
Did North Korea Really Attack Sony? - dozy
https://www.schneier.com/blog/archives/2014/12/did_north_korea.html
======
Jongseong
I'm dismayed that this piece is repeating Marc Rogers's gross misportrayal of
the linguistic situation of the Koreas, saying that "Korean language in the
code also suggests a Korean origin, though not necessarily a North Korean one,
since North Koreans use a unique dialect." First of all, North Korean doesn't
have "a unique dialect" but a number of regional dialects, just like South
Korea, and like the situation in many languages. But again as in many major
languages, a supra-regional, standard Korean language came into being, based
on the central dialect region around Seoul which was the capital for many
centuries. Before that the capital was Kaesong, which is in the same central
dialect region as Seoul though it is now in North Korea. This happened before
the division of the peninsula. Even today, the standard Korean taught and
spoken in North Korea is based on this common standard with the South. The
differences between regional dialects within either North or South Korea are
far greater than the difference between the standard Korean spoken in the
North and the South. The difference is mainly in words (especially any
technology-related vocabulary introduced after the end of WWII) and spelling,
and it's a lot like the differences between British and American English.
You're never going to say that something written in English can't have been
written by Americans because they have a unique dialect.

Also, as far as I know the codes didn't contain any Korean. Instead, what they
found was that it seems to have used Korean text encoding, like EUC-KR. People
have pointed out that this is a South Korean encoding, but North Koreans also
use it since you hardly find any software that supports the official North
Korean encoding. Again, if someone uses a British English locale, that isn't
proof that it can't be an American. When it comes to text encoding and locale,
you usually use whatever is available that lets you type in your own language.

~~~
Jongseong
To understand the language situation in Korea, let's imagine that we divided
the Italian peninsula in half just north of Rome. Does it follow that now
there are two dialects, North Italian and South Italian? No. Italian has a
bewildering variety of regional dialects, and our arbitrary line doesn't
correspond to a genuine dialect border. Similarly, the DMZ cuts across the
central dialect region in Korea.

More importantly, Italians will continue to write and be taught in Standard
Italian, which was developed based on the Tuscan dialect long before our
artificial division of the peninsula. It won't be as if they would start from
scratch and create new standard languages based on the Milanese dialect in the
North and the Roman dialect in the South. Even independent countries such as
Germany, Austria and Switzerland find it useful to use the same standard
German as each other, even if it's not necessarily based on a dialect spoken
wothin their borders. There will inevitably be differences in vocabulary and
spelling, but the differences will be far less than if we imagined a naïve
model where each country creates its own standard (which is what basically
happened in Scandinavia).

~~~
blahblah7777
Your comparison of Korean to Italian isn’t helpful, because you’re confusing
dialects and languages. Italy has many regional _languages_ including
Piedmontese, Lombard, Venetian, Sicilian, Sardinian, Neapolitan, etc., and of
course Italian (based on the Tuscan language). Each regional language has many
_dialects_ , so for example in Piedmont you have the Turinese dialenct of
Piedmontese from Turin, which is distinct from the Piedmontese dialect in
other areas. The dialects vary substantially, from one village to another—even
different suburbs of a city can have different words for certain things.

Confusingly, Italians would call Piedmontese or Lombard a “dialetto” as much
as they would call Turinese a “dialetto”. The word basically means a dialect
_or_ regional language, depending on the context. There is also a political
element to it—the Italian government has suppressed the regional languages for
years, and even now does not recognise them as languages, against academic
opinion.

To be clear, Italians would also (generally) refer to Welsh as a “dialetto” of
English, despite the fundamental difference of Welsh and English. (In fact
they would usually also often refer to the U.K. as “inghilterra”.) The word
“dialetto” as currently used in normal Italian speech simply does not
correspond 100% with the English word “dialect”, much like the word “camello”
doesn’t correspond to “camel”.

The regional languages generally are not mutually intelligible, although this
depends on which dialects two speakers speak, and how “stretto” (strong) the
dialect is (I don’t know what the academic term for this is). So for example
Vercellese (from Vercelli) is linguistically close to Novarese (from Novara)
even though Vercellese is classed as Piedmontese and Novarese is classed as
Lombard (despite being a Piedmontese city). The distinction is ultimately
arbitrary—there is a gradation of dialects from Piedmontese to Lombard.
Vercellese for example has many grammatical elements of Lombard (e.g. it uses
the Lombard lü (meaning “he” or “him”) instead of the Piedmontese chiela).

