While that all seems possible, it's all speculation. We talk about how this doesn't quite all add up, but at least there is some evidence/basis for thinking it was NK. Where exactly is all the evidence for any of the things you listed above? Otherwise, at this point it's all just a conspiracy theory, one if it was even remotely true would be a high risk deception to pull off for both the government and Sony.
The FBI said North Korea did it. Doesn't that automatically remove it from the conspiracy theory category? I don't know what more authoritative source we can go to to decide what is or isn't officially in the running for explanations.
If we say that the FBI's position is part of the conspiracy, well then good luck ever leaving the conspiracy theory bin. You'll likely never get tangible information from another credible source. It'll just be a never-ending conspiracy theory.
>The FBI said North Korea did it. Doesn't that automatically remove it from the conspiracy theory category?
Any theory about how it was done is automatically a conspiracy theory because it WAS a conspiracy. Using it as a pejorative in this context is stupid.
>I don't know what more authoritative source we can go to to decide
Most of the OPSEC community - who don't have a motive to lie to get more goodies out of Congress and whose story actually adds up.
My point was that if you examine the motives of all the parties involved, the FBI's story stinks as much as the CIA's did when they started screaming yellowcake. They have every reason to lie and the North Koreans have no reason to lie.
There was a time when I would assume good faith for most FBI/federal law enforcement statements. After Clapper and Snowden, that day has passed. I'll still believe an FBI statement with evidence. But without evidence it's just words, and very possibly with an agenda that's hostile to my Constitutional rights.
There's also the added bonus of timing, as the torture report seemed to only be gaining steam up until this.
Also, the concept of "cyber-terrorism" being a thing seemed kind of ubiquitous to me, but from what I've been hearing, it really wasn't on the minds of the populous until the 24 hour news networks started drumming it up in relation to the Sony hack.
> There's also the added bonus of timing, as the torture report seemed to only be gaining steam up until this.
I doubt it was that, if only because North Korea has been complaining about this movie since long before the CIA torture report was released (so it's not like "The Interview" just popped up into the media after that).
Moreover the report itself is more a catalyst for discussing something everyone knows about than an announcement of something novel. The world has known the U.S. was torturing people during Bush for more than a decade by now. That's the whole reason terms like "waterboarding" are in our lexicon. Likewise Obama publicly eliminated the use of torture on his second full day in office, after running on a public campaign of banning torture during his Presidential run.
Choosing to exchange a report that is only a 'source of heat and light' for a serious cyberhacking incident that demonstrates the weakness of U.S. options vs. North Korea isn't really an upside for the U.S. government as far as I can tell.
Extortion and blackmail from state actors is precisely the thing the U.S. government is supposed to protect U.S. persons and corporations from, so a U.S. admission that North Korea has managed to "reach out and touch Sony Pictures" is bad news for the U.S. government, not good news.
>Extortion and blackmail from state actors is precisely the thing the U.S. government is supposed to protect U.S. persons and corporations from, so a U.S. admission that North Korea has managed to "reach out and touch Sony Pictures" is bad news for the U.S. government, not good news.
The relevant actor in this case is not the whole US government acting on its own agenda, but departments of the federal government acting on theirs.
I already explained why it's great news for them - precisely because it engenders the same reaction that you just had. Good enough that they'd invent it even if it weren't true (just like yellowcake).
> the torture report seemed to only be gaining steam up until this.
This isn't remotely true. There was no 'gaining steam'. It was a topic for a week, and then it was always going to fall off the table. There was no need to distract from something that was already fading from the spotlight.
Yes Dave Aitel from Immunity Inc said it was DPRK from the very beginning when most infosec people thought otherwise. He was on a podcast talking about it yesterday:
But he sells offensive security tools to goverments and corporations, so he is not without bias. Actually this might be more in support of the OPs comment regarding gov support rather than refuting infosec peoples stance.
Does anyone know of a single infosec professional (who's talking) who has access to the details of the evidence the FBI summarized in claiming North Korean involvement?
Given this news, maybe the FBI was wrong. But the "professionals" in the doubt squad were mostly just guessing along with the rest of us.
Here's something you might want to consider. Bruce Schneier has said that North Korea probably isn't behind the hack (https://www.schneier.com/blog/archives/2014/12/comments_on_t...), but follow his link. He thought North Korea wasn't behind it, because the FBI said so.
