User topics

Article topics

Log in Sign up

Just WHY is the FBI so sure North Korea hacked Sony? NSA: BLUSH

For those still wondering why US President Barack Obama and the FBI have so confidently blamed North Korea for the Sony Pictures hack, it's apparently because the NSA compromised the secretive country's computer network years before – giving American intelligence a front-row seat for subsequent shenanigans. The New York Times …

COMMENTS

Post your comment

House rules Send corrections

Add to 'My topics'

Page:

Monday 19th January 2015 11:54 GMT streaky

Evidence?

The argument is the NSA in NK's gear. Well no kidding that's what they're supposed to do. Then <conjecture> therefore it must therefore be NK. The article actually contradicts itself:

The N.S.A.’s success in getting into North Korea’s systems in recent years should have allowed the agency to see

Yeah, no shit, one would think that, wouldn't one?

Don't get me wrong I can't imagine how or why it could have been anybody but North Korea but I've still not seen any evidence it actually was.

19 0 Reply
1. Monday 19th January 2015 22:21 GMT Mark 65
  
  Re: Evidence?
  
  Given the NSA got into NK kit using zero day exploits are they that convinced that no other machines in the entire country could not have likewise been hacked by any other person on the planet ever? If they're not sure then what's to say those machines that data came from for the emails and attacks weren't being used as proxies?
  
  8 0 Reply
2. Monday 19th January 2015 22:32 GMT BillG
  
  Re: Evidence?
  
  why is the US intel community disclosing source and methods just to bolster the credibility of its explanation for the Sony hack?
  
  Because it's to Sony's benefit.
  
  It's better for Sony stockholders if they believe Sony was up against a powerful state-sponsored attack from an evil nation, rather than admit Sony's security was the equivalent of a screen door for a submarine hatch and (this part is true) only one technical person at Sony was tasked with internet security while multiple security analysts told Sony their security system should be nicknamed The Titanic.
  
  7 2 Reply
3. Tuesday 20th January 2015 09:18 GMT Pronounce
  
  Re: Evidence?
  
  And what kind of secret spy agency do you have when they give away the secrets? Isn't Snowden a criminal for sharing the same thing?
  
  It's like when Kim Kardashian cried, "boo hoo someone shared my secrets bits on the net", but now that she gets to make the call it's all-good.
  
  If nothing else this stuff can be used as a script for a modern day Greek comedy.
  
  0 1 Reply
Monday 19th January 2015 11:57 GMT Anonymous Coward

I think it's safe to assume...

...that whatever the NSA says is the opposite of the truth.

34 1 Reply
1. Monday 19th January 2015 12:27 GMT Annihilator
  
  Re: I think it's safe to assume...
  
  And probably the Nork government too, so kinda hard to call it on balance.. I use the word "government" loosely too.
  
  9 0 Reply
2. Monday 19th January 2015 22:21 GMT Oninoshiko
  
  Re: whatever the NSA says is the opposite of the truth.
  
  You can't depend on that, if you do they'll start telling the truth, because you'll think it's a lie.
  
  3 0 Reply
3. Thursday 22nd January 2015 19:35 GMT Michael Wojcik
  
  Re: I think it's safe to assume...
  
  Sigh. When will they start teaching critical thinking (and Bayesian reasoning) to these kids?
  
  0 0 Reply
Monday 19th January 2015 12:06 GMT RachelG

We know they lie

We're just finally at the point in the "cry wolf" story when the villagers don't believe it when there might actually be a wolf.

I don't suppose they'll get the aesop though.

27 1 Reply
1. Thursday 22nd January 2015 19:46 GMT Michael Wojcik
  
  Re: We know they lie
  
  They understand the principle just fine. They also understand that it has little actual force in the real world. History and psychological experimentation provide ample evidence that audiences are not, in general, strongly conditioned by a history of falsehoods; that the "Big Lie" and other non-logical rhetorical techniques are far more successful at persuading people, in general, than logic and reason; and that a strategic mix of silence, deception, and limited truth (carefully couched) has been very successful in achieving their aims¹ and shows no signs of weakening.
  
