Yeah...
...we'll believe you, given your track record. Not.
The director of the FBI has defended his bureau's claim that the hacking attack against Sony Pictures was the work of the North Korean government – saying skeptics "don't have the facts that I have." Speaking at a cybersecurity conference at Fordham University in New York City on Wednesday, FBI boss James Comey said he has " …
In this instance, I would say that is probably not the case, as that would imply they believe this story they're putting out. Based on the information available, however, that story would appear to be an outright and deliberate fabrication. Since we can't prove they're lying, they're free to insist it's the gospel truth.
Why would the FBI lie about this?
North Korea is absolutely loving this. Even if they didn't do it, they'd want people to think they did. It makes them look relevant and powerful, especially given the initial spineless cave in over showing the film.
What reason would the FBI have to hand a propaganda coup like this to North Korea on a plate? Unless they are pretty damn sure they did do it, and would prefer to at least control the story.
@g e
Ok, but then you're just left with the question of why would the Obama administration aid North Korea's propaganda efforts in this way? It isn't like they couldn't find another excuse for more sanctions.
This is either a complete cock up and they've made a mistake, or North Korea is indeed behind it. In either case I assume they genuinely think that they were behind it, since nothing else makes any sense.
Not "this is evidence of a Machiavellian conspiracy" doesn't make any sense, rather it just literally doesn't make any sense.
To justify more spending to defend against the North Koreans. Congress is a bit uneasy about pouring even more money into fighting terrorists (Especially since they haven't done much to the US lately), so the FBI / NSA / CIA need a new straw man to justify next year's budgets.
That's the bait, in case you have the hook.
They pretend to have the facts so when and if the facts have to be revealed, they can just make them up and walk away (it's all about plausible deniability). Sadly, you should just believe he's lying to you now, and if he ever reveals the "facts", he's lying to you then.
I approach these statements equally: it's a fact anything he says are lies, so I look for the truth in the logic of the rebuttals. But the truth is always in a cold cave, and there usually isn't a snow'den to find, so I may never know. In all seriousness, it could be exactly what the F.B.I states word for word, or it could be Mickey Mouse with his new Death Star technology...they are equally probable to me.
People usually freak when they realize the government lies to them. I don't. Go ahead and lie to me about the nukes, because the truth won't help me sleep any better. However, why the fuck is a U.S.A government official lying to me about a PRIVATE JAPANESE COMPANY!?!?! It saddens me that companies like Sony (in fact Sony did) change my countries laws regarding the rights of it's private citizens, AND, have my country's government agency which is paid for by MY TAX DOLLARS (NOT SONY'S!!!) look into this shit.
So for this entire matter, fuck the F.B.I. and I hope Sony gets hit even harder next time. MAKE THEM CRAWL!!!!!!!!!!
Is it not obvious that the NSA/FBI are behind the attack? They need a perceived cyber terrorist "threat" in order to maintain the funding and powers needed to carry on doing what they are doing. "Next time it could be an American company that gets hit, we need to defend against this..." I am fairly sure we will hear them say this soon.
"I have very high confidence in that attribution."
Unfortunately the à priori probability of a govt official being right or actually telling the truth is so low right now that its multiplicative factor drags the gentleman's high confidence straight into the shitter.
Especially when the FBI is involved as these are they guys bragging about discovering terrorist plots that they themselves incited.
And it's not as if the authorities on that side of the pond would knowingly allow false evidence to make it's way through their legal system, is there?
Oh, wait...
...or ignore concerns about their own evidence?
Umm...
The reason the Ferguson "witnesses" were allowed to present their evidence was for a simple reason - if they had been excluded it would have given the activists another reason to deny the findings of the jury. Letting those "witnesses" state their claims, such as the infamous "hands up" fabrication, allowed the jury to consider and reject those very claims as fraudulent and at the same time took the wind out of the deniers' sails.
As for the "tainted" evidence article, it opens by pointing out that one of the parties opening the investigation was the FBI. The review of over 2100 cases found five cases where DNA analysis - a technique not available at the time - showed hair-matching analysis used in evidence could be wrong (http://wrongfulconvictionsblog.org/2014/07/22/kevin-martin-exonerated-after-26-years-in-prison-fbi-forensic-hair-analysis-in-error/).
If you're going to confront racism, don't pussyfoot around about it.