Also, an older or more rustic speaker is more likely to speak a “stretto”
dialect, because they’ll use more words and expressions originally belonging
to that dialect (or to the regional language). Over the years, the regional
languages have absorbed many words from Italian, replacing the traditional
words. Now, the same thing is happening to Italian with English words (e.g.
the word “goal” replacing “rete”, or “babysitter” replacing “tata”, or
“shopping” replacing “spesa”—the English word in each case sounds more modern
or cool to Italian speakers).

The linguistic situation is basically the same as with Catalan and Spanish.
Catalan is as much a “dialect” of Spanish as Piedmontese would be a “dialect”
of Italian. In fact, you could just as rightfully say that Italian is a
“dialect” of Piedmontese. The difference is political, not academic.

~~~
Jongseong
I am well aware of the language situation in Italy, and I hesitated a bit
before using it as an example. I probably should have qualified my use of the
word "dialect" as you rightly point out. I do remind people from time to time
that the regional languages in Italy are languages in their own right, and
indeed the "dialects" spoken in Italy don't form a natural subgroup of the
Romance languages, either (Piedmontese and Lombard are probably closer to the
subgroup of the Western Romance languages that includes French rather than the
one that contains Italian). But for my point here the distinction between
languages and dialects is not important. The point is that in all of Italy,
regardless of the local dialect or regional language, people are taught
standard Italian. If we divide Italy, the Southern half is not going to switch
to, say, Neapolitan, or the Northern half to Lombard, in spite of the rich
literary traditions of these regional languages.

The situation in Korean is not qualitatively different, either. For instance,
the Jeju "dialect" (now sadly moribund) is definitely not mutually
intelligible with other dialects of Korean some authorities would insist on
classifying it as a separate language. Even the mainland dialects (as they are
traditionally considered as opposed to distinct languages) are considerably
different from each other, not just in lexical items but in the existence of
different grammatical categories (e.g. distinguishing between yes/no and wh-
questions), morphology (the conjugation of verbs and adjectival verbs is all
different), and phonology (different consonant and especially vowel
inventories, different stress/pitch systems), to the degree that I wonder how
much communication would be possible if it had not been for the imposition of
standard Korean.

I used Italy as an example instead of the U.S., because it is a stretch to say
that the U.S. has different dialects as the speech is quite uniform across the
vast country compared to what you see in Korea; or the U.K., where the
existence of Scots complicates the analogy. I did not intend to minimize the
diversity of regional languages in Italy.

~~~
blahblah7777
In the case of Italy, I would also doubt (as you do) that a hypothetical
“North Italy” would choose anything other than Italian as its official
language, because the use of Italian goes back a lot further than the
unification of Italy, and it’s the obvious and easy choice as a national
language. The government simply doesn’t care about the regional languages
dying out, and there’s no reason to think that a new North Italian government
would have a different viewpoint. The main motivation, in the case of Italy,
was just to have everyone speaking the same language.

However, it’s certainly possible for a country and a population to completely
change language in a generation. The Italian generation of people that is now
about 60 years old are effectiviely bilingual—they were taught in Italian at
school, but (generally) spoke their regional language at home. The generation
after that spoke only Italian, and the generation before that spoke only the
regional language. (Obviously this is a bit of a generalisation.) So it’s
quite straightforward for a country to change it’s language over the course of
20 years or so.

I have a colleague in the Netherlands who believes that the Netherlands will
at some point adopt English as its official language. I personally doubt it,
but it is nevertheless definitely _possible_. All it would take is for the
government to decree that all schoolchildren be taught _in English_ at school.
Dutch people (and particularly Dutch school-teachers, which is the important
thing) would easily be able to carry that policy out. The first generation of
schoolchildren to pass through to adulthoold would probably choose to speak in
English as their primary language, as has happened in Italy.

Also Brussels has changed from a Flemish speaking city to a French speaking
one in a short space of time.