  For all the ink and breath spent on the subject, I see no signs that the Snowden revelations, for example, have done any significant damage to government intelligence agencies or broadly speaking to the parasitic private industry they contract out to. That doesn't mean those revelations were not useful, but their utility does not appear to include any dismantling or even reduction of the surveillance / police state.
  
  (And the same is true of other, longer-standing efforts in this area, such as Cryptome. John Young may be a class-A curmudgeon,² but he's been publishing stuff since long before Wikileaks was a gleam in an attention-seeker's eye. Yet still we have steady encroachment on civil liberties and other abuses of power. Ditto Watergate, the Pentagon Papers, etc.)
  
  ¹First of which is the continued existence and burgeoning budget and power of the intelligence industry, of course.
  
  ²And visitor to these hallowed pages under a pseudonym? Perhaps.
  
  2 0 Reply
Monday 19th January 2015 12:13 GMT Anonymous Coward

Curious timing

As always, politicians in general and the US of A in particular, start out with a lie, and if it doesn't convince Joe Public, they come up with another lie. And then months later, if the doubters are still numerous and loud, come up with that damning piece of "evidence" to silence them all... (of course, that's another lie).

If what they say was credible, surely they'd have mentioned it much earlier (especially since they claim to have been in NK's networks since 2010). The timing just stinks.

And the pattern repeats: WMD, Snowden, Torture (or, sorry, Enhanced Interrogation Techniques)...

Lie after lie after lie... because the first lie just wasn't convincing enough, the second didn't quite do the trick either... and on and on it goes...

30 1 Reply
1. Monday 19th January 2015 12:19 GMT Anonymous Coward
  
  Re: Lie after lie after lie...
  
  Let's not call them lies, that sounds far too negative. How about "An Orchestrated Litany of Fearmongering" instead?
  
  23 1 Reply
  1. Monday 19th January 2015 17:25 GMT Someone Else
    
    Re: Lie after lie after lie...
    
    Let's not call them lies, that sounds far too negative. How about "An Orchestrated Litany of Fearmongering" instead?
    
    Hmmm...'OLOF'. That works.
    
    3 0 Reply
  2. Tuesday 20th January 2015 03:43 GMT Robert Helpmann??
    
    Re: Lie after lie after lie...
    
    How about "An Orchestrated Litany of Fearmongering" instead?
    
    Not bad, but it could use a little something. Perhaps "legitimately inelegant explanations" instead? Oh, wait...
    
    2 0 Reply
    1. Tuesday 20th January 2015 09:51 GMT Anonymous Coward
      
      Re: As always with the NSA its...
      
      Hastily Organised Response of Spurious Evidence Suggesting Hostile Intelligence Taskforce
      
      3 0 Reply
2. Monday 19th January 2015 13:02 GMT I Am Spartacus
  
  Re: Curious timing
  
  Lets not restrict this to the USA.
  
  I seem to recollect one A. Blair and the 45 minute Dodge Dossier.
  
  Politicians Lie - no shit sherlock
  
  11 0 Reply
  1. Monday 19th January 2015 23:06 GMT Gannon (J.) Dick
    
    Re: Curious timing
    
    IN-ADDR.ARPA kcolrehs tihs on
    
    0 0 Reply
3. Monday 19th January 2015 16:22 GMT Eddy Ito
  
  Re: Curious timing
  
  I don't think this about convincing Joe Public; I think it's more about convincing corporate that to open the kimono and let Uncle Sam in and that "sharing" information is the safest route.
  
  9 0 Reply
4. Monday 19th January 2015 17:02 GMT thomas k.
  
  Re: Lie after lie ...
  
  So, UFOs *are* real, one did crash at Roswell in '47 where we recovered alien bodies and captured a live one? Woot!
  
  (Sorry, been trapped in the strange neighborhood at youtube for a few days.)
  
  2 0 Reply
5. Thursday 22nd January 2015 19:52 GMT Michael Wojcik
  
  Re: Curious timing
  
  politicians in general and the US of A in particular
  
  While it's true that (nominal) representative democracies require more rhetorical maneuvering than political systems which unabashedly secure power for specific individuals, I don't think the USA holds any special status in this regard. On what grounds do you believe the Commonwealth countries, for example, feature less falsehood among the political class?
  