His latest post simply points out that the FBI has said North Korea is responsible, without elaboration or contradiction. https://www.schneier.com/blog/archives/2014/12/lessons_from_... So while it does not appear that Schneier has reviewed any evidence (what evidence could he review?) and reached his own conclusion, he seems perfectly content to credit the FBI's conclusions.
While not the strongest argument (The absence of an argument is not an argument), I do appreciate you bringing up this nuance which I think is a valid one.
The FBI's assumption is absolutely newsworthy, and I'm glad Schneier reported it, even though he abdicated any judgement either way. You're correct in saying that he does not elaborate or contridict the FBI statement, but it should also be noted that neither does he endorse it. So I am moving Schneier from the "Having doubts" column over to the "ambivalent" column in my mental list.
Thanks for taking the time to provide more information.
And look, I really try not to shout conspiracy at everything.
But the FBI is relatively new to the Cybersecurity game. CNN yesterday was showing "MPAA cyberterrorism experts". The links to DPRK seem tenuous at best.
So in this context, when the organization who blackmailed Martin Luther King says something, I'm going to try to seek independent confirmation.
All the security professionals who I follow on the internet has either expressed doubts or outright disbelief that DPRK is culpable for this attack. Obviously, I'm in a bit of a bubble, so I'm trying to find independent people outside of my circle who agree with the FBI line.
My understanding of FBI cybersecurity is that until very recently, they were primarily responsible for domestic cybercrime.
Responding to "Cyberterrorism", to my knowledge, is something that has happened much more recently.
I, of course, am no expert in this regard, which is why I'm seeking out expert opinons! If you have more info I'd really appreciate having some more stuff I can take a look at.
"Cyberterrorism" existing happened rather recently. In terms of general cybercrime abroad, well, off the top of my head I can think of the Half-Life 2 leak in 2003... And in terms of general infosec chops in the present, the FBI have recently taken down two famous Tor hidden sites.
But of course, this is little more than circumstantial evidence regarding the case at hand.
>If you act like a mad man (in terms of diplomacy)
In terms of diplomacy this is simply how they are presented by the western media to a largely credulous western audience.
If they were truly as irrational as they are presented the North Korean government would have stopped existing decades ago. Mad men are not good at self preservation.
Never mind being able to develop heavy industry, nukes and a minor space program all while under sanctions.
This is quite a challenge you've set for us. You claim that there are no infosec professionals who think NK did it. Exclude, apparently, the FBI from the universe of infosec professionals. And then refuse to credit the description of the evidence provided by the FBI, literally the only organization likely to have direct access to the evidence.
I'm not saying that the FBI is totally trustworthy on this, but it's one thing to distrust them and quite another to accord no epistemic weight at all to their claims about the evidence. While they may have ulterior motives, they (and NK itself) are also the ones best positioned to tell us the truth, if they choose to do so. And while, again, one should not take it on faith that the FBI always tells the truth, I'd trust them over the NK propaganda apparatus any day of the week.
I made no such claim. I'm no expert in this regard, and my knowledge base should be understood here as a layman's.
I read the FBI report, and while I'm sure that there is plenty left out of the report, their diagnosis was based largely on first, structural and tactical similarities to other, earlier DPRK attacks, and second, North Korean IP addresses that were pinged by the malware. Both of these, to my layman's understanding, seem easily falsifiable.
All I stated is that within my own circles and based on the infosec figureheads I follow, that I have not seen a single individual who claims to have been convinced that this is indeed a DPRK attack. Because I'm obviously somewhat filter bubbles, I was asking for individuals whose opinion I could get which would help me expand my own filter bubble.
Dave Aitel has been raised as a counter example, and while he's certainly not unbiased, it's tough to find people in this field who are in fact unbiased, so I'm grateful to hear his opinion. I'd like to find more counter-opinions.
Well, except its not as though anyone is believing NK is behind it because Sony says to. So what does it matter what Sony gains from people believing NK did it? Their credibility was never in question: when it comes to assigning blame for a cyberattack, Sony has none.
The FBI, of course, is another story. But the two reasons you give for them to claim NK involvement would work just as well if any other nation or non-state actor were behind it.
And you're just not thinking hard enough if you think NK has no reason to deny responsibility. Off the top of my head: maybe they would rather wriggle out of whatever "response" it is that the U.S. is cooking up, maybe they want to retain what credibility they can so NK can plausibly deny involvement in future attacks, maybe the fallout is also hurting their relations with China, etc.
