Think North Korea Hacked Sony? Think About This; Attribution Difficult, If Not Impossible; POTUS Set To Officially Blame North Korea For Sony Hack At 1pm EDT News Conference Today – Dec. 19, 2014
Martyn Williams, writing in this morning’s (Dec. 19, 2014) Techworld.com, writes “North Korean involvement in the Sony Pictures Entertainment hack is certainly possible; but, it also plays into a popular, and easy-to-believe narrative about the county. There certainly appears to be circumstantial evidence [that North Korea perpetrated the hack] but — it could be just that,” Mr. Williams contends.
It’s Unlike Any Previous Hack Attributed To North Korea
“North Korea has been blamed for a string of hacks in the past; and, it’s generally accepted that the country has the capability to hack and attack companies. But, not previous attack attributed to North Korea — or any nation state — has been so public, and so noisy,” Mr. Williams adds. And, this particular hack has all the telltale signs of previous “hacker activist hacker attacks, against corporations and governments — and, it’s worth noting,” he says, that the techniques used in the Sony hack — “was used against North Korean ‘Internet’ sites in May 2013. In those attacks,” Mr. Williams observed, “thousands of user names and passwords for North Korean ‘news’ site, “Uriminzokkin,” were leaked by hackers operating under the “Anonymous” banner.”
The Hackers Didn’t Mention “The Interview” At First
“If the hack was all about the release of “The Interview,” why didn’t that come earlier?” Mr. Williams asked. “For the first couple of weeks, the messages that accompanied leaked data — didn’t mention the movie at all. It was much more about Sony and its executives — something underlined by the vindictiveness of the leaks.
North Korea Issues Threats All The Time
North Korea “expressed outrage at “The Interview” on June 25 when, without mentioning it by name, it promised “Those who defamed our supreme leadership, and committed hostile acts against the DPRK, can never escape the stern punishment to be meted out — according to a law wherever they might be in the world.” “If you do not follow North Korea closely, such threats are issued by Pyongyang all the time. On the same day that the statement on The Interview was issued, the North Korean state-run news agency “hit out at regional U.S. military actions, saying the situation was so grave, “that a nuclear war may break out at any moment. In this same article, it said, “Only merciless punishment and fist, not word, will work on the United States.” And, later in the day, it lashed out at South Korea, saying its own soldiers were awaiting “the order given by the Supreme Command to strike the provocateurs,” Mr. Williams wrote.
It’s Easy To Believe
“Because not a lot is known about North Korea, things that really should be questioned, are sometimes taken as fact — because they fit neatly into a box — where many place North Korean behavior: weird, with a touch of crazy.”
Investigators Have Evidence That Sony Hackers Stole The Credentials Of An IT/Systems Administrator
CNN is reporting this morning that U.S. “investigators have evidence that the Sony hackers stole the computer credentials of a Sony IT Administrator,” — to get broad access to Sony’s computer IT ecosystem, This finding,” CNN says, “is why investigators do not believe the attack on Sony was aided by a trusted insider.” “The hackers ability to gain access to the passwords of a top-level information technology employee allowed them to have “the keys to the entire building,” one official the network talked said.
Attribution Is Difficult — If Not Impossible — When A Sophisticated/Clever Adversary Is Involved
Kim Zetter, writing on the December 17, 2014 website, Wired.com, says attribution in the cyber world is difficult, if not impossible. “Skilled hackers use proxy machines, and false IP addresses to cover their tracks, or plant false clues inside their malware to throw investigators off their trail. When hackers are identified, and apprehended, it’s generally because they’ve made mistakes or, a cohort gets arrested and turned informant.”
“Nation-state attacks often can be distinguished by their level of sophistication and modus operandi;” Ms. Zetter writes, “but, attribution is no less difficult. It’s easy for attackers to plant false flags that point to North Korea, or another nation as the culprit. And, even when an attack appears to be a nation-state, it can be difficult to know if the hackers are mercenaries acting alone, or with state sponsorship — some hackers work freelance; and, get paid by the client state, only when they get access to an important system, or useful intelligence; others work directly for a state or a military entity. Then, there are hacktivists, who can be confused with state actors, because their geopolitical interests and motives jive with a state’s interest.”
“Distinguishing between all of these can be impossible, unless you’re an intelligence agency like NSA, with vast reach into computers around the world, and can uncover evidence about attribution in ways law enforcement agents legally cannot,” she wrote.
Often times we overthink things. The age old adage — KISS — Keep It Simple Stupid — is more often than not, the right answer. All arrows point to North Korea on this — though they may have had assistance from another nation-state — either wittingly, or unwittingly. And, the Islamic State, al Qaeda and others are also watching, and learning. V/R, RCP