------
brown9-2
_Tellingly, the FBI 's press release says that the bureau's conclusion is only
based "in part" on these clues. This leaves open the possibility that the
government has classified evidence that North Korea is behind the attack._

I am surprised that the article doesn't end here. Other press reports have
highlighted that there is classified evidence that has not been disclosed, and
it seems odd to me that Schneier would play this aspect down in a story
involving cyberattacks, North Korea, the FBI and the US intelligence
community.

~~~
barrkel
Secret evidence can be used to justify whatever whims the gatekeepers of that
evidence wish to pursue politically.

If anything should be learned from the Iraq debacle, it's that.

~~~
aragot
That focus on Iraq is strange. I'm French and when Bush provided so-called
"evidence" at the UN, people here were laughing and media were skeptic. From
comments on HN, it seems Bush was taken seriously in other circles of the
world, which may explain why some US citizen boycotted French products after
we said we would create a worldwide axis against war.

~~~
duaneb
> From comments on HN, it seems Bush was taken seriously in other circles of
> the world,

Not sure if you heard the news, but Bush quickly invaded Iraq. I think it's
safe to assume he was taken seriously.

> which may explain why some US citizen boycotted French products after we
> said we would create a worldwide axis against war.

Some US citizens just like to complain about foreigners to be more patriotic
(as if that would help). I would doubt most people could explain anything
about french foreign policy.

------
SG-
This piece pretty much echoes what I've felt since I first read about all the
speculation and FBI report.

I'm just glad someone with credibility was able to come out and say it, I just
hope (but doubt) that mainstream media will follow up on it and ask the right
questions going forward.

~~~
happyscrappy
You are glad he said what? He rules out a Sony insider and says NK must be
involved in some way unless someone did it for the Lulz.

~~~
yourad_io
He didn't rule out a Sony insider.

> It's possible, but that employee or ex-employee would have also had to
> possess the requisite hacking skills, which seems unlikely.

Considering the number of laid off techies, I think it is somewhat "more than
unlikely".

I don't know where you got the second part.

~~~
wpietri
I think he's also missing the case where a disgruntled insider gives a
beachhead and/or money to outsiders.

------
q2
Just like this article, several other entities may be skeptical on assertions
that North Korea is involved given the past involving Iraq's imaginary
WMD...etc. Also, cyber attacks may be common in future, for whatever may be
the reasons involved.

In future, if some Hollywood studio makes a movie on Russia's Putin or on
China and if hackers claiming from the injured country do similar cyber-attack
on that studio and If USA retaliates and if Russia/china counter-retaliates
and if this spills into physical world, then we can have nightmarish
situations/tensions and may be full blown war. Worse, another country may do
that sort of attack from some other country to hide its trail. Hope proper
sense and calm minds prevail to prevent such nightmare. But such possibility
exists in theory.

As solution, world needs an international, independent, competent
panel/forum/group to investigate openly/transparently all cyber-attacks and
find out culprits rather than doing mere guess work. Also, evidence of the
crime need to be put in public domain to avoid conspiracy theories. This can
be on the lines of international court of justice/United nations ...etc. Since
parties involved are entities like Sony which are not connected to national
defence directly, we need not fear national secrets leaking out ...etc i.e. it
can be done without impacting the sovereignty of the nations involved.

Without such arrangement, stability and peace of the world will always be in
question for any cyber attack on any major country such as
USA/Europe/China/Russia ...etc.

TL,DR: Cyber-attacks on economic entities such as Sony or Google in the past
involving several countries need to be investigated by international body
rather than a single country and evidence of the crime need to be in public
domain to avoid conspiracy theories.

------
at-fates-hands
So he posits 5 possibilities, 3 of which directly involve NK? He basically
says he doesn't know what to think, but maintains the evidence is weak, like
every other tech journalist.

I do agree its a good possibility the government has a lot more classified
evidence it's not sharing with us, and we're trying to put together a puzzle
with only half the pieces.

------
jobu
If North Korea is involved I think it was after the initial attack (theory #4
in the article). As he says in the article: _" the explicit North Korean
connection -- threats about the movie The Interview -- were only made by the
hackers after the media picked up on the possible links between the film
release and the cyberattack"_. North Korea may not have even been aware of the
movie until the hack.

