I want to believe. But, there's such a history of deceit from our government, when there is a political motivation. I honestly don't understand why they'd be lying in this case...but, well, Iraq and years of torture at Guantanamo didn't really make sense to me, either. I don't think there is anyone gunning for war with North Korea (well, Northrup Grumman and Halliburton probably are, but I don't believe our state is entirely owned by the defense industry anymore, as it was during the Bush years). So, what's the motivation, if the FBI is misleading people?
The thing is, I'm entirely willing to believe North Korea would like to have this kind of capability, and if they do have this kind of capability (which they might), I'm entirely willing to believe that they would use it broadly and aggressively. North Korea is led by angry, crazy, people. But, the early communication about the attack does not match that of a nation state, and there's no reason for them to have tried to pretend to be a random blackmail organization that I can imagine.
In short, an IP is not a smoking gun. I worry that the FBI is taking advantage of people's lack of understanding of technology in order to push a story that is politically convenient, but factually shaky. I mean, I hope they aren't intentionally misleading people, I just don't necessarily trust that they wouldn't if there were motivation to do otherwise.
I don't think the motive would be to start a war with DPRK. What I am afraid of is the use of this incident as "evidence" that our nation needs more "cybersecurity". This could help pass legislation previously blocked by congress due to insufficient evidence. There isn't much of a leap from declaring war on terrorism to declaring war on cyberterrorism, and we all know how that went.
I know my tin foil hat is showing, but it's a creepy possibility nonetheless, and is in no way distant from Washington's past antics.
Another explanation is that Sony Pictures asked them (your gov) to. Helps stop lawsuits over their poor security, might even result in some government funding to help them recover. And Sony can repay with campaign funds or what have you.
One motivation would be to look like they have the capacity to do things such as attribute cyber attacks. If they know that no one can prove them wrong, they may think that accusing North Korea with "classified evidence" looks more impressive then saying that they do not know, or are not confident about, who did it.
> I honestly don't understand why they'd be lying in this case
Foreign policy shenanigans. They claim North Korea is attacking our economy, and the next time they have to sit down with the crazy fucks at a table with the Chinese and Russians, maybe they don't have to make as many concessions.
Doesn't matter if it's true or not, just that it was plausible.
This is firmly in conspiracy theory territory, but didn't the U.S. government accuse North Korea on the exact same day (December 17, 2014) that Obama announced a thaw with Cuba?
> I honestly don't understand why they'd be lying in this case
If they already wanted to slap NK with more sanctions this gave them an easy way to do it.
Some high ranking US/FBI official: "Let's just say NK attacked us, no one can prove it, no one will listen to NK if they dispute it, AND it looks like a win for US/FBI out-hacking the hackers. After all can't we all agree NK is bad so what if we lie about this hack we are serving the GREATER GOOD by doing so..."
Could someone explain how they would know that the IP "used exclusively" by NK wasn't a proxied IP but in fact the "real" source IP?
Personally, I think just mentioning that part of the evidence came from the Behavioral Analysis Unit proves that NK's ties to this are definitely shaky.
Funny, when the IP addresses weren't NKorea, as earlier highly voted HN articles have told us, it was proof that it wasn't NKorea. Now that they do, its somehow further proof that it wasn't N Korea.
I understand knee-jerk anti-US comments are karma gold here, but I don't think you guys realize how ridiculous you sound to the rest of us. I think its pretty difficult to arm-chair analyze this stuff and come out with a definitive answer, especially considering a lot of this stuff will never be declassified, but the Alex Jones-like conspiracy thinking here really brings the discourse down to a reddit-like level.
Purely from an Occam's razor perspective, the country that attacked this film and warned of consequences if released-- consequences that actually happened, is probably at fault here. This analysis of how it must have been anyone but NKorea, especially considering NKorea's reputation, is highly questionable to the unbiased observer.
Not to mention it's also easy to spoof your IP address if you are traversing out of a DC or node that does not do egress filtering (meaning you don't even have to proxy through the proper IP/country... you just make it up).
Shaky evidence? You bet ya. (and it seems this is the only evidence offered as an explanation so far)
Also, if N. Korea really was behind this "attack" of a private company with no US Gov't ties, why would they not claim responsibility and tout their "Cyber Attack" skills? They do for just about everything else (even failed missile launch attempts). Fear of retribution? No way, this is/was a private company... the US Gov't could not respond with any kinetic weaponry attack and look good on a geopolitical scale.
