Who Would Think To Make A Comedy About Assassinating A Current National Leader?!

[Magda Hassan]

They also claim the attack came from a NK IP address - but that is very easy for any hacker anywhere to do.

No one would do this. It's like robbing your local bank branch where everyone knows you not wearing a balaclava waving and smiling at the CCTV and wearing a name tag on your work uniform and driving your own car registered to your home address to do a bank robbery.

[Lauren Johnson]

Remember how long [months] before anyone even ventured to say where the stuxnet attack came from...but this was determined in about 24 hours or less.....it smells bad. It wouldn't even surprise me if we find out that some intel agency had the idea to make a film with this theme to begin with...though I know of no such evidence.

I think there is a lot more to this story that will (not?) come out? It smells, doesn't it?

Last year, the film Zero Dark Thirty, a POS movie, wins the academy award. It gets lots of publicity and lots of it was about a gifted female director (gasp!) -- Katherine Bigelow. I finally rented it from Netflix and quickly realized it was nothing but an improvisation on from The Mighty Wurlitzer. I see this film as part of the Obama campaign for global chaos and regime change.

[Albert Doyle]

Zero dark 30 sounds like a good name for the 12:30pm assassination hour of President Kennedy. Isn't this sort of like the bastards indirectly bragging about their accomplishment? America scares me because it is like a pack of propagandized retards gobbling up this wicked covert poetic symbolism without realizing they are being mocked by it. Just jingo it up and turn on the John Wayne music and they'll buy anything.


The speed at which gov't discovered the North Korean source reminds me of the quick identification of Lee Harvey Oswald.

[Lauren Johnson]

Zero dark 30 sounds like a good name for the 12:30pm assassination hour of President Kennedy. Isn't this sort of like the bastards indirectly bragging about their accomplishment? America scares me because it is like a pack of propagandized retards gobbling up this wicked covert poetic symbolism without realizing they are being mocked by it. Just jingo it up and turn on the John Wayne music and they'll buy anything.


The speed at which gov't discovered the North Korean source reminds me of the quick identification of Lee Harvey Oswald.

Actually, Zero Dark Thirty is a riff on a slang military term of O Dark Thirty. I've heard it before from a former special forces guy I know.

[Peter Lemkin]

All internet was shut down in N. Korea for about 24 hours. BBC had the temerity to suggest it was just due to bad 'infrastructure' in N. Korea and not an attack by the NSA [or similar]. ::willynilly::

[Magda Hassan]

All internet was shut down in N. Korea for about 24 hours. BBC had the temerity to suggest it was just due to bad 'infrastructure' in N. Korea and not an attack by the NSA [or similar]. ::willynilly::

Yes. Heard that too. They can't have it both ways. That same poor infrastructure also eliminates them as a hacking suspect.

[Magda Hassan]

In Plain English: Five Reasons Why Security Experts Are Skeptical North Korea Masterminded The Sony Attack

