 100%, but this seems like the most reasonable explanation given the information at hand.