LibriumArcana.Games

This article made me feel incredibly vindicated. Read it, and consider for yourself.

thedailybeast.com wrote:So, “The Interview” is to be released after all.
The news that the satirical movie—which revolves around a plot to murder Kim Jong-Un—will have a Christmas Day release as planned, will prompt renewed scrutiny of whether, as the US authorities have officially claimed, the cyber attack on Sony really was the work of an elite group of North Korean government hackers.

All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.

I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world's leading mobile security company, Cloudflare, I think I am worth hearing out.

The FBI was very clear in its press release about who it believed was responsible for the attack: “The FBI now has enough information to conclude that the North Korean government is responsible for these actions,” they said in their December 19 statement, before adding, “the need to protect sensitive sources and methods precludes us from sharing all of this information”.

With that disclaimer in mind, let’s look at the evidence that the FBI are able to tell us about.

The first piece of evidence described in the FBI bulletin refers to the malware found while examining the Sony Picture’s network after the hack.

“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”

So, malware found in the course of investigating the Sony hack bears “strong” similarities to malware found in other attacks attributed to North Korea.

This may be the case—but it is not remotely plausible evidence that this attack was therefore orchestrated by North Korea.

The FBI is likely referring to two pieces of malware in particular, Shamoon, which targeted companies in the oil and energy sectors and was discovered in August 2012, and DarkSeoul, which on June 25, 2013, hit South Korea (it was the 63rd anniversary of the start of the Korean War).

Even if these prior attacks were co-ordinated by North Korea—and plenty of security experts including me doubt that—the fact that the same piece of malware appeared in the Sony hack is far from being convincing evidence that the same hackers were responsible. The source code for the original “Shamoon” malware is widely known to have leaked. Just because two pieces of malware share a common ancestry, it obviously does not mean they share a common operator. Increasingly, criminals actually lease their malware from a group that guarantees their malware against detection. Banking malware and certain “crimeware” kits have been using this model for years.

So the first bit of evidence is weak.

But the second bit of evidence given by the FBI is even more flimsy:

“The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.”

What they are saying is that the Internet addresses found after the Sony Picture attack are “known” addresses that had previously been used by North Korea in other cyberattacks.

To cyber security experts, the naivety of this statement beggars belief. Note to the FBI: Just because a system with a particular IP address was used for cybercrime doesn’t mean that from now on every time you see that IP address you can link it to cybercrime. Plus, while sometimes IPs can be “permanent”, at other times IPs last just a few seconds.

It isn’t the IP address that the FBI should be paying attention to. Rather it’s the server or service that’s behind it.

As with much of this investigation our information is somewhat limited. The FBI haven’t released all the evidence, so we have to go by what information is available publicly. Perhaps the most interesting and indeed relevant of this is the C2 (or Command and Control) addresses found in the malware. These addresses were used by whoever carried out the attack to control the malware and can be found in the malware code itself. They are:

• 202.131.222.102—Thailand
• 217.96.33.164—Poland
• 88.53.215.64—Italy
• 200.87.126.116—Bolivia
• 58.185.154.99—Singapore
• 212.31.102.100—Cyprus
• 208.105.226.235—USA

Taking a look at these addresses we find that all but one of them are public proxies. Furthermore, checking online IP reputation services reveals that they have been used by malware operators in the past. This isn’t in the least bit surprising: in order to avoid attribution cybercriminals routinely use things like proxies to conceal their connections. No sign of any North Koreans, just lots of common, or garden, internet cybercriminals.

It is this piece of evidence—freely available to anyone with an enquiring mind and a modicum of cyber security experience—which I believe that the FBI is so cryptically referring to when they talk about “additional evidence” they can’t reveal without compromising “national security”.

Essentially, we are being left in a position where we are expected to just take agency promises at face value. In the current climate, that is a big ask.

If we turn the debate around, and look at some evidence that the North Koreans might NOT be behind the Sony hack, the picture looks significantly clearer.

1. First of all, there is the fact that the attackers only brought up the anti-North Korean bias of “The Interview” after the media did—the film was never mentioned by the hackers right at the start of their campaign. In fact, it was only after a few people started speculating in the media that this and the communication from North Korea “might be linked” that suddenly it did get linked. My view is that the attackers saw this as an opportunity for “lulz”, and a way to misdirect everyone. (And wouldn’t you know it? The hackers are now saying it’s okay for Sony to release the movie, after all.) If everyone believes it’s a nation state, then the criminal investigation will likely die. It’s the perfect smokescreen.

2. The hackers dumped the data. Would a state with a keen understanding of the power of propaganda be so willing to just throw away such a trove of information? The mass dump suggests that whoever did this, their primary motivation was to embarrass Sony Pictures. They wanted to humiliate the company, pure and simple.

3. Blaming North Korea offers an easy way out for the many, many people who allowed this debacle to happen; from Sony Pictures management through to the security team that were defending Sony Picture’s network.

4. You don’t need to be a conspiracy theorist to see that blaming North Korea is quite convenient for the FBI and the current U.S. administration. It’s the perfect excuse to push through whatever new, strong, cyber-laws they feel are appropriate, safe in the knowledge that an outraged public is fairly likely to support them.