>Their credibility was never in question: when it comes to assigning blame for a cyberattack, Sony has none.
As far as the public is concerned they do have some credibility. If for no other reason than they were the ones who were actually hacked.
>The FBI, of course, is another story. But the two reasons you give for them to claim NK involvement would work just as well if any other nation or non-state actor were behind it.
They would, but by spinning the NK involvement story they can count on Sony's cooperation. If they started contradicting Sony and arguing that it was China the whole thing would seem a lot less convincing. This is a joint effort.
>And you're just not thinking hard enough if you think NK has no reason to deny responsibility. Off the top of my head: maybe they would rather wriggle out of whatever "response" it is that the U.S. is cooking up
Ok so name a plausible response that would scare them. Invade? Uh, not happening. Economic sanctions? Already doing that. Talk shit about them at the UN? North Korea doesn't care.
>maybe they want to retain what credibility they can so NK can plausibly deny involvement in future attacks
Which:
A) Again they would gain nothing from.
B) Also completely goes against their modus operandi - when they gain military advantage they always crow about it. Every time. Did they cover up Taepodong? Hell no. They issued a press release.
>maybe the fallout is also hurting their relations with China
Or the opposite, because China would almost certainly be happy to mine the hacks for any useful intel. It's not like they are besties with the US.
I saw a "MPAA Cyberterrorism Expert" on CNN the other day. I think Sony and the MPAA have been doing quite a bit to get people to believe that DPRK was culpable. I saw Seth Green tweet a direct quote from a Sony Press Release yesterday.
So there are a lot of issues at play here, which is why I'm cautious to endorse any viewpoint without really good documentation.
I definitely think you're right in saying North Korea has enough reason to deny responsibility. Let's not forget that Al Qaeda didn't take responsibility for 9/11 until 3 or 4 years after the fact.
>Let's not forget that Al Qaeda didn't take responsibility for 9/11 until 3 or 4 years after the fact.
Actually, applying the same line of reasoning also brought me to the same conclusion about Al Qaeda.
When Osama initially denied involvement it rang true because he had no motive to deny it if he actually was behind it. He wasn't going to suddenly stop being no. 1 on the FBI's most wanted list. He already had two sizable terrorist attacks to his name.
Whereas... consider what Bush and Cheney would have done if they had found conclusive proof that Mohammed Atta was the sole mastermind of the operation.
"Sorry guys, we can't retaliate because the perpetrators are all dead"?
Sony Pictures, is an American subsidiary of Sony. The headquarters and employees are all based in Los Angeles. These are American employees whose emails and social security numbers were leaked, American employees who received death threats, American movie theaters that were threatened with a "9/11 style" attack, and an American produced movie that has been suppressed. While perhaps the Japanese government should be involved as well, I think it's quite obvious why the US government would be involved.
From everything I've read, yes, that is correct. Only Sony Pictures has been targeted, only their emails leaked, only those employees threatened, etc.
Also, you have to understand that Sony is a 140,000 employee organization, with many different operating units that are functionally probably pretty separate. The Sony Pictures network and email system was likely entirely separate from other Sony divisions, especially since one was based in Los Angeles, and others are probably based in Tokyo.
I find this whole thing really weird, and I suspect sites like reddit are being manipulated by someone.
Lets the timeline right
1. North Korea makes its disapproval of The Interview public and complains to the UN in the summer of this year
2. Sony is hacked and passwords are leaked. The passwords are the focus of the story
3. A couple of days go by, no mention of North Korea or The Interview
3.5 I've gotta be missing something here
4. Theaters (not Sony directly) decide the pull The Interview because of threats from NK
5. FBI blames NK for sony hack
6. Obama gets involved (?????)
The sequence of events just makes no sense. Then there are sites like reddit that are completely consumed by the story. The number of posts about it is insane, and there is little skepticism about the bizarre sequence of events or the blaming of NK.
Maybe i should check closer, but i never got the impression that NK was behind the threats that made theaters pull The Interview.
As best i understand they were "just" online threats, but came in the wake of similar threats to Sony employees and their families.
At this point in time i think there is a subset of internet trolls that get their "lulz" from finding some high profile controversial topic and throwing random threats at whoever is involved.
Every article I have seen claims that the threatening emails were sent by the same hackers, although I haven't seen any reasoning behind this claim. Two examples:
That Verge article is perhaps what i was missing. Seems the threats were attached to a copy of previously unreleased emails from the Sony hack. Thus at least demonstrating that the threat is coming from someone that has access to the files from the hack.
