NORKS? Pffft. Infosec bods BLAME disgruntled insiders for savage Sony hack The FBI has reportedly mulled the possibility that disgruntled ex-employees or hacktivists, rather than North Korea, could have been behind the devastating hack of Sony Pictures. Infosec bods remain deeply sceptical of the official line that Norks breached the film studio's systems as a reprisal for Sony’s production of a …
I posted this, 5 days ago....
The North Koreans didn't do this
But the FBI doesn't want to waste a good crisis in the advancement of the police state.
Next up: More draconian cyber laws, its for the children...
I share your feelings on this one, from my post from 6 days ago:
Re: Hmm.... the hijackers* have been strangely silent...
@Mark 85
I read the hacker/data thief has already shot the wad. Dumped all the data in one go. The hack was done to embarrass Sony, this shit storm over the film is media manufactured, and the 3 letter gangs are slurping it up. I don't think this is a state attack. Maybe Sony needs to look within.
"......Maybe Sony needs to look within." Oh, definitely, but that doesn't get the Norks off the hook. If you look at security stats, the largest number of breaches are the result of insiders or disgruntled ex-insiders. And who hasn't thought about trashing some smug ex-employer? The thing is, most of us have to pay bills, so when we leave one job we pass on the revenge bit because we're busy looking to avoid a criminal record as it doesn't help in looking for that next job and getting settled in there. Or, if we're the disgruntled employee, we're usually keeping our heads down and looking to keep our jobs so we can carry on receiving a paycheque. Only two types of people go from disgruntled employee to cyber-crim, and those are the stupid that let their desire for revenge overcome that for self-preservation (http://www.newsmax.com/Finance/hacker-cost-security-threat/2014/09/26/id/597008/), and those that come in contact with career criminals and get made an offer they decide is too good to pass up (http://www.bbc.com/news/technology-29221315).
Now, if you are Kim Jr's go-to-guy for cyber 'justice' and he has asked you to attack Sony, he would have done so at pretty short notice. You wouldn't have the usual time, maybe years, to build up a picture of Sony's defences, to craft attack tools and gradually crack your way in - Kim likes his quick results and has a nasty habit of killing those that fail him. So the quickest and surest way to short-cut the process would be to reach out to cyber gangs (probably via those under Chinese control) and find yourself that disgruntled ex-insider. Hacktivists groups usually contain plenty of e-crims, a few thousand dollars here and there would buy you the right connections, and many of them already have an exaggerated and self-perpetuating grudge against Sony.
The FBI investigators will treat the Sony hack as just another crime, and every crime needs motive, opportunity and means. The Norks did have motive, Kim Jr has plenty of means/cash to throw at such a gig, and hiring a disgruntled ex-insider via hacktivist channels would definitely give the opportunity. So, the likelyhood an insider was involved in no way reduces the chances Kim Jr was involved.
Norse has identified a group of six individuals – from the US, Canada, Singapore and Thailand – as potential suspects. One of the alleged perps is a 10-year veteran of Sony Pictures’ backroom technical staff who lost his job in May.
How.jpg
Did the query the NSA database? Did Sony give them full access to extended activity logs??
Most security companies have bots which log 24x7x365 on all interesting IRC channels. In fact there are days when there are more logging bots on some channels than real human beings.
They also try to trace/track all "interesting" new individuals/arrivals to improve their dossiers/files as this is something they regularly trade in. So I am not surprised that they have logged and traced all ex-Sony staffers which appeared on 4chan and elsewhere this year after being laid off. I can also bet that all of these hacker wannabies did not have even the fraction of the experience necessary to successfully hide their trail.
However, even if the Sony hack was done by ex-staff, which is quite likely, this is one of the rare cases when that lead will not be followed and none of them will be prosecuted. Ever. The reason is simple - it is a perfect Casus Belli to promote all kind of protectionist measures under the guise of national security and it is a perfect opportunity to continue waving the NORK bogeyman effigy.
There is not now, nor ever has been, anything ungrammatical about the so-called "split infinitive" in English. Prescriptivist pedants in love with trying to impose Latin grammar on English invented the "rule" a couple of centuries ago, out of thin air and their own imagination. Ask any REAL linguist, or read up on the subject. You could start here:
http://www.grammar.com/split-infinitives-2/ or here http://www.lel.ed.ac.uk/grammar/splitinf.html
Of course, I may be rashly assuming you're interested in knowing how English ACTUALLY works.
Or any of the agencies involved, was that they wanted it to be North Korea, which cripples the investigation to start with.
That seems to be the norm in those circles. In this case we don't really know, but I suspect that unrevoked access credentials is indeed the root cause. Many other people here probably do too. If it turns out to be true, then I wonder how the FBI (et al) will manage to spin the story. Yes, they'll look pretty silly, but they don't seem to mind that as long as they can fool themselves.