5. Hard-coded paths and passwords in the malware make it clear that whoever wrote the code had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s (just) plausible that a North Korean elite cyber unit could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of a pissed-off insider. Combine that with the details of several layoffs that Sony was planning and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.

I am no fan of the North Korean regime. However I believe that calling out a foreign nation over a cybercrime of this magnitude should never have been undertaken on such weak evidence.

The evidence used to attribute a nation state in such a case should be solid enough that it would be both admissible and effective in a court of law. As it stands, I do not believe we are anywhere close to meeting that standard.

This is probably the best explanation I can find to summarize my reasons and suspicions in this, and the article went beyond that nicely to show how the Sony hack was not plausibly caused by North Korea. Until and unless more evidence comes to light that incontrovertibly proves that North Korea's well-known elite hacker cadre were behind this, this looks more and more like Sony got screwed over by a disgruntled ex-employee.

What concerns me though is seeing that the FBI is apparently agreeing with Sony's publically-stated view, given the lack of evidence to support their case.

Noooooo, I want to believe! ;_;

Click link for my reply:






This is bullshit. Bad conspiracy-theory-grade bullshit at the absolute best. Consider, for a moment, what this article actually consists of:

First off, as best I can tell there is no such thing as the "Director of Security Operations" at Defcon. Def Con is run by a group of hackers called the "Goons", who all go by various handles and have titles that vary from "The Infamous Minister of Speakers" to "The guy who keeps the Hardware Hacking Village from burning down." Even if there is some position that approximates to a director of Security Ops at DefCon (and being as it's a hacker convention, that seems like an odd thing to have?), there's no names attached here, just a random article that could have been written by your grandmother.

But forget that. Assume the article is genuine. What do we have? His argument boils down to the fact that two pieces of information provided by the FBI do not definitively prove that North Korea was behind the hack. They don't definitely prove anything mind you, that an employee for Sony did it, or that I did it, or that Bigfoot did it, but merely that they, by themselves, do not prove beyond all doubt that North Korea and North Korea alone did this. Well fine, I don't have the technical skills to debate those points, so let's say he's right? Why exactly does that suddenly prove that North Korea had nothing to do with this? After all, North Korea can do what was indicated here just as well as anyone else. They have the means, the motive, and the opportunity, to use police terms. Yes, it is possible to construct a scenario using these two pieces of evidence alone to say that "someone else" did it, but it's equally possible to construct one wherein North Korea did so, especially considering that these are two cherry picked pieces of evidence from among the rest of the FBI report, none of which he addresses. Unless of course you assume they did not because as enemies of the US government, they are too virtuous to do so. This claim that a single discontented hacker from Sony did this has not one shred of evidence, not even circumstantial evidence, to support it. At best, the author has the right to claim that the FBI has not yet proven to him beyond a shred of doubt that North Korea was responsible. From that basis, he constructs an elaborate international conspiracy theory on the basis that North Korea absolutely did not do this, and that someone he just made up did.

After all, let's remember for a moment, that we also do not have absolute incontrovertible proof that North Korea sank that South Korean submarine in 2010, or blew up the hotel in Hanoi with the South Korean cabinet members in it in the 80s, or sold nuclear technology to the Pakistanis in the 90s, or kidnapped Japanese civilians from the beaches of the Sea of Japan in the 60s. We do not have absolute, irrefutable proof that Hitler orchestrated the Holocaust. OBVIOUSLY NONE OF THESE THINGS HAPPENED! THEY WERE A VAST CONSPIRACY TO DEFRAUD THE PUBLIC! WAKE UP SHEEPLE!!!

The vast gulf between "I am unconvinced by these two pieces of evidence," and "there exists no evidence to support North Korea's culpability and consequently it was the fault of this other person whose very existence I have no evidence for", the author bridges by saying that the FBI is part of the government, and the government always lies. Even when they have no reason to, apparently. He also pulls a piece of evidence out of nowhere and then makes the preposterous claim that this must be the other evidence the FBI has, and it is also not conclusive, so therefore the FBI has no evidence. This is like me arguing that because I found a dollar on the street, you must be a bank robber. Prove you're not.

Oh, but let's take this guys other points in turn, shall we?

1. First of all, there is the fact that the attackers only brought up the anti-North Korean bias of “The Interview” after the media did—the film was never mentioned by the hackers right at the start of their campaign. In fact, it was only after a few people started speculating in the media that this and the communication from North Korea “might be linked” that suddenly it did get linked. My view is that the attackers saw this as an opportunity for “lulz”, and a way to misdirect everyone. (And wouldn’t you know it? The hackers are now saying it’s okay for Sony to release the movie, after all.) If everyone believes it’s a nation state, then the criminal investigation will likely die. It’s the perfect smokescreen.

