North Korea probably not behind Sony attack, says security analyst

[Costello]

​

​

I have stumbled upon this article by Marc Rogers which I must say was quite convincing. Rogers (like many others including myself) is having a hard time believing that North Korea is really behind the recent attacks against Sony. Isn't it just too easy to blame North Korea for something like that? The hints left behind by the hackers are very obvious and could have been placed there on purpose.

Rogers lists ten different points to support his statement which I'm going to summarize here:

1. The broken english doesn't look like it's from a North Korean native (it looks like it's from a native english speaker trying to pose as Asian). Having lived in China for the past 5 and a half years I must say I concur.
2. The malware has been built on a PC with Korean locale & language, while traditional Korean is actually banned and forbidden in North Korea. It's extremely easy to change a computer's language and locale before building a program.
3. The malware contains hardcoded paths that probably only a (former) Sony employee would be aware of
4. The hackers could have done a lot more damage or at least very different damage, Rogers speculate that whoever is doing this just wants revenge over Sony
5. The hackers didn't originally mention the movie (The Interview), they only did so after mass media speculated that the attack came from North Korea. How convenient is that?
6. The hackers appear to have good knowledge of social media, not something you would expect from North Korean hackers - there have been studies about their techniques before
7. North Korea is an easy way out for everyone (Sony, third party "security experts" working for Sony, etc.) because quite frankly Sony's door were wide open, it's easier for them to just pretend they got hacked by super-sophisticated government agents
8. Blaming North Korea suits political agendas
9. Sony's security was so bad that they had it coming, it didn't really take overly competent government-hired hackers
10. Rogers suggests the hackers are being led by a former Sony employee seeking revenge, and links to several articles backing up his statement

If you want to get to the bottom of this and get some facts, make sure to read the following articles:
- The source of this article: a blog post from Marc Rogers (security analyist)
- Additional elements collected by another blogger Grugq
- A complete breakdown of the attack and in-depth analysis by security company Risk Based Security

 

[gamefan5]

I had my doubts about it, so I can't say that I dismiss it. I'm not leaving the possibility that NK did it, but I personally think that it was someone from Sony.
I'm still glad they did it out of precaution but the one that issued the threat should be caught for real.

 

[Flame]

Oh Sony when is your devs going to learn to the basics in coding like use a random algorithm and not use 4 as a random number...

int getRandomNumber()
{
return 4;
}

 

[Foxchild]

Not sayin this isn't a possibility, but why would they change their computer's language to Korean before writing the code (#2) if they decided to blame Korea as an afterthought based on media reaction (#5)?

 

[Costello]

Not sayin this isn't a possibility, but why would they change their computer's language to Korean before writing the code (#2) if they decided to blame Korea as an afterthought based on media reaction (#5)?

the media assumed the malware was from NK because of simple hints left by the hackers like in #2
THEN to further "prove" that they are from NK, the hackers jumped on the bandwagon and brought up the movie... simple as that

 

[Pedeadstrian]

the media assumed the malware was from NK because of simple hints left by the hackers like in #2
THEN to further "prove" that they are from NK, the hackers jumped on the bandwagon and brought up the movie... simple as that

I really want North Korea to be behind the attack. If they were, it'd mean that U.S. intelligence isn't full of dumbasses.

the White House said that it considers the cyber attack a "serious national security matter" and plans a "proportional response."

If the link between North Korea and the hacking is fake, then that means they're going to "proprotionally respond" to innocent (well, innocent in this regard) people. U.S.A. is number one. We'd never do something horrible to innocent people. Just don't read that huge report on our torturing. It's also fake.

 

[Trevor Belmont]

And here I was assuming Microsoft was the culprit, having run out of ideas to catching up with the PS4.

