Fjd Posted December 29, 2014 Share Posted December 29, 2014 (edited) It seems that the media was the first to correlate the movie to the attacks as the culprits only appeared to demand ransom for 'acquired information.' Given the nature of the 'hard-coded' information that appears to have been found in the malware, Occam's razor would suggest a simpler explanation such as a disgruntled soon-to-be ex-employee. I suspect that a lesson learned is that not only can your employer look over your shoulder at personal conversations that include gossip, medical conditions, love lives, etc.; so can the world. Regardless of the source of the attack, apparently Sony did not learn much about the vulnerability of networks and data from the PlayStation attacks during April 2011. Edited December 29, 2014 by Fjd Quote Link to comment Share on other sites More sharing options...
Fjd Posted December 29, 2014 Share Posted December 29, 2014 (edited) Security experts says it looks like Russian code. I see the edit to "security experts" from FBI. I have not read much yet that shows much evidence in establishing a Russian connection. I'm not sure how well-staffed the FBI is in relation to cybersecurity issues; however, this is the most current FBI press release that I could find and they seem to be still working the North Korea angle. http://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation Edited December 29, 2014 by Fjd Quote Link to comment Share on other sites More sharing options...
Fjd Posted December 29, 2014 Share Posted December 29, 2014 Last report I saw was that Chinese hackers helped North Korea. NK is denying it. The main reference that I'm aware of is in the WSJ story that indicated that North Korea’s only connections to the Internet run through China. The report at the link below "The Mystery of North Korea's cyber threat landscape" appears to substantiate the WSJ assertion. However, there are only general allegations that NK collaborates with China and Russia to train its cyber-intelligence network. http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf Quote Link to comment Share on other sites More sharing options...
Paducah Home Theater Posted December 29, 2014 Share Posted December 29, 2014 Last report I saw was that Chinese hackers helped North Korea. NK is denying it. The main reference that I'm aware of is in the WSJ story that indicated that North Korea’s only connections to the Internet run through China. The report at the link below "The Mystery of North Korea's cyber threat landscape" appears to substantiate the WSJ assertion. However, there are only general allegations that NK collaborates with China and Russia to train its cyber-intelligence[/size] network. http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf http://www.forbes.com/sites/gordonchang/2014/12/21/did-china-help-north-korea-hack-sony/ Quote Link to comment Share on other sites More sharing options...
Fjd Posted December 30, 2014 Share Posted December 30, 2014 (edited) Last report I saw was that Chinese hackers helped North Korea. NK is denying it. The main reference that I'm aware of is in the WSJ story that indicated that North Korea’s only connections to the Internet run through China. The report at the link below "The Mystery of North Korea's cyber threat landscape" appears to substantiate the WSJ assertion. However, there are only general allegations that NK collaborates with China and Russia to train its cyber-intelligence[/size] network. http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/388/2/HPSR%20SecurityBriefing_Episode16_NorthKorea.pdf http://www.forbes.com/sites/gordonchang/2014/12/21/did-china-help-north-korea-hack-sony/ Thanks. Here is a comprehensive breakdown of the cyber-attack timeline and links to various articles that I find very informative. https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/ That article in Forbes was actually written two days after the FBI press release, references much of that information provided by the FBI and I had already read it and found no corroborating evidence provided by the author to validate the alleged acusations as he only made a few speculative remarks apparently trying to circumstantially connect the dots since it is well known that China provides the internet access to North Korea. While some of it could ultimately be validated as true, right now it is just an exercise in cold-war type propaganda in order to point to an existing tangible enemy. Please keep in mind that there is currently a lot of potential cyber-legislation being contemplated and a 'tangible enemy' is not really much different from the 1950’s cold war propaganda campaigns that created a frenzy of fear amongst the general population. Please don't misunderstand me as I am in a situation where I fully realize that cyber-security is an issue of an extraordinarily huge magnitude that needs attention and a game-plan to address. Historically, the primary goals of a regime’s intelligence programs (cyber or other) included collection and dissemination of intelligence concerning any possible political, military, or economic threat to the regime’s security and stability. Secondary goals have included "acquisition of foreign military and civilian technologies and equipment, support of the regime’s foreign policy goals, training and support for foreign revolutionary and terrorist organizations, and the acquisition of foreign capital for state and intelligence operations. Please don’t be lulled into thinking only North Korea is capable of cyber-espionage or a cyber-attack (even if needing support from China) and note that every country with a certain level of technology-sophistication will have a cyber-espionage program in place and operating. If you have time, read the PDF at my link and you will find a detailed assessment of Unit 121 referenced in the Forbes article and detailed information in relation to the cooperation between North Korea, China, Russia, Iran, Syria, among other countries along with the Chongryon headquarters that has been recognized as the de facto North Korean embassy in Japan, but really heavily involved in cyber-espionage. Actually, Unit 204 is responsible for cyber-psychological operations. If the dumping of such a treasure trove of racists’ remarks in emails, among the various personal information that was being dumped to embarrass Sony Pictures, Unit 204 could be a more likely suspect as opposed to Unit 121. So far, the evidence presented in public only indicates that this incident could have been done by just about any hacking group anywhere in the world, although I agree that the likelihood is that it was done by a group located somewhere in Asia (e.g., China, South Korea, Japan, and other surrounding areas). In regards to my “GIF” in an earlier post above, there is also a real question regarding how this much email and other data