THIS IS A FLAT LIE. North Korea has been complaining loudly and longly through official channels about this movie since JULY, long before anyone had even heard of the Interview. And even if they had not, North Korea is not a country that operates by the rules of everyone else. They often rely on world-media to achieve critical mass about an issue before issuing their customary threats of war and damnation. In the weeks leading up to the hack, they threatened nuclear war, assassinations, and to bomb theaters, not through online channels that couldn't be tracked, but through official North Korean ministries. And note how the "proof" this author offers is in the form of conspiracy rhetoric about how convenient it would be for the United States if North Korea were found to have done this. Without any assertion of why this would be convenient at all?

2. The hackers dumped the data. Would a state with a keen understanding of the power of propaganda be so willing to just throw away such a trove of information? The mass dump suggests that whoever did this, their primary motivation was to embarrass Sony Pictures. They wanted to humiliate the company, pure and simple.

A trove of what information exactly? This was a hack on Sony Pictures, not the DoD, one that stole information on upcoming films and internal communications. There is literally no other use for this information except to dump it outright and thereby damage Sony. And while the primary motivation was indeed probably to embarrass Sony Pictures, North Korea has been threatening Sony Pictures with just this sort of thing for months now. Why exactly is it impossible for North Korea to want to hurt Sony? What use would they have for this data except to dump it? And even if there was something valuable in there, why could they not have simply held onto that and dumped the rest?

3. Blaming North Korea offers an easy way out for the many, many people who allowed this debacle to happen; from Sony Pictures management through to the security team that were defending Sony Picture’s network.

Standard Conspiracy Claptrap, gesticulate vaguely in the direction of shadowy "others" who stand to benefit from this lie being told without actually saying anything about why. Sony Pictures Management came out of this situation looking approximately as stupid, cowardly, and pernicious as it is physically possible to look. They were reamed as cowards by everyone from myself to Michael Moore to Newt Gingrich. All this happened precisely because it was a foreign agent out to intimidate them. If a single pissed-off hacker had done all this and Sony had responded by pulling the premiere, NOBODY WOULD GIVE A SHIT.

And as to the security team, are we now making the claim that the security team in charge of Network security at Sony is sufficiently powerful so as to create a vast international conspiracy involving the FBI and Interpol?!

4. You don’t need to be a conspiracy theorist to see that blaming North Korea is quite convenient for the FBI and the current U.S. administration. It’s the perfect excuse to push through whatever new, strong, cyber-laws they feel are appropriate, safe in the knowledge that an outraged public is fairly likely to support them.

And here we have it. Here we have the crux of the matter. This is the exact same specious logic that is behind the 9/11 conspiracy theorists. That everything bad that ever happens is a false-flag attack orchestrated at the highest levels of government so as to provide an excuse for a massive fascistic reworking of society to serve the council of invisible evil plutocrats that secretly control the world. This is the EXACT ARGUMENT that is used for why George Bush destroyed the World Trade Center, one that conveniently requires not a shred of proof because "powerful forces" are keeping the truth hidden.

Explain to me, please, why this is convenient for the current US administration? Explain in terms that do not take as a predicate that Barack Obama is a soulless puppet of the MPAA's secret plan to control your mind. Explain it with evidence beyond someone pointing at the FBI and shrugging and saying "well you know, THOSE GUYS..." Explain, as I have always asked, how a massive, multinational conspiracy involving thousands and tens of thousands of people was conjured into existence solely to vindicate the pet theories of a single anonymous lunatic on the internet. Explain. Because otherwise this argument is disgustingly stupid.

5. Hard-coded paths and passwords in the malware make it clear that whoever wrote the code had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s (just) plausible that a North Korean elite cyber unit could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of a pissed-off insider. Combine that with the details of several layoffs that Sony was planning and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.

This is only plausible if you accept the earlier statement that North Korea was making no noise about this until a week ago. As I pointed out, North Korea has been pissed off about this movie for at least six months, and that's only when the official complaints started. Yes, an internal source could have been responsible for this, but it's not like Sony's network security is state of the art. The Playstation Network hacks revealed a host of sloppy security procedures so eye-gougingly stupid that it's a wonder they weren't hacked more often. And while I appreciate that was Sony Japan and not Sony Pictures, what's good for the goose is often good for the gander.

Not only was Sony plausibly hacked by North Korea to my satisfaction, but there is no other plausible candidate for who committed this act, not unless you assume the evidence-free existence of a vast conspiracy, to which the President of the United States, the FBI, Interpol, several major Hollywood studios, and a host of secondary and tertiary network security companies and independent experts are all party to. As usual, we have no reasons given as to why these groups are involved, beyond the fact that the US government must be evil in all its workings, and that North Korea must be innocent because they oppose the US government. There is no common thread of Qui Bono to it, which is the most elementary requirement to establish any kind of conspiracy. All there is are the cherry-picked ramblings of an anonymous internet poster who lies about his own credentials so that he can gesticulate without evidence at a massive conspiratorial network, whose links are invisible, airtight, and utterly malign.

I HAVE LITERALLY SEEN BETTER EVIDENCE THAN THIS THAT THE MOON LANDINGS WERE FAKE.

Ok, you can be suspicious of the author's motivations and suspicions. Those are fine. You can argue that the article should have simply stated what issues there were with the evidence, and you'd be right.