 

[purupuru]

"having a hard time believing that North Korea is really behind the recent attacks against Sony." I read this and laughed. Sorry Costello. Remember it was the North Koreans who kidnapped the famous director Shin Sang-ok to make the excellent giant monster film Pulgasari. Judging from past behavior it's quite probable that this attack was launched by the North Koreans. This annalist isn't very convincing for example the computer's language is traditional; Korean. Well try to find a language option for the North Korean dialect when ordering PCs. North Korean intelligence are going to have very sophisticated knowledge of social media. "The malware contains hardcoded paths that probably only a (former) Sony employee would be aware of" It's very easy I'd image to pay off a former employee so that argument doesn't hold water. No, this annalist doesn't sound very credible at all.

 

[Tom Bombadildo]

I still doubt NK had much to do with the hack. At the most I would maybe think NK hired out some out-of-country team to do it, and that's at the most.

 

[RevPokemon]

I still doubt NK had much to do with the hack. At the most I would maybe think NK hired out some out-of-country team to do it, and that's at the most.

Out of country ?

Maybe Russia or China but really causing a pseudo political epidemic is really overkill

 

[xdarkx]

I thought North Korea doesn't have internet, at least that's what I heard.

 

[Xzi]

Here's the issue: that article was released nearly right after it happened with no evidence one way or another. The newer articles provide pretty damn clear evidence of North Korea's guilt. The FBI has known this for a while now. They simply don't want to cause waves during the holidays.

And actually it turns out that it wasn't North Korea DIRECTLY, but rather a cyber-attack unit North Korea was training/developing in China (being that they feel more shielded from retribution there). If the code was written in anything else initially, it was probably Chinese.

 

[Tom Bombadildo]

Out of country ?

Maybe Russia or China but really causing a pseudo political epidemic is really overkill

It's North Korea, I don't expect them to do anything that remotely makes sense.

I thought North Korea doesn't have internet, at least that's what I heard.

They definitely have internet, it's just extremely censored and...spread a bit thin, I guess you could say. It used to be for high ranking gov. officials, however it supposedly has expanded a bit to other citizens. They also now have 3G access, though it's strictly for phone calls and no outside internet access

 

[Costello]

Here's the issue: that article was released nearly right after it happened with no evidence one way or another. The newer articles provide pretty damn clear evidence of North Korea's guilt. The FBI has known this for a while now. They simply don't want to cause waves during the holidays.

And actually it turns out that it wasn't North Korea DIRECTLY, but rather a cyber-attack unit North Korea was training/developing in China (being that they feel more shielded from retribution there). If the code was written in anything else initially, it was probably Chinese.

have you read this? https://www.riskbasedsecurity.com/2...sony-hack/#attributionguessinggameperspective
just a quote of the latest update, at the bottom of the article

[...] That article has been dissected to a degreeshowing how the firm title accusing North Korea buckles under subsequent observations and quotes. Ultimately, we have a named FBI official in a position to have knowledge of the investigation on record saying it was not North Korea, and we have an unknown amount of unknown officials that may or may not have knowledge of the investigation. Yet, the prevailing thought based on watching social media is that most people believe North Korea was behind it.

According to the Washington Post, who spoke with an “intelligence official” who was “briefed on the investigation”, they are almost certain hackers working for North Korea were behind the attack. To counter this, we have pieces from Kim Zetter at Wired and security professional Marc Rogers who make a case that North Korea is likely not involved. One point that can’t be said enough is that “attribution is hard” given the nature of computer intrusions and how hard it is to ultimately trace an attack back to a given individual or group. Past attacks on Sony have not been solved, even years later. The idea that a mere two weeks into the investigation and there is positive attribution, enough to call this an act of war, seems dangerous and questionable.

Intelligence officials believe with “99 percent certainty” that hackers working for the North Korean government carried out the attack, said one individual who was briefed on the investigation and spoke on the condition of anonymity. — Washington Post

At this point, it certainly could be North Korea. Or China. Or a group of people with no political affiliation, laughing at their tricks that have thrown the rest of society for a loop. As we have said before, it would be best if we reserve judgement until there is a documented forensic trail that truly establishes some level of attribution with certainty. At that point, Sony Pictures and the U.S. government can determine the best way forward. As Jason Koebler at Vice writes, “Reaction to the Sony Hack Is ‘Beyond the Realm of Stupid’” and has a wide variety of points that put the events in perspective.