N. Korea also offered to send personnel to help the FBI in the attack investigation, which is extremely uncharacteristic of N. Korea to say the least... normally they'd just praise the attack flatout.
If somebody were to want to frame the North Koreans, what would stop a motivated attacker (perhaps a nationstate) from just abusing BGP to spoof source IPs? How hard would that be to detect, particularly if you controlled direct peers?
Timing correlation. If you are monitoring traffic in/out of NK, you can correlate traffic by similar sequence of sized packets going into one IP and then coming out of another.
This is the "secret sauce" that the FBI says they cannot tell anyone imo. Doing this is nothing new and I am sure they've been doing it for ages though.
The problem is that if you assume the FBI is doing this ( which any skilled hacker would assume ) then you can easily get around it by sending a sequence of instructions ahead of time, and then having them playback at what seems like a reasonable rate at a later time. ( making it seems as if you are on site and didn't set it up ahead of time )
If the NSA has taps sitting on all the routers that are a hop away from NK, they can probably nail it down just from timing, right? If the packets were being proxied through an NK IP, I would think it would be easy to tell the difference (if you're the NSA, anyway).
How many technical experts do we need to explain that IP address is not proof, especially when many random IPs and proxies are involved.
Suppose I am a hacker who wants it to seem like NK did it. I use a bunch of random proxies, and I use a couple machines IN NK that I previously hacked into. ( adding time delays to all commands I send to these ) I do stuff through these machines a bunch, making sure to connect to them and setup all the seeming commands ahead of time, and I let it happen. -wham- "proof" that I'm from NK and am an idiot suddenly realizing I forgot to use the proxy.
I agree with the hackers. FBI are idiots. ( not the first time I've noticed they are idiots either; they also were very stupid when dealing with myself as a hacker imo )
I assume they're this confident because the NSA is snaffling up every 1 and 0 that comes in and out of NK. It would explain both their confidence and reticence to explain why.
There are also nontechnical ways to attribute the attack to North Korea. For example a human informant inside North Korea which they did not want to reveal could provide quite solid information.
But it appears we will never know the source of their confidence.
I've said my piece about attribution already. There's no new evidence I've seen (and there is not likely to be). I remain sceptical: Comey and especially Clapper aren't exactly what I'd call reliable sources. But they seem to have made their minds up, and that argument just goes round in circles. (The amused may wish to check out http://sony.attributed.to/ and reload the page a few times.)
I'm concerned about where this rhetoric is heading, for several reasons. One reason is that I know this evidence absolutely can be faked: one particularly good tool to fake it is called QUANTUMSQUIRREL. They aren't the only people who can build tools like that: doesn't even take a high budget. And the same people who built QSQRL, have built other systems which automatically respond with high-budget malware when they think they're being attacked.
I think we all know what happens in that endgame: the only winning move is not to play. But numerous countries, and non-state actors, are already playing it - if the FBI is to be believed, even psychotic despotic ones with relatively small budgets.
I want to get off Mr Comey's wild ride; but how? Technically, we can build stronger network protocols, write bug-free software... every bit as hard as it sounds, but we can try our best.
What can we do politically? Given how incredibly dangerous this could get, perhaps a treaty banning 'cyberwar' or 'cyberespionage' would be a good idea. (While we're at it, can we ban the use of 'cyber'? It sounds utterly ridiculous.) But the intelligence and law enforcement agencies already doing this would get very pouty at the prospect of their toys being taken away.
It's all very disappointing. Anyone got any bright ideas?
There have been discussions of treaties banning "cyberwar" already. It seems counterproductive. I assume it would be preferable to someone in Seoul that they were attacked through digital means than with conventional weapons. They might lose access to their bank accounts for a while, but they won't have their homes destroyed or family killed.
Asymmetric warfare of all kinds has two sides to it, it's part of the definition of asymmetric. The low capability party has to attack asymmetrically, but the high capability party can respond with much greater and effective force. In most cases, we are the high capability party.
This "new" concept of cyber-warfare is really a way of saying conflict through the use of digital networks, but in a way that is distinguishable from network-centric or electronic warfare which are two different things. It is also asymmetric in the sense that it enables a low capability party to attack a high capability party with a much small investment than a strategic attack through other means would require. (Leaving out "terrorist-style" attacks using small arms or devices for the moment, which are not usually strategic.) It also means that a high capability party may not have an adequate defense against this type of attack, no matter how much they might invest in passive/defensive security. One weakness in enough systems is enough to massively increase the effectiveness of the overall attack.
