
More Data on Attributing the Sony Attack - CapitalistCartr
https://www.schneier.com/blog/archives/2014/12/more_data_on_at.html
======
rilita
Besides reposting the notion that timestamps imply a USB2 file dump, I am
seeing only speculation in this article and no "new data on attributing".

I would like to point out that any skilled unix developer can create a script
in about an hour that can make any set of files appear to have been
transferred using USB2.

~~~
rudolf0
Of course. Even more likely is that the timestamps aren't forged, but are
merely a result of the attackers copying everything to some sort of local
storage a few days before preparing the big dump to release to the public.
It's possible that in reality the data was initially copied 3+ months ago. You
can't rely on file timestamps as a sole mechanism of when the true "original"
version of a file was created or modified. (This is "conclusion 2" from the
post.)

This isn't really news at all, and I'm kind of surprised Schneier thought it
was worthwhile enough to publish it. Look at how incredibly sensationalistic
this article is, which Schneier cites as the primary source:
[http://www.4thmedia.org/2014/12/breaking-we-can-
conclusively...](http://www.4thmedia.org/2014/12/breaking-we-can-conclusively-
confirm-north-korea-was-not-behind-sony-hack/)

"BREAKING: We Can Conclusively Confirm North Korea Was NOT BEHIND Sony Hack",
seriously?

I understand he just wanted to aggregate all the updates and commentary since
his last post, but this is practically nothing and is just about bordering on
FUD (I'd say "reverse-FUD" but that's not how it works, just like "reverse-
racism" doesn't exist).

So far, no 3rd party has provided any strong evidence showing that North Korea
either was or wasn't involved.

~~~
netman21
Very surprised that Schneier fell for this source. A little research would
have provided this on the author, one Charles C. Johnson "The Worst Journalist
on the Web" [http://gawker.com/what-is-chuck-johnson-and-why-the-web-s-
wo...](http://gawker.com/what-is-chuck-johnson-and-why-the-web-s-worst-
journal-1666834902)

------
twrkit
Wow, I have a great deal of respect for Schneier, but referencing GotNews (aka
Charles C. Johnson) as a credible technical source? Yikes. [1]

[1] my comment when this "source" was posted to HN (before it was flagged for
removal):
[https://news.ycombinator.com/item?id=8789341](https://news.ycombinator.com/item?id=8789341)

~~~
rgbrenner
And Schneier's reply when someone said something about it:

 _Yes, I know that Chuck Johnson ([http://gawker.com/what-is-chuck-johnson-
and-why-the-web-s-wo...](http://gawker.com/what-is-chuck-johnson-and-why-the-
web-s-worst-journal-1666834902)) is unreliable and worse. But in this case, I
thought the data sound enough to republish._

After reading that article.. why would he believe anything from this guy?

------
wahsd
All I can think of is the FBI statement about how they in consultation with
other federal agencies have conclusive evidence that the "hack" emanated from
NK. I seriously hope that is rubbed in everyone's face if this turns out to be
an insider action that almost and possibly even caused a cyber attack by the
USA on a sovereign nation, no matter how much we have been trained not to like
NK.

~~~
pdabbadabba
> no matter how much we have been trained not to like NK.

I get that you're skeptical of the U.S. government. For good reason. But
nobody needs to be _trained_ to dislike NK (except, perhaps, North Koreans).
Is your implication that NK isn't really so bad, and it's only a brainwashed
reflex to think that it is? I, personally, really wish that were the case, for
the sake of everyone who lives in NK. But it isn't.

There are things much worse than the U.S. government.

[http://www.hrw.org/world-report/2014/country-
chapters/north-...](http://www.hrw.org/world-report/2014/country-
chapters/north-korea)

Edit: You might also want to reflect on why it is that you're so willing to
doubt NK's responsibility for the attack on Sony, but apparently pretty eager
to believe that the U.S. is behind the attack on NK. Is the evidence for the
latter claim somehow stronger than the evidence for the former? I would have
thought the opposite was true.

~~~
zenogais
You do realize the US is doing or has done all of those inhumane actions
attributed to NK? The proof is a simple Google search away. You might,
instead, ask why you are so willing to immediately engage in such defensive
argumentation in support of the US? Is it, perhaps, that you have been trained
in a variety of ways to connote certain negative emotions with NK that you,
however, do not connote with the US?

~~~
pdabbadabba
I'm sorry, but this lacks all perspective. We have, on occassion, done some of
the same kind of things as NK, but not typically to the same extent, with the
same level of brutality and control, let alone all at the same time, today.

When, for example, have we done this?

> The government practices collective punishment, sending to forced labor
> camps not only the offender but also their parents, spouse, children, and
> even grandchildren. These camps are notorious for horrific living conditions
> and abuse, including induced starvation, little or no medical care, lack of
> proper housing and clothes, continuous mistreatment and torture by guards,
> and executions. Forced labor at the kwan-li-so often involves difficult
> physical labor such as mining, logging, and agricultural work, all done with
> rudimentary tools in often dangerous and harsh conditions. Death rates in
> these camps are reportedly extremely high.

Or this?

> All media and publications are state controlled, and unauthorized access to
> non-state radio or TV broadcasts is punished. North Koreans are punished if
> found with mobile media such as DVDs or computer ‘flash drives’ containing
> unauthorized TV programs, such as South Korean drama and entertainment
> shows.

Or this?