It seems like Sony is playing up the North Korea connection because it could
only help them. They would lose more credibility (and potentially lawsuits
[1]) if it's a 14yo hacker doing it for the lulz. State sponsored hacking is a
Big Deal, and many would give leniency to Sony if that's a true story.

[1] [http://abcnews.go.com/Entertainment/wireStory/sony-
faces-4th...](http://abcnews.go.com/Entertainment/wireStory/sony-faces-4th-
employee-lawsuit-hack-27726230)

~~~
rudolf0
>the explicit North Korean connection -- threats about the movie The Interview
-- were only made by the hackers after the media picked up on the possible
links between the film release and the cyberattack

I personally think this is a misinterpretation of what happened. Media began
heavily speculating it was tied to The Interview about 1-2 days after the hack
was initially reported, but the hackers waited until Dec. 15 before explicitly
mentioning it. If they wanted to take advantage of the sensationalism, why
continue releasing messages and threats that clearly acknowledge Sony and the
media between Nov. 24 and Dec. 15 while not mentioning The Interview until the
most likely motive essentially became obvious?

Second, I think the group name "Guardians of Peace" is a fairly obvious
allusion to "guarding international peace by preventing Sony from releasing
The Interview", and is in line with just about everything they've been saying.
And of course they were using that group name on day 1.

I'm not saying North Korea necessarily did it, but I think the actors either
intended to stop the movie from the beginning, or intentionally framed North
Korea by using a pretext of trying to stop the movie. I don't think they're a
group of hacktivists who only appropriated The Interview as a motive after
media speculation.

~~~
nemo
>I think the group name "Guardians of Peace" is a fairly obvious allusion to
"guarding international peace by preventing Sony from releasing The
Interview", and is in line with just about everything they've been saying.

There's nothing obvious to me at all in that name referring to the things we
later learned. It's a really generically vague name, so it's easy to project
onto it.

------
kailuowang
Out of the 5 possibilities Schneier listed, I found #1 (the one picked by FBI)
mostly likely.

> This is the work of independent North Korean nationals.

Mr. Schneier doesn't clearly understand people who lived in a totalitarian
country. If this national lives in North Korean, there is no way he will dare
such an attack without being instructed by the government. This level of
freedom doesn't exist in his mind. And it doesn't make sense for a North
Korean still holding the same ideology to live outside North Korea, he would
either completely abandoned that or go back to North Korea.

> This is the work of hackers who had no idea that there was a North Korean
> connection to Sony until they read about it in the media.

This doesn't explain the Korean language used in the code. It might be a South
Korean, but from my knowledge, it's very hard to imagine a South Korean
risking going to the jail either fighting for North Korean or even find it
fun. (Hint - South Korean people don't like the people from north who are
pointing Thousands of cannons and missiles to them). As for why this is not
the same encoding as North Korean dialect, I know people from mainland China
use encoding of Traditional Chinese from Taiwan. It is very easy for me the
imagine that North Korean government offices use such settings so that they
can access resources from South Korea (much more abundant and still without
language barrier.)

> It could have been an insider

This hacker has been hurting regular Sony employees. From my understanding,
only people with mental problems will direct their hatred towards a company to
random regular employees (his own ex-coworkers). People with mental problems
don't usually possess the hacking skills demonstrated in this case.

> The initial attack was not a North Korean government operation, but was co-
> opted by the government.

It is hard to imagine a hacker targeting Sony with the plan to profit from
selling the information to North Korean government and then intentionally
leave some trace towards North Korea (the Korean language in code). This
attack must have originated from North Korea, and that's the conclusion FBI is
suggesting.

~~~
vezzy-fnord
_People with mental problems don 't usually possess the hacking skills
demonstrated in this case._

Depends on the mental problem. The category is far too broad to make a
sweeping statement like that. Anything from being slightly narcissistic to
being a paranoid schizophrenic can be considered a "mental problem" under one
definition or another. Most of these do not involve any diminished technical
skills.

In addition, I could cynically retort that anyone who orchestrated such a
reckless and damaging attack as this isn't exactly the most mentally stable.

------
bjourne
Is there any information anywhere of how the intrusion was made? E.g was the
admin server for Sony's intranet accessible via remote desktop from the whole
internet with the user and password admin/admin? It's a completely different
situation than if it consisted of exploiting an unknown vulnerability in
SELinux to get remote root access.

------
d0ugie
Their bandwidth is estimated to be in the neighborhood of 6Gbit/s, and they
allegedly grabbed 100TB of data. If my math is right that would take fifteen
days for them to download.

Unless of course they got a bargain on a VPS somewhere else..

