Take off
and nuke them from orbit. It's the only way to be sure.
The Federal Bureau of Investigation has claimed to have found evidence linking North Korea with the hackers who ransacked Sony Pictures' servers and dumped gigabytes of sensitive data online. "As a result of our investigation, and in close collaboration with other US government departments and agencies, the FBI now has enough …
Well, specifically the evidence they say they have that proves that NK did it would be a good start.
If they can't show that for whatever reason of National Security (yeah, like we don't know now that they're tapping everyone, please), then at least demonstrate that there is a clear IP trail between the hacked Sony server and a NK computer.
Because if they can't demonstrate that publicly, then they have no credibility to state that NK did it.
And if they are indeed convinced that NK did it, I find it laughable to believe that they actually fear NK terrorists on US soil. NK is certainly a threat to South Korea, but NK does not have the muscle to be a threat any farther than that.
Shouldn't be too tricky - by all reports the whole Nork government relies on an internet feed based on a couple of 64K dial-up lines, or at least something pretty puny. Although presumably the great chubby one with the lousy haircut has something better so that he can download western 'entertainment'.
Seriously though, does anyone know how NK gets the internet? Presumably there are some connections that go beyond the border? Who supplies them? Can they be switched off?
"Cut all internet cables to N Korea. Problem solved."
Not really; they also complain that they're being hacked by at least China and Iran. Also loads of other are 'stealing' their IP. Better to cut all the cables going into the US of A, and forget that the rest of the world doesn't exist.
read the UN letter - they didnt promise revenge - and they didnt declare it an act of war. They did suggest that it was supporting terrorism - which in a way it is - as no film has previously been made featuring the murder of a current head of state (KJI).
I believe Bruce in this one - its a stitch up in any event
Agreed. "Comedy featuring assassination" (and in graphic slo-mo, if that spoiler is anything to go by), is a contradiction in terms. Not that I think hideous bad taste should be followed by "righteous deeds" from the GOP (not the Republicans, this time), but it remains hideous bad taste.
no film has previously been made featuring the murder of a current head of state
I find that extremely difficult to believe.
Let's see: Hot Shots! Part Deux (1993) features the murder of Saddam Hussein (president of Iraq 1979-2003), and if memory serves so did the first installment. Death of a President (2003) describes the assassination of George W Bush during his presidency (2001-2009).
There - that's two (or three) counterexamples. And I bet there are a whole frickin' bunch of less-well-known ones. Do you really think that no art student has ever made a film about the killing of a sitting head of state? Why people feel the need to traffic in this sort of implausible certainty I do not understand. Just think about that claim, and how very improbable it is.
Certainly nobody wants to provoke a war on the Korean peninsula. Hell, the Norks sank a South Korean frigate and drowned 50-60 sailors a couple years back, and got away with that without a shot being fired.
And nobody really wants to withdraw whatever humanitarian aid is going to North Korea, because they don't want another potential famine there.
And you can't really declare a U.S. cyberwar against the Norks, because so little of their economy touches the internet anyway.
I suppose you could further tighten the sanctions on North Korea, but there's not much that is not hit by sanctions at this point.
So the biggest effect of this incident is that it further poisons the well on reducing sanctions if the North ever really did want to deal with the West. However, it's not like that well wasn't already pretty heavily poisoned before.
Dumb question, but really why did we need that much evidence? The fact that the hackers never leaked The Interview was a bit of a hint. The fact that the (supposed) hackers demanded The Interview be canned was another. The fact that the NK government caused the hacks a righteous act was another - any sensible government trying to distance themselves would have issued a statement condemning the hack.
North Korean hackers are experts on motion picture studio management? Instead of threatening to nuke Sony and America with canned Stalinist bluster - as they usually do - they have the political insight to find and release exactly the right emails to make Sony manudjment look like utter wankers?
That doesn't look very Norkish to me. It looks more like something Team 4Chan would do.
1) Yep, it's strange that in their early contacts there was nothing about the movie until someone brought it up.