Now if that is the same as the original hacker(s), never mind if they are actually attached to NK in any way, is another issue entirely.
One thing to consider is that it is entirely possible that whoever did the hack is scratching their heads right now and wondering who threatened the cinemas.
if it I a group of non NK hackers they are probably thinking oh shit this is getting out of control my life is so fucked - or alternatively squealing to the CIA/FBI to get a reduced sentence in return for going states evidence.
- Another email from #GOP came out saying not to show TheInterview
- NK starts denying involvement.
- Yet another email comes out citing 9/11 and everyone gets scared.
4.5, SONY pulls the movie entirely after 4 or 5 major theaters decide to pull it.... after SONY let them out of their contractual agreement and said, in effect, "You do what you feel is right"
You forgot to mention the "warming" of US-Cuba relations and the deepening of Russia sanctions and the fact that Putin invited Kim Jong-un to visit Russia [0]. It is so obvious that Obama is trying to press Russia into a corner and that corner seems to be the Far East. We have a fully-blown Cold War 2.0 scenario going on, I guess, the military complex didn't like the idea of Russia not being an enemy anymore and small threats like ISIS don't justify the huge military budget, so, we're going back to the convenient for some Cold War, unfortunately. The more enemies, the better.
It appears to be political chess - it's mostly of relevance to nation states. I don't believe that there is much for us to grok right now except for us to follow the news that comes out.
The threats came from the hackers (they included unreleased Sony data). If you think the hackers are/working for NK then you can say "threats from NK."
USA is not a monolith. The war pigs are always looking for a war. Much media coverage of strange events like this one comes directly from their psy-ops desk. The rest of us wish that weren't the case, but when all you have is a vote, what can you do?
Am I mistaken, or did the "hacker group" only mention The Interview AFTER the media proposed the connection? It seems like whoever hacked sony (edit: or somebody else!) just took advantage of an opportunity to cause some chaos. And the whole "FBI confirms NK" thing seems shady. None of this quite adds up.
I've said this elsewhere, but if this whole thing was perpetrated by the North Korean state because of the potential offence to North Korea from showing their leader being killed, why has the scene of their leader being killed been leaked by the hackers supposedly controlled by North Korea and is now posted all over reddit?
So the story is that a state level actor who is pissed at a company over a particular bit of video, steals a load of data and then does not check the stolen data for the video they are pissed about before publicly releasing it online themselves, while simultaneously demanding that it isn't released in any format ever?
I'm not saying that this isn't what has happened, as governments are capable of wonderfully insane levels of stupidity at times, but it does seem relatively unlikely.
This more looks like someone who is massively pissed with Sony, not a particular film, and is just running with the NK angle for comedy chaos-monkey reasons.
I don't trust NK at all, but the whole operation doesn't seem like them, it seemed more like some trolls were operating it. I'm not sure NK even has the computer skills to pull it off, for that matter.
But... ultimately that's just how I feel about it. I don't think there's been any truly conclusive evidence one way or another, just people trying to make sense of what is known.
>> I'm not sure NK even has the computer skills to pull it off, for that matter
Ugh, it pains me to see people get this so wrong. Let me state this as plainly as possible: when you're attacked by a state, whatever encryption or security you have in place doesn't matter. They'll go after your weakest link, and exploit that until they have access to whoever controls your security infrastructure. It could be as simple as bribing an Ops guy, or it could be as complex as planting a spy, or secretly threatening someone with access. Once you're up against a state, all bets are off.
>Once you're up against a state, all bets are off.
This is a gross oversimplification.
Some states are much more capable than others. The US and China probably have more digital offensive capability than everyone else put together.
Some targets are much easier than others. Larger companies usually present a larger attack surface. Some companies don't care as much about security. If you're one person with really good OPSEC practices, you're substantially harder to go after than a large organization.
And, of course, all security is a matter of degrees. You don't need to have perfect security; you just need to have security good enough that the group coming after you can't justify the expense of circumventing it.
While I realize that you can do a lot with 'rubber hose' cryptography, I'm not sure how that's relevant to the Sony hack as I don't remember any reports of such.
Also, I don't get how this hack helps North Korea in any real way. Maybe there really are 'links' as such, but I honestly wonder if this was something they put together as I don't see how it helps them.
