Friday, December 19, 2014

SOMEONE MIGHT BE LYING

The same government that claims it can't find a Boeing 777 airplane or locate emails from the director of the IRS claims absolute confirmation of the involvement of North Korean hackers in a breach of Sony Entertainment's computers. From the FBI itself:
As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
Wired Magazine (is it still a magazine?) produced an article to the contrary:
Attribution Is Difficult If Not Impossible
First off, we have to say that attribution in breaches is difficult. Assertions about who is behind any attack should be treated with a hefty dose of skepticism. Skilled hackers use proxy machines and false IP addresses to cover their tracks or plant false clues inside their malware to throw investigators off their trail. When hackersare identified and apprehended, it’s generally because they’ve made mistakes or because a cohort got arrested and turned informant.
Nation-state attacks often can be distinguished by their level of sophistication and modus operandi, but attribution is no less difficult. It’s easy for attackers to plant false flags that point to North Korea or another nation as the culprit. And even when an attack appears to be nation-state, it can be difficult to know if the hackers are mercenaries acting alone or with state sponsorship—some hackers work freelance and get paid by a state only when they get access to an important system or useful intelligence; others work directly for a state or military. Then there are hacktivists, who can be confused with state actors because their geopolitical interests and motives jibe with a state’s interests.
Distinguishing between all of these can be impossible unless you’re an intelligence agency like the NSA, with vast reach into computers around the world, and can uncover evidence about attribution in ways that law enforcement agents legally cannot.
Then Sony essentially claimed that North Korea has done the company a favor:
"The unanimous point of view here is that this (is) another misfire from the pairing," said an e-mail purportedly written by Peter Taylor, of Sony Pictures UK.
Taylor said the film was "desperately unfunny and repetitive," and "James Franco proves once again that irritation is his strong suit which is a shame because the character could have been appealing and funny out of his hands."
Taylor and other executives agreed that the first half hour of the film, which features a satirical interview with hip-hop artist Eminem, was amusing but was later overshadowed by "realistic violence that would be shocking in a horror movie"
But could it be that all be that this fluff is just a veiled effort give the federal government a reason to nuke North Korea for denying Americans the opportunity to see a straight-to-DVD feature the power to oversee cyber security?
Senate Intelligence Committee Chairman Dianne Feinstein, D-California, said the November attack has increased urgency for the Cybersecurity Information Sharing Act, which failed to make it to the Senate floor in July, despite winning bipartisan committee support. Feinstein, who remains the committee's top Democrat as new Republican majority takes control in January, plans to reintroduce the measure. 
Nope. Given that this whole situation makes so much sense, that's just outrageous.