SoylentNews is people
SoylentNews
The New York Times is reporting the FBI's director is publicly stating that the bureau has no doubt the North Koreans are behind the Sony hacking attack:
James B. Comey, director of the Federal Bureau of Investigation, said on Wednesday that no one should doubt that the North Korean government was behind the destructive attack on Sony’s computer network last fall.
Mr. Comey said he had “high confidence” in the F.B.I.’s quick determination that North Korea was behind the attack. He said skeptics in the Internet security world who have suggested other theories for who was responsible did not have all the information he does.
The F.B.I. director said national security concerns limited just how far law enforcement officials could go in revealing evidence that points to North Korea. But at a conference on cybersecurity in New York, Mr. Comey offered some of the evidence the F.B.I. had found.
One of the telltale pieces of evidence, he said, were a few I.P., or Internet Protocol, addresses that could be traced directly to North Korea. Mr. Comey said members of the group claiming responsibility for the hacking — Guardians of Peace — did a good job concealing their identities but slipped up in some cases.
"They used proxy servers to disguise” the trail of evidence, Mr. Comey said. “But sometimes they got sloppy.”
Should we believe him? After all, he is the FBI director, not exactly a source of truthful information.
(Score: 5, Interesting) by bradley13 on Thursday January 08 2015, @01:01PM
IP addresses, they show, nothing else. Obviously, he has never heard of proxies. If someone is good enough to pull off this hack, they aren't going to use easily traceable IP addresses. Meanwhile, any "real" evidence isn't being shown, just possibly because there isn't any.
Native Korean speakers have pointed out that the Korean texts associated with this case read like someone ran a Western language through Google translate. The hack almost certainly required inside knowledge, and there aren't many North Koreans who have worked for Sony.
What's behind the curtain? Why would the FBI want to point their finger at North Korea?
Everyone is somebody else's weirdo.
(Score: 4, Interesting) by zocalo on Thursday January 08 2015, @02:02PM
Ultimately though, the public still only has what the FBI et al are saying they have and no tangible evidence, circumstantial or otherwise, to back that up so we're not really any further along than yesterday in establishing how likely one theory is over another.
UNIX? They're not even circumcised! Savages!
(Score: 3, Insightful) by Anonymous Coward on Thursday January 08 2015, @02:36PM
Which shows you don't know jack shit about Intelligence work, or common sense. Nobody said it came from a ,"chance random PC." The idea is that if you want to intentionally fuck up North Korea, you'd purchase botnets and have them ping your own honeypot until you get a live one from the NK block (if you're not a state actor running your own botnet)... then utilize that system(s) for the attack as a proxy. Thus the FBI "discovers" "evidence" that the attack "came" from N.K.
*If* that's the level of proof being offered, then the FBI needs to fire whomever actually wrote the conclusion that Director Comey is parroting.
The reality is, though, thanks to George Bush and Colin Powell and their staffs, nothing this government offers as "evidence" should be trusted by anybody, ever. I'm still working out if this was actually a service to humanity or treason against the American public.
At least we know we've been here before, though. The only question, untilmately, is how many lives Barack Obama or his successor will squander on more pointless wars.
(Score: 0) by Anonymous Coward on Thursday January 08 2015, @05:08PM
These wars are not pointless. They clearly reinforce the status quo, people with money make even more from the wars, and patriotism is rising at a disturbing rate. Every wounded or killed military service member is another intentional "hero" martyr in the never-ending war against whichever other the political class is scapegoating. Lives lost are of no concern to them. Those lives are merely a means to the end of retaining the current socioeconomic stratification.
(Score: 2) by zocalo on Thursday January 08 2015, @05:28PM
As to your other point, why not think about how flimsy your scenario's circumstantial evidence is? For that to work, all of the following would have to be true, and more besides:
A PC in DPRK got infected with a RAT.
That RAT was able to bypass the DPRK's firewalls and other any other systems they might have designed to control & monitor Internet access.