I remain convinced it was an insider job. If this does turn out to be the case the FBI could always claim they deliberately went along with the Korean red herring in public so that the real perpetrators would be lulled into a false sense of security and continue with their email threats on Sony (maybe this is actually what the FBI did, as it's possible they might actually know what they're doing)
"You really think he's that eager to lose another war? Or anyone else in his administration? What kind of gluttons for punishment do these yanks elect?"
America lose a war? Nahhhh, they only have victories and they saved your 'sorry limey asses' in world war II.
See below for a list of stunning victories, this is by no means an inclusive list:
Border War Mexico, Nicaragua 1933, Intervention in Russian Civil War 1918, Korea, Vietnam, Laos, Cuba, Lebanon, Bosnia, Nicaragua, Somalia, Iraq I, Iraq II, Afghanistan, Yemen, Pakistan.
Oh and the war on drugs, they won that one as well.
These were massive victories through feat of arms by the finest country in the galaxy. Anyone who says different is a pinko asswipe limey faggot.
Yes the Americans don't mention that too much in their history lessons, heh.
The British "Burning of Washington" in the War of 1812 was a standard feature of public-school US history curriculum when I was a lad, and it was more recently for kids I know. So shut the fuck up, eh?
For that matter, a considerable portion of the US population - quite possibly a majority, based on polls - are aware that our post-WWII military adventures have not gone well.1 Certainly there are a goodly number of militaristic idiots2 in the US, but that's true of every nation I can think of.
1Whether the ones before that "went well" in any reasonable sense is another question.
2I just read a newspaper column by Cal Thomas this morning in which he claimed that we haven't won recent wars because we got rid of the draft. Yeah, that's the problem. If only our cannon fodder had been less willing!
Hi Matt.
I was not directing my comments at anyone in particular, I was just voicing the kind of balanced reasoned comments I hear when the new US empire dwellers describe the limey faggots of the old empire.
I happen to be a stupid ill educated drunken paddy (plastic [born in Wimbledon]) so I class limey asswipes as they.
"I was not directing my comments at anyone in particular....." Don't worry, it's just an English habit to delight in reminding the Cannucks and Yanks that they're all actually colonials. So are Paddys.... <ducks to avoid incoming>
The "moose-humpers" reference was to the infamous Jerry Shadowitz opening of the Montreal Comedy Festival. For those that don't remember him, he had an insult-laden act and opened that evening with the line; "Hello moose-f*ckers. You know what I hate about this country? Half of you speak French and the other half let them!" It lasted about ten minutes before an irate Canadian in the audience got up on stage and punched him unconscious. The funny bit is Canadians always apologise when I remind them of the event, like the punching was some stain on their national character, and insist the puncher must have been French!
Anyone who says different is a pinko asswipe limey faggot.
Puh-leese! How many times do we have to tell you? It's "commie pinko asswipe limey faggot". If you leave off the 'commie' it detracts from the 'pinko' and almost makes it sound fashion forward. I have to be honest, the oversight brings what started out as a 10 down to a 6 maybe 7 tops. A good effort but do try harder.
(maybe this is actually what the FBI did, as it's possible they might actually know what they're doing)
Possible, yes. Probable, no. It's also possible our dog knows as many swear words in Cantonese as I do since on hearing certain words we both turn toward each other with the "was it you" look. In the end it doesn't take a rocket scientist to know when it's a good time for both of us to retire to the shed for a few hours.
Smoke and mirrors here... The three letter gangs only focused on the code being of North Korean origin. From there any number of spins were put on the story. Consult your local rag for the local spin.
As soon as that happens, there is no longer anything to see.
Most likely, there will be no turn, and the whole subject will fall out of the news, until the US releases some half assed apology, like a school boy toeing the sand in like 3 years. Something like: Sorry about that Sony remark, I'm sure we can move past it. No hard feelings?
I want the TinFoil had icon, and I want it now!
So, the Black Helicopter it is!
Many of us have been saying that it probably wasn't the Norks... And we got the downvotes for the logic by those (bots maybe) who either wanted to believe it was them, or possibly Sony shills who wanted their PR believed. And then there's the opportunistic politicos pushing the Nork angle for their 10 second sound-bite between rounds of golf.
BTW, the media today has started spinning the tale that the entertainment division which has been profitless for quite some time (by Wall Street standards) might be doomed.
No downvote from me. My recollection from a number of US DoD Information Assurance classes and assorted other reading is that the major IA risks (both probability and cost) are, in descending order, (1) the Admin or other privileged operator who screws up accidentally; (2) the disgruntled current or former Admin who does damage intentionally; and (3), with much lower probability than either of the first two, the outside hacker.
Recent troubles with POS terminals might have rearranged the costs, but unless each POS terminal is considered a separate case it is likely the probabilities are unchanged and are likely to stay that way.