The reason the "witnesses" were allowed to present their "evidence" is that if they weren't there would have been an all out race riot in Ferguson with the biggots in the WH supporting the burners and looters.
It's time we stopped kowtowing to racists of any kind.
"There is not much in life I have high confidence about,"
Maybe I'm just being too judgmental on the poor dear, but shouldn't the Director of the FBI have quite a few things he's highly confident about? I mean, theoretically, he should be able to stand in front of a judge in a criminal case and say "Your honor, we of the FBI are highly confident this man is as guilty as sin". A man shouldn't go to jail because the Director of the FBI says "We're fairly sure this guy might be guilty."
And shouldn't he be highly confident in the capabilities and levels of professionalism that his employees have?
What about high confidence in the investigative methods the FBI uses?
High confidence he can find his way home at night?
Sorry, but if a man is to be denied his birthright to freedom, I prefer it to be because there is incontrovertible proof, not because some official from a 3-letter agency declares he is highly confident that said man should be put in jail.
And the fact that the FBI states that IP addresses are a strong basis for its opinion does nothing to reassure me that he actually knows what he is talking about. He would need to demonstrate that he had proof that said IP addresses had not been spoofed before I even started to begin to give credit to this White House mouthpiece' drivel.
Oh Dear.
verb: evidence; 3rd person present: evidences; past tense: evidenced; past participle: evidenced; gerund or present participle: evidencing
1.
be or show evidence of.
"the quality of the bracelet, as evidenced by the workmanship, is exceptional"
Evidence is a verb according to the OED and according to Merriam Webster, and has been since at least 1610. Even Wiktionary knows it.
The Dictionary of Modern Legal Usage entry on evidence (noted as a transitive verb) is available via Google Books.
I agree: Lynn Truss would probably be sad if she read this thread.
If they have access to Sony' external network, then certainly. Set up a router (Could just be a basic PC with a BGP daemon) on a network that allows BGP advertisements and start advertising for AS131279.
Trivial BGP trickery that can be carried out in afternoon by a network engineer with a just a basic consumer router (with DD-WRT or similar installed) and a second device behind it to generate SMTP traffic.
Where I come from - which is the best part of half a working lifetime in forensic investigation - if you think you have evidence you'll present it in public in a forum in which it can be challenged. If you don't do that you don't have evidence. If it fails the challenge you don't have evidence. If it passes the challenge you've finally got evidence.
On that test Comey doesn't have evidence.
It's really hard to imagine anything which would create sympathy for the N Korean regime. Washington needs to step back, take a long look at what it's doing and realise that it seems to be making serious efforts to create such sympathy.
Bearing in mind the norks block internet access to 96% of their population, and those 4% that do have access have a heavily censored internet (http://www.nytimes.com/2006/10/23/technology/23link.html?_r=0), how many open proxies or VPNs are likely to be using nork IPs?
I am not saying that the it's impossible for a hacker to appear to be attacking from North Korea, and I am not saying that the US Government would not use hackers for this sort of thing, but I think they would only do this sort of thing if they gained in someway, after all, any act like that could be considered an act of war, and while the norks would probably lose in a conventional war, they do apparently have the Nuclear option, and a leader that is, I believe, mad enough to use it.
Sony, on the other hand, have a movie that is currently making far more money than it probably would have had the hack not happened, and conveniently still had access to enough computing power (and the old Blackberry system they used to use) to keep them going.
Let's face it, this is an organization that routinely overstates or hyperbolizes to drive the narrative it wants. Now, the FBI is hardly unique in that fault (God knows how many tech companies do that), but still, if you really want people to believe that Sony Pictures was hacked by North Korea, then you are going to have to show some serious cards.
(Sherlock would do that!)
Given all the stuff we've heard via Snowden about NSA, why is it so hard to believe that the FBI would have access to vastly more information on this case than they can make public, precisely to protect the types of capability that Snowden managed to expose?
For those naive enough to think that the fact they haven't shared all of the evidence means it doesn't exist, well there's little hope for you getting far in life without your tin hat anyway.
is that the only reason they would have to not disclose this information is operational secrecy... if they were to say we used prism to pull jong-un's email ordering the hack... and here it is... no one is in danger and it exposes no new info.
i figure the "evidence" is a spy... maybe they are eager to leave and jumped on the opportunity? lies be damned...