2) Re-used code and the IPs' found in it. Ok.. like those who do this sort of thing don't recycle code?
3) Now the GOP is saying that if the movie is never released, they'll stop releasing data. Hmm.... is it because they wanted money first, didn't get paid and decided to change direction? Or something else?
4) I note the popular press makes more fuss about the email and the "jokes" than about the released details of the worker bees. If that's all the press can get indignant about, it's very telling that we in the States and elsewhere are in deep trouble and probably don't realize it yet.
5) I wonder what the MPAA would say if suddenly new movies from all over were released via torrent? I'm betting there would be a call for thermonuclear war. Oh wait.... they're in Hollywood which is a nuke free zone.
More telling to me was the response George Clooney got from the industry about "standing up to this". He's right. No balls to stand up against it, just cave in and give them what they want. What's next, everyone has to stop eating bacon because it offends some lunatics?
And for those who think I'm changing my views on SONY, etc.. I still wouldn't go see this. If it were a good movie, yes. It's one thing to put in the theaters and people don't show up because it's bad. It's another thing to cave-in and not even offer it.
doesn't the U.S. Have laws about threatening the president even in jest. I remember there was some fuss about mark thomas jokingly offering a bounty on George Bush. One of his standup routines had a bit about his subsequent conversation with American legal advice and having to explain to the family why he couldn't take a trip to Colorado
"laws about threatening the president even in jest"
Not just that. About 20 years ago (that's way before 9/11) I was waiting for boarding at a smallish US airport. There were those metal detector frames and a big sign saying passengers had to pass through them, they would be refused boarding if they didn't, it was a federal regulation, and it was against the law to mock, parody, or make any jokes about federal laws and regulations (don't remember the exact wording - it was quite formal).
There was a bored cop standing next to me. I asked if he would arrest me if I told him a joke about going through metal detectors while boarding a plane. He looked puzzled - I pointed to the sign. "Hmmm, I guess I would have to arrest you, sir... Never thought of that..."
This post has been deleted by its author
Anon Coward - Yes, Iraq had illegal chemical weapons in the nineties and used them (just like the USA still has chemical weapons and has used them), they faced sanctions from the UN and agreed to destroy them. This destruction process was overseen by the UN and verified complete long before the second war in Iraq. Sure Iraq didn't really welcome having to give up these weapons, after all they had a belligerent neighbour and enemy, Iran, against whom the chemical weapons were an effective deterrent (sound familar?). Besides which, does any sovereign country like to be told what to do? The US flat out ignores international laws and gets away with it, so why should anyone else pay attention to them?
We all remember Colin Powell telling the UN that despite what the UN weapons inspectors said, that Iraq was still producing chemical weapons. After all they had pictures of mobile chemical weapons labs, only after the invasion they turned out to be ordinary lorries. They had 'intel' about chemical weapons plants, only they were just ordinary factories and warehouses. When you go looking for 'evidence' after you've already decided the guilty party you'll inevitably find some evidence, no matter how flimsy, which you'll bend to fit that theory.
Note I'm avoiding the term WMD, since Iraq has only ever had chemical weapons unlike some countries which also have nuclear and biological weapons - both of which are far, far more capable of "mass destruction" and which are also illegal.
Exactly.
The Russians have recently cottoned on to the fact that when the holders of the moral high ground have no regard for international law abroad, or US national law at home (the Constitution), they may as well just join in. The message, loud and clear, is that certain countries, like certain politicians, are above the law.
It doesn't bode well if China eventually decides the same and just does what ever it likes.
Might != right.
The only (official) reason the US invaded Irak was the search for nuclear weapons. That was the smoking gun and the reason Irak was branded 3rd most powerful army of the world (hyurk, hyurk).
Time and time again Bush and croonies declared that Irak was working on/already had ICBMs and they were pointed toward US targets. The threat was supposed to be real and present.
Nobody ever mentioned chemical weapons. Nobody ever denied that Irak had them, because there was ample proof (from courageous journalists doing their job - those were the days) they did, but that was NOT the reason to go to war. Twice.
