Friday, December 19, 2014

FBI Still Blames North Korea for Sony Hack (Updated)

December 19, 2014 - The FBI blamed North Korea today for the unprecedented computer hacking attack of Sony Pictures Entertainment (SPE) in late November. It is widely believed that the cyber attack was North Korea's retaliation for Sony's film "The Interview." The film depicts a fictional CIA-sponsored assassination of N. Korea's young dictator Kim Jong-unUPDATED, 30 December: New Evidence.....

Kim Jong Un 'death scene' from The Interview
- MirrorNinja (watch video)
The Interview was released to theaters on Christmas Day, despite earlier threats of terrorism that caused Sony to pull the film's release.

The attack on Sony was devastating. In it's statement, the FBI said that "the destructive nature of this attack, coupled with its coercive nature, sets it apart." The statement said that the FBI is confident that the North Korean government "is responsible for these actions."

Experts Doubt North Korea's Role:
Was North Korea really behind the attack on Sony Picture's computers? Or was is one or more former Sony employees, possibly working as a paid contractor for North Korea?

On Dec. 29, Hollywood Reporter: "Security firm Norse claims it has evidence that shows the Sony hack was perpetrated by six individuals, including two based in the U.S., one in Canada, one in Singapore and one in Thailand. Norse senior vp Kurt Stammberger told the Ledger, a security industry news website, that among the six was one former Sony Pictures employee, a 10-year veteran of the company with a very technical background who was laid off in May following restructuring. Norse used human resources documents that were leaked as part of the hack to first identify and then track the former Sony employee's online activity at least since May, when the person left the company."

Dec. 27, CNN: "It's clear to us, based on both forensic and other evidence we've collected, that unequivocally they are not responsible for orchestrating or initiating the attack on Sony," said Sam Glines, who runs the cybersecurity company Norse.

Dec. 29, Dark Matters: "Norse Investigation Focusing on a Small Group, Including Sony Ex-Employees"

Dec. 30, Daily Beast: "Stammberger said that Norse’s analysis is now pointing toward an attack against Sony by disgruntled employees that was conducted in stages and over the course of several months, beginning as early as July, and that North Korea opportunistically praised the attack only after it was discovered."

From the FBI's December 19 press release:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

....The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.
....Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.
....the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

- Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

- The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
- Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

....the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior.... (read the full press release here.)

Also See:
U.S. suspects North Korea had help attacking Sony Pictures Reuters (29 Dec)
New Evidence Points to Inside Job, Security Experts Say Hollywood Reporter (Dec 29)
No, North Korea Didn’t Hack Sony Daily Beast (30 Dec)
FBI Fixated on North Korea for Sony Hack Despite New Evidence Daily Beast (30 Dec)
Hackers Make New Demands On Sony Pictures TMZ
Obama pledges proportional response to Sony hack AP/Watertown Public Opinion
Hack Attack Spurs Call For More North Korea Sanctions AP/Atlanta Daily World
Watch the Kim Jong-un Death Scene from The Interview MirrorNinja
Sony Pictures hack: Timeline of revelations from unprecedented cyber-attack IBTimes
Sony Pictures proves Hollywood is a land of cowards New York Post
George Clooney: Hollywood must push for release of The Interview  The Telegraph (UK)
North Korea’s Secret Movie Bootleggers Daily Beast