But however much you don't like the article's presentation, however much you can (rightly) point out some of the hyperbole in said article, and no matter how much you disagree with some of the author's conclusions about things, the evidence itself is quite conclusive.

First - the C&C addresses are all (with only one exception) well-known proxy IP addresses used by criminals for malware and other shenanigans. Unless you're also claiming that North Korea has been behind most malware attacks of the criminal variety lately, but I'll need to see evidence for that.

Second - I feel I must contradict you.

1. First of all, there is the fact that the attackers only brought up the anti-North Korean bias of “The Interview” after the media did—the film was never mentioned by the hackers right at the start of their campaign. In fact, it was only after a few people started speculating in the media that this and the communication from North Korea “might be linked” that suddenly it did get linked. My view is that the attackers saw this as an opportunity for “lulz”, and a way to misdirect everyone. (And wouldn’t you know it? The hackers are now saying it’s okay for Sony to release the movie, after all.) If everyone believes it’s a nation state, then the criminal investigation will likely die. It’s the perfect smokescreen.

NORTH KOREA did complain about the movie ahead of time, yes. THE HACKERS WHO HACKED SONY did not at first. There is a strong difference between the two, as I'm attempting to point out.


Third -

2. The hackers dumped the data. Would a state with a keen understanding of the power of propaganda be so willing to just throw away such a trove of information? The mass dump suggests that whoever did this, their primary motivation was to embarrass Sony Pictures. They wanted to humiliate the company, pure and simple.

Most of North Korea's shenanigans in the past have revolved around money, since for various reasons the country is rather poor. I find it difficult to believe that a North Korean spy could have done this and then be directed to simply dump the evidence and embarrass Sony, rather than using the money to attempt extorting Sony or using it for other money-making purposes.

Fourth -

5. Hard-coded paths and passwords in the malware make it clear that whoever wrote the code had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s (just) plausible that a North Korean elite cyber unit could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of a pissed-off insider. Combine that with the details of several layoffs that Sony was planning and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.

This is a very solid piece of evidence that whoever did this hack was very familiar with Sony's internal network architecture. I find it very difficult to believe that any agents of North Korea were able to so thoroughly infiltrate Sony's networks to do this part, when it is easier (by far) for an employee to have simply done this internally.

You might then make the counterargument of "oh, well a North Korean spy obviously got themselves hired by Sony for this express purpose," but I'd argue in return that this is an awful lot of planning to be spiteful about a movie, when they haven't done anything like this in the past.



In short - you're completely free to be suspicious of the author's motivations or some of their conclusions here, but several very good points were made that in my mind create large holes in the hypothesis of "North Korea did it."

Another article:

Bruce Schneier's Blog wrote:I am deeply skeptical of the FBI's announcement on Friday that North Korea was behind last month's Sony hack. The agency's evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the US government would make the accusation this formally if officials didn't believe it.

Clues in the hackers' attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one, since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It's easy to fake, and it's even easier to interpret it incorrectly. In general, it's a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the "evidence" to suit the narrative they already have worked out in their heads.

In reality, there are several possibilities to consider:

• This is an official North Korean military operation. We know that North Korea has extensive cyberattack capabilities.
• This is the work of independent North Korean nationals. Many politically motivated hacking incidents in the past have not been government-controlled. There's nothing special or sophisticated about this hack that would indicate a government operation. In fact, reusing old attack code is a sign of a more conventional hacker being behind this.
• This is the work of hackers who had no idea that there was a North Korean connection to Sony until they read about it in the media. Sony, after all, is a company that hackers have loved to hate for a decade. The most compelling evidence for this scenario is that the explicit North Korean connection -- threats about the movie The Interview -- were only made by the hackers after the media picked up on the possible links between the film release and the cyberattack. There is still the very real possibility that the hackers are in it just for the lulz, and that this international geopolitical angle simply makes the whole thing funnier.
• It could have been an insider -- Sony's Snowden -- who orchestrated the breach. I doubt this theory, because an insider wouldn't need all the hacker tools that were used. I've also seen speculation that the culprit was a disgruntled ex-employee. It's possible, but that employee or ex-employee would have also had to possess the requisite hacking skills, which seems unlikely.
• The initial attack was not a North Korean government operation, but was co-opted by the government. There's no reason to believe that the hackers who initially stole the information from Sony are the same ones who threatened the company over the movie. Maybe there are several attackers working independently. Maybe the independent North Korean hackers turned their work over to the government when the job got too big to handle. Maybe the North Koreans hacked the hackers.

I'm sure there are other possibilities that I haven't thought of, and it wouldn't surprise me if what's really going on isn't even on my list. North Korea's offer to help with the investigation doesn't clear matters up at all.

Tellingly, the FBI's press release says that the bureau's conclusion is only based "in part" on these clues. This leaves open the possibility that the government has classified evidence that North Korea is behind the attack. The NSA has been trying to eavesdrop on North Korea's government communications since the Korean War, and it's reasonable to assume that its analysts are in pretty deep. The agency might have intelligence on the planning process for the hack. It might, say, have phone calls discussing the project, weekly PowerPoint status reports, or even Kim Jong Un's sign-off on the plan.