To respond to your second point, the overuse of "cyber-" is nauseating, and I personally restrict it to the use I mentioned earlier which is a means of differentiating it with network-centric or electronic warfare.
A financial institution issuing press releases talking up their "cyber-security" means as little their marketing copy mentioning their use of "industry-grade SSL encryption." A proper disclosure would get into password policies for internal systems as well as customer accounts, what hashing algorithm they use to protect customer account passwords in their system, and other details that would give testimony to their capabilities in securing their own systems.
This is somewhere where Google and Chrome can do a lot of good, giving us more than EV certificates and use of higher bit and stronger hash algorithms on CA certs as feedback in the browser. The next step could be a (cryptographically) signed affidavit of the internal security measures in place, which could be scored and used as a part of the determination of what feedback to show in the browser UI.
It might also make sense for Chrome to conduct a rudimentary scan of the home router for these kind of obvious issues, or maybe for Google or someone else to offer an inexpensive secure router, though too many of these are provided by the ISPs now.
Anyway, I'll leave it the cyberexperts to share their cyberknowledge about cyberwarfare and cybersecurity about how to prevent cyberviruses and other malware to those of us who are less cybersavvy, or, in the words of more than one newscaster, barely know how to turn on their computer.
I thought about prior plausibility of the statement that actors for the north Korean regime would lack technical chops, and then I remembered the first north Korean nuclear weapon test.[1] A source I remember looking up after reading a Hacker News comment a year or two ago points out that the explosive yield from that test was very small, and I see that the Wikipedia article on the topic[2] reports the issue that way. Sometimes the north Korean regime intends to do something skillfully but screws up. I sure wouldn't want to be a smart person living under that regime, and there may be either intentional sabotage of some of their efforts (this has happened in plenty of other dictatorships before, by deeds of dissenters) or the best people they can find to carry out their hacks are not very 1337 hax0rs.
Regardless of whether FBI is lying (I believe they are telling the truth in broad strokes) here are reasons to implicate NK (when both Russian and Iranian signatures were present the malware):
- Instability in NK means instability in China
- NK is a nuclear power and rapidly rising as a country on the world stage (according to CIA director Panetta)
- Russia's sharing of hypersonic missile technology with North Korea heightens already mounting global nuclear tensions
- Temporary division of Korea was set up by US and allies as a result of WWII - it was slotted for reintegration within a few years but Cold War tensions blocked cooperation between the nations required to achieve this; meaning:
a.) North Korea has never been recognized by the US as a 'legitimate' state to begin with
b.) The Korean War was fought for and activity in the area continues to be of proxy interest to greater geopolitical goals
- Cooperation between SONY, RAND corporation and the State Department on the development of "The Interview" (and the gutting of the Smith-Mundt Act at the time this cooperation began) lends favor to the narrative that the film is a "Diplomacy Product" of the US State Department and that North Korea was the target to begin with
- The United States is engaging in a mammoth amount of effort to establish international norms for cyberattacks and needs to show proactivity in this area
"Terrorist attack" straw-man used to justify attacking an unrelated state target we happen not to like. Government officials appearing on complacent media outlets to beat the drums and persuade the populace that "they have conclusive evidence" and "retaliation is required to protect the country".
Yes, it's funny how it's a "terrorist attack" when a country we don't like does the same things we do. The most prominent recent example of the US (and Israel) carrying out an attack like this is Stuxnet.
[+] [-] SwellJoe|11 years ago|reply
The thing is, I'm entirely willing to believe North Korea would like to have this kind of capability, and if they do have this kind of capability (which they might), I'm entirely willing to believe that they would use it broadly and aggressively. North Korea is led by angry, crazy, people. But, the early communication about the attack does not match that of a nation state, and there's no reason for them to have tried to pretend to be a random blackmail organization that I can imagine.
In short, an IP is not a smoking gun. I worry that the FBI is taking advantage of people's lack of understanding of technology in order to push a story that is politically convenient, but factually shaky. I mean, I hope they aren't intentionally misleading people, I just don't necessarily trust that they wouldn't if there were motivation to do otherwise.
[+] [-] Rooster61|11 years ago|reply
I know my tin foil hat is showing, but it's a creepy possibility nonetheless, and is in no way distant from Washington's past antics.
[+] [-] AdeptusAquinas|11 years ago|reply
[+] [-] gizmo686|11 years ago|reply
North Korea makes a nice target to blame.