> North Korea criminalizes leaving the country without state permission.

Or this?

> people arrested in North Korea are routinely tortured by officials seeking
> confessions, bribes, and obedience. Common forms of torture include sleep
> deprivation, beatings with iron rods or sticks, kicking and slapping, and
> enforced sitting or standing for hours. Guards also sexually abuse female
> detainees.

(Yes, I realize we have done _some_ of these things to CIA detainees overseas,
which is truly terrible. But we're talking here about _all_ arrest in NK.)

Or this?

> Forced labor is essentially the norm in the country, and workers are
> systematically denied freedom of association and the right to organize and
> collectively bargain.

~~~
munin
Well there was the cop that extorted an arrested woman into giving him nudes,
seizing the houses of the parents of people arrested for minor drug crimes,
using children as leverage in civil asset forfeiture, solitary confinement,
tacit approval of prison rape as reformatory, prison labor and private
prisons, and the murders of union organizers...

~~~
pdabbadabba
Yeah. All that is bad. The U.S. needs some work. We agree on that. But read
that NK human rights report again... I'm not sure you'll see anything in there
about, for example, the behavior of a single cop. What's going on in NK is on
an entirely different scale.

------
rbobby
> the very same day that Sony Pictures' head of corporate communications, [...
> name removed by rbobby ...], publicly resigned from a $600,000 job. This
> could be a coincidence but it seems unlikely.

So Schneier is repeating GotNews' (Charles C. Johnson) accusation that this
fellow is connected to a serious set of crimes. All on the basis that a
portion of these crimes appear to have happened on the same day the alleged
conspirator resigned from his job.

Pretty outrageous behavior. Especially since the FBI has has identified NK as
responsible. It's worth noting that the FBI had access to _ALL_ the available
data and has presumably investigated any employees known to have left recently
on bad terms (i.e. the FBI did a professional job of investigation).

All the bullshit speculation as to why the FBI is wrong has been based solely
on crumbs of publicly available data/information. The underlying premise is
that the FBI is utterly incompetent and unable to investigate a crime of this
nature. That doesn't pass Occam's Razor let alone any kind of smell test.

~~~
sroerick
> The underlying premise is that the FBI is utterly incompetent and unable to
> investigate a crime of this nature.

No, there's lots of different things that could be happening. The FBI could
have said it was North Korea to save face. As @thegrugq (who, by the way, is
one of three security researchers who I can find who believes it was North
Korea) suggests, the NSA could have investigated, discovered the culprit was
DPRK, and then just informed the FBI. The FBI could also be incompetent.

But lets bear in mind that this is the same organization that blackmailed MLK
and told him to kill himself, launched the COINTELPRO program, started fires
at Waco, spied on Elvis Presley, Frank Sinatra, John Denver, John Lennon, Jane
Fonda, Groucho Marx, Charlie Chaplin, MC5, Lou Costello, Sonny Bono, Bob
Dylan, Michael Jackson, and Mickey Mantle, and three years ago used a chainsaw
to break into a house before realizing that it was the wrong house.

So you'll forgive me if I'm skeptical of the organization's claims.

PS. If you have any other 3rd party security researchers who believe the FBI's
claims, I'd be happy to add them to my list.

~~~
woodman
The list could go on for quite a while, but this reminds me more of their
handling of the anthrax attacks. Pinning the attacks on Bruce Ivins after
driving him to suicide. It is pretty difficult finding anybody who actually
agrees with the FBI on that one.

Criminal investigations are tough enough, but when you are trying to catch
somebody who is intelligent and doesn't want to be caught - it is pretty close
to impossible. Couple that with political pressure and you get the present
state, where it is much easier either create a boogieman (giving phony
detonators to unstable people) or just piling more blame on those that can't
defend themselves (dead men, hermit kingdoms).

Also, I'm surprised that the Secret Service isn't mentioned in all this -
they've traditionally been much better equipped to handle computer related
crime. This is an area that the FBI has always really sucked at.

------
snowwrestler
The most important data on attributing the Sony attack might be out-of-band
data: data that has been collected and analyzed totally separately from the
data involved in the attack itself.

There's no question that the U.S. and allies are heavily invested in
surveilling and analyzing everything that the North Korean government does, so
they would have a lot of opportunity to collect such data. And if they did,
it's not likely that they would publish one bit of it.

I think the firmness of the U.S. statement that it was North Korea, combined
with the waffling on the execution details (maybe they outsourced some of the
hacking, maybe not) points pretty clearly to out-of-band data. They would know
who to blame, but not necessarily every detail of how the attack was
conducted.

For everyone else out here in non-classified land, trying to analyze the
attack using only the data that the attackers themselves leaked is going to be
tough, because the attackers have total control about what data we see. They
can redact and obfuscate to their hearts' content before releasing it.

------
ssenkus
Viral marketing for The Interview, nothing more

~~~
bitwarrior
Not even remotely likely.

~~~
sroerick
This is the correct response to this meme. The hacks are far too damaging to
be viral marketing.

That said, there can be no denying that Sony turned lemons into lemonade, and
milked this attack for all the awareness it could possibly get.

I saw "MPAA cyberterrorism experts" on CNN, I saw CNN commentators say that in
the interest of free speech, it was every American's patriotic duty to see
this film.

This was happening in the context of Project Goliath, and threatened legal
action against twitter and individual users for posting the leaks.