On the other hand, maybe not. I could have written the same thing about Iraq's weapons of mass destruction program in the run-up to the 2003 invasion of that country, and we all know how wrong the government was about that.

Allan Friedman, a research scientist at George Washington University's Cyber Security Policy Research Institute, told me that, from a diplomatic perspective, it's a smart strategy for the US to be overconfident in assigning blame for the cyberattacks. Beyond the politics of this particular attack, the long-term US interest is to discourage other nations from engaging in similar behavior. If the North Korean government continues denying its involvement, no matter what the truth is, and the real attackers have gone underground, then the US decision to claim omnipotent powers of attribution serves as a warning to others that they will get caught if they try something like this.

Sony also has a vested interest in the hack being the work of North Korea. The company is going to be on the receiving end of a dozen or more lawsuits -- from employees, ex-employees, investors, partners, and so on. Harvard Law professor Jonathan Zittrain opined that having this attack characterized as an act of terrorism or war, or the work of a foreign power, might earn the company some degree of immunity from these lawsuits.

I worry that this case echoes the "we have evidence -- trust us" story that the Bush administration told in the run-up to the Iraq invasion. Identifying the origin of a cyberattack is very difficult, and when it is possible, the process of attributing responsibility can take months. While I am confident that there will be no US military retribution because of this, I think the best response is to calm down and be skeptical of tidy explanations until more is known.

This article actually puts things into view much better than the first.

Well, after having watched the god-awful waste of time that is The Interview, my only logical conclusion is that the threats against theaters were orchestrated to drive up hype and get more people to actually watch what would otherwise be an absolute box-office bomb. Claim North Korea doesn't want you to watch this movie, 'wink wink nudge nudge' if theaters don't want to show it we understand, huge uproar, 'Murica doesn't have our movies taken away from us cuz 'Murica!, okay okay we'll grudgingly release this film to you all so you can watch it...

What would have been an epic failure will now probably make a fuckton of hype-dollars from people who would otherwise never would have watched this atrocity.

I have no direct evidence for this theory other than this movie is so damned bad it makes sense to me.

B4UTRUST wrote:Well, after having watched the god-awful waste of time that is The Interview, my only logical conclusion is that the threats against theaters were orchestrated to drive up hype and get more people to actually watch what would otherwise be an absolute box-office bomb. Claim North Korea doesn't want you to watch this movie, 'wink wink nudge nudge' if theaters don't want to show it we understand, huge uproar, 'Murica doesn't have our movies taken away from us cuz 'Murica!, okay okay we'll grudgingly release this film to you all so you can watch it...

What would have been an epic failure will now probably make a fuckton of hype-dollars from people who would otherwise never would have watched this atrocity.

I have no direct evidence for this theory other than this movie is so damned bad it makes sense to me.

I certainly don't think you're wrong here. The fact that Sony put the movie online for viewing on Christmas, even if it's not at movie theaters, does shoot another hole in the foot of the case they're making, I think.

rhoenix wrote:Ok, you can be suspicious of the author's motivations and suspicions. Those are fine. You can argue that the article should have simply stated what issues there were with the evidence, and you'd be right.

But however much you don't like the article's presentation, however much you can (rightly) point out some of the hyperbole in said article, and no matter how much you disagree with some of the author's conclusions about things, the evidence itself is quite conclusive.

First - the C&C addresses are all (with only one exception) well-known proxy IP addresses used by criminals for malware and other shenanigans. Unless you're also claiming that North Korea has been behind most malware attacks of the criminal variety lately, but I'll need to see evidence for that.

Excuse me, but the article was making the claim that this hack was performed by a single disgruntled employee from Sony. If the only way for North Korea to have used these IP addresses is for them to also be behind most of the criminal malware attacks recently, then isn't the same true of our mystery employee from Sony? Are we making the claim that Sony has made this guy so mad that he orchestrated most of the cybercrime that exists? If not, then how the hell is it that it's plausible for a single pissed off guy from Sony to use these protocols, but not North Korea's government cyber-squad? If it were this easy to track who was using these proxies, the people responsible would all be in jail.

Second - I feel I must contradict you.

NORTH KOREA did complain about the movie ahead of time, yes. THE HACKERS WHO HACKED SONY did not at first. There is a strong difference between the two, as I'm attempting to point out.

No. A bunch of douchebags online who claimed to be the hackers who hacked Sony did not at first, if only because they had not made their presence publicly known prior to the attack. I could claim to be the hackers who hacked Sony if I wanted to. And while your conclusion may be that it's therefore impossible to prove they are actually from North Korea, I will counter that it's equally impossible to prove that they're from anywhere else, either. The absence of absolute proof of a thing does not itself absolutely disprove the thing. There are several groups claiming to speak for the hackers who fucked with Sony, most of which are contradicting one another. I regard absolutely none of those statements as particularly convincing as a result, and prefer to concentrate on the actual act itself.