1. The Original Messages from the Hackers were About Layoffs, Not "The Interview"
The attackers originally sent messages to Sony referencing layoffs and demanding financial compensation. The tone was highly personal and did not reference "The Interview" movie at all. That's one reason why security experts (on private mailing lists) have been saying that disgruntled ex-employees are a likely candidate. The attackers only mentioned "The Interview" movie after the press suggested there was a connection.
This is the original threat letter sent via email to Sony executives on November 21:
"[M]monetary compensation we want," the email read. "Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You'd better behave wisely."
2. Underground Hackers Share Code and Tools
The FBI claims that there are similarities to other attacks attributed to North Korea. Security experts say that those attacks may not even have been North Korean in origin. However, even if they were  underground hackers share and sell code with each other. It's unsurprising that there would be overlap between cyberattacks.
3. IP Addresses Are Poor Evidence
The FBI cites similarities between IP Addresses used in this attack and in other attacks associated with North Korea. This is sloppy analysis because those IP addresses are public and don't have any special affiliation with North Korea. Plus, skilled hackers can fake IP addresses. So this is not a reliable piece of evidence.
4. The "Clues" Leading to North Korea Could Have Been Faked
Trickery and "trolling" are part of underground hacker culture. Deception is part of criminal culture. So why is the FBI so willing to take the code left by Sony's hackers at face value?
Whether it's the presence of Korean language or a connection to a North Korean computer, the clues leading to North Korea could have been faked. Imagine that you are at the scene of a crime and someone had written "North Korea was here" on the walls. While that's a good reason to take a look at North Korea, it's not proof either. The FBI cites similarities in "specific lines of code, encryption algorithms, data deletion methods, and compromised networks." Those could all be explained by cooperation (or sales) between hackers  or by intentionally making the hack point to North Korea.
Not all attacks are done by criminals who want credit. Sometimes they pin the blame on someone else. If you hacked Sony, would you want the world to know?
5. North Korea but Not the Government
It could have been North Koreans but not connected to the government. According to security expert Bruce Schneier, "reusing old attack code is a sign of a more conventional hacker being behind this." There is consensus among security experts that there was nothing about this hack that required the resources of a nation-state.
Both the US Government and Sony Have Political Reasons to Blame North Korea
Sony faces the possibility of numerous lawsuits as a result of sensitive data from employees, ex-employees and various partners being exposed. According to Jonathan Zittrain, professor of law and computer science at Harvard University, Sony might have some immunity from these lawsuits if this attack was part of an act of war.
The government has every reason to blame North Korea as well. That is certainly stronger positioning than admitting that the hackers hid themselves well. This also discourages other nation-states from trying something similar. Unfortunately, this also sends a message to hackers that they can get away with attacks if they can cast the blame on the right rogue nation-state.
Bruce Schneier raises the possibility that the government has classified intel that it's withholding. The NSA has been paying close attention to North Korea  who knows what documents they have that they choose not to disclose. However, it's dangerous for us as American citizens to accept the government's decision to accuse North Korea  a rogue country with nuclear aspirations  without a more legitimate body of evidence supporting this conclusion.
A multitude of security experts and tech-savvy journalists have covered this in great detail. Marc Rogers of Cloudflare has one of the best.
This piece by Bruce Shneier is one of the more comprehensive pieces that is also (relatively) accessible without a security background.
http://www.businessinsider.com/why-secur...14-12?IR=T

[Magda Hassan]

The FBI told their story about North Korea attacking Sony. Before we retaliate, read what they didn't tell you.

20 December 2014

tags: cybercrime, cyberwar, information operations, internet, north korea, propaganda, sony
by Editor of the Fabius Maximus website

Summary: The government blames North Korea of the Axis of Evil for the attack on Sony, a claim quite like the bogus claims of the past we so credulously believed. No matter how often they lie to us, Americans believe what the government tells us. They lie, we believe, their lies are exposed rinse, repeat. It makes us easy to govern, incapable of self-government, and quite different than our skeptical unruly forebearers. We can do better. This is a great day to begin. Read this and decide for yourself.
This is the most complete collection of information I've found on this story. Second post in this series; see links to the others at the end.

Contents

1. Articles questioning the FBI's story
   
2. About the attack
   
3. Dissenting voices to the official story
   
4. Remember this before you believe
   
5. Major media see the story
   
6. For More Information
   

(1) Articles questioning the FBI's story

.
While most journalists report official government statements, and cite only approving voices, there are a few who quote dissenters. We should pay attention to these few, considering the long list of government lies attributing evil deeds to designated foes. Learning from experience is the beginning of strength.

1. "Sony Pictures hackers say they want equality,' worked with staff to break in", Jacob Kastrenakes and Russell Brandom, The Verge, 25 November 2014 An interview with the hackers. Ignored by journalists; blockbuster news if true.
   
2. "Sony Hack: Studio Security Points to Inside Job", The Hollywood Report, 3 December 2014
   
3. "North Korea Almost Certainly Did Not Hack Sony", Kim Zetter, Wired, 17 December 2014
   
4. "Reaction to the Sony Hack Is Beyond the Realm of Stupid'", Jason Koebler, Motherboard, 17 December 2014
   
5. "Why You Should Demand Proof Before Believing The U.S. Government On North Korea and Sony", Jeffrey Carr (cybersecurity expert, CEO of Taia Global, Wikipedia bio), Digital Dao, 17 December 2014 Excellent background on the cyber-intel agencies and their vendors, and the dubious past of cyber-attack attribution.
   
