Saturday, December 20, 2014

Hack attack

The FBI -- putting its rep on the line -- says that North Korea is definitely fer sure behind that Great Sony Hack Attack. Yet North Korea says not only that they didn't do it, but that they want to join with the US in a joint effort to uncover the real culprit. Of course, that will never happen -- especially since NK feels compelled to word their invite in a very uninviting fashion:
"If the U.S. refuses to accept our proposal for a joint investigation and continues to talk about some kind of response by dragging us into the case, it must remember there will be grave consequences," the spokesman said.
That kind of talk is not a way to make new friends. And certainly not the best way to allay suspicions.

Here is the FBI's evidence against NK:
The FBI said the malware "revealed links to other malware that the FBI knows North Korean actors previously developed."

Further, the FBI noticed "significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea." For instance, the FBI said several IP addresses with "known North Korean infrastructure" communicated with IP addresses "hardcoded" into the malware that ripped through Sony's systems, deleting data and swiping sensitive information and rendering thousands of computers inoperable.

The FBI also said the "tools" used in the attack are similar to those in a North Korea-led attack against South Korean banks and media outlets last year.
But what if the FBI has it all wrong? (That link goes to a Rachel Maddow segment which I'd like to embed here but can't.)

The Christian Science Monitor talked to some experts who don't agree with the FBI's assessment...
“It’s mostly a repeat of information that has been in the public before,” Rob Graham, chief executive officer of research firm Errata Security, said of the FBI's statement issued Friday.

Many prominent names in the field, Graham and others, took to Twitter to express their concern. "I'm completely underwhelmed by the FBI's 'proof' attributing Sony attack to North Korea," Graham tweeted from his @ErrataRob account.
All of the technical watermarks can and frequently be falsified or mimicked by hackers.

“We know that hackers share malware on forums. Every hacker in the world has all the source code available,” says Mr. Graham.

“I think you have to go back to the original ransom note,” says Graham Cluley, a former antivirus software programmer and security consultant who currently writes about the industry for grahamcluley.com, a security blog.

“It didn’t ask for 'The Interview' to not be released, it asked for money," he says. "In Dark Seoul, there were no demands. They just wiped everything. We’re not even entirely sure that North Korea did that attack. We think they did, but it hasn’t been proven.”
My take? I'm not going to say that the FBI is incapable of lying. Far from it! But I can't think of any instance in which the Bureau did anything to risk injury to its god-like reputation for tech prowess.

On the other hand, Cluley raises some damned fine points -- points which most journalists covering this story refuse to mention.

The BBC presents a more-or-less balanced look at the details....

1 comment:

James said...

It's getting to the point where anytime I see anything in the media that's attributed to "US officials" I automatically assume it's misinformation.

The fact that our government has come under tremendous scrutiny for violating the security of the entire internet infrastructure leads me to believe that the more likely reality is that this attack was perpetrated by agents sympathetic to the US with the intention of creating a highly-visible incident which could then be leveraged as justification for another round of draconian security measures. This time, they'll be taking place in cyberspace. Think SOPA on steroids or something similar.

I'll be the first to admit that my first instinct is generally to imagine a worst case scenario and then double it, but based on the events we've all witnessed over the past 15 or so years, I think I may actually be too conservative in my approach.

I'd say only time will tell, but if the cabal creating the reality we're all subject to has their way, that may not be true.