Third -

Most of North Korea's shenanigans in the past have revolved around money, since for various reasons the country is rather poor. I find it difficult to believe that a North Korean spy could have done this and then be directed to simply dump the evidence and embarrass Sony, rather than using the money to attempt extorting Sony or using it for other money-making purposes.

Then you do not understand either North Korea or the nature of espionage. North Korea once blew up a significant chunk of the South Korean cabinet in Hanoi simply to prove a point. They sank a South Korean frigate with a submarine just a couple years ago in the middle of aid negotiations, and I fail to understand how kidnapping Japanese civilians off the beaches in Japan has the slightest thing to do with making money.

This is a country run by Bond Villains, and while a good many of their antics are aimed at improving their absolutely destitute financial state, they have shelled, bombed, and hurled invective criminal or otherwise at all manner of targets just to show they could. I can absolutely see them leaking all of this data as a means of trying to intimidate Hollywood. Do not fuck with us or this happens to you. There was no endgame here wherein they would get money out of this data, it was valuable only as a means to embaress Sony, and unlike in the movies, it is not that easy to pay off blackmailers like that.

I cannot prove absolutely that North Korea did this. But this is exactly what North Korea (among others) would do if they had.

Fourth -

This is a very solid piece of evidence that whoever did this hack was very familiar with Sony's internal network architecture. I find it very difficult to believe that any agents of North Korea were able to so thoroughly infiltrate Sony's networks to do this part, when it is easier (by far) for an employee to have simply done this internally.

You might then make the counterargument of "oh, well a North Korean spy obviously got themselves hired by Sony for this express purpose," but I'd argue in return that this is an awful lot of planning to be spiteful about a movie, when they haven't done anything like this in the past.

I would never make an argument that patently stupid. What I will say is that Sony has shown itself more than capable of getting hacked repeatedly without the need of some fictional conspiracy of silence on the part of vast governmental agencies to do it. It would probably be easiest to do this from within the company, but it is hardly a requirement, as has been demonstrated time and again. A few weeks of preparation time could easily garner the necessary passwords and infrastructure map. If North Korea started laying the ground work even as recently as October, when they first started issuing the serious threats, they would have plenty of time to produce this result. Sony is not known for the quality of its network security.

In short - you're completely free to be suspicious of the author's motivations or some of their conclusions here, but several very good points were made that in my mind create large holes in the hypothesis of "North Korea did it."

While I certainly am suspicious of the author and his conclusions, it's not the author I concern myself with, it's yet another tired, evidence-free conspiracy theory that somehow implicates tens of thousands of people in a massive web of lies, disinformation, and silence, all instituted perfectly, and all performed for no reason whatsoever. Sony has been falling all over itself since this began, contradicting itself left and right, announcing and then canceling screenings for the movie, getting slammed by everyone within earshot day in and out. The lawsuits and lost revenues from the film are likely to exceed nine figures and have already comfortably exceeded eight. You expect me to believe that Sony did this to itself, displaying competence well beyond everything we have come to expect from the company, in cahouts with the FBI and a dozen other organizations, instituting a massive conspiracy that was completely airtight despite the hundreds if not thousands of people who would have to be involved in it, all for absolutely no reason whatsoever except to heap blame on a country that is already the most reviled regime on the planet?

The fact that you believe this happened because an anonymous poster on the internet who claims to hold a title that doesn't exist and offers you no evidence beyond "the Government only does evil things" is certainly concerning to me. But it's distinctly secondary compared to the main issue.

B4UTRUST wrote:Well, after having watched the god-awful waste of time that is The Interview, my only logical conclusion is that the threats against theaters were orchestrated to drive up hype and get more people to actually watch what would otherwise be an absolute box-office bomb. Claim North Korea doesn't want you to watch this movie, 'wink wink nudge nudge' if theaters don't want to show it we understand, huge uproar, 'Murica doesn't have our movies taken away from us cuz 'Murica!, okay okay we'll grudgingly release this film to you all so you can watch it...

What would have been an epic failure will now probably make a fuckton of hype-dollars from people who would otherwise never would have watched this atrocity.

I have no direct evidence for this theory other than this movie is so damned bad it makes sense to me.

I can just barely extend my mind to the point where Sony might try something like that as a chaotic marketting stunt, or because they thought they had a bomb on their hands, but the information that was leaked on Sony will compromise their ability to do business for a LONG time. It already scuppered a deal they had in the works to return Spider Man's rights to Marvel in exchange for a share of the Marvel pie, a deal which stood to offer them hundreds of millions of dollars, and it wrecked nearly a dozen upcoming movies they were planning to release. If Sony did somehow do this (ignoring the conspiracy element I spoke to above), then they comitted an act of corporate suicide.

And this movie will not make a fuckton of dollars no matter how much hype it gets. Even if Sony releases it on a paid subscription service, which as of this writing they claimed they are not, they will not get anything close to the amount of money they would have gotten from a Christmas theatrical release, even if the movie was godawful. The economics of this do not work that way. Regardless of what you believe about motives, Sony is absolutely going to lose a small fortune on this movie, and may well lose a large one. And in either case they will lose a much larger fortune than they would if they had just dumped the movie in February like most studios do known-bombs.