6. "Why the Sony hack is unlikely to be the work of North Korea", Marc Rogers (of web-traffic optimizer CloudFlare), 18 December 2014
   
7. "US reportedly blaming North Korea for Sony Pictures hack. But why?", Graham Cluley, 18 December 2014 Repeats points made elsewhere.
   
8. "Sony, the DPRK, and the Thailand Pyongyang Connection", Jeffrey Carr, Digital Dao, 19 December 2014 The story becomes more complex.
   
9. "North Korea Hacked Sony? Don't Believe It, Experts Say", Paul Wagenseil, Tom's Guide, 19 December 2014
   
10. "Sony hack was the work of SPECTRE", By Robert Graham (CEO), Errata Security, 19 December 2014 A logical alternative analysis shows the weakness of the FBI's case.
    
11. "How the FBI says it connected North Korea to the Sony hack and why some experts are still skeptical", Christina Warren, Mashable, 20 December 2014
    
12. "Lets blame our perennial adversary!", the grugq (bio here; his website), undated The attacker has strong media skills.
    
13. Update: "Fauxtribution ?" at Krypt3ia (pseudonomeous hacker), 20 December 2014
    
14. Update: Comment by Marcus Ranum, e-security expert (bio here) & on the FM website's team of authors, posted at Free Thought Blogs, 21 December 2014
    

I sifted through these articles, each linking to other sources, and assembled the this summary. I believe it shreds the FBI story; at the very least it destroys the certainty about the attackers' identity. Read and decide for yourself.

(2) About the attack

.
Hewett Packard posted an excellent summary of the attack and North Korea's capabilities and possible role. See their August 2014 report about North Korea's cyber capabilities. They discuss the Chongryon, a group of North Koreans in Japan who run its some of its most important cyber and intelligence programs.
Also see the detailed analysis posted by Risk Based Security.
Why does the government tell us so little of the evidence? Some speculate that the NSA provided much of the evidence, but they're keeping this SIGINT secret (e.g., Nicholas Weaver at Mashable). That's logical. The pseudonymous but well-known information security expert going by the handle "the gugq" agrees: "I'll accept the Feeb's answer, I just don't believe they've shown their work. Mostly because it's not their work, they just copied from NSA." As you see below, after more thought he became more skeptical. So should you.
History suggests skepticism about these stories, given the history of US government and its corporate allies exaggerating the power of designated US foes. The Soviet Union was ominous superpower until it collapsed after years of internal rot (unnoticed by our lavishly funded intel agencies). Brian Honan (info security expert; bio here) reminds us of the 1998 "Solar Sunrise" attack by Iraq on US Army websites? US Deputy Defense Secretary John Hamre said it was "the most organized and systematic attack to date" on US military systems. A massive multi-agency task force eventually arrested 4 teenage boys. See the details here.

(3) Dissenting voices to the official story

(a) The best summary I've seen in rebuttal to the FBI's story Excerpt from Marc Rogers's article (red emphasis added):

• (1) The broken English looks deliberately bad and doesn't exhibit any of the classic comprehension mistakes you actually expect to see in "Konglish". i.e it reads to me like an English speaker pretending to be bad at writing English.
  
• (2) The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don't speak traditional "Korean" in North Korea, they speak their own dialect and traditional Korean is forbidden. {details and cites follow}
  
• (3) It's clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony's internal architecture and access to key passwords. … Occam's razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as.
  
• (4) Whoever did this is in it for revenge. The info and access they had could have easily been used to cash out, yet, instead, they are making every effort to burn Sony down. {explanation follows}
  
• (5) The attackers only latched onto "The Interview" after the media did the film was never mentioned by GOP right at the start of their campaign. It was only after a few people started speculating in the media that this and the communication from DPRK "might be linked" that suddenly it became linked. I think the attackers both saw this as an opportunity for "lulz" and as a way to misdirect everyone into thinking it was a nation state. After all, if everyone believes it's a nation state, then the criminal investigation will likely die. …
  
• (6) Whoever is doing this is VERY net and social media savvy. That, and the sophistication of the operation, do not match with the profile of DPRK up until now.
  