  In fact, at the Federal level, the separate election of the legislature and executive (as opposed to conjoining them in a parliamentary system), and the de facto two-party arrangement, might conceivably reduce the need for falsehood a bit.
  
  1 0 Reply
Monday 19th January 2015 12:14 GMT pinkmouse

Come on chaps, think like a spook. You have an actor who you can't crack. What do you do? You persuade them that their current system is broken so they will change it.

The organized chaos of a changeover would be the ideal time to compromise a system.

20 1 Reply
1. Monday 19th January 2015 23:08 GMT Anonymous Coward
  
  Come on chaps, think like a spook. You have an actor who you can't crack. What do you do? You persuade them that their current system is broken so they will change it.
  
  Not at all far-fetched. One result of the Snowden revelations is that the terrorists, who already suspected, switched to home-grown crypto. As a result, the USIC (new acronym!) have reaped a windfall of intelligence due to flaws in the new crypto software. Forcing North Korea to switch to some new, potentially flawed, methods (not just software) would be a nice thing to do.
  
  2 1 Reply
Monday 19th January 2015 12:16 GMT JimmyPage

Would have been more impressive (and believable)

if they had stopped the hack.

15 1 Reply
1. Monday 19th January 2015 12:27 GMT fruitoftheloon
  
  @Jimmy: Re: Would have been more impressive (and believable)
  
  Jimmy,
  
  quite, if I held a US passport and/or Sony stock I would be more than a tad miffed about the whole sequence of events, i.e. WHAT ARE WE PAYING THE NSA TO DO??
  
  Or I am being unfair?
  
  Cheers,
  
  J
  
  12 1 Reply
  1. Monday 19th January 2015 13:31 GMT Dan Paul
    
    Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
    
    You didn't see the "Imitation Game" movie then did you? Where they made a decision not to provide actionable intelligence for a US food/material ship convoy being targeted by German submarines as that would tip the Germans off that the Enigma code had been broken? Or where it might by comparison be silly to say anything about the NSA having compromised the DPRK's network?
    
    1 10 Reply
    1. Monday 19th January 2015 14:01 GMT NumptyScrub
      
      Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
      
      You didn't see the "Imitation Game" movie then did you? Where they made a decision not to provide actionable intelligence for a US food/material ship convoy being targeted by German submarines as that would tip the Germans off that the Enigma code had been broken? Or where it might by comparison be silly to say anything about the NSA having compromised the DPRK's network?
      
      So they let Sony get hacked, only to tell us anyway a little while later. Yet we have not been told of whatever major Nork hack they did manage to thwart that has tipped the DPRK off that their systems are compromised.
      
      If it was far more important than a tiny global megacorp like Sony, I'd have thought they might have been crowing about it. As is, all I see is some additional "evidence" presented to make a previous statement sound more convincing, and nothing regarding why they chose to sabotage their (apparently successful and long running) intrusion at this time by doing so.
      
      It is a mystery ^^;
      
      10 1 Reply
      1. Monday 19th January 2015 20:18 GMT Anonymous Coward
        
        Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
        
        Did anyone actually tip them (DPRK) off? Maybe yes, maybe no, we'll never know for sure.
        
        They'd be stupid if they did not think we were nosing around their network any way. DPRK are cetainly nosing about our networks and others. We are not responsible for Sony's network security and do a piss poor job of keeping our own "secure".
        
        Evidence planting is the stock and trade of the "spooks". The US bankrupted the USSR by letting bits of info leak about Star Wars, and I see no reason why we would not continue the methodology with DPRK. They just have less to lose.
        
        The Obama administration would glady "crow" about any success they could, even if that puts people in harms way. So it appears that there are no successful attempts on their networks that he is aware of (or we would have already heard about it).
        
        0 0 Reply
    2. Monday 19th January 2015 14:07 GMT JimmyPage
      
      Re: @Dan Paul
      
      Yes I have seen the Imitation Game. It's a film isn't it. A work of entertainment ?
      
      It's a well known paradox of cryptography that in order to maintain your advantage in the long run, you may have to make short term sacrifices. Sounds easy on paper, until you realise the sacrifices have families.
      
