Sunday, January 11, 2015

Some experts still doubt that North Korea was behind Sony hack

While FBI director James Comey presented new evidence to show that North Korea was responsible for the recent hacking of Sony Corporation many experts still doubt that North Korea is the culprit.

Director of National Intelligence, James Clapper even went so far as to say that North Korean General Kim Youn Choi was directly responsible for ordering the attack. Of course the evidence for this will not be made public. What is in the public domain however is clear evidence that Clapper lied to the American congress under oath. Nothing ever happened to him as a result. It is probably part of his job. Dianne Feinstein said that there is no more direct and honest person than Jim Clapper. Press Secretary Jay Carney said that president Obama believes that Clapper has been "aggressive in providing as much information as possible to the American people." The Snowden leaks show that the intelligence community was keeping information about what was going on from American citizens.

 The new evidence, presented by FBI director James Comey relies upon one believing that the Korean hackers are incredibly sloppy. The detailed evidence is as follows:" ".. a new detail from Comey that the attackers failed to use proxy servers through which to route some of their activity and mask their real IP addresses. As a result, Comey said, they unintentionally revealed that they were using addresses known to be “exclusively” used by North Korea. The new claim builds upon previous evidence cited by the FBI that components used in the Sony hack are similar or identical to components used in the so-called DarkSeoul attacks that struck South Korea last year and another claim that an IP address “associated with known North Korean infrastructure” contacted one of the command-and-control servers used in the Sony hack. " "

Of course there may be further intelligence that experts are not allowed to examine since it is classified, but even if that is so, the new explanations ignore features of the hack that are difficult to explain and are left unexplained. The initial communication between hackers and Sony made no mention of the film The Interview but asked only for money or they would release damaging information--which they did.

The new evidence claims that the hackers several times failed to use proxy servers including logging into a Facebook account and sending emails to Sony executives without masking their IP addresses. The time at which these mistakes were made is crucial but not revealed since they might support an alternative explanation of what happened. Within days of the hack, there were stories about North Korea's possible role. This provided a golden opportunity for the hackers to lead the FBI astray:" ".. if the hackers knew investigators were looking for North Korean links, they may have decided to provide them by using North Korean IP addresses. But that’s assuming the IP addresses the FBI cites are indeed North Korea IP addresses.""

 The new evidence actually raises more questions rather than actually giving any proof that the attack was launched from North Korea. There is no indication as to where the exact IP addresses are, or why officials were able to conclude that the addresses are used exclusively by North Korea. One FBI critic, Marc Rogers point out that IP addresses are quite fallible as proof of origin, and the claim that addresses are used exclusively by North Korea is also fallible. He also questions whether an experienced government hacker would make the mistake of not using a proxy server not just once but several times. Rogers said: " “These guys literally burnt Sony down to hide their tracks and they staged everything pretty methodically. It would surprise me that somebody like that would make such a huge mistake to forget to use a proxy.” "

The FBI has noted the similarity between the DarkSeoul attacks and the Sony attacks as a ground for pinning the blame on North Korea as noted by Jeffery Carr, a security consultant and CEO of Taia Global. Some of the same tools were used and there was also a revelation of an IP address. Carr also disputes the DarkSeoul attribution. Many critics of the FBI position note that the North Korean IP addresses they have identified could themselves be proxies, systems hijacked by the hackers to conduct their own activity and to throw investigators off track.

The FBI notes that the hackers "shut it off very quickly once they saw their mistake" and returned to using known proxies. However, Robert Graham, CEO of Errate Security says that this is just one of many possible interpretations of what happened and noted:" “It would surprise me that somebody like that would make such a huge mistake to forget to use a proxy.That can mean so many different things. It sounds like that’s the interpretation [the FBI] put on things, but not necessarily what happened.”. It could very well be a manufactured event with the hacker knowing exactly what interpretation would be taken of what they did. "

Marc Rogers says that if the FBI drew on NSA signals intelligence as evidence that North Korea was responsible for the hacking they should indicate that rather than relying upon the evidence they have presented so far. Robert Lee, a digital forensic specialist, also criticized the FBI for not revealing unclassified information used by Mandiant the cybersecurity firm hired by Sony to investigate the hack.

The NSA has now actually claimed a part in pointing to North Korea as the hacker. Admiral Michael Rogers NSA director said when asked of the agency's role in the investigation of the hack: "We partner with the Department of Homeland Security and FBI in various areas and this is one such area. We specifically did—we were asked to provide our technical expertise. We were asked to take a look at the malware, we were asked to take a look at not just the data that was being generated from Sony but also what data could we bring to the table—here’s other activity and patterns leading up to it, what is this act really about? We were part of a broad interagency effort, not in the lead role–the Federal Bureau of Investigation was the overall lead. Yes, we were part of a broad government attempt to understand exactly what happened.”"

 Just as all this is happening lo and behold an old zombie is arising and will come before US Congress again CISPA. The bill would give spy agencies such as NSA much more power and has long been opposed by privacy advocates. An editorial at antiwar.com draws connections between the renewed pressure to advance the powers of NSA and attributing the Sony attack to North Korea: "It is the eagerness for government agencies to get these new powers and access to information that is likely informing their decision to blame North Korea for the Sony hack, as a foreign attack would be a far better sell for granting them new powers than the likely facts, that Sony was attacked by a disgruntled former employee and a handful of other hackers. "

No comments:

US will bank Tik Tok unless it sells off its US operations

  US Treasury Secretary Steven Mnuchin said during a CNBC interview that the Trump administration has decided that the Chinese internet app ...