The Sony breach clearly shows malice, so administrative error can be eliminated except for possible failure to implement a proper security model and prevent access ex-employees. The North Korean link was suggestive but should not have diverted attention from systematic analysis of the breach that looked at the likely sources in a logical order.
"(1) the Admin or other privileged operator who screws up accidentally; ...Recent troubles with POS terminals"
Given that at least some POS hacks have been achieved via subcontractors given access to an unsegmented LAN perhaps these should be attributed to screw-ups.
the first major corporation brought down entirely by bad system security
I'm not sure what you mean, since your phrasing is rather ambiguous (is that "brought down [solely] by bad system security"? "brought down [completely]"?), but in any case I'm not sure that's true. If you meant "brought down completely" then Sony Pictures US obviously wasn't, in any lasting sense. If, on the other hand, you mean "solely", then I suspect there are other examples of firms that have sustained similar damage due to IT security failures. (Obviously "major corporation" is a subjective evaluation so we'll have to leave that aside.)
Indeed, under typical definitions of "security" as a term of art in the industry, the Knight Capital failure would be a security breach, since it was an error in application administration that led an application to perform incorrectly and cause damage. Typical technical definitions of IT security are along the lines of "ensuring a system does what it's supposed to do, and only that, within the limits of a threat model".
An example closer to the popular sense of "security" would be HBGary Federal, which was apparently1 significantly damaged by the social-engineering crack of Aaron Barr's account and document leak by Anonymous. A year later HBGary's assets were acquired by ManTech, so it ceased to exist as an independent firm, which is as close to "brought down" as a US corporation generally gets.
1It's hard to say how much damage was actually done, and in particular how much any person responsible actually suffered any inconvenience. Aaron Barr resigned, and "Team Themis" was supposedly disbanded. But the investigations don't seem to have had any real effect.
forensinc IT technical assistance and swear that they were not behind a breach of a bad low budget "comedy" from a company that had suffered serial breaches in the past, rather than chest puffing "Of course the Honourable Korea did it against the yankee dogs", then I for one actually belive they had nothing to do with it...
Now, How woud you, in the current political climate, advertise a bad low budget "comedy" from a company that had suffered serial breaches in the past?
I wonder....
As much as I (and all the rest of you) would love to say 'I told you so', the evidence provided by Norse is as thin and circumstantial as the FBI's on North Korea's involvement.
Norse are putting their reputation on the line by saying all this publicly so they must believe they are right at least. No doubt they have witnessed the forum posts and irc logs with these Sony ex-employee's talking about their logins and there is a good chance this all stemmed from that. A lot more likely than NK being involved.
The FBI don't care about their reputation or livelihood as they will still have a job even if they turn out to be wrong. Like the Assad chemical weapons attacks and imminent Iraq attacks, after a while it can quietly be blamed on bad intelligence.
Until there is definitive prove (if there ever will be), i'll be trusting the one's not under employment of the US government.
"As much as I (and all the rest of you) would love to say 'I told you so', the evidence provided by Norse is as thin and circumstantial as the FBI's on North Korea's involvement."
1: It's more likely. Skiddies reuse other people's bag of code tricks
2: The language, iconography and idiom in the attacks pointed to native english speakers
3: The GOP moniker pretty much _screams_ "USA attack" from the rooftops.
It may be false flag, but the history of corporate hacks is littered with far more inside jobs than anything else.
If the North Koreans were involved, it would be as a later participant. The initial phase, which lasted months given the amount of data in terabytes that was extracted before the vandalism attack. I know how long it takes to transfer terabytes even through fatter pipes. Toss in remaining covert, well it really would be months. Additional evidence that more than one "interest group" was involved is just the schizophrenic nature of the entire pattern.
Typically, these investigations take months yet the FBI jumps up and says "case solved" in less than a month. Right.
This post has been deleted by its author
-Could be an ex-employee
-Could be hacker collectives
-Could be hacker collectives who did some research beforehand by recruiting disgruntled former/current Sony employees or contractors for information or participation in the attack
-Could be North Korea
-Could be a hacker collective recruited by North Korea
-Could be a hacker collective employed by North Korea, which approached disgruntled Sony types.
-Could be a third power, like China, trying to stir things up between the U.S. and North Korea
In short, the list of suspects who might get their rocks off hacking a major Hollywood studio that is producing a satire about North Korea is pretty much endless...
I have worked with organizations that transferred tens of terabytes PER HOUR, 24/7!
Even Sony Pictures' sysadmins would probably have noticed that sort of traffic over their Internet connections.
I haven't looked into how modern digital movie distribution works, but I'd guess they use a CDN of some sort, so it's quite possible that to steal regular documents from SPUS you'd have to hide them in normal traffic over a typical corporate Internet connection. And there may have been other bottlenecks, depending on where the data was going and how it was getting there.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