      However, in *this* case, it's hard to see what the long term advantage being protected by leaking a story about how you had the capability to do what everyone thought you had the capability to do anyway is.
      
      Although many people did make a sacrifice, and go and see "The Interview". I guess that's the price of [cyber]war.
      
      7 2 Reply
      1. Monday 19th January 2015 14:25 GMT Ken 16
        
        Re: @Dan Paul
        
        Coventry
        
        4 2 Reply
      2. Tuesday 20th January 2015 10:40 GMT Mark Dempster
        
        Re: @Dan Paul
        
        >Yes I have seen the Imitation Game. It's a film isn't it. A work of entertainment ?<
        
        Yes, it was. And rather a good one as it happens, but that's not relevant here. What IS relevant is that the decision to allow many attacks to take place anyway DID happen; probably the worst example being the firebombing of Coventry,
        
        Not that it means that that's what happened in the Sony case, but you can't just dismiss the other guy's poinit because he mentioned the film rather than the wartime government policy
        
        0 0 Reply
    3. Monday 19th January 2015 15:42 GMT fruitoftheloon
      
      @Dan: Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
      
      Dan,
      
      no I didn't, but I do know my history from WW2 about convoys and the blitz.
      
      Regardless of that, I think my original point is still valid, I would have thought it not beyond the realms of possibility for someone in the US State Department to have a word with a Sony board member about something they may like to pay attention to...
      
      Or perhaps they did but were politely rebuffed along the lines of "We meet all relevant standards and have leading edge technologies, blah... blah... blah'
      
      J
      
      1 1 Reply
      1. Monday 19th January 2015 20:28 GMT Dan Paul
        
        Re: @Dan: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
        
        J,
        
        Why would anyone even have that conversation with Sony? I wouldn't. Even someone from the State Department wouldn't get any respect from those arrogant bastards at Sony.
        
        4 0 Reply
        
        Monday 19th January 2015 21:18 GMT fruitoftheloon
        
        @DanRe: @Dan: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
        
        Dan,
        
        You are probably right.
        
        Cheers,
        
        J
        
        0 0 Reply
    4. Monday 19th January 2015 17:07 GMT streaky
      
      Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
      
      Or where it might by comparison be silly to say anything about the NSA having compromised the DPRK's network?
      
      I'm positive that North Korea are aware that security services from various countries are in their systems and that passing on relevant information would have made zero difference to the NSA's capabilities.
      
      0 0 Reply
2. Monday 19th January 2015 14:23 GMT Ken 16
  
  More impressive still
  
  if they ran the whole Sony hack from the North Korean servers
  
  0 0 Reply
3. Tuesday 20th January 2015 03:57 GMT skeptical i
  
  Re: Would have been more impressive (and believable)
  
  What? And stop the distract-a-thon that a shedload of badmouthing emails will provide? If people are getting wrapped up in the internecine warfare that is Hollywood celebrity culture, they won't be asking questions, will they.
  
  0 0 Reply
Monday 19th January 2015 12:27 GMT Anonymous Coward

So no new evidence then. The 'key evidence' that I've seen is a list of proxy IP addresses; all of which were published. So it could have been absolutely anyone. They might claim that using a particular bunch of IP addresses as a suite would 'fingerprint' the aggressors; but it reality it could still have been anyone...the suite of IP addresses being used by random chance or someone looking to frame the norks is at least as likely.

So this latest 'evidence' is a hearsay claim that the NSA had pwned the norks years earlier. On the face of it, this is reasonable, as eavesdropping on nuke-armed nutters is more or less what the NSA is for. Given a network as small as the norks I would suppose that they might well be able to point out the building the signals emanated from. But that's supposition and -given the evidence and effectiveness displayed- there is no reason to believe that the NSA could find the norks on a map, with 3 tries and a geographer standing by.

So with all the grillion$ of dollars to throw at things; laws bent; and lots of staff the NSA can only be wise in hindsight? Well shit, as a commentard I can be wise in hindsight for free, and nobody has to get their liberties fucked over in the process.