Pascal you're confusing Iraq and Iran. No-one ever said Iraq had nuclear weapons.
Even the 'intel' suggesting that Iran has nuclear weapons is shaky, it's never been substantiated. Iran does have power generating reactors, and they have enriched uranium for use in those reactors but beyond that no-one has ever produced solid evidence that they are gathering weapons grade plutonium for a bomb. They are also a long way off creating ICBMs, long range rockets yes, ICBMs no.
Let me clarify that last post, the US administration did not present evidence, nor to my recollection did they even mention, the existence of nuclear weapons in Iraq in the months before the second invasion by allied forces.
Iraq did have a nuclear weapons program at the time of the first gulf war, although they never had a working device. Their nuclear facilities, including their civilian power plants were destroyed by the allies and Israel during that period which ended their nuclear program.
The possibility of nuclear weapons was not the reason for the first war either, that was the Iraqi invasion of Kuwait. If the Americans had any interest in finding nuclear weapons they wouldn't have withdrawn from Iraq after just one hundred hours. They drove the Iraqis from Kuwait, pursued the withdrawing Iraqi army briefly across the border and then packed off home again. They didn't spend any time searching for WMDs.
Your're not really not serious are you? America has been fighting a war for over a decade because of intel about WMD, which never existed. We went to war over bullshit info and in the process have killed thousands of people, created the most unstable region of the world and created an economy which further divides rich and poor.
In the end, you're right. But do you honestly think that things will change? Every company feels that IT and especially IT Security is a cost center. They also feel that "that can't happen to us". Well BS... if we look at who's already been hit with some massive intrusions/cracks and nothing has changed elsewhere, I seriously don't believe this is the last. It really only might be the beginning....
"Based on that statement it seems clear that the MPAA will be pressing ahead with its plans, revealed in leaked Sony emails, to rework the global domain-name system into something the studios can use to keep pirated material from becoming easily accessible."
It was a bit extreme of them, though, to attack Sony in this way and get the finger of blame pointed at the Norks, just so they can try to justify that.
I reckon that a proportionate response (or do I mean an amusing revenge? - I get so confused...) would be to dub The Interview into Korean and then have the USAF broadcast it across North Korea using their fleet of C-130 Commando Solo aircraft. That'll learn 'em!
I am a U.S. citizen and I think the perpetrators were identified too easily. Considering the White House was under attack for a couple of weeks before they were made aware of the intrusion by an "ally". Seems pretty quick for them to come to a solid conclusion on this.
Others have said and I agree. This is going to be used to further restrict U.S. citizens' free speech and increase monitoring of U.S. citizens here in the land of the *cough* free.
I have little faith in our government's ability to prove beyond a reasonable doubt that NK has any hand in this. But the USG does not like NK, so we will just say it was them.
But it is probably our government that perpetrated this crime. I think we have a habit of victimizing our own citizens to justify our actions against the ones we don't like.
The whole thing seems rather convenient.
It's hacker humour. Break in just for the hell of it. Not looking for money or to make a political statement just for shits and giggle and bragging rights over their hacking mates. Then when they've finished exploring every nook and cranny of their IT drop the format bomb and release the goods.
Then the general press - who don't understand the IT angle and have no idea how to report it to an IT illiterate audience - they take the 'what do we understand angle' and talk about films being the cause and then make an unimaginative leap to saying the people attacked in the movie must be so upset so as to have caused it! Clearly this is ridiculous. And it's at this point the hackers fun really starts - this is comedy gold - so they play to the gallery by going along with this nonsense.
It's not just me who thinks this 'the norks did it' is so ridiculous - check out Radio 4 PM news programme today with the interview with the main guy at F-Secure http://www.bbc.co.uk/programmes/b04v5xys about 32 mins in
Most security professionals are amazed by the FBI quick conclusions. The general public doesn't know how complex these attacks are and how difficult it is to unmask the identities of the hackers.
Connecting through Chinese or Korean IP addresses and using existent malware are not conclusive proofs because all hackers around the world use such techniques to hide their tracks.