Have we really been having that discussion? Maybe I just haven't been paying close enough attention, but I was unaware that we were anally raping prisoners under the pretense of "feeding" and "hydrating." In fact the media dog and pony show about the hunger strikes specifically said nasal intubation for feeding, which was presented as being unpleasant but an humane manner of keeping the prisoners alive.
Couple that with the revelations that we have tortured at least one prisoner to death, and I think there is plenty of cause for the dialog about torture to continue.
There is no need to distract from the CIA report because nothing was ever going to come from it. The DOJ has already said there would be no prosecutions. And there is no outcry from the public for any (besides from the progressive left).
im really not one for conspiracy theories but this one just seems so obvious.
* sony gets hacked.
* a few news articles about it.
* cia torture facilities get leaked and admitted.
* news coverage all over about it.
* US federal government does something its never done before and calls out a specific nation state as the attacker for the sony breach.
* news coverage of sony skyrockets and cia stuff disappears from media.
* us government goes on to say that they need to increase their "cyber defense" by having more control over the internet to protect individuals and companies from other nation states.
edit: oh also wasnt it just earlier this week that there was an article on hn about sock puppets?
If it really was North Korea, why would they deny it? Doesn't an act of retaliation require the perpetrator to take credit in order for it to have any benefit to them? Or could it be that North Korea is publicly denying it with the understanding that everyone really knows it's them?
It wouldn't be entirely outside of North Korea's MO to deny the attack even if they launched it. For example, after (very probably) being the actor behind the sinking of the Cheonan they aggressively denied being involved.
But taking on the role of arm-chair rogue nation, why?
I can image three reasons. First as I mentioned above, you might make official denials with the understanding that everyone assumes you did it anyway. Second, there might be internal infighting between the people who did it and the people who issued the denial. Or third, you might do it with the plan to take credit, then get cold feet afterwards when you realize how much heat it's bringing down, and then deny.
Or is there any other hypothetical rational for such acts that I am missing?
Another rationale is that you want the attack to happen, but you don't want negative repercussions for being the actor that caused it. This is essentially the first scenario you present.
The Cheonan incident followed a very similar path. S Korea and the United States identified N Korea as the actor. N Korea denied the involvement and offered to work with the nations to lead an open investigation into the incident. N Korea's official denial was enough cover for China and Russia to disagree that N Korea was involved in the incident. The ultimate UN statement on the attack was a condemnation of the attack, but no official party was declared responsible.
This gives N Korea the benefit of terrorizing the S Korean navy, while avoiding a direct military or economic response. It's a game of brinksmanship where they want to push their actions as far as possible to convince the world that their threats are serious, while still minimizing the negative repercussions that often follow from such actions.
>This gives N Korea the benefit of terrorizing the S Korean navy, while avoiding a direct military or economic response.
They've frequently done similar attacks and been completely open about it and suffered not much in the way of a response.
>This gives N Korea the benefit of terrorizing the S Korean navy, while avoiding a direct military or economic response. It's a game of brinksmanship where they want to push their actions as far as possible to convince the world that their threats are serious, while still minimizing the negative repercussions that often follow from such actions.
Alternatively there was an almighty fuck up on the part of some part of the South Korean navy and blaming the North Koreans helped them escape any fallout.
Oh, come on. There is a simple theory that "all oversimplified/naive theories are wrong" (this is, by the way, a consequence of "all mental theories are wrong, but some of them are useful).
The theory that North Korea was upset about a crappy movie and hacked Sony is such a naive nonsense, it cannot be considered seriously. In is HN, after all.)
Less naive could an idea that some guys hacked Sony (for money, what else?) and used this as a "cover story". How does this happen? By a chance, like most events in Universe.
The hack itself, probably, was due to neglected security, like WEP hot-spots, unpatched Windows crap, everyone has Administrator privileges, updates disabled - everyone knows how it is.
And in order to "save the face" everyone jumped on that naive story - it is highly sophisticated hack by foreign intelligence, not an "admin" (or "fuck") password on some hotspot or Windows domain. It was a media division, btw, not a "techie" department.
I am exaggerating a bit about passwords, but the idea, I hope, is clear.
> The theory that North Korea was upset about a crappy movie and hacked Sony is such a naive nonsense, it cannot be considered seriously.
I'd be inclined to agree with you if the North Korean government didn't officially condemn the film last June and threaten retaliation if it was released.
