
Why the Sony hack is unlikely to be the work of North Korea - rdl
http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/
======
KaiserPro
I work in VFX, and its a little bitter sweet to see Sony entertainment on its
knees.

First, various people like sony have been forcing VFX houses to go through
draconian security changes to stop this kind of threat. (supposedly because
one of us leaked expendables 3, despite none of us having the complete movie
_or_ sound)

These rules include three separate zones, of which only one has access to the
internet. All USB storage is disabled. All internet access must go through a
terminal server. (all our phonehome services for disks now don't work)

All data must go through a purgatory like intermediate stage, for the data ops
guys to move out to the "outside" zone, for upload to studios.

We then have monitors to look at the data flow, to see if wierd stuff is
happening.

So if they'd followed the MPAA's own advice none of this would have happened,
unless of course it was an inside job. Which in my mind there is little doubt.

~~~
millerc
If anything you should thank them for forcing on you the very measures that
might have saved your business.

But of course, conspiracy theories and big companies being unfair against the
nineteny-nine-percent, are all much more newsworthy than reality.

Hence goes my last post on HN. I'll come back when - if - reason someday
prevails over sensationalism.

~~~
KaiserPro
Whilst I agree that following security best practices is important, I think
you miss the point of my post. WE are implementing the rules they drew up.
From what I can see they did not.

------
brenschluss
This may be true, but #2 and #4 are pretty weak explanations.

#2: There's no such thing as "Traditional Korean" (just South Korean, and
North Korean), so saying that they don't speak "Traditional Korean" in NK is
pretty severely misunderstanding the language. The Korean locale/encoding is
very easily changed as a setting, obviously, but it's also possibly used by NK
hackers because it would let North Koreans type in Korean. Saying "North
Koreans don't speak the same kind of Korean as spoke in South Korea, and thus
wouldn't have a Korean locale set" is kind of like saying "Americans have
their own dialect of English as distinct from the British, so they probably
will not have any English-language keyboards."

#4. Doesn't the fact that the hack seems to be for retribution and not for
personal gain precisely fit the motives of a propaganda-oriented country?
Would you expect a dictatorship that works on propaganda and political
influence to really negotiate some sort of deal with Sony?

My bet is that it's some mercenary hacking group hired by NK, not necessary a
state-sponsored thing but by a few high-up individuals within NK --- but not
by North Korean hackers themselves.

~~~
coldtea
> _Doesn 't the fact that the hack seems to be for retribution and not for
> personal gain precisely fit the motives of a propaganda-oriented country?
> Would you expect a dictatorship that works on propaganda and political
> influence to really negotiate some sort of deal with Sony?_

So, like US agencies pretending to be North Korea?

~~~
davidw
Welton's law of online discussions:

At some point, somewhere, someone will posit that "it's all the US' fault!".

This doesn't necessarily mean it's not true, but in certain cases, like the
fall of the Roman empire, the evidence is probably kind of weak, unless your
alien friends have let you in on the existence of a CIA time machine.

You guys can downvote all you want, but the law is true. Get a big enough
discussion on any political topic, and _someone_ will explain how the US is
the root cause of whatever problem.

~~~
coldtea
> _This doesn 't necessarily mean it's not true, but in certain cases, like
> the fall of the Roman empire, the evidence is probably kind of weak, unless
> your alien friends have let you in on the existence of a CIA time machine._

The evidence for covert operations is by definition weak.

The historical precedent though of other acts (that have been verified or been
unclassified) in the past 60 years, speaks volumes...

Let's put it this way: countries with global reach, and interests in
controlling the whole world, especially areas with natural resources, trade
ways and such, are not that many. Even less have worldwide operations, tons of
equipment and expertise, the most well oiled armies/agencies in the world, and
a historical penchant for messing outside their borders (e.g.
[http://en.wikipedia.org/wiki/Mohammad_Mosaddegh](http://en.wikipedia.org/wiki/Mohammad_Mosaddegh)
)and crude propaganda (e.g.
[http://en.wikipedia.org/wiki/Operation_Mockingbird](http://en.wikipedia.org/wiki/Operation_Mockingbird)
). And even fewer believe in things like "Manifest Destiny" or that they are
the model country for the world (hardly any European country believes such
crap, besides maybe Germany, and that didn't turn out that well for them).

I don't think NK is one of them. It might qualify for some stuff (dellusion,
crude propaganda, but then again noone outside their borders believes it), but
it hardly qualifies for others...

~~~
davidw
Like North Korea are a bunch of innocent boy scouts? Just because the US does
dirty stuff doesn't mean that all dirty stuff is per force carried out by the
US.

It seems that you are putting your conclusions ahead of the few known facts.

~~~
coldtea
No, it's just a third world country, with limited means. The worst things are
what they do internally to their people -- where they have reach.

Even if they indeed hack Sony, that still puts them in "innocent boy scout"
territory compared to most advanced countries.

~~~
personZ
_No, it 's just a third world country, with limited means._

The military budget of North Korea is estimated to be around $10 billion USD.
It has a million active troops, 6,600 tanks, 700 MLRS, 460 fighters, and so
on.

The country is perilously poor. Many people starve. But the means are there
for an operation like this, especially if sponsoring foreign groups, if the
motivations allow.

And to counter the growing narrative that the NK thing came out of nowhere as
a convenient excuse -- the country was very offended by this movie six months+
ago, long before the hack, to the point of threatening military retaliation if
it was released. Engaging in or hiring hacking groups to put the pain to Sony
seems entirely within the realm of the possible, though threatening actual
terrorism is a bridge too far, and overplayed their hands if they were
involved with that.