~~~
dba7dba
They can use USB HDs. They can hack from China. The possibilities are endless.

It's well known NK had been complaining about the movie for months. And I
doubt NK started hacking only 2 weeks before scheduled opening day.

------
fitshipit
This piece is in fact even more speculative than the FBI's announcement.

------
encoderer
Everybody is a critic. Everybody has an opinion. Everybody is just writing
rank speculation. The gov't filed charges, so to speak, so lets see them play
out their case.

------
feraloink
Wired had a good article yesterday too, that made clear that there is still a
lot of uncertainty. [http://www.wired.com/2014/12/sony-north-korea-hack-
experts-d...](http://www.wired.com/2014/12/sony-north-korea-hack-experts-
disagree)

------
discardorama
But NK sure is a convenient bogeyman for the _real_ agenda: to bring in CISPA:
[http://www.zdnet.com/article/white-house-wants-congress-
to-r...](http://www.zdnet.com/article/white-house-wants-congress-to-revisit-
controversial-cispa-style-cybersecurity-laws-after-sony-attack/)

~~~
tootie
CISPA was already vetoed due to inadequate privacy protections but the
fundamental rationale of requiring private companies to share threat
information with the government is pretty reasonable. CISPA just needs to be
fixed and reintroduced which has been Obama's stance for a while.

------
oijfpoiewf
So, legitimate question: how is it possible to get North Korean comments out
of a compiled binary?

Somehow I doubt that any supposed North Korean hackers would have followed the
tenets of free software and distributed the original source to Sony along with
the malware.

~~~
cgh
man strings

"strings is mainly useful for determining the contents of non-text files."

------
jdawg77
What's funny to me is even with, "Freedom of information act," in the USA some
Americans act like everything is public record.

It's not. Sometimes, for international relations, things are classified, never
released until much later. Having been party to a _minor_ agreement, at least
knowing about it, before the general media, gives you a ton of insight into
how the USA operates.

To me at least, I came to the, "Business," operating model. In other words,
the economic engine takes priority and the agreements I know of that were
signed pushed that particular agenda.

Dollars, literally, make the world go round. The US dollar is the world,
"Reserve," currency. There's a very good reason for that, and a very good
reason the Secret Service is in charge of the US money supply.

Then again, perhaps I'm as much as insider as the author of the blog post. Eg,
out of the loop.

~~~
JonnieCache
Literally? Wow.

~~~
dasil003
You're supposed to infer the figurative usage from the dramatic commas.

~~~
thirsteh
You mean the literal usage? [http://www.merriam-
webster.com/dictionary/literally](http://www.merriam-
webster.com/dictionary/literally) (#2)

* long sigh *

Happy festivus!

------
rab_oof
And guessing the tinfoil conspiracy about Sony hacking itself wouldn't stay
secret long. :)

My thought is we'll probably never know for certain unless perps reveal
themselves, so saying NK definitely did it would be jumping to conclusions.

The real story is: Best. Marketing. Ever. And an international incident, to
boot! (Well played, Sony. Even Obama was part of the story.). Seriously, the
canceling the release was the story-making move. And the subsequent nonrelease
release monetizes the situation. Couldn't have planned it any better. ;)

~~~
IndianAstronaut
If it was marketing, Sony would not have revealed the private emails of their
executives. Obama would also not have stepped in, there is plenty of vetting
that goes on in the federal government.

~~~
rab_oof
Let me explain the joke to you, since you seemed to have missed the cute
emoticons.

Satire - making fun of any alternative explanation that obviously isn't true.

Maybe I should be more literal next time.

Merry Xmasmukah and new year!

