I have been trying to make sense of this "hacking" and I have been checking around the internet for some real information that covers the real facts behind this incident... I found one very important article that comes from the "ITProPortal" website, at www.itproportal.com that gives one of the best summaries about this hacking that everyone should read for themselves.. The article is entitled: "The Sony Saga: 10 Reasons Why The FBI Is Wrong" and I have it right here for everyone to see for themselves.. I have my own thoughts and comments to follow:
Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely.
Here’s ten reasons why:
2. The fact that the code was written on a PC with Korean locale and language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible. See here – this and this.
This change in language is also most pronounced when it comes to special words, such as technical terms.
That’s possibly because in South Korea, many of these terms are “borrowed” from other languages, including English. For example, the Korean word for “Hellicopter” is: 헬리콥터 or hellikobteo. The North Koreans, on the other hand, use a literal translation of “vehicle that goes straight up after takeoff”. This is because such borrowed words are discouraged, if not outright forbidden in North Korea.
Let’s not forget also that it is *trivial* to change the language/locale of a computer before compiling code on it.
3. It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as.
4. Whoever did this is in it for revenge. The info and access they had could have easily been used to cash out, yet, instead, they are making every effort to burn Sony down. Just think what they could have done with passwords to all of Sony’s financial accounts?
With the competitive intelligence in their business documents? From simple theft, to the sale of intellectual property, or even extortion – the attackers had many ways to become rich. Yet, instead, they chose to dump the data, rendering it useless. Likewise, I find it hard to believe that a “nation state” which lives by propaganda would be so willing to just throw away such an unprecedented level of access to the beating heart of Hollywood itself.
5. The attackers only latched onto “The Interview” after the media did – the film was never mentioned by Guardians of Peace right at the start of their campaign. It was only after a few people started speculating in the media that this and the communication from DPRK “might be linked” that suddenly it became linked.
I think the attackers both saw this as an opportunity for “lulz” and as a way to misdirect everyone into thinking it was a nation state. After all, if everyone believes it’s a nation state, then the criminal investigation will likely die. Wired has just covered this exact point.
6. Whoever is doing this is VERY net and social media savvy. That, and the sophistication of the operation, do not match with the profile of DPRK up until now. Grugq did an excellent analysis of this aspect his findings are here
7. Blaming North Korea is the easy way out for a number of folks, including the security vendors and Sony management who are under the microscope for this. Let’s face it – most of today’s so-called “cutting edge” security defences are either so specific or so brittle that they really don’t offer much meaningful protection against a sophisticated attacker or group of attackers.
That doesn’t mean that we should let them off and give up every time someone plays the “APT” or “sophisticated attacker” card though. This is a significant area of weakness in the security industry – the truth is we are TERRIBLE at protecting against bespoke, unique attacks, let alone true zero days. There is some promising technology out there, but it’s clear that it just isn’t ready yet.
8. It probably also suits a number of political agendas to have something that justifies sabre-rattling at North Korea, which is why I’m not that surprised to see politicians starting to point their fingers at the DPRK also.
9. It’s clear from the leaked data that Sony has a culture which doesn’t take security very seriously. From plaintext password files, to using “password” as the password in business critical certificates, through to just the shear volume of aging unclassified yet highly sensitive data left out in the open.
This isn’t a simple slip-up or a “weak link in the chain” – this is a serious organisation-wide failure to implement anything like a reasonable security architecture.
10. Who do I think is behind this? My money is on a disgruntled (possibly ex) employee of Sony.
NTS Notes: The article may say that the "FBI is wrong", but in my views, the FBI, the CIA, and even the US Government are very conveniently riding this "Sony Hacking" incident to falsely blame North Korea for the incident...Everyone must remember that the US Government is so desperate to start a war, and in fact any war, around to world right now just to divert people away from the mess they have created with the failing US economy...
As far as I am concerned, North Korea is not behind this hacking, period...North Korea itself has barely some 1024 internet IP addresses for that entire nation, compared to the US's billions alone.. It is laughable to think that a small nation with barely any computing power would be behind such an endeavor!
It does appear to me that the real culprits behind this hit at Sony are some disgruntled employees, or even Sony itself.... If you consider how bad some of the recent Sony Picture "movies" have been, it would not defy logic that Sony itself did this hacking as a Public Relations stunt to get people interested in their newest and very crappy movie entitled: "The Interview".... It is obvious from this hacking scandal that many people will fall for it and suddenly want to see this movie, no matter how terrible it will be!
As I stated in last week's rant, I really did not want to even talk about this "Sony Hacking" because to me it is laughable and just another ploy to divert peoples' attention away from what really matters, like the failing US economic situation... But I did get some emails from some readers asking me to give my take on this matter, so there it is... I smelled a rat, and I am sticking to my assumptions...
More to come