Despite Lack of Evidence, Has US Launched a Cyber-Attack Against North Korea?
December 23, 2014
Jason Ditz AntiWar.com & Michael Hiltzik / Los Angeles Times
Though experts still doubt the US blaming North Korea for the hack on Sony Pictures, the Obama Administration is treating responsibility as a settled question, and has been moving on toward retaliation. North Korean internet connections began experiencing trouble Friday, and it got progressively worse over 24 hours, until finally every single IP address in the nation went down, effectively cutting the nation's already limited addresses from the Internet entirely.
North Korean Internet Attacked, White House Won't Comment
Jason Ditz / AntiWar.com
(December 22, 2014) -- North Korean internet connections began experiencing trouble Friday, and it got progressively worse over 24 hours, until finally every single IP address in the nation went down, effectively cutting the nation's already limited addresses from the Internet entirely.
North Korea isn't talking, but experts say what happened is consistent with a distributed denial of service (DDoS) attack, except on a nationwide scale.
That their Internet began experiencing problems at the same time as the US began threatening them is immediately suspect, and the White House is officially refusing to comment on the incident.
If confirmed as a US attack, it would be the first time the US has knocked another nation entirely off the Internet through hostile action, though given how small North Korea's Internet presence is, it isn't a huge feat.
Obama: Sony Attack 'Not an Act of War'
Jason Ditz AntiWar.com
(December 21, 2014) -- Though experts still doubt the US blaming North Korea for the hack on Sony Pictures, the Obama Administration is treating responsibility as a settled question, and moving on toward retaliation.
How big of an overreaction the US has toward a nation that may well not have done it in the first place is an open question, but President Obama at the very least is insisting that hacking Sony over a comedy movie is not in and of itself an "act of war."
Obama went on to label it "cybervandalism," but puzzlingly is also considering adding North Korea back to the list of "state sponsors of terrorism" over the hack, which doesn't seem to be terrorism by any stretch.
Even playing the terrorism card didn't satisfy hawks, and Sen. John McCain (R - AZ) is beating the war drums once again, with former NY Gov. George Pataki calling for the US to "declare cyber war" on North Korea.
What that even means isn't clear, and Gov. Pataki conceded he isn't even sure how North Korea's economy works, or how its communications systems would need to be disrupted in such a war, though he was confident the US could do so.
North Korea, for its part, is reiterating that it didn't do anything in the first place, and offering a joint investigation into the hack. The US will not accept, of course, as they've already officially blamed North Korea and, evidence aside, will stand by that allegation.
These Experts Still Don't Buy the FBI
Claim that North Korea Hacked Sony
Michael Hiltzik / Los Angeles Times
(December 21, 2014) -- President Obama has done his best to tamp down fury at North Korea for hacking Sony--"I don't think it was an act of war," he said Sunday on CNN, but "cybervandalism"-- but to find true skepticism about North Korea's role in the attack, you have to turn to the professional hacking and anti-hacking community.
Many hackers, anti-hackers and cybersecurity experts still don't share the FBI's conclusion that "the North Korean government is responsible for these actions," as the agency declared last week. They've picked apart the FBI's evidence, which was set forth in a public memo Friday and a much more detailed alert circulated to corporation security departments early in December, and found it wanting.
As we explained earlier, that's important for two main reasons: You don't want to stoke anger at a government that may be either innocent or peripherally involved (North Korea has denied responsibility for the Sony attack), and you don't want the real perpetrators to evade the law-enforcement net.
Let's take a look at what the experts are saying. Our first stop is Marc W. Rogers, whose anti-hacking credentials are impeccable; among other roles, he helps screen papers for presentation at DEF CON, the leading hacker conference.
In his latest blog post, Rogers underlines what he sees as the major weaknesses in the FBI's claim. The agency says it blamed North Korea in part because the software deployed against Sony resembles that used, purportedly by North Korea, in two other major hack attacks, one targeting the Saudi arm of the oil company Aramco in 2012, and a crippling attack on South Korean businesses in 2013.
The problem there is that North Korea's role in the earlier attacks is itself unproven. Rogers writes that it's "pretty weak in my books to claim that the newest piece of malware is the act of a nation state because other possible related pieces of malware were 'rumored' to be the work of a nation state. Until someone comes up with solid evidence actually attributing one of these pieces of malware to North Korea I consider this evidence to be, at best, speculation."
Rogers also questions the FBI's assertion that "significant overlap" exists "between the infrastructure used in this attack and other malicious cyber activity the US government has previously linked directly to North Korea. That infrastructure comprises IP, or Internet protocol, addresses purportedly used in the past by North Korea and found in the malware deployed against Sony.
But as Rogers and fellow hacker "Dr. Krypt3ia" assert, the IP addresses cited by the FBI (in its earlier flash alert) are proxy addresses that, Dr. Krypt3ia says, "could be used by just about anyone" to hide their location and identity. They're not located within North Korea or even in China, which is sometimes identified as its accomplice, but rather in Thailand, Poland and other countries -- all "open to the public" and used in previous span and malware attacks. "No North Koreans," Rogers says, "just common garden internet cybercriminals."
For more skepticism, see Rob Graham at Errata Security, computer security analyst Graham Cluley and Martyn Williams at PC World.
The anti-hacker community isn't ruling out North Korea. Many also acknowledge that the FBI may have stronger evidence against North Korea that it's chosen not to make public. It's also proper to note that disdain for the FBI--indeed, for the government in general--runs deep in this community.
But these experts' warnings that it may be premature to declare the case closed should be taken seriously. To quote Dr. Krypt3ia again: "Let's take a step back here and ponder the FBI statement today on colonel mustard in the study with the laptop before we go PEW PEW PEW ok?"
Copyright 2014, Los Angeles Times
FBI Steered Itself Toward Blaming North Korea for Sony Hack
Jason Ditz / AntiWar.com
(December 21, 2014) -- Everyone is familiar with the basic narrative of the Sony Pictures hack now. North Korea, furious at the upcoming release of "The Interview" starring Seth Rogen, hacked Sony Pictures and threatened them until they pulled the movie.
Everyone "knows" that, especially the FBI, but it's not what happened. The narrative was manufactured largely after the fact, with an eye toward pinning the hack on North Korea. The evidence shows something different entirely.
The infiltration went on for months before the hackers crashed the Sony Pictures systems, and knew a remarkable lot about the internal workings of their corporate networks. The early statements from the hackers made no mention of North Korea, or "The Interview."
Indeed, it was only after the US started mentioning that as a possibility, and media outlets started speculating about it, that the hackers latched on to the North Korea excuse and started mentioning any problem with the movie.
Early on, Sony's own security was seeing the incident as a probable inside job, with a disgruntled former employee almost certainly involved in laying the groundwork for the attack.
Sony only abandoned the "insider" theory after the FBI started pushing the idea of North Korea being responsible, and the movie being the instigating factor. This was convenient for Sony, since it deflected attention from their own internal security failings by making it some huge nation-state attack they couldn't possibly be expected to withstand.
The FBI, having raised the possibility of North Korea being responsible and under growing pressure to blame somebody, declared their wild guess to be proven fact, something which satisfied everybody, and set the stage for threats of US retaliation against people who, in all likelihood, had nothing to do with the hack.
Posted in accordance with Title 17, Section 107, US Code, for noncommercial, educational purposes.