"For those naive enough to think that the fact they haven't shared all of the evidence means it doesn't exist, well there's little hope for you getting far in life without your tin hat anyway."
You need to realise that they haven't shared any evidence. None. All they've done is make allegations and expect the public to believe them. In any forensic context the purpose of evidence is to convince the public or at least the public's proxies, jurors, of allegations (or denials in the case of the defence). In such a context evidence is what's presented and tested in court. If it hasn't been so presented it's not evidence, it's just allegations.
The question of whether to withhold intelligence material or present it as evidence isn't new. At some point, if you believe in the rule of law you either have to present that material as evidence and have it tested or shut up; just saying you have it doesn't cut the mustard. Having had a lot of your methods outed should make a decision in favour of disclosure easier - if you've got nothing left to hide... Another major factor here is that the US has taken retaliatory action. Even though it has done this without due process it might be wise to present the evidence that would have been produced had due process been followed.
For instance in this case it's being claimed that some messages were sent from addresses "used" by NK. In what way were they used? In their allocation block? In servers outside NK but used to host some service for them? If the latter, what sort of service? The Little Leader's Hotmail A/C?
We are seriously being asked to believe that someone who is capable of a break-in of this magnitude is incapable of covering their tracks in sending messages; is that so or is it more credible that someone who achieved the break-in is also capable of routing their messages to mislead? Sceptics have pointed out that the claims on behalf of NK didn't start until the media had made the link to the film; what's the timing of these messages from alleged NK servers in relation to that link being made.
FYI, although there were circumstances when a tin hat and maybe a Kevlar jacket would have been useful, I've got quite far in life. Part of that has involved looking quite critically at what information alleged evidence actually provided.
Until the FBI spokesfolk get some skin in the game and present actual verifiable facts, that would hurt if disproved, our confidence in what they say being true remains in the gutter.
They have lost our trust, and need to regain it with interest before such announcements mean I'll put my copy of The Beano down to listen to the news announcement.
"Even if the attacks did originate from North Korea, no one is discussing whether it was the work of a bunch of script kiddies or a state-sponsored group."
You think that the whole fucking world is just like your home town, don't you? Let me give you the clue that you so badly lack: North Korea is not like anywhere that you or anyone else on this site lives.
How could you not know this?
http://www.bbc.co.uk/news/world-us-canada-30661973
It not just the FBI that has to cover its arse..... the accusations were made, and further sanctions were imposed (mostly low end arms sales, one of NKs major exports). Ob cant back down because he was wr... wro...wr... wr... (dammit)... not correct...
If the FBI was to turn around and say "gee it was X, Y or Z", then the state dept would also look (more) stupid.
When you think about it, its almost the perfect crime, if it were carried out by someone else - because the FBI (NSA or whoever) CANT finger anyone else now.
Mr Comey can be as confident as he likes, and I hope that works out for him.
But if he's suggesting that other people's resources, e.g. US taxpayers' money, should be funnelled into action based on his confidence, then it would behove him to make others share that confidence.
Obviously he's trying to do this by spreading his "confidence" to other establishment bigwigs. It would be nice if he were required to actually persuade "the taxpayer" of what he's talking about, but sadly that's probably not necessary. "Sovereign rights for North Korea" is not a hill that American voters will want to die on, and who can blame them.
The bigger question here is: "so what?" What if it was North Korea? Exactly what sovereign interest of the American people or taxpayers was violated here? Sony isn't part of the government, is it? Then why should the federal government be out to avenge their wrongs? If Sony can identify the group that attacked it, let it sue them and the courts can sort it out, the way it's supposed to be; then the government can enforce that ruling once it's made. Until then, sit down and shut up.
Given that the FBI is an internal police force, investigating on US soil, surely once the perpetrators have been positively identified, they stop work. I mean, there's nothing further to be gained unless you think you can drag NK into a US court. Given that that's unlikely, there should be no harm releasing the evidence so that we can see that the sanctions are justified. The FBI aren't (officially) spies so there should be no outside-US, NK informants to protect.
If you aren't charging anyone and you aren't releasing the evidence, keep out of foreign affairs, especially since a country with an under-developed tech industry was probably just taken advantage of.
And yes, I suppose that this means that since the US hacked servers in Iceland, Angela Merkal's phone, and lots of other hacks, ddos attacks and spam intrusions originate in the US, we should all be imposing sanctions on the US, right?