got removed from Sony Picture’s systems without the aid of an insider, hence the ‘disgruntled employee’ situation. Think about the reference I made to the Sony PlayStation hacking of April 2011 in an earlier post. The Sony PlayStation has been attacked by several groups including the “Lizard Group” and “Lulzsec.” There are numerous other accounts of attacks on Sony from other lesser-known hacker groups over the years. If people take the time to research and understand the hacker-culture they most likely would realize that Sony has long been a target of hacking groups. I can only speculate here myself; however, maybe one of these groups or a new group believes that Sony is being heavy handed with copyright legislation and are striking back. Or maybe the hacking attempts continue as a result of the old Sony BMG scandal. Without more real and verifiable evidence, I just find it very difficult to believe this is a case of “nation-espionage hacking.” From the evidence shown so far, this incident only looks like a group of hackers looking for that ego boost of the public announcement of the hack. The ‘dump the data’ ploy, including the embarrassment to the “corporate big shots” (otherwise known as the 1% to the hacker community, which hackers tend to consider the enemy along with the government) is classic in these examples and not something a nation would do from a espionage / propaganda perspective. Even just as probable, it could be a group of hackers hired by a competitor or disgruntled stakeholder to commit corporate espionage & embarrass the company, which is not really much different than companies or individuals “hiring” people to post fictitious negative reviews about a competitor on trip-advisor, etc., or even a hedge fund creating artifical volitility in a certain market in order to sell short. Most do not realize it, but this stuff happens daily. From another perspective, Sony doesn’t want the embarrassment and negative attention those emails can create in today's "PC world" and an easy way to deflect the issue would be to embrace the whole “North Korea did it because of the movie” scenario. Look how many internet forums and unqualified writers are speculating on Kim Jong, China and Russia instead of the racist and damaging content of the emails of the management at Sony. Edited December 30, 2014 by Fjd Quote Link to comment Share on other sites More sharing options...
Fish Posted December 30, 2014 Author Share Posted December 30, 2014 (edited) I for one could care less about anyones email, unless its mine or involves me. I also don't really care if its NK, China, or Russia or.....as long as its pursued as a crime/terrorism. The reason I wanted to see the movie is some ****wads somewhere said don't , or else. Edited December 30, 2014 by Fish Quote Link to comment Share on other sites More sharing options...
Paducah Home Theater Posted December 30, 2014 Share Posted December 30, 2014 Occam's razor would suggest a simpler explanation such as a disgruntled soon-to-be ex-employee. http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory-113866.html Wow. Quote Link to comment Share on other sites More sharing options...
Fish Posted December 30, 2014 Author Share Posted December 30, 2014 "Hacker messages point to Russian speakers"... certainly possible.......still who knows, a combination is most logical. Quote Link to comment Share on other sites More sharing options...
Fjd Posted December 30, 2014 Share Posted December 30, 2014 (edited) "Hacker messages point to Russian speakers"... certainly possible.......still who knows, a combination is most logical. In many instances of cyber-hacking, the investigations find a multitude of 'dead-ends' and are not able to produce enough information that would hold up to the "probable" category (maybe 'reasonably possible' at best?), let alone the "beyond a reasonable doubt" category, which I believe to be a significant reason why many are questioning the quickness of the FBI press release. Given the above and gaining some understanding into the Taia Global analysis, I would not be surprised if there are Russian programmers that are members of the various hacker operations, including ‘hacker operations for hire.’ At this point, given the evidence available, I just don't want to confuse this for anyone as being a 'nation-espionage act' as there would not necessarily be any evidence to implicate the Russian government at this point, especially since the cyber-hack started out as a "ransom for stolen data" of a Japanese domiciled multi-national corporation. There may be some evidence out there that could imply that more than one hacking group may have been involved in stealing data once the 'cyber-doors were left open' at Sony. From a “Russian programmer” standpoint, every Wall Street investment bank or firm that runs a ‘dark pool’ for trading and every ‘high frequency trading’ shop understand that Russian programmers are some of the best programmers in the world and often enter into bidding wars for their programming services. I don’t have experience with linguistic analysis or stylometry; however, I have read some of the information that Taia Global has made public regarding their sample and work that resulted in their conclusions of involvement of Russian persons as opposed to North Korean persons. From what I have gathered, it appears that Taia Global had a team of linguists evaluate the hackers’ messages for phrases that are not normally used in English and found 20 in total. Korean, Mandarin, Russian and German linguists then conducted literal word-for-word translations of those phrases in each language. Of the 20, they concluded that 15 appeared to be literal Russian translations, nine appeared to be Korean (notice the overlap as several could have gone either way) and none matched Mandarin or German phrases. The Taia Global team then performed a second test to analyze examples where the hackers used incorrect English grammar. The same linguists from the first analysis were asked if the sample of five of those incorrect constructions were valid in their own language. The Taia team concluded that three of the constructions were consistent with Russian and only one was a valid Korean construction. While the analysis can be considered valid in certain respects, this process does not involve any type of quantitative type of analysis and is not as conclusive as something like a DNA test would be. A potential flaw to the Taia Global study is that the sample size is extremely small as only about 2,000 words between emails and online posts were available for study. Computerized software tools that are available for use to identify authorship typically require a minimum of 6,500 words to be considered to have a level accuracy and validity. Edited December 30, 2014 by Fjd Quote Link to comment Share on other sites More sharing options...