General Havoc wrote:While I certainly am suspicious of the author and his conclusions, it's not the author I concern myself with, it's yet another tired, evidence-free conspiracy theory that somehow implicates tens of thousands of people in a massive web of lies, disinformation, and silence, all instituted perfectly, and all performed for no reason whatsoever. Sony has been falling all over itself since this began, contradicting itself left and right, announcing and then canceling screenings for the movie, getting slammed by everyone within earshot day in and out. The lawsuits and lost revenues from the film are likely to exceed nine figures and have already comfortably exceeded eight. You expect me to believe that Sony did this to itself, displaying competence well beyond everything we have come to expect from the company, in cahouts with the FBI and a dozen other organizations, instituting a massive conspiracy that was completely airtight despite the hundreds if not thousands of people who would have to be involved in it, all for absolutely no reason whatsoever except to heap blame on a country that is already the most reviled regime on the planet?

Of course not. I still do, however, think that in some people's minds, North Korea makes for a great scapegoat. Please read the subsequent article by Bruce Schneier that I also posted in this thread for more on this, and other details.

General Havoc wrote:The fact that you believe this happened because an anonymous poster on the internet who claims to hold a title that doesn't exist and offers you no evidence beyond "the Government only does evil things" is certainly concerning to me. But it's distinctly secondary compared to the main issue.

The article in the OP spends about a third of the piece talking out of his anus, I'll grant. However, it did draw attention to what I already viewed as inconsistencies in the account, as well as the conclusions drawn from it.

As mentioned, the second article poster is from a person who works as a professional network security specialist, and the points he (Bruce) lays out place enough doubt on the idea of North Korea being the instigator or perpetrator here. As both he and you have pointed out, Sony has hardly been the poster child for proper network security best practices, but even with this in mind, and even with some of the evidence being shown as circumstantial, they do not collectively add up to "North Korea."

General Havoc wrote:Even if Sony releases it on a paid subscription service, which as of this writing they claimed they are not

I've heard they were working with Starz and Netflix

Means. Motive. Opportunity. The elements of a crime. No matter who you want to accuse of scapegoating whom, North Korea unquestionably possesses all three in this case. It is true that this does not by itself constitute absolute guilt, and it is further true that there are other elements who could, potentially possess some of these elements. Short of another credible theory of the crime, there is no reason for me to suspect that North Korea is consequently the victim of a massive state-sponsored conspiracy which itself has neither motive nor means nor really much in the way of opportunity. And given that the FBI itself investigated this matter and concluded in very strong terms that North Korea was the agent of this hack, and that those who are insisting on a conspiracy and coverup have offered neither a credible reason as to why the FBI would lie, nor even a semi-plausible alternate agent for the crime, I do not see why this merits being taken remotely seriously

If someone with the requisite technical qualifications (which I do not have) wishes to quibble with the FBI report, then they may of course do so, and I am not qualified to tell them they are right or wrong. But at absolute best, all they can do at this stage is question what happened. To make the leap from that to "North Korea absolutely did not do it, it's a vast conspiracy!" as both the article you posted and the very thread you created for it both explicitly call out, is pernicious claptrap.

Maybe you're not convinced by the FBI and suspect that someone else did this, but I see absolutely no reason why I should make the same leap of faith in the absence of the slightest shred of evidence.

General Havoc wrote:Means. Motive. Opportunity. The elements of a crime. No matter who you want to accuse of scapegoating whom, North Korea unquestionably possesses all three in this case. It is true that this does not by itself constitute absolute guilt, and it is further true that there are other elements who could, potentially possess some of these elements. Short of another credible theory of the crime, there is no reason for me to suspect that North Korea is consequently the victim of a massive state-sponsored conspiracy which itself has neither motive nor means nor really much in the way of opportunity. And given that the FBI itself investigated this matter and concluded in very strong terms that North Korea was the agent of this hack, and that those who are insisting on a conspiracy and coverup have offered neither a credible reason as to why the FBI would lie, nor even a semi-plausible alternate agent for the crime, I do not see why this merits being taken remotely seriously

If someone with the requisite technical qualifications (which I do not have) wishes to quibble with the FBI report, then they may of course do so, and I am not qualified to tell them they are right or wrong. But at absolute best, all they can do at this stage is question what happened. To make the leap from that to "North Korea absolutely did not do it, it's a vast conspiracy!" as both the article you posted and the very thread you created for it both explicitly call out, is pernicious claptrap.

Maybe you're not convinced by the FBI and suspect that someone else did this, but I see absolutely no reason why I should make the same leap of faith in the absence of the slightest shred of evidence.

Fair enough.

I don't have a more likely actor to accuse of doing this, and I'm certainly not trying to apply for Dennis Rodman's apparent job as liason for North Korea. However, I still do not see enough evidence to properly accuse a sovereign nation, even North Korea, of espionage of this type - the evidence thus far to me does not satisfy these requirements.