[+] [-] NoMoreNicksLeft|11 years ago|reply
Foreign policy shenanigans. They claim North Korea is attacking our economy, and the next time they have to sit down with the crazy fucks at a table with the Chinese and Russians, maybe they don't have to make as many concessions.
Doesn't matter if it's true or not, just that it was plausible.
[+] [-] zachrose|11 years ago|reply
[+] [-] joshstrange|11 years ago|reply
If they already wanted to slap NK with more sanctions this gave them an easy way to do it.
Some high ranking US/FBI official: "Let's just say NK attacked us, no one can prove it, no one will listen to NK if they dispute it, AND it looks like a win for US/FBI out-hacking the hackers. After all can't we all agree NK is bad so what if we lie about this hack we are serving the GREATER GOOD by doing so..."
[+] [-] thaumaturgy|11 years ago|reply
[+] [-] ddod|11 years ago|reply
Personally, I think just mentioning that part of the evidence came from the Behavioral Analysis Unit proves that NK's ties to this are definitely shaky.
[+] [-] drzaiusapelord|11 years ago|reply
I understand knee-jerk anti-US comments are karma gold here, but I don't think you guys realize how ridiculous you sound to the rest of us. I think its pretty difficult to arm-chair analyze this stuff and come out with a definitive answer, especially considering a lot of this stuff will never be declassified, but the Alex Jones-like conspiracy thinking here really brings the discourse down to a reddit-like level.
Purely from an Occam's razor perspective, the country that attacked this film and warned of consequences if released-- consequences that actually happened, is probably at fault here. This analysis of how it must have been anyone but NKorea, especially considering NKorea's reputation, is highly questionable to the unbiased observer.
[+] [-] Alupis|11 years ago|reply
Shaky evidence? You bet ya. (and it seems this is the only evidence offered as an explanation so far)
Also, if N. Korea really was behind this "attack" of a private company with no US Gov't ties, why would they not claim responsibility and tout their "Cyber Attack" skills? They do for just about everything else (even failed missile launch attempts). Fear of retribution? No way, this is/was a private company... the US Gov't could not respond with any kinetic weaponry attack and look good on a geopolitical scale.
N. Korea also offered to send personnel to help the FBI in the attack investigation, which is extremely uncharacteristic of N. Korea to say the least... normally they'd just praise the attack flatout.
[+] [-] philip1209|11 years ago|reply
[+] [-] rilita|11 years ago|reply
This is the "secret sauce" that the FBI says they cannot tell anyone imo. Doing this is nothing new and I am sure they've been doing it for ages though.
The problem is that if you assume the FBI is doing this ( which any skilled hacker would assume ) then you can easily get around it by sending a sequence of instructions ahead of time, and then having them playback at what seems like a reasonable rate at a later time. ( making it seems as if you are on site and didn't set it up ahead of time )
[+] [-] roywiggins|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] rilita|11 years ago|reply
How many technical experts do we need to explain that IP address is not proof, especially when many random IPs and proxies are involved.
Suppose I am a hacker who wants it to seem like NK did it. I use a bunch of random proxies, and I use a couple machines IN NK that I previously hacked into. ( adding time delays to all commands I send to these ) I do stuff through these machines a bunch, making sure to connect to them and setup all the seeming commands ahead of time, and I let it happen. -wham- "proof" that I'm from NK and am an idiot suddenly realizing I forgot to use the proxy.
I agree with the hackers. FBI are idiots. ( not the first time I've noticed they are idiots either; they also were very stupid when dealing with myself as a hacker imo )
[+] [-] cpeterso|11 years ago|reply
[+] [-] roywiggins|11 years ago|reply
[+] [-] esmi|11 years ago|reply
But it appears we will never know the source of their confidence.
[+] [-] AlyssaRowan|11 years ago|reply
I'm concerned about where this rhetoric is heading, for several reasons. One reason is that I know this evidence absolutely can be faked: one particularly good tool to fake it is called QUANTUMSQUIRREL. They aren't the only people who can build tools like that: doesn't even take a high budget. And the same people who built QSQRL, have built other systems which automatically respond with high-budget malware when they think they're being attacked.
I think we all know what happens in that endgame: the only winning move is not to play. But numerous countries, and non-state actors, are already playing it - if the FBI is to be believed, even psychotic despotic ones with relatively small budgets.
I want to get off Mr Comey's wild ride; but how? Technically, we can build stronger network protocols, write bug-free software... every bit as hard as it sounds, but we can try our best.