• (7) {B}laming North Korea is the easy way out for a number of folks, including the security vendors and Sony management who are under the microscope for this. …
  
• (8) It probably also suits a number of political agendas to have something that justifies sabre-rattling at North Korea …
  
• (9) It's clear from the leaked data that Sony has a culture which doesn't take security very seriously. …
  
• (10) Who do I think is behind this? My money is on a disgruntled (possibly ex) employee of Sony.
  

(b) From the Mashable article (links added):

Jeffrey Carr, cybersecurity expert {see Wikipedia} and CEO of Taia Global, is one of the skeptics. He told Mashable that "one of the biggest mistakes is that because an attack can be traced to the North Korean Internet that somehow means it's the North Korean government. That's a false assumption, because the North Korean Internet is basically provided by outside companies, in this case a Thai company. Nothing presented excludes alternate scenarios, so why jump to the most serious one?"
Carr notes that it appears the FBI is getting most of its intelligence from private security companies, without vetting or verifying that information. He added: "The White House is now getting ready to take some kind of action, as if it's a sure thing that the North Korean government is involved. Meanwhile you have the hackers who actually are responsible laughing because this is the most epic false flag ever."

© More from Jeffrey Carr, from his Digital Dao articles:

Is North Korea responsible for the Sony breach? I can't imagine a more unlikely scenario than that one, and for many of the same reasons that Kim Zetter detailed in her excellent article for Wired. {December 17}

There is a common misconception that North Korea's ITC is a closed system therefore anything in or out must be evidence of a government run campaign. In fact, the DPRK has contracts with foreign companies to supply and sustain its networks. … For the DPRK, that's Loxley, based in Bangkok. The geolocation of the first leak of the Sony data on December 2 at 12:25am was traced to the St. Regis hotel in Bangkok, an approximately 13 minute drive from Loxley offices.
This morning, Trend Micro announced that the hackers probably spent months collecting passwords and mapping Sony's network. That in addition to the fact that the attackers never mentioned the movie until after the media did pretty much rules out "The Interview" as Pyongyang's alleged reason for retaliation. If one or more of the hackers involved in this attack gained trusted access to Loxley Pacific's network as an employee, a vendor, or simply compromised it as an attacker, they would have unfettered access to launch attacks from the DPRK's network against any target that they wish. Every attack would, of course, point back to the hated Pyongyang government.
Under international law, "the fact that a cyber operation has been routed via the cyber infrastructure located in a State is not sufficient evidence for attributing the operation to that State" (Rule 8, The Tallinn Manual). (December 19}

(d) From the grugq's post (bio here; his website):

This is a media blitz campaign by a group that is steeped in Internet culture and knows how to play to it. They can manipulate it to maximum effect. This is definitely far more sophisticated than the usual rhetoric from North Korea. … To handle this sophisticated media / Internet campaign so well would require a handler with strong English skills, deep knowledge of the Internet and western culture. This would be someone quite senior and skilled. That is, I can't see DPRK putting this sort of valuable resource onto what is essentially a petty attack against a company that has no strategic value for DPRK.

(e) Robert Graham (CEO of Errata Security) provides another perspective at their website. Here are two excerpts.

While there may be more things we don't know, on its face {the FBI press release is} complete nonsense. It sounds like they decided on a conclusion and are trying to make the evidence fit. They don't use straight forward language, but confusing weasel words, like saying "North Korea actors" instead of simply "North Korea". They don't give details.
The reason it's nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it's own malware from scratch. (19 December 2014)