They're an isolated, insular nation that does its level best to not endear itself to any of its neighbors. The officials of its government systematically act like organized crime for their own ends, off the backs of their citizenry. All of this is quite true, and I would never like to visit, let alone live there. With that said, I do think it's a bit of a stretch that they'd be capable of doing this, and even if they had the capability, that they would not have acted in this way - to simply embarrass Sony and screech about a terrible movie (made around their New Dear Leader or not), and not attempt to profit from it in some way, and I do not see where they would profit from this by any great amount.

While I could potentially see it as plausible for North Korea to be behind some malware attacks, the phrase "state-sponsored terrorism" has been bandied about quite a bit in recent years. Even though I don't see much in the way of redeeming qualities from the nation of North Korea, I find it implausible for them to so brazenly tempt fate, when they've effectively learned as a nation to walk the fine line between "person we should give aid to in some way" and "enemy," and given all the recent dust-ups in recent times, it doesn't make sense for them to welcome such a possibility.

rhoenix, back in October a bunch of North Korean defectors decided to release a bunch of balloons containing money, propaganda leaflets, and DVDs near the border to be carried into North Korea by the breeze. The DPRK government warned that if they went through with it their actions would be met with "regrettable merciless retaliation." When they went ahead and did so, North Korean anti-aircraft batteries opened fire on the balloons in an effort to shoot them down. When shells started landing on the South Korean side of the border, their military understandably fired back, at which point the shooting stopped.

Now tell me, is it really reasonable to conclude that a regime willing to open fire with live munitions and risk a serious border incident over fucking balloons isn't willing to orchestrate a hacking attack over a movie?

Lys wrote:rhoenix, back in October a bunch of North Korean defectors decided to release a bunch of balloons containing money, propaganda leaflets, and DVDs near the border to be carried into North Korea by the breeze. The DPRK government warned that if they went through with it their actions would be met with "regrettable merciless retaliation." When they went ahead and did so, North Korean anti-aircraft batteries opened fire on the balloons in an effort to shoot them down. When shells started landing on the South Korean side of the border, their military understandably fired back, at which point the shooting stopped.

Now tell me, is it really reasonable to conclude that a regime willing to open fire with live munitions and risk a serious border incident over fucking balloons isn't willing to orchestrate a hacking attack over a movie?

...Dammit.

Yeah, I can't argue that point, Lys. I am ascribing the thought process of reasonable and intelligent people in this instance, and those in North Korea are quite possibly neither.

I'm still not convinced that they actually did it yet, since the other part of my suspicion is technical capability... but I will say at least that the actions of people who use live ammo over a border incident involving balloons do not place such actions beyond the realm of reasonable doubt.

Everything North Korea does is perfectly rational as long as you accept the original premises that:

1, The Kim regime and personality must be protected and maintained at all cost.
2, To do so contact with the outside world must be kept as low as possible.
3, Nothing that damages the image or actual power of the regime/cult can go unchallenged.
4, Everything in the world from money, people's well being and even their lives only has value in how it props up the regime.

You realize that and their actions make more sense. They're mind blowingly evil, but that doesn't stop them from making sense.

frigidmagi wrote:Everything North Korea does is perfectly rational as long as you accept the original premises that:

1, The Kim regime and personality must be protected and maintained at all cost.
2, To do so contact with the outside world must be kept as low as possible.
3, Nothing that damages the image or actual power of the regime/cult can go unchallenged.
4, Everything in the world from money, people's well being and even their lives only has value in how it props up the regime.

You realize that and their actions make more sense. They're mind blowingly evil, but that doesn't stop them from making sense.

And that, Frigid, is also an excellent point in all this. Their motivations can lead to very different conclusions being drawn from the same information.

I'm still not convinced on the technical end of things, but I will grant this to you, Lys, and Havoc - their psychological motivations do fall within the realm of possibility.

Yeah, the issue with North Korea is that the calculus in use is simply not the same as you see in largely any other regime on Earth. There's plenty of countries where the government's only goal is to stay in power (one can make the argument that this is a salient feature of all governments), but North Korea is unique in the extent to which the regime buys into that conception. Most governments, no matter how evil, are restrained at least somewhat by the need to not be a complete pariah on the international scene, and to avoid violent revolution overthrowing the regime. North Korea cares about neither, least of all the latter, as they are the most militarized regime on Earth and keep their population at destitution-levels of starvation and Orwellian levels of ignorance. Add the echo chamber effect of a government like that one, and you have a regime more than willing to do the strangest things imaginable.

Well, the damn thing is now available on youtube for six bucks, meaning pirated versions will be approximately everywhere in -14 seconds. I... probably won't see it, to be honest. I think my review of the thing speaks for itself.

General Havoc wrote:Well, the damn thing is now available on youtube for six bucks, meaning pirated versions will be approximately everywhere in -14 seconds. I... probably won't see it, to be honest. I think my review of the thing speaks for itself.

True. In the end, this is a furor over an awful movie, and in taking a step back and looking at the situation in this way, it's darkly hilarious.

I doubt it's an AWFUL movie, but its sure to be pretty mediocre.

It's a Seth Rogen comedy, Havoc. It's pretty awful. Like levels lower than Observe and Report bad.