Following up on the “fallout” angle, it appears that this attack has resulted in the cancellation of two movies. The first movie canceled, ‘The Interview’ has been extensively covered in the media and is accompanied by diverse commentary saying it was the right thing to do or it was caving in to terrorist demands. According to The Wrap, the second movie cancelled, not even in full production, is titled “Pyongyang” and was to star Steve Carell. Produced by company New Regency and directed by Gore Verbinski, the story is based on a graphic novel and follows a Westerner that is accused of espionage in North Korea. According to the Internet Movie Database (IMDB), it was also to be a comedy.

While the technical investigation into the breach is carried out, Tech Crunch reports that Sony is being forced to embrace legacy technology such as faxes and face-to-face meetings. Given that the compromise appears to be extensive, companies cannot assume that the attackers have stopped accessing the network. To err on the side of caution, they must assume that just about every device on their network is compromised.

Finally, in the wake of the North Korea guessing game, we’d like to offer a few points of perspective. When the Guardians of Peace (GOP) called for the cancellation of ‘The Interview’, no one thought it would work. Yet it did. Since the demands of the GOP centered around that and the demands have now been met, Jake Kouns asks if that means the leaks are over? Cyber War News reminds us that one hack led to one movie being cancelled and the world cares deeply. Yet every day, hundreds of companies are hacked leading to tens of thousands of credentials being leaked. Despite that, no one cares. It is interesting how a large media company can have such influence outside the scope of their usual means of influence (i.e. movies). Despite the veiled threats from the GOP suggesting December 25 may see “9/11 type attacks”, President Obama is saying there is no credible threat and encouraging Americans to go to the movies according to CNN. Finally, Mitt Romney chimes in with this great idea:

.@SonyPictures don’t cave, fight: release @TheInterview free online globally. Ask viewers for voluntary $5 contribution to fight #Ebola.

Unfortunately for Romney and those supporting his idea, a CNN email flash arrived shortly after the Tweet saying “Sony Pictures has no further release plans for ‘The Interview,’ a company spokesperson tells CNN’s Brian Stelter, discouraging speculation that it might release the movie digitally.”
RBS will update this timeline with more information as it becomes available.

I don't know if we will have a definitive answer because everything can always be manipulated. Just keep in mind that mass media doesn't always report facts correctly, they are often misleading either on purpose or accidentally.

 

[Joe88]

Here gbatemp, you dropped this

 

[Xzi]

I don't know if we will have a definitive answer because everything can always be manipulated. Just keep in mind that mass media doesn't always report facts correctly, they are often misleading either on purpose or accidentally.

Who said anything about war? It's easy to point out the culprit, is all. North Korea's threats are as impotent as ever, and even this hacking is pretty tame compared to what a larger country's government could have done. That said, it reminds people that we are vulnerable in one way or another, so I could just as easily see this story scaring people into anger as well. There's zero need for retaliation, though. Contact China and tell them to get their yippy bitch dog on a leash. Rofl.

 

[2ndApex]

Here gbatemp, you dropped this

The NK theory seems a lot more tin foil to .

 

[Canadacdn]

I really want North Korea to be behind the attack. If they were, it'd mean that U.S. intelligence isn't full of dumbasses.

Blaming the hack and threats on North Korea could allow various three letter agencies and the U.S Government to gain popular support for increased mass internet surveillance.

 

[Pedeadstrian]

Blaming the hack and threats on North Korea could allow various three letter agencies and the U.S Government to gain popular support for increased mass internet surveillance.

Yeah, sure, and it could also allow the director of the CIA to take a shot that that pesky rival of his, Seth Rogen. See? I can make up ridiculous things too. This isn't gonna make the U.S. populace afraid for their virtual safety and have them throw away their freedoms. Especially since the U.S. populace doesn't even control what laws go into effect; lobbyists do.

 

[SS4]

Its not like it would be the first time USA lies and fool its population for their own agenda but who knows what really happened?
Is it really important?
Seem just like someone messed up bad and is trying to put the blame on someone else . . .