I think it's interesting that Sony is hacked several months after North Korea makes threatening remarks about a specific movie, the hackers make specific threats about the release of the same movie, and the FBI states that their forensic investigation turned up malware with code identical to malware previously attributed to North Korean hacking and using the same C2 servers and proxies, but the tech community won't even entertain the possibility that it might be North Korea behind the attack.
Would North Korea even have an interest in attacking a company like Sony Pictures in this way? Normally, when a nation-state goes for a cyber attack, they go after useful targets. For example, they go after a government to get an upper hand in negotiations, or maybe they go after industry or academia, to secure knowledge about some helpful technology. Sony pictures would not be a canonical target for a nation-state, because they really don't have much to offer a state like North Korea (it's not like this attack will help the struggling North Korea film industry). In contrast, there would be more for North Korea to lose if the US retaliates.
I can't quite understand the allegation that NK is behind this because I don't see a motive.
Is it too hard to imagine that a member of the Kim court could have purchased or ordered the services of hackers to curry favor with the leadership? You might be looking for rationality and logic in the actions of a cult of personality.
This is after all a country that in the past has kidnapped Japanese citizens for purposes including producing movies for the NK film industry:
How would a member of Kim Court know where to find hackers?
I'm not sure what percentage of people here know where to find those kinds of hackers, and we're supposed to be IT experts.
So the idea that some underling in the world's one surviving Stalinist state, which happens to have barely any Internet, knows where to hang out on DarkNet, and also has a suitably impressive stash of BitCoins, and knows enough about corporate politics to understand how to cause Sony Pix maximum humiliation - all that sounds just slightly unlikely, no?
>I can't quite understand the allegation that NK is behind this because I don't see a motive.
The motive is that a company that straddles the two countries that North Korea hates the most created a movie obviously designed to be a gross insult to their leader.
I'm sure there could be ancillary benefits to the hack too - technology they could copy, etc.
The motive is definitely there, but all the evidence still points to a disgruntled ex-employee.
Apparently the movie personally pissed off Kim Jong Un. Back in June they officially condemned the movie and threatened retaliation if it was released.
I don't think NK did it, but a nation-state, just like any other entity driven by self-interest, would go after ANYTHING they felt would give them an advantage. Including actions they can use to sway public opinion in their favor (or against the favor of their enemies) or garner sympathy for themselves.
I don't know or suspect whether NK did it or not. But from what I've read about NK, it's risky to use logic to second guess their motives. If NK was a human, I'd say they're batshit nuts. Clinically speaking.
OP here. This thing is confusing the hell out of me. I go back and forth on a daily basis as to whether I think it was the NKoreans or not. One major factor in my head that I haven't heard stated elsewhere is this: If the government says today "It was North Korea" and tomorrow a hacker group says "Lulz! It was us. Gotcha!", that makes the FBI/CIA/NSA look really, really bad. Bad enough that it would outweigh any benefits to blaming the NKors. Why would the feds go out on a limb like that if they weren't absolutely sure?
>Why would the feds go out on a limb like that if they weren't absolutely sure?
Because the military is likely angling for extra funding for its 'cyberwar' divisions and they would like for that pesky torture stuff to be yesterday's news.
Well sure, but my point is that being publicly wrong about the hack being NKor's work would outweigh everything, including changing the subject re: torture. Maybe I'm wrong about that, though.
I can easily see the American government blaming NK because that would (and has) generate media attention and push the torture report out of the spotlight.
That torture report is one of the best gifts they could have given the terrorists. They now have undeniable proof that America tortured people. Even if we put that aside, torturing people is what America prosecuted other war criminals for, and here they are flaunting their own rules. Consequently, they've lost all credibility and moral high ground.
I think being wrong about blaming NK is much easier to brush off than being caught red handed violating the ethics that your own country established just decades prior.
Think about it, if they're wrong about NK, everyone who suspected that is just going to go "I knew it." and everyone else will wonder how they could have blamed NK without being certain. Repercussions? None. Benefits? The People have forgotten about that whole torture thing. Win Win for the WhiteHouse.
The feds are sure enough of their control of the media that they could completely discredit that sort of story. Sure, smart people could notice that a claim is accompanied by slimy purportedly-Sony emails that look just like all the other slimy Sony emails. Those smart people probably don't care to get teased off all the talking-head shows with their against-the-narrative against-the-government-experts "theories".