The RAT was able to phone home and establish a connnection with the botnet's C&C servers.
The C&C servers were able to send commands to the RAT, again circumventing the DPRK's firewalls etc.
That botnet operator contacted by someone looking to shaft DPRK for the actions of the GoP.
The RAT is able to act as a proxy for connections to Sony's systems, a company that the DPRK presumably does not want any of their general populace dealing with right now (based on Comey's comments "connect" is all that is required, it can then drop the connection).
That seems even less likely to me than DPRK based hackers messing up their proxy configuration and connecting directly by mistake, but it's definitely possible and really needs to be something that the actual evidence the FBI has (whatever that may or may not consist of) can definitively rule out before they can be sure they actually have their man.
UNIX? They're not even circumcised! Savages!
(Score: 2, Interesting) by Synonymous Homonym on Friday January 09 2015, @07:41AM
Read this:
https://nknetobserver.github.io/?utm_content=10739531 [github.io]
NP has RedHat servers running Apache with OpenSSL reachable at public, assigned IPv4 addresses.
No circumventing of any firewalls necessary here. Or even traversing NATs.
(Score: 1) by fleg on Friday January 09 2015, @10:07AM
+1 interesting
(Score: 2) by zocalo on Friday January 09 2015, @10:38AM
You're still missing my point though, which is that the FBI's supposed evidence is *still* entirely unsubstantiated and what they are now claiming they have is also *circumstantial* - e.g. not something that can be considered as a fact for a conviction in a criminal court of law, no matter how accepting people are of the new "data". That doesn't necessarily mean it's entirely bunk though; there's one very obvious scenario that would absolutely allow the FBI to pin the blame on the DPRK in the timeframe they had and also provide hard evidence in the form of IP address logs; the NSA has pwned the routers via which all the DPRKs traffic (it's such a small allocation that the number or routes the traffic must initially take is low enough to make this possible) or has compromised systems within the DPRK's internal networks. If they can see all the inbound and outbound traffic, and can show that the connections were initiated from DPRK IP space without any corresponding botnet/proxy traffic inbound (e.g. be 100% certain the know the originating IP of the actual human operator), then the FBI's claims would actually be truthful, shocking as that might be.
Assuming this isn't just a false flag to justify more sanctions (or worse) then I suspect something along those lines is probably what's actually gone on here. Since that's obviously into sources and methods territory there's no way they are going to be able make that data public - assuming it exists, of course, so we're probably just going to have to accept that the DPRK has been judged and sentenced by a Star Chamber on this one. Still, just because it's a Star Chamber doesn't necessatrily mean that the evidence isn't valid, the accused guilty and the punishment permissable within the accepted and applicable legal frameworks - it's just means that those outside the chamber don't get to know for sure.
UNIX? They're not even circumcised! Savages!
(Score: 1) by Synonymous Homonym on Tuesday January 13 2015, @12:25PM
You do realise that there is a almost certainly difference between crossing a firewall inbound and outbound though, right?
Yes. Outbound is usually easier, and often the only way.
You're still missing my point though, which is that the FBI's supposed evidence is *still* entirely unsubstantiated
No, I'm with you on that.
And I would be very surprised if the network infrastructure of North Korea wasn't at least partially undermined by the NSA.
Which would make a convincing false flag very easy.
(Score: 5, Insightful) by RamiK on Thursday January 08 2015, @02:46PM
The China–North Korea border is 1400km long with cell phone reception extending 10km into North Korea and individuals smuggling smart-phones and TVs all the time.
Fact is, there's no reason for NK to use any known IP for such activities when they can just as easily buy IPs from a Chinese carrier without the carrier even knowing who's the customers.
compiling...
(Score: 2) by zocalo on Thursday January 08 2015, @03:36PM
UNIX? They're not even circumcised! Savages!
(Score: 2) by ikanreed on Thursday January 08 2015, @02:54PM
It's hard to say IP addresses are poor evidence.