My story … better explains the evidence in the Sony case than the FBI's story of a nation-state attack. In both cases, there are fingerprints leading to North Korea. In my story, North Korea is a customer. In the FBI's story, North Korea is in charge. However, my story better explains how everything is in English, how there are also Iranian fingerprints, and how the threats over The Interview came more than a week after the attack. The FBI's story is weak and full of holes, my story is rock solid.
I scan the Internet. I find compromised machines all over the place. Hackers have crappy opsec, so that often leads me to their private lairs (i.e. their servers and private IRC chat rooms). There are a lot of SPECTRE-like organizations throughout the world, in Eastern Europe, South America, the Islamic world, and Asia. At the bottom, we see idiot kids defacing websites. The talented move toward the top of the organization, which has nebulous funding likely from intelligence operations or Al Qaeda, though virtually none of their activities are related to intelligence/cyberwar/cyberterror (usually, stealing credit cards for porn sites).
My point is this. Our government has created a single story of "nation state hacking". When that's the only analogy that's available, all the evidence seems to point in that direction. But hacking is more complex than that. In this post, I present a different analogy, one that better accounts for all the evidence, but one in which North Korea is no longer the perpetrator. (19 December 2014)

(f) From the Tom's Guide article:

"There's no evidence pointing to North Korea, not even the barest of hints," Robert Graham, CEO of Atlanta-based Errata Security, told Tom's Guide. "Some bit of code was compiled in Korea but that's South Korean (banned in North Korea, [which] uses Chinese settings). Sure, they used threats to cancel The Interview but after the FBI said they might."

(g) Update: Comment by Marcus Ranum, cyber-security expert (bio here) and on the FM website's team of authors.

The movie angle only cropped up 3 days into the attack, at which point the attackers latched onto it like a bunch of gamergaters who'd found another excuse for misogyny. Prior to the movie angle, there was no North Korea evidence, then it starts popping up.
The malware used is not specifically North Korean. It's run of the mill stuff using techniques that were notoriously used in the shamoon' attack against Saudi Aramco (does that make it Israeli?). The "common elements" the FBI boneheads are talking about is the disk wipe module, which is the most popular scriptable disk wipe; I've used it myself. Please, nobody point the finger at me for this attack in spite of the "common elements"
This bears all the hallmarks of a bunch of sociopathic American hackers; more like something from the former "anti-sec" crew than anything state-sponsored. I'm guessing the FBI doesn't want to talk about those "common elements" because anti-sec was being run by the FBI when they attacked Brazilian police and oil exploration assets.
If we ever find out who's behind it, my money is on some badly adjusted American nihilists in the 20-30 year old unemployed trouble-maker or "security consultant" demographic. These attacks are not sophisticated; what makes them so bad is that they got a very deep foothold in Sony before they started causing trouble, and Sony's infrastructure was deeply compromised. Most American companies, attacked in a focused manner, would fall just like Sony has.

Marcus sent me a follow-up note:

The attacks almost certainly (in my mind) are the work of some American sociopaths, probably guys pretty much like the antisec crew (which was led by an FBI informant). The tools in use are irrelevant; it would be like saying "the attacker used a gun, which points at Germany because it was an H&K" or "the attacker used a gun, which point to the US because Americans are gun nuts".
The Korean in the malware comments appears to have been planted there as a deliberate red herring; it's google translate quality. It would be like saying that"это фигня" shows I'm a KGB agent.

(h) Others experts have expressed skepticism, but with no details. Such Brett Thomas (CTO of internet services provider Vindicia; his bio):

All of the evidence FBI cites would be trivial things to do if a hacker was trying to misdirect attention to DPRK http://t.co/hkZ3D7ZfxK
Brett Thomas (@the_quark) December 19, 2014

.
Another cautionary note, by Sean Sullivan (security advisor to Finnish internet security firm F-Secure):

The US security-intelligence complex is running amok once again. Washington D.C. is incapable of saying "we don't know." #ConfirmationBias
Sean Sullivan (@5ean5ullivan) December 19, 2014

Update: Robert M. Lee (Co-Founder at Dragos Security LLC , First Lieutenant USAF cyberspace Operations Officer; bio here):

"FBI Update on Sony Investigation" http://t.co/SzHJNBnE5N > Having been in the IC I know how valuable sources are but this doesn't cut it.
Robert M. Lee (@RobertMLee) December 19, 2014

.

(4) Remember this before you believe
.

