FBI: North Korean Hackers "Got Sloppy", Leaked IP Addresses

An anonymous reader writes "The FBI launched a PR counterattack against skeptics of the assertion by the US government that North Korean hackers were responsible for anonymous threats received by Sony before its scheduled premiere of the film The Interview. Sony initially cancelled the Christmas day release, but later relented after receiving extensive criticism. In a speech at a New York City cybersecurity conference hosted by Fordham University, FBI Director James Comey said that while the attackers concealed their identify by using proxy servers, on occasion they "got sloppy" and made direct connections, exposing their true IP addresses; these indicated a North Korea origin. Comey also mentioned additional corroborative evidence, including patterns matching those seen in previous attacks known to have come from North Korea, but was guarded on details. Also at the Fordham conference, US Director of National Intelligence James Clapper mentioned recently meeting the Kim Yong Chol, the North Korean general in charge of cyberwarfare. Clapper emphasized Kim's belligerence and lack of a sense of humor, implying that an advance screening of "The Interview" would likely have enraged and provoked the North Korean brass."

James Comey is fucking painful to listen to.

[nimbius]

Listening to his speech is like sitting through a Transformers movie. You know the words, and you know the terms, but theyre all used in an entirely incoherent fashion. James seems to think hacking works just like a James Bond film in that its all about time. hackers that 'disconnect quickly' wont be found and those that 'get sloppy' will be detected by some ostentatious array of flashing lights and sirens attached to a mainframe.

James hasnt pulled his star wars head out of his NCIS ass and given any pertanent information like how hackers breeched sony, what attack vectors were used, what exploits were performed (if any) and what if any IDS or firewall technology was complicit in the breech. So given the lack of seriously technical information surrounding this leak its more than plausible by Occams Razor that Sony was the result of a simple phishing attack or bruteforce. Its also a little too convenient that a country which outright bans american films and that would never have to tolerate its citizenry watching it, happens to care enough to make a retaliatory strike against what for all intents and purposes is a nonthreat. What IS however quite possible is a disgruntled employee simply decided to dump the mail server to the pirate bay, and because you can as a business affect an insurance claim against hackers, its convenient to do so in the face of a movie that will in all likelyhood barely break even.

Re:Countless Comments on Prior Articles & Now

What rock did you just crawl out from under?

Most are in agreement that North Korea did NOT do this.

I'm a Network Engineer. I have been in the I.T. field for 30 years and my specialty is information security. My Job is to break into networks, to make sure people can't break into networks. I'm a professional white hat hacker.

Part of my job is watching the hacking trends. I watch the forums, newsgroups, blogs, video channels, chat rooms, etc. etc. I do this to keep an eye out on the hackers to see if they are planning any cyber attacks on my customers. I also have been watching other cyber conflicts around the world, and Sony has been in a cyber war for nearly a dozen years. They have angered a lot of people.

Sony has a history of not treating their own employees very well, taking hostile acts against their customers, and this is usually a mixture for disgruntled employees.

Any large network would notice several terabytes going over the lines, and we are talking about a hundred times that. North Korea does not have the bandwidth for that, even if they can keep their electricity running, and they are not going to launch an attack on a stupid company over a stupid movie while Obama has been pointing fingers and threatening him for years.

In addition, I know at least 100 other people in my same field and our combined experience is well over 1200 years, and I am telling you, there is NO WAY North Korea was behind these attacks.

The FBI is full of it.

The spin cycle started very late this time

[dbIII]

It's handy for departmental empire building, cheap politics and demands for funds if it's North Korea instead of the ordinary bunch of criminals that it appeared to be until long after the actual hacks happened. North Korea complaining about a movie about the killing of their high priest of a cult to his dead ancestors (that place is weird) is a given whether they were involved or not and is not evidence of any kind. I'm sure they would have loved to have done it, but it's very unlikely that they did

Re:Countless Comments on Prior Articles & Now

[140Mandak262Jamuna]

To be fair, Rushdie did not anticipate that level of reaction. Before the novel Satanic Verses was published, he was a minor novelist from India. It is very difficult to tell, and even he might believe otherwise today, but it is possible he would have done some kind of self censorship if he thought he was going to be seeing the blunt end of the fatwa. So it is possible Rushdie comes under the category of people on whom greatness is thrust upon.

Right now there is a controversy going on in India. A top Muslim actor played the lead role in a movie that makes fun of Hindu godmen, has scenes where the prime Hindu deity Shiva gets chased down the streets of India, losing his clothes and ends up in underwear. Many Hindu organizations are outraged, but none of them have urged any of their followers to kill anyone. They petitioned the courts to ban the movie. India has a board of film censors, it approved the movie. The head of the board is a Catholic Christian. She has been quick in the past to ban movies that "hurt the sentiments of the Christian/Muslim communities and might endanger communal harmony". Courts have refused to ban the movie. And all the Hindu organizations are being lectured on tolerance, freedom of expression etc.

My problem with the West is that never find good things to encourage and praise. With all that caste, linguistic, religious divisions and abject poverty India is struggling to be a democracy, to uphold values of freedom of expression etc etc. Ostensibly West wants to promote these values. But most stories about India are about its problems.

In the face of Paris outrage, as part of denouncing terrorism, if they have shown a token respect for India/Hindus, that would send shock waves among the Muslim communities. "You attack us violently, we will show sympathy and support for your enemies, the Hindus" is an angle that might play well.

Re:Countless Comments on Prior Articles & Now

[dj245]

Yup, definitely North Korea! There is no possibility that anyone could have setup a proxy account on some North Korean IPs.

Do you understand how impossible it is to get "a proxy account" into or out of North Korea? Clearly you do not. The have only one single block of IPv4 addresses.

Why would DPRK hackers be using the DPRK IPv4 address space when they are reportedly set up in China ? When I visited North Korea 6 months ago, the largest, most modern, and most prestigious hotel in the largest and most prestigious city (Pyongyang) was using dialup for internet access. To a Chinese ISP.

There are too many inconsistencies in the FBI's story. There are too many liars and too many suspects on all sides. Unless someone takes credit, there is no way to know who did the hacking.

Re:Countless Comments on Prior Articles & Now

[The+Fifth+Man]

"Everybody else pretty much agrees North Korea did it"

You misspelled "Nobody but the FBI thinks North Korea did it"

Look, the FBI won't release ANY evidence. Meanwhile half a dozen bloggers who have looked at the data have pointed out that the preponderance of evidence shows that it was an insider. Like timestamps showing the data was copied at USB 2.0 speeds, for example. How are people missing this information? Are there really THAT many people living under proverbial rocks and posting on /. ?

Obligatory "you got lucky that a n00b modded you all the way up to 5" song and dance

Re: Countless Comments on Prior Articles & Now

Not the same AC.
The US government did it. It's a false flag operation designed to:

1: Gain support for actions against North Korea.

2: Allow the creation of new "cyber crimes" and tougher penalties against hackers and leakers. This is the "digital 9/11", and we're all going to lose a lot of freedom in its name. Such hacks and leaks will be declared actions of war. Future Snowdens and Assanges will have no where to hide. They will be executed outright via drone or bagged and tortured to be made an example of before being trotted out in a highly publicized farce of a trial to dispense "justice", ultimately ending in "suicide".

Sony wasn't just a patsy - they met with the powers that be many months before this happened and arranged everything carefully. Enough employee info would be leaked to make the attack look real and enough juicy info (about executives insulting celebrities) would be drip fed to the media to keep people's attention. Sony won't be out of business as a result of any lawsuits brought forward after the leaked data. There was never going to be any big reveal on Christmas. There were never any threats against Sony employees, movie theaters, or movie goers.