Too much NK bashing. Just because a state is recluse and has barely any relation with other states doesn't mean we can just speculate and blame them for everything without real proof.
"While some computer experts still express doubts whether the North was actually behind the attack, American officials said it was similar to what was believed to be a North Korean cyberattack last year on South Korean banks and broadcasters. One key similarity was the fact that the hackers erased data from the computers, something many cyberthieves do not do."
I won't pretend to be an expert on information security but surely this isn't anywhere close to being unique enough to point blame at North Korea?
I can't wait to see this movie now, not because I think it'll be great but just because of the controversy surrounding it. Especially if Sony doesn't officially release it, I find it extremely ironic that so called hackers are the ones threatening Sony (which is a dubious claim at best) and hackers will likely be the ones to get it "released," considering Sony's lackluster (at best) security.
An indirect proof of who hacked Sony is easy: depending on whether the 'Hackers' publish the movie or not (given they got access to it and given Sony does not publish it as they say) will show who's behind it.
Nothing that North Korea says should be treated as though it were legitimate. This is a country that keeps something on the order of a quarter of a million people in actual concentration camps, and tens of millions more utterly brainwashed and in unspeakable poverty. This is now, today, in 2014.
Literally every day now I run across something mentioning "Sony hack", but haven't understood yet why it's so significant topic. It seems to gather way more attention than I imagine something like this should. Every now and then somebody gets "hacked", sometimes it's somebody pretty big, it's not that uncommon that some really important data gets leaked, but it never goes further than mentioning it on HN or something, no jokes about it on 9gag, no North Koreas joining investigation. What's the matter?
Maybe it's because I missed original news. Can somebody provide link or explanation why the heck it's so important that even completely non-technical people buzz about it all the time?
Because it exposed the interpersonal dealings of people who work at Sony. Whether it's that Trebek sometimes gets mad when asked to deal with unreasonable people, or that execs sometimes say really terrible things about people when they think the email is only between the two of them, or the future of companies that Sony execs are board members of (such as Snapchat) where there is lots of confidential information being discussed about the future of Snapchat and where it believes the current status of messaging lies.
In my opinion, it's mostly about the scope of the hack, and the studio's reaction.
The amount of data compromised is unparalleled in any other previously reported hack, and the response by Sony (canceling the distribution of a movie) is also unprecedented.
Because free speech is a constitutional right now being impugned by a bunch of hackers or a tiny country. The U.S. looks completely powerless in the face of it.
I agree that the U.S looks weak during this whole thing but how is this an issue of freedom of speech? A company chose to pull its product due to a threat, the government didn't force them to pull it or anything, it's their own choice. If you publish a controversial book and get threatened because of it and choose to pull it, it's not a freedom of speech issue because you are pulling your own book (or not pulling it).
Right, the US government didn't force them. But possibly another government did. If the US government was the perpetrator of this, I'd bet it would be in flagrant violation of the 1st
US isn't powerless, it's just a matter of the will to act. If everyone agreed that NK should be destroyed (such would be the case if they were stupid enough to launch a nuclear attack against someone, for example), it would be. Hacking Sony doesn't reach that level of retaliation.
And Hollywood could have pulled the prediction of Casablanca to avoid upsetting Germany and the pro Nazi german americans - and there was serious pressure put on Hollywood to do this.
Such pressures may have existed in the late 30's, but I don't see how there could have been any pressure to "pull production" of Casablanca for the sake of not offending Nazi germany given that its production was well after the US had entered the war. As far as I can tell Warner Brothers had only first heard of the script by January 1942.
1. Does NK even have the capability to pull something like this off? They seemingly fail at every other intimidation stunt they pull off & now they have a massive success out of nowhere? Hm...
2. Why would they deny it if they did it? It's very out of character for them to not pounce on the chance of something being very embarrassing to the US.
3. With all the talk of it being so complicated to pinpoint exactly where the attacks came from, what info is the US gov using to pin this on NK (besides the very easy narrative around the context of the movie). They have to have a bit more intel than they're letting on...or something is fishy here.
Of course they have the capability. The North Korean government has billions of dollars to throw at any project they come up with. The breakin at Sony, sourced commercially in the US, might have cost mid-six-figures.
Sure they do. Look at what they spend on their military, which in reality does them no good whatsoever (their true defenses are diplomacy with China and their hostage to the south).
True, though you could argue that feeding their military is a social welfare program of sorts, though it also redirects resources from the general public.
