U.S. Said To Find North Korea Ordered Sony Attack On Sony; Sony Caves To Hackers Demands, Setting Dangerous Precedent — Islamic State, Others Watching How U.S. Responds
David Sanger and Nicole Perlroth write in this morning’s (Dec. 18, 2014) New York Times that “American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the Christmas Day release of the film, The Interview, — a far-fetched comedy about the assassination of North Korea’s leader, Kim Jong-Un.”
The New York Times notes that the White House is divided regarding how to respond to the attack; and, whether or not to publicly blame Pyongyang. “Some within the Obama administration argue that North Korea must be directly [and publicly] confronted<' regarding the hack, the paper says. "But, that raises questions of what actions the administration could credibly threaten, or how much evidence to make public — without revealing details of how it determined North Korea's culpability — including the possible penetration of North Korea's computer networks," to find the evidence, the New York Times reported.
Others within the Obama administration "said a direct confrontation with North Korea would provide North Korea with the kind of dispute it covets," Mr. Sanger and Ms. Perlroth write. "Japan, where Sony is an iconic corporate name, has argued that a public accusation could interfere with delicate negotiations for the return of Japanese citizens kidnapped [by North Korea] years ago."
The [U.S.] government is "considering a range of options in weighing a potential response," said Bernadette Meehan, a spokesperson for the National Security Council (NSC).
"While intelligence officials have concluded the cyber attack was both state-sponsored; and, far more destructive than any seen before on American soil — there are still differences of opinion over whether North Korea was aided by Sony insiders with knowledge of the company's computer systems," senior administration officials told the paper.
"This is of a different nature than past attacks," one official said. "An attack that began wiping out data on corporate computers — something that had been previously seen in South Korea and Saudi Arabia — had turned "into a threat to the safety of Americans," the official said.
"It is not clear how the U.S. determined that Mr. Kim's government had played a central role in the Sony attacks," Mr. Sanger and Ms. Perlroth write. "North Korea's computer network [systems] are notoriously difficult to penetrate. But, the National Security Agency (NSA) began a major effort four years ago to penetrate the country's computer operations — including its elite cyber team; and to establish "implants" in the country's networks that, like a radar system, would have said was beyond the North's capabilities."
"There is a long [cyber] forensic trail involving the Sony hacking several [cyber security] researchers said. The attackers used commercially available tools to wipe data off Sony's systems. They also borrowed tools and techniques that had been used in at least two previous attacks, one in Saudi Arabia, two years ago — widely attributed to Iran — and, another in South Korea aimed at banks and media companies," the New York Times said.
"The Sony attacks were routed from command-and-control servers across the world, including [through or via] a convention center in Singapore and Thammasat University in Thailand, the researchers said. But, one of those servers, in Bolivia, had been used in limited cyber attacks on South Korean targets two years ago. They suggested that the same groups, or individuals might have been behind the Sony attack."
"The Sony malware shares remarkable similarities with that used in attacks on South Korean banks and broadcasters last year," the Times reported. "Those intrusions, which also destroyed data belonging to their victims, are believed to have been the work of a cyber criminal gang, known as Dark Seoul. Some experts say they cannot rule out the possibility that the Sony attack was the work of a Dark Seoul copycat," security researchers said. "The Sony attack also borrowed a wiping tool from an attack two years ago at Saudi Aramco, the national oil company, where hackers wiped off data on 30,000 of the company's computers, replacing it with an image of a burning American flag."
"At Sony, investigators are looking into the possibility that the attackers had inside help," Mr. Sanger and Ms. Perlroth write. "Embedded in the malicious code were the names of Sony servers and administrative credentials — that allowed the malware to spread across Sony's network." "It's clear they already had access to Sony's network before the attack," said James Blasco a researcher at AlienVault, a cyber security consulting firm.
The U.S. needs to go after Kim Jung-Un and his coterie of enablers — personally — and hit them financially in a big way. Sony's capitulation is terrible, and will do nothing but encourage additional such behavior, A strong message needs to be delivered to Kim Jong-Un — or, 'Mini-Me,' as I refer to him. If we don't, what message does this send to the Islamic State? V/R, RCP