North Korea isn't exactly a Utopia for anonymous proxies, and IP blocks are, broadly speaking, allocated to countries.
Sure, it's hypothetically possible to say some other nation used North Korean resources to launch an attack that happened to be focused on NK's "interests". But an IP alone has been enough to convict people of file sharing in the past.
(Score: 1, Insightful) by Anonymous Coward on Thursday January 08 2015, @03:34PM
Of course the biggest issue is whether the presented evidence is real evidence, or was manufactured. I mean, it's easy to take a log, change IP addresses, and present the changed log as "evidence". It's certainly easier than to fake evidence of WMD. After all, it's just digital data, and logs are usually not cryptographically signed (and even if they were, with only parts of it shown, the public couldn't verify anyway).
(Score: 2) by ikanreed on Thursday January 08 2015, @03:38PM
I think if you're broadly willing to consider the FBI as manufacturing evidence, the problems in your hypothetical universe probably ought not to focus on some random hacking.
In this hypothetical universe, you ought to consider bombing federal prisons to free the millions of falsely imprisoned.
(Score: 2) by tonyPick on Friday January 09 2015, @07:15AM
I think if you're broadly willing to consider the FBI as manufacturing evidence, the problems in your hypothetical universe probably ought not to focus on some random hacking
I would remind you of the (apparently widely accepted) US law enforcement technique of Parallel Construction [reuters.com], which is pretty much manufacturing evidence for cases where they "know" someone to be guilty, and concealing the actual investigation.
(Score: 2) by ikanreed on Friday January 09 2015, @03:13PM
It's not inventing evidence, it's dodging constitutional guards against improper evidence collection.
Those are not the same, and while both ideas form around the core notion that the government is doing something wrong, you actually have to prove the claim that you made.
(Score: 2) by urza9814 on Friday January 09 2015, @04:44PM
Who says the *hackers* didn't alter the evidence? I mean come on, you've got some disgruntled employee or Anon/Lulzsec type, or one of the millions of other people with plenty of motivation to want to take Sony down. Then you see North Korea making this speech to the UN screaming about Sony's new movie. Easier to change the evidence than conceal it -- if you try to just be careful and hide the evidence, you might miss something and they'll keep looking until they find it. If on the other hand you inject evidence pointing towards someone who they already suspect and who they already consider the enemy, then they're going to find that evidence and stop looking. If they wanted to frame someone for this hack, North Korea would certainly be the obvious and ideal choice.
(Score: 2) by tonyPick on Saturday January 10 2015, @09:59AM
It's not inventing evidence,
From the linked article
In a Florida drug case he was handling, the prosecutor said, a DEA agent told him the investigation of a U.S. citizen began with a tip from an informant. When the prosecutor pressed for more information, he said, a DEA supervisor intervened and revealed that the tip had actually come through the SOD and from an NSA intercept.
I'd agree that the objectivepoint of the fabrications in these examples is to introduce additional evidence, and conceal the source of other information, into the formal chain they submit to a court due to the context they're using it in.
However inventing an informant is pretty clearly fabrication in my book, regardless of where the subsequent chain goes. Once you go down this line I'm not seeing a big step to inventing a log.
(and as an aside, I'm not the GP)
(Score: 0) by Anonymous Coward on Friday January 09 2015, @07:32AM
Out of curiosity: How much does JTRIG pay you?
(Score: 1, Funny) by Anonymous Coward on Thursday January 08 2015, @06:14PM
IP addresses, they show, nothing else.
In related news the MPAA has issued subpoenas for multiple Duck Doe Johns charging them with illegal uploading of copyrighted material. The MPAA estimates that the losses related to this illegal upload at $25 billion, which is slightly more than twice the GDP of North Korea.
(Score: 0) by Anonymous Coward on Thursday January 08 2015, @08:45PM
There probably is additional evidence... gleaned from secret NSA programs that may not have been leaked by Edward Snowden. At least we are not planning on invading North Korea.