SoylentNews

F.B.I. Has No Doubt that North Korea Attacked Sony, says Director

posted by n1 on Thursday January 08 2015, @12:45PM   
from the numbers-don't-lie dept.

mendax writes:

The New York Times is reporting the FBI's director is publicly stating that the bureau has no doubt the North Koreans are behind the Sony hacking attack:

James B. Comey, director of the Federal Bureau of Investigation, said on Wednesday that no one should doubt that the North Korean government was behind the destructive attack on Sony’s computer network last fall.

Mr. Comey said he had “high confidence” in the F.B.I.’s quick determination that North Korea was behind the attack. He said skeptics in the Internet security world who have suggested other theories for who was responsible did not have all the information he does.

The F.B.I. director said national security concerns limited just how far law enforcement officials could go in revealing evidence that points to North Korea. But at a conference on cybersecurity in New York, Mr. Comey offered some of the evidence the F.B.I. had found.

One of the telltale pieces of evidence, he said, were a few I.P., or Internet Protocol, addresses that could be traced directly to North Korea. Mr. Comey said members of the group claiming responsibility for the hacking — Guardians of Peace — did a good job concealing their identities but slipped up in some cases.

"They used proxy servers to disguise” the trail of evidence, Mr. Comey said. “But sometimes they got sloppy.”

Should we believe him? After all, he is the FBI director, not exactly a source of truthful information.

• Re:Believe us, but our evidence is classifiedRe:Believe us, but our evidence is classified (Score: 2, Interesting) by Synonymous Homonym on Friday January 09 2015, @07:41AM

  by Synonymous Homonym (4857) on Friday January 09 2015, @07:41AM (#133125) Homepage

  Read this:
  https://nknetobserver.github.io/?utm_content=10739531 [github.io]
  NP has RedHat servers running Apache with OpenSSL reachable at public, assigned IPv4 addresses.
  No circumventing of any firewalls necessary here. Or even traversing NATs.

  Parent

  Starting Score:	1		point
  Moderation		+1
  Interesting=1, Total=1
  Extra 'Interesting' Modifier		0
  Total Score:		2

• hey mods! mod parent up(Score: 1) by fleg on Friday January 09 2015, @10:07AM

  by fleg (128) on Friday January 09 2015, @10:07AM (#133148)

  +1 interesting

  Parent

• Re:Believe us, but our evidence is classifiedRe:Believe us, but our evidence is classified (Score: 2) by zocalo on Friday January 09 2015, @10:38AM

  by zocalo (302) on Friday January 09 2015, @10:38AM (#133154)

  I'd already read it some time ago - that's how I knew about the DPRK's IP ranges. You do realise that there is a almost certainly difference between crossing a firewall inbound and outbound though, right? I did make that distinction in my post above. Just because the webserver is accepting HTTP requests from the Internet (for instance) doesn't necessarily mean that it can also make them *to* the Internet as well, let alone launch the kind of arbitrary requests that might have been necessary to perform the attack on Sony.
  
  You're still missing my point though, which is that the FBI's supposed evidence is *still* entirely unsubstantiated and what they are now claiming they have is also *circumstantial* - e.g. not something that can be considered as a fact for a conviction in a criminal court of law, no matter how accepting people are of the new "data". That doesn't necessarily mean it's entirely bunk though; there's one very obvious scenario that would absolutely allow the FBI to pin the blame on the DPRK in the timeframe they had and also provide hard evidence in the form of IP address logs; the NSA has pwned the routers via which all the DPRKs traffic (it's such a small allocation that the number or routes the traffic must initially take is low enough to make this possible) or has compromised systems within the DPRK's internal networks. If they can see all the inbound and outbound traffic, and can show that the connections were initiated from DPRK IP space without any corresponding botnet/proxy traffic inbound (e.g. be 100% certain the know the originating IP of the actual human operator), then the FBI's claims would actually be truthful, shocking as that might be.
  
  Assuming this isn't just a false flag to justify more sanctions (or worse) then I suspect something along those lines is probably what's actually gone on here. Since that's obviously into sources and methods territory there's no way they are going to be able make that data public - assuming it exists, of course, so we're probably just going to have to accept that the DPRK has been judged and sentenced by a Star Chamber on this one. Still, just because it's a Star Chamber doesn't necessatrily mean that the evidence isn't valid, the accused guilty and the punishment permissable within the accepted and applicable legal frameworks - it's just means that those outside the chamber don't get to know for sure.

  --
  UNIX? They're not even circumcised! Savages!

  Parent

  • Re:Do they understand that Sony isn't the governme(Score: 1) by Synonymous Homonym on Tuesday January 13 2015, @12:25PM

    by Synonymous Homonym (4857) on Tuesday January 13 2015, @12:25PM (#134345) Homepage

    You do realise that there is a almost certainly difference between crossing a firewall inbound and outbound though, right?

    Yes. Outbound is usually easier, and often the only way.

    You're still missing my point though, which is that the FBI's supposed evidence is *still* entirely unsubstantiated

    No, I'm with you on that.
    And I would be very surprised if the network infrastructure of North Korea wasn't at least partially undermined by the NSA.
    Which would make a convincing false flag very easy.

    Parent