Boxx Posted December 30, 2014 Share Posted December 30, 2014 Rumor has it that the name of the movie will be changed to The "Exit" Interview. It will not be showing much longer.... Quote Link to comment Share on other sites More sharing options...
Fjd Posted December 30, 2014 Share Posted December 30, 2014 Occam's razor would suggest a simpler explanation such as a disgruntled soon-to-be ex-employee. http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory-113866.html Wow. It is just a ‘practical’ starting point as there is just too much information hard-coded that would essentially need an inside person or a very extremely long time of occupying the systems after infiltrating the systems to have such specific malware hard-coded server information and password information. I believe that one of the reasons we see so much ‘finger pointing’ to specific nations is that one of the ultimate goals of the attribution process (e.g. ‘who did it’) is identifying an organization or government, not necessarily individuals. However, when specific markings, uniforms, and geography are not readily available; identifying the individual operators can provide substantial links between cyber-attacks and specific organizations. Another overall goal of the attribution process, or even if one is initiated, mostly depends upon the incurred damage, or potential for damage. The old “cost / benefit” analysis is performed since there are so many cyber-breaches and not enough investigators, the amount of damage caused or threatened most often is the determining factor to allocate the resources in finding ‘who did it’ vs. just recognizing the weakness and fixing it. The actual attribution process for cyber-hacking or espionage requires a substantial amount of costly resources, is extremely nuanced, takes significant amounts of time, and as we are witnessing, much more political than most realize. While each article that we read may bring forth a new aspect or a new insight, successful attribution falls under one of those “art-science” categories and requires many people with a range of skills on all levels working as a cohesive team. I think back to February, 1998 where the United States immediately blamed a computer attack that compromised many unclassified Pentagon systems on Iraq. At the time, John Hamre, the U.S. Deputy Defense Secretary was adamant that this was “the most organized and systematic attack to date” on U.S. military systems. In response, the code-named “SOLAR SUNRISE” task force was assembled with agents from the FBI, the Air Force Office of Special Investigations, NASA, the US Department of Justice, the Defense Information Systems Agency, the NSA, and the CIA. Over time, the investigation eventually uncovered the culprits; two California teenagers; however, no Iraqi conspiracy or involvement or any type of “nation-espionage.” Also during 1998, the FBI was overwhelmed when hackers targeted the US Department of Defense, Department of Energy, National Aeronautics and Space Administration, National Oceanic and Atmospheric Administration, various defense contractors, and universities.; however, once the Joint Task Force Computer Network Defense (JTF-CND) was formed and instituted a ‘left no stone unturned’ mantra, the MOONLIGHT MAZE breaches were traced to the Russian government with a reasonable level of certainty. Information taken essentially ranged from helmet designs to atmospheric data. An example where an individual person’s identity was found useful can be read in the Nathaniel Hartley “CrowdStrike’s Putter Panda” report published on June 9, 2014. Essentially, Hartley identified a hacker using the handle ‘cpyy’ in breaches then subsequently linked ‘cpyy’ to a real person by finding registration data to connect the handle to Chen Ping. Hartley then proceeded to find additional identifying information from various sources, including blogs and an online Picasa photo album. Using the found pictures, it was discovered that Chen could be linked to a building in Shanghai, through various details in the images that included military hats, buildings, equipment, and even portraits of Chen. With the help of these photos, Hartley subsequently pinpointed a location: 31°17ʹ17.02ʹN longitude 121°27ʹ14.51ʹE, in the heart of the Zhabei District of Shanghai. The interesting aspect of the address is that it represented the headquarters of the People’s Liberation Army’s (PLA) General Staff Department, 3rd Department, 12th Bureau; Unit 61486. Essentially, Hartley’s evidence combined multiple sources and was very convincing to many people. There are many more recent examples that can be found of success and those that have gone off-track; and should remind us to be prudent in assigning blame and perform a thorough, appropriate level “attribution” process to determine “who did it.” Quote Link to comment Share on other sites More sharing options...
oldenough Posted December 30, 2014 Share Posted December 30, 2014 "Hacker messages point to Russian speakers"...I'm guessing that the Russians do make speakers, anyone know if they make anything of note?...not trying to change the subject... Quote Link to comment Share on other sites More sharing options...
Paducah Home Theater Posted December 31, 2014 Share Posted December 31, 2014 (edited) I'm guessing that the Russians do make speakers, anyone know if they make anything of note?...not trying to change the subject... Russia is where most baltic birch plywood comes from. You'd think that the world's supplier of the best speaker cabinet material would in fact make some speakers. I can't find jack crap on google though, too much language talk coming through. Edited December 31, 2014 by MetropolisLakeOutfitters Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.