'"When the group calling itself Guardians of Peace sent threatening emails and made other online statements, Comey said, it mostly used proxy servers to disguise the messages' origins. "But several times, they got sloppy," he claimed.'
Right.
So the evidence they have has satisfied them that e-mails and "other online statements" made after the attack came from an unambiguously North Korean IP range.
Great. And?
Is it so unreasonable to think that someone in North Korea capitalised on this and sent these missives as threats, despite not being the actual perpetrators? Or perhaps there is a mixture of sources; perhaps the messages that were bounced through proxies were from the real attackers and those that did not and were subsequently traceable to Nth Korean IPs were the ones sent by genuine North Korean actors to capitalise on the event.
Or, perhaps those un-proxied messages were still the actual attackers but were deliberately sent 'sloppily' by using an infected PC or two in North Korea*. Based on reports from professional security researchers, it seems that there were bits of identifiably North Korean code used in the attack that can plausibly be considered red herrings. It might seem like a lot of effort but if you are going to attack such a large corporation and commit so very many serious crimes then no effort is really to much to not get caught.
Either way, until there is some evidence on the table, it's condescending (not to mention naive) for the FBI to expect people to just trust them on it.
* - Sure, there aren't many PCs and they are very restricted one assumes but it's certainly possible.
This post has been deleted by its author
So the FBI 'claims' that the Norks hosed Sony & have supporting evidence to back up said 'claim', but are unable to reveal it for ...what? ... "reasons of national security" - that old chestnut again?
Please stop jerking off in front of the public & just fuck off, already.
Let's see now 100TB of data hacked ...Hmmmm
Are we serious folks? To hack that kind of data and pull it off the Internet at todays current speeds would take years.
This is obviously an inside job.
http://recode.net/2014/12/12/sony-pictures-knew-of-gaps-in-computer-network-before-hack-attack/
>Last time I checked - North Korea was a third world country without high speed internet links.
Check again:-
>The country has some broadband infrastructure, including fiber optic links between major institutions producing nationwide speeds of up to 2.5 Gbit/s. (Wikipedia)
Seems pretty good for the 20 or so people allowed to use the link...
Is high speed required for this anyway?
@hate - Is high speed required for this anyway?
Didn't I read an early report about torrents that originated in Sony? If correct, then crackers setting up seedboxes on compromised machines seems the likely exit route for the data.. If so the load would be spread, no doubt on receiving end too.
> Also, in 2012, a US judge rubbished claims that IP addresses can be used to identify culprits
> in online crime, saying "it is no more likely that the subscriber to an IP address carried out a
> particular computer function ... than to say an individual who pays the telephone bill made a
> specific telephone call."
This isn't equivalent, they aren't identifying an individual with it, but the location of the endpoint.
I do agree though that it's more likely that the NorKs have been hacked and it was someone who hates Sony, the Playstation stuff seems to be a regular target from skilled attacks way before this.
The remaining evidence they have is a confession from one of the *hackers they secreted out of korea, he's currently **safely holed up in guantonimo, and it only took 27h of ***confinement before he confessed to everything, he was taking orders directly from kim jong un, who is in fact taking orders from the severed head of Kim Jong Il that they keep alive in the basement, the supreme leader can never die.
*A random korean they managed to smuggle out of the country
**Being held prisoner
***confinement being torture
There's plenty of ways to get to one of those. One is to apply for a job as a professor.
In the Q&A session here, Weill Scott explained how he got that job.
http://media.ccc.de/browse/congress/2014/31c3_-_6253_-_en_-_saal_2_-_201412292115_-_computer_science_in_the_dprk_-_will_scott.html#video
Other than that, attribution is hard, and there's more than enough "plausible deniability" to make sure any facts can be missinterpreted in any way you want.
Actually they are - or should be - talking to other countries as well. Every time the US takes umbrage at another country they go looking for allies to "stand shoulder to shoulder" with them. With the nuppit Blair they succeeded. Post dodgy dossier, however, they've been finding it more and more difficult. They need to start building credibility much wider than Soccer-Moms and Red-necks.
I don't doubt their confidence; it probably was run from a computer in NK. With some leaked stuff which might not have been intentional-- but that system was probably a proxy or BOT in NK. When you start out with some hack like that doing everything remotely, that is probably a skill you are good at and you start the whole thing out of a remote terminal.