Western government agencies also use the same techniques to provide plausible deniability in case their activities are uncovered.
This post has been deleted by its author
This post has been deleted by its author
The FBI takes seriously any attempt - whether through cyber-enabled means, threats of violence, or otherwise - to undermine the economic and social prosperity of our citizens.
Keynesian in Chains soon?
Obama says he thinks
Indeed. If he didn't say he was thinking, even close observation could not have detected this fact.
How do you solve a problem like the US, given its obnoxious tendency to impose its will on others. .... AC
The problem may be that they and Uncle Sam are being played for patsies and trojan horse fundamentalists for the likes of others basking in the City and/or London and/or Tel Aviv or wherever of a similar disposition, AC.
Did you not see the last few seconds of Homeland, Series 4, Episode 11? If you aren't told the real truth of your existence and how it is phormed, are you living in a virtual fantasy which is easily changed willy nilly on the whim of those who can and do, for Words Powerfully Command and Remotely Control Worlds. I Kid U Not.
People seem confused by this.
What it means is travel restrictions and frozen overseas accounts of select Nork dignitaries and military. If that isn't spectacular enough for you, tough titties, because that's what you'll get.
Oh all right then, I'll throw in an international arrest warrant for the team which flew to Thailand to do the actual hacking.
i suppose they could shut down the satellites overhead as well..
I remember well a (now deceased) acquaintance who maintained a postal address in the UK to support his Sky subscription whereas the actual receiving dish was located in Tuscany.
Get a S Korean satellite link and move it to Nork..
1) Assange is wanted for rape. In Sweden.
2) Snowden would have been a whistleblower if he'd stopped leaking after his first two leaks. He continued to leak. Tell me how it's freedom of speech and not simple treason to compromize the US monitoring of Syrian dictator Assad, or the eavesdropping on Russian underseas cables?
3) Free speech: you don't know what it is.
I think the only way to secure your network is to close bugs and not through backdoors and "prevention".
Security can not be done as 100% but you can minimize it by true code auditing and closing bugs and stop relaying on closed source systems. Free software is the only way to be secured against this kind of threats, rather than relaying on Microsoft for example. The government should be promoting free software and code auditing if they really want a better "cyber world". Otherwise is the same bullshit like "we have to put backdoor here to protect all of you". Think defense, not offense. Otherwise, one will come down at the same ignorance level of terrorists and guess what, that's what they want ...
Whilst the blame game is providing amusement for those addicted to conspiracy theories, the real issue is being overlooked.
Whoever may have been responsible for this attack, the fact that it is possible for an organisation to be so comprehensively compromised through its IT should be ringing alarm bells.
The world is increasingly dependent on IT; both in scope (the internet of everything) and scale. Yet dependability and security seem to rank FAR behind novelty as the focus of technology "progress".
... but this next time in these strange times, with SMARTR Beta Intelligence. The Great Game and ITs Rules for Reign are Changed, don't you know, by the WAI
America would have to work with other states to rethink how the internet was run and managed so that these kind of attacks could not take place again. "The internet and cyber is the Wild West right now," he [President Obama of the Clueless and Renegade to Renaissance] opined.
That would/should/could be as a foil and counter to an Exotic Erotic East with a CyberIntelAIgent Weapons Arsenal of Enlightened Entertaining EMPowerment and NEUKlearer HyperRadioProActive IT, the Wild Wacky West, with alien type tech and hot bot methodologies replacing crass cowboy and abused injun culturing. Although whenever dumb, would that be a dumber move too if IT would create a competition and opposition rather than reinforced support and clear guidance to Beta Future Paths of IntelAIgent Travel for Global Operating Devices exercising Creative Command and CyberSpace Control of Communications and Computers for Shared Absolute Power in Virtual Machine Man Management.
The abiding persistent problem for present systems of SCADA administration is that systems are being programmed badly to cater for human failings rather than being designed and rebuilt for virtual machines with perfectly clear understanding and smarter transparent intentions ….. which is surely what it is in IT and AI to be, to be a Great Human Being?