If they were monitoring, they failed. If they weren't monitoring they failed. Nobody believes a syllable they say anyway...for such a high-falutin' think tank; they don't seem to realise just how much of a hit their credibility has taken. Saying "it's OK, the NSA had it under control, but it's all operational so we can't tell you about it" just ain't good enough.

22 1 Reply
Monday 19th January 2015 12:32 GMT Pen-y-gors

Trust?

"All this is mostly based on anonymous briefings by shadowy intelligence types."

and we should believe that because...?

If you REALLY want to know what the NSA is up to then as a shadowy intelligence type (honest!) I'll happily give you an anonymous briefing - for the usual brown envelope full of swiss francs left in a hollow oak tree in Hyde Park.

5 0 Reply
Monday 19th January 2015 12:37 GMT kbb

Creating Precedent

Isn't it obvious? It's all a front by the RIAA/MPAA. If they can convince everyone that a list of IP addresses equates to the identificaiton of the guilty party then all those pesky "an IP address doesn't identify an individual" arguments get thrown away in court.

22 0 Reply
1. Monday 19th January 2015 13:53 GMT elDog
  
  Re: Creating Precedent
  
  So sue them! The norks and the nsa, altho I'd be interested in knowing in which court of law it would be tried.
  
  0 0 Reply
2. Monday 19th January 2015 23:16 GMT Anonymous Coward
  
  Re: Creating Precedent
  
  Reality? That may be no joke. Lord knows, looking at the Sony memoranda vis-a-vis Google.... The universe is often a strange and perverse place.
  
  0 0 Reply
Monday 19th January 2015 13:03 GMT Anonymous Coward

Constructions such as this.

Should have some foundation, structure and supporting evidence to hold up.

Otherwise they are just Building 7's

1 0 Reply
Monday 19th January 2015 13:06 GMT PNGuinn

Smokez and Mirrorz

So it wox the NSA wot didit. Stands to reazon gov.

THEY WANTZ SONYZ WORLD LEADING ROOTZ KITZ TECKERNOOLGIEZ.

Seriously, this whole thing is getting so unbelievable even the above is becoming remotely believable.

12 1 Reply
Monday 19th January 2015 13:08 GMT Anonymous Coward

Conspiracy theory

...for that matter, how do we know it wasn't the NSA themselves? Encryption makes their jobs harder (my heart fucking bleeds). So how better to address that than a high-profile hack (giving an excuse to crack down on the technically literate) followed by an inexpensive atrocity (to get the public in an accepting mood to have their civil liberties dry-arse-fucked yet again)?

Blaming the norks is perfect because they can be guaranteed to spout enough mixed threats and denials to keep it all in the papers for weeks. And when that all starts to fade a bit, cue the atrocity...

EDIT: Ha! PNGuinn, you beat me to it.

13 0 Reply
Monday 19th January 2015 13:21 GMT SolidSquid

Look, look, here's an example of how the NSA is fighting the bad guys! Everyone knows North Korea are the bad guys, right? That makes us the good guys!

3 1 Reply
1. Thursday 19th February 2015 06:30 GMT Hans 1
  
  @SolidSquid
  
  Makes me think of a famous French standup comedian:
  
  My enemy is stupid ! He thinks I am the enemy when in fact it is obvious that he is it. (slightly hard to translate)
  
  0 0 Reply
Monday 19th January 2015 13:32 GMT Christoph

"our shared goal is to prevent bad actors from exploiting, disrupting or damaging U.S. commercial networks and cyber infrastructure. When it becomes clear that cyber criminals have the ability and intent to do damage, we work cooperatively to defend networks."

When we hacked into their networks, we found that these terrible criminals were hacking into our networks!!!!!!!!!!!!

14 0 Reply
Monday 19th January 2015 14:19 GMT Francis Vaughan

Four possibilities

There are four possibilities here. The cross product of:

NSA has broken/not broken the NK's net.

The NKs hacked/didn't hack Sony.

The North Koreans know if they hacked Sony or not. If they did, and the NSA have let it be known that they watched them, there is no real news.

The only really interesting possibility is that the North Koreans didn't hack Sony, and the NSA are saying that they have cracked the North Korean's network, and saw them do it. Clearly the North Koreans should conclude that the NSA are lying, and the NSA has not cracked their network. Or maybe they are bluffing...