You are asking if a country that has the capability of producing nuclear weapons (albeit a small, simple stockpile) has the capability to hack an insecure company.
RE (1.): To imply that North Korea does not have the capability of pulling this off is to imply that the country is bereft of single human being with access to an Internet-connected computer.
With that said--whether or not they were involved is entirely up for debate.
Sony is the epitome of why we should not equate money with technological security. Additionally, the methods used to gain access to their systems necessitated little if any capital expenditure on the part of the attackers. Granted, that is not to say that no capital was expended, but simply that little expenditure was necessitated by the alleged methods.
Few things to remember:
1. The instruments of dictatorship is working well. They are not bunch of idiots. They outlasted the Soviets!
2. NK launched a medium range ballistic missile. It was a rather crud one (basically bolted together from parts from multiple missiles). NK may be poor and a backward country but they did build and launch the rocket(although it broke up in mid flight). How many nations have actually launched rockets as NK did?
3. We all know 'hacking' isn't some rocket science. It can be done by any reasonably intelligent person with a lot of time on their hands. And NK obviously has reasonably intelligent people who have the aptitude for programming/coding/hacking with a lot of time on their hands.
NK's only internet connection is via link through China. But I can also see NK posting hacker-soldiers in China too.
2) They're afraid of the repercussions given the massive public reaction to the hack. This isn't a fully persuasive line of reasoning, but it seems like a possibility.
Adding to this, I really hope this isn't the digital version of WMDs-in-Iran-type-event where we make up convenient excuses to intervene in countries that are somewhat problematic.
The USA won't intervene in a country with nuclear weapons and a few kilometers from Seoul for crime without physical damages. NK won't hacknowledge it because they want to appear as a victim in every way possible.
The Russians or NK could have secretly hired Chinese hackers to make it look like NK. Now they can embarrass the U.S. for jumping the gun like they did in Iraq and weapons of mass destruction (assuming the connection can not be proved).
When was the last time most, if not all, of the community here hung out with a guy or gal from the Foreign Service? Or better yet a member of the State Department of the USA?
Or the equivalent in their home country; that's just as well, given that the people I've met all over the world who work in their country's foreign service department are generally good people.
If you haven't seen, "A Beautiful Mind," it's a great film and the math literally helps explain why North Korea, despite evidence, might be a, "Sock puppet," used by...well, let's see.
What country is having a really, really crappy time with economic sanctions right now?
Maybe, just maybe, a bit of experience at interacting with the folks who (gasp) make these kinds of decisions would make the whole situation easier to explain. Or if most of us simply revisit kindergarten in the US, eg, the game of, "Tag." Remember how to claim a cookie that you're not supposed to eat?
Touch it. "If I touch it, I own it," because nobody wants to eat the cookie you touched after you liked your finger, right? So, Russia perhaps, "Licks their finger," tunnels through, and then when we discover the breach, "Look, it's the North Koreans!"
If not them, I'd say Luxembourg is behind it all. We know most American companies that have operations overseas use them to launder (I mean, mitigate) tax burdens in Europe, right?
Okay, I met the former ambassador to Sri Lanka and had tea with snacks when we hung out. Present was a Vice President of the country I lived in - great guy.
I can't confirm nor deny, because I don't know, the exact status and titles of the various members of the legislature I met while overseas because, frankly, it wasn't my intent to keep a log then post it publicly.
To whit, I've also been listed as a reference for a prosecutor who became a judge in California. However, none of this should be needed to, "Trot out," in a response about foreign politics, which I have ample experience in personally through multiple visits to many countries.
Thanks, though, for deflating my karma count - I need to remember, I'm sharing here because it's fun, not because I'm winning a game. ;)
Anyone else frustrated that you can't have a conversation about this without the vast majority of threads taking on a conspiratorial tone? I suppose it's human nature for something with such power players as Sony/FBI/NK to seek out hidden motives and what not - but the comment quality really drops off.
Sony executives:
* Sony gets tons of free publicity for its new movie.
* It diverts attention away from those emails that were starting to make certain Sony execs look really bad.
* They don't look quite so hopeless and incompetent if they're getting hacked by a nation state.
FBI/CIA/NSA/DOD:
* It's something that can be used to deflect heavy criticism of their all-pervasive surveillance.
* It's something they can use to wangle more money - to face the exciting new "cyberwar" threat.
Reasons for North Korea denying involvement if they actually did it:
...