And all that it takes with IT Command and Control and CyberSpace Savvy for that revolutionary evolutionary adjustment with titanic course corrections, is already shared and most recently registered again here
IT and Media Manipulation of the Future to be Presented as a Portfolio of Accepted Facts from Fiction to be Followed and Believed Unquestionably as Gospel and Oracle, Sony Pictures Presents: the Propaganda Model It and IT and Associated Shenanigans is not rocket science, it is way more simply complex and surreal than than ……. and do it and IT badly and well for all the best of wrong reasons is catastrophically damaging and personally revealing.
Take care out there, for there is no hiding space for sharp and smart tools who would be no more than mega rich and metadata poor fools in that place.
From the little bits of information we get it would have been trivial to prevent or at least contain that infection to a small part of the company.
Just use the usual best practices for clients. Harden your operating systems, use application servers whenever possible, do not have persistent OS partitions between boots, etc. Notice that secure boot would have not helped in this situation at all.
The sensible thing to do would be to invest in actual security. Let's do code reviews, let's make our software simpler. Let us teach assembler before C in universities so people learn how to avoid buffer overruns.
Unfortunately the industry has little interest in secure systems. They want to continue to sell closed source software, they want to continue to use DRM, which means that they will always want to have ways to distribute binary code software which opens the gates to malware.
> use the usual best practices for clients. Harden your operating systems, use application servers whenever possible, do not have persistent OS partitions between boots
Let's start with "do not store passwords unencrypted in a textfile named "passwords"". Then we can graduate to more advanced stuff. Like "don't place hundreds-of-millions-of-dollars worth of unreleased media files on an internet-connected computer".
Why would Obama go to war (at any level) over this? I saw a video of the conference at http://bit.ly/obama-made-a-mistake and in no way what so ever did he seem confident in what he was saying.
This seems like its nothing more than adding fuel to the fire. The movie was going to bomb and the scandal skyrocketed the interest people had in Rogen and Franco's horrible acting. The movie will be released and will be an instant hit; being remembered as an "American Hero" thingy where America never bowed down. Its a bloody Japanese production leave it be!
Sorry, but it would appear you are not current on the news. Not only did America bow down, it also dropped its pants and bent over submissively.
That the US of A, most powerful military force in the world and first of all economic powers, would halt the projection of a mere film following empty threats from a motley bunch of keyboard warriors is shameful in the extreme.
NK is supposed to be behind this ? And we are to believe that Kim Jong has elite squads of highly-trained ninjas just waiting to bomb US cinemas ?
Excuse me if I find that eventuality's probability to be asymptotically reaching zero.
USA! USA! should have had the balls to release the film with a great big middle finger to all hackers everywhere.
Then everyone would have been able to judge just what a turd that film undoubtedly is.
More like America just couldn't be bothered. The relevant people got bored and changed channels. It's not as if one movie counts for much in the minds of all those who made the decisions.
The Sony Pictures board say it was market forces, the cinema chain managers say they were protecting their customers, the great american public was only interested in the tittle-tattle released.
Still, whoever did it, the big Nork ought to be pleased and that means the rest of the Norks ought to be deliriously happy.
IT professionals on the other hand...
I've seen the movie, its horrible and silly. If NK hadn't gotten its panties in a bunch, it would have blown over in a few weeks.
NK sees everything released in the US as being released by the US government. .Because in NK, EVERYTHING is released by the government. They don't understand this silly film has nothing to do with The US government or its foreign policy. Its weak sophomoric humor for stoners. No more, no less.
The thing is, IT security IS a cost centre, in basically the same way as health and safety building regulations/procedures, environmental protection etc. And you should invest in it for basically the same reasons - if you don't, you're going to be hit with a big-ass bill when something goes wrong.
The other areas have improved over the years, and they've been doing it longer than IT sec, but plenty of places still think they can pull a fast one on safety measures to widen their profit margins. Capitalism, how do we love thee? Let us count the ways.