The aide {Karl Rove} said that guys like me were "in what we call the reality-based community," which he defined as people who "believe that solutions emerge from your judicious study of discernible reality." I nodded and murmured something about enlightenment principles and empiricism.
He cut me off. "That's not the way the world really works anymore," he continued. "We're an empire now, and when we act, we create our own reality. And while you're studying that reality judiciously, as you will we'll act again, creating other new realities, which you can study too, and that's how things will sort out. We're history's actors . . . and you, all of you, will be left to just study what we do."
Karl Rove, as quoted in "Faith, Certainty and the Presidency of George W. Bush" by Ron Suskind, New York Times Magazine, 17 October 2004

(5) Some in the major news media see the story

.
Some journalists mix a few skeptical notes to the song played by the government and their journalist supporters.

1. "Sony Hackers Snooped for Months, Then Planted 10-Minute Time Bomb", Bloomberg, 18 December 2014 Focuses on the largest fact inconsistent with the FBI's story.
   
2. "Think North Korea hacked Sony? Think about this", PC World, 18 December 2014.
   
3. "What is FBI evidence for North Korea hack attack?", BBC, 19 December 2014 They agree with a point Marc Rogers makes above (3.a.7): "{T}he attack being attributed to a nation state rather than an independent hacking group is the one glimmer of good news for Sony." They quote him: "If it is a nation state people shrug their shoulders and say that they couldn't have stopped it. It lets a lot of people off the hook."
   
4. "Security experts: FBI report light on evidence linking North Korea to Sony hack", Christian Science Monitor, 19 December 2014 "The FBI statement that linked the Sony hack to North Korea relied on previously released and inconclusive evidence, said many cybersecurity insiders."
   
5. "These experts still don't buy the FBI claim that North Korea hacked Sony", Los Angeles Times, 21 December 2014.
   
6. "Did North Korea Really Attack Sony?", Bruce Schneier (CTO, security firm CO3), The Atlantic, 22 December 2014 "It's too early to take the U.S. government at its word". The reasoning at the end by Allan Friedman (GW U's Cyber Security Research Institute) makes zero sense (accusing the wrong party does not "serve as a warning to others that they will get caught if they try something like this.")
   

(6) For More Information

.
(a) Other posts in this series:

1. Another day, another campaign of fearmongering in America: North Korea's cyberattack on Sony., 18 December 2014
   
2. The FBI told their story about North Korea attacking Sony. Before we retaliate, read what they didn't tell you., 20 December 2014
   
3. Why do we believe, when the government lies to us so often? When we change, the government also will change., 22 December 2014
   
4. Marcus Ranum explains a major challenge of cyberwar: About Attribution (identifying your attacker).
   

(b) All posts about cyberwar, cybercrime, and cyberterrorism.
© Posts about propaganda and information operations run against us. Never forget or forgive, just learn from this history.

1. Successful propaganda as a characteristic of 21st century America, 1 February 2010
   
2. A note about practical propaganda, 22 March 2010
   
3. Our leaders have made a discovery of the sort that changes the destiny of nations, 15 September 2010
   
4. The easy way to rule: leading a weak people by feeding them disinformation, 13 April 2011
   
5. Our minds are addled, the result of skillful and expensive propaganda, 28 December 2011
   
6. Understanding our political system: the how-to guide by its builders, 7 October 2012
   
7. We can see our true selves in the propaganda used against us, 14 May 2013
   
8. A nation lit only by propaganda, 3 June 2013
   
9. The secret, simple tool that persuades Americans. That molds our opinions., 24 July 2013
   
10. We live in an age of ignorance, but can decide to fix this today, 15 April 2014
    

http://fabiusmaximus.com/2014/12/20/rebu...ack-74873/

[Peter Lemkin]

Above is very good and comprehensive. Rather conclusive, IMO. False-flag...the usual. Could have been inside job inside Sony, S. Korea, NSA, almost anyone - but not likely N. Korea who would not have made it so obvious with the patsy set up. Think Oswald and Dallas.

I can't wait until they make a film about ISIS...and then the 'reactions'...coming soon, I'm SURE! We live in a constant state of false-flag terror and threats of various invented kinds.....

[Drew Phipps]

I wonder if the original intent of linking the movie to the attack was for free publicity for the movie.