Maybe the NSA has cracked the network, and knows the North Koreans didn't hack Sony... Maybe the North Koreans did hack Sony but the NSA are lying about knowing....

Sending mutually contradictory information to the enemy intelligence agencies is just what traditional intelligence work is about. Keeping their heads in a spin, and obfuscating any real intel that they have with noise is exactly what it is about.

7 0 Reply
Monday 19th January 2015 14:27 GMT Kane

"...is a load of dingo's kidneys..."

That's fetid dingo's kidneys, I think you'll find.

"Quite why the Feds are going to such lengths to convince the doubting infosec community, drawing attention to a program to wiretap a hostile country's internet infrastructure, is a puzzle. Perhaps the program had been uncovered. If not, why is the US intel community disclosing source and methods just to bolster the credibility of its explanation for the Sony hack?"

<cough>False Flag</cough>

3 0 Reply
Monday 19th January 2015 14:36 GMT Anonymous Coward

Why the US intel community would disclose source and methods just to bolster credibility.

>" If not, why is the US intel community disclosing source and methods just to bolster the credibility of its explanation for the Sony hack?"

Well, Bruce Schneier has a plausible theory that would explain that: from https://www.schneier.com/blog/archives/2015/01/attack_attribut.html -

What this all means is that it's in the US's best interest to claim omniscient powers of attribution. More than anything else, those in charge want to signal to other countries that they cannot get away with attacking the US: If they try something, we will know. And we will retaliate, swiftly and effectively. This is also why the US has been cagey about whether it caused North Korea's Internet outage in late December.

4 1 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Other stories you might like

Hackers mod a Sony PlayStation Portal to run PSP games

Modders claim GTA: Liberty City Stories and Tekken 6 are running 'very smoothly'

Personal Tech 20 Feb 2024 | 10

As NSA buys up Americans' browser records, Uncle Sam is asked to simply knock it off

If you could just not harvest our info unlawfully and without a warrant, that would be great

Public Sector 26 Jan 2024 | 18

No new top boss at NSA until it answers questions about buying up location, browsing data

Senator Ron Wyden puts his foot down – for as long as he can

Public Sector 2 Dec 2023 | 36

Ex-GCHQ software dev jailed for stabbing NSA staffer

Terrorist ideology suspected to be motivation

Security 3 Nov 2023 | 43

Ex-NSA techie pleads guilty to selling state secrets to Russia

Wannabe spy undone by system logs, among other lapses in judgement

Security 24 Oct 2023 | 11

Sony, Honda tease EV that aims to be a lounge on wheels

Video 'Afeela' packs Qualcomm kit, screens galore, runs Android and will have an app ecosystem

Personal Tech 18 Oct 2023 | 37

NSA hopes AI Security Center will help US outsmart, outwit, and outlast adversaries

Agency boss warns enemies trying to nick AI advances and 'corrupt our application of it'

AI + ML 2 Oct 2023 | 1

CISA reveals 'Admin123' as top security threat in cyber sloppiness chart

Calls for wider adoption of security-by-design principles continue to ring loudly from Uncle Sam

Security 6 Oct 2023 | 8

Microsoft promises to keep Call of Duty on PlayStation for next decade. Sony believes it

Redmond one step closer to $69B Activision Blizzard merger

Personal Tech 17 Jul 2023 | 34

Feds' privacy panel backs renewing Feds' S. 702 spying powers — but with limits

FBI agents ought to get spy court approval before reviewing US persons' chats, board reckons

Security 28 Sep 2023 | 2

UK watchdog reopens consultation on Microsoft's bid for Activision Blizzard

CMA admits Sony deal might change the battlefield

Personal Tech 2 Aug 2023 | 6

To kill BlackLotus malware, patching is a good start, but...

...that alone 'could provide a false sense of security,' NSA warns in this handy free guide for orgs

CSO 22 Jun 2023 | 4

The Register Biting the hand that feeds IT

About Us

Our Websites

Your Privacy

Situation Publishing

Copyright. All rights reserved © 1998–2024