What can we do politically? Given how incredibly dangerous this could get, perhaps a treaty banning 'cyberwar' or 'cyberespionage' would be a good idea. (While we're at it, can we ban the use of 'cyber'? It sounds utterly ridiculous.) But the intelligence and law enforcement agencies already doing this would get very pouty at the prospect of their toys being taken away.
It's all very disappointing. Anyone got any bright ideas?
[+] [-] tmzt|11 years ago|reply
Asymmetric warfare of all kinds has two sides to it, it's part of the definition of asymmetric. The low capability party has to attack asymmetrically, but the high capability party can respond with much greater and effective force. In most cases, we are the high capability party.
This "new" concept of cyber-warfare is really a way of saying conflict through the use of digital networks, but in a way that is distinguishable from network-centric or electronic warfare which are two different things. It is also asymmetric in the sense that it enables a low capability party to attack a high capability party with a much small investment than a strategic attack through other means would require. (Leaving out "terrorist-style" attacks using small arms or devices for the moment, which are not usually strategic.) It also means that a high capability party may not have an adequate defense against this type of attack, no matter how much they might invest in passive/defensive security. One weakness in enough systems is enough to massively increase the effectiveness of the overall attack.
To respond to your second point, the overuse of "cyber-" is nauseating, and I personally restrict it to the use I mentioned earlier which is a means of differentiating it with network-centric or electronic warfare.
A financial institution issuing press releases talking up their "cyber-security" means as little their marketing copy mentioning their use of "industry-grade SSL encryption." A proper disclosure would get into password policies for internal systems as well as customer accounts, what hashing algorithm they use to protect customer account passwords in their system, and other details that would give testimony to their capabilities in securing their own systems.
This is somewhere where Google and Chrome can do a lot of good, giving us more than EV certificates and use of higher bit and stronger hash algorithms on CA certs as feedback in the browser. The next step could be a (cryptographically) signed affidavit of the internal security measures in place, which could be scored and used as a part of the determination of what feedback to show in the browser UI.
It might also make sense for Chrome to conduct a rudimentary scan of the home router for these kind of obvious issues, or maybe for Google or someone else to offer an inexpensive secure router, though too many of these are provided by the ISPs now.
Anyway, I'll leave it the cyberexperts to share their cyberknowledge about cyberwarfare and cybersecurity about how to prevent cyberviruses and other malware to those of us who are less cybersavvy, or, in the words of more than one newscaster, barely know how to turn on their computer.
[+] [-] tokenadult|11 years ago|reply
[1] http://www.nti.org/country-profiles/north-korea/
http://www.nytimes.com/2006/10/09/world/asia/09korea.html
http://www.theguardian.com/world/2006/oct/09/northkorea
[2] https://en.wikipedia.org/wiki/2006_North_Korean_nuclear_test
[+] [-] xnull1guest|11 years ago|reply
- Instability in NK means instability in China
- NK is a nuclear power and rapidly rising as a country on the world stage (according to CIA director Panetta)
- Russia's sharing of hypersonic missile technology with North Korea heightens already mounting global nuclear tensions
- Temporary division of Korea was set up by US and allies as a result of WWII - it was slotted for reintegration within a few years but Cold War tensions blocked cooperation between the nations required to achieve this; meaning:
a.) North Korea has never been recognized by the US as a 'legitimate' state to begin with
b.) The Korean War was fought for and activity in the area continues to be of proxy interest to greater geopolitical goals
- Cooperation between SONY, RAND corporation and the State Department on the development of "The Interview" (and the gutting of the Smith-Mundt Act at the time this cooperation began) lends favor to the narrative that the film is a "Diplomacy Product" of the US State Department and that North Korea was the target to begin with
- The United States is engaging in a mammoth amount of effort to establish international norms for cyberattacks and needs to show proactivity in this area
[+] [-] tmzt|11 years ago|reply
[+] [-] timebomb|11 years ago|reply
I've seen a lot of people wonder this, but they flat out state in in an official statement on their website:
"Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States."
http://www.fbi.gov/news/pressrel/press-releases/update-on-so...
Second to last paragraph, second sentence.
[+] [-] kjs3|11 years ago|reply
This ended so well last time we did it.
[+] [-] wyager|11 years ago|reply
[+] [-] nick2021|11 years ago|reply
[deleted]
[+] [-] stealthlogic|11 years ago|reply
[deleted]
[+] [-] jdalgetty|11 years ago|reply
[+] [-] Zigurd|11 years ago|reply