[http://www.bbc.com/news/world-asia-28014069](http://www.bbc.com/news/world-
asia-28014069)

~~~
coldtea
The budget figure is probably BS. Their whole GDP is about 12 billion USD in
toto -- and they give around 10-15% of state expenditure to the military
budget (the peak was 30%, according to wikipedia, back in the seventies).

But even that figure ($10b) is comparable to places like The Netherlands,
Quatar or Poland (hardly forces to be reckoned with), and 1/3 of what South
Korea spends:

[http://www.globalsecurity.org/military/world/spending.htm](http://www.globalsecurity.org/military/world/spending.htm)

~~~
personZ
_The budget figure is probably BS._

All military figures are BS. North Korea has 1,000,000 active member troops.
Canada has 68,000 active member troops.

North Korea has more of everything than Canada, including aircraft, boats, and
even nuclear weapons.

Canada spends $23 billion per year.

And as to forces hardly to be reckoned with, if you're talking in a convention
war with the US or something, sure. To put that into contrast with hacking
Sony, though, is utterly ludicrous. The latter could likely be achieved paying
a group less than it costs to operate a single fighter aircraft for a year.

------
rilita
There is something big that was not pointed out in this article. Whoever did
it got paid to do it. This is not a simple case of revenge of a nerd, nor is
it a case of "your political movie is offensive."

Someone hates Sony / SPE, and paid for the attack.

How did I come to this conclusion?

1\. No matter how mad you are, being angry is not enough fuel to collect 100tb
of data and then leak it out in 25gb chunks. You need motivation to continue,
and money is that motivation.

2\. While company security is terrible everywhere, and with enough work anyone
can be hacked, it takes a measure of skill and careful planning to pull off a
hack like this. This is a not a "we got lucky" hack. It was planned carefully.

3\. The amount of data, and the selection of which data gets released when, as
well as the difficulty overall of the operation, says to me that multiple
people were involved in the hack.

A reason why it isn't North Korea: If it was ( either intentionally or
accidentally ) it is in NK best interest to either claim responsibility and
embrace it, or to prove they didn't do it. They have done neither. This
implies that they can't prove they did or didn't do it, because nobody under
NK government control was involved.

~~~
xorcist
A sysadmin could have collected this data over a long period of time and
dumped it on some lulz h4xors who are having the time of their life sizing it
up in increments and writing trollish press releases.

There's really no need for anyone to have get paid in this scenario. I'm not
saying it isn't possible, just that it isn't necessary to explain what
happened.

The disgruntled employee is really the "husband did it" in murder
investigations. It's so common you have to investigate it by routine every
time. They probably don't have enough audit data to track the leaker, or they
would already have done it.

~~~
rilita
I have known my fair share of sysadmins; none of them are capable of writing
decently complex malware.

Have you seen the way the releases are organized?

~~~
yuncun
No, are they organized well?

~~~
rilita
They are split up into categorical sections of what data was released and/or
each release serves a purpose ( a pst mail dump )

They are all compressed using rar files. Rar releases are trademark of scene
releases. This was done by professional hackers who have been around long
enough to stick to using rars...

I don't advocate downloading the releases so I can't really say much about the
contents of the files themselves, only regarding the directory structure,
since the file listings of some of the releases were publicly released online
by infosec pros.

------
coldtea
Sounds more like calculated BS to make a backwards country in the middle of
nowhere sound like a credible threat to anything...

Then you have all the movies and tv series, which, without any hint of irony,
show "spies" and the like from such countries, operating in the US (and with
full teams and equipment), even infiltrating the secret agencies and such.

So you have uneducated people from rural fly-over country that cannot even
pin-point Germany on the map, believe what they see in those series, not as an
actual fact, but as something that could potentially happen or is credible.
(Just imagine what the kind of people who think evolution is bad for school
curriculum believe about foreign countries).

To convey the BS-detection levels a European feels, consider a report were
Inuits are the major threat and Inuit operatives are preparing an attack on
the US, hacking networks, and the like... Or maybe Mexico, or Canada... (This
BS doesn't work as well when it's about a place you know, that you might have
visited and that's close to home, right? Whereas anybody can imagine any kind
of BS for some remote third world place with 1/1000 the resources).

(Of course there are people that watch non-ironic action movies were the
President bare-handedly fights the bad guys
[http://en.wikipedia.org/wiki/Air_Force_One_%28film%29#Plot](http://en.wikipedia.org/wiki/Air_Force_One_%28film%29#Plot)
!!! We might watch them for the special fx and action scenes in Europe, but we
call them typical hollywood BS and use huge tons of irony about them).

~~~
higherpurpose
I've stopped watching shows like Homeland, Person of Interest, 24 (only saw
like 3 seasons), etc a while ago. The level of US propaganda in them made them
unbearable to watch.

~~~
paganel
Warning: spoilers ahead

Homeland was pretty subversive in its first season, I mean, up until Brody
decided not to blow himself and the rest of the high-ranking officials up in
that bunker it was a pretty bleak affair: a decorated US marine, now a
politician, who decides to kill the VP of the United States and a couple of
other generals, you don't usually get that in block-busters. Afterwards, and
especially starting with season 2, it did indeed become a propaganda thingie.

Otherwise you're completely spot on. As a film junkie it really bothers me
that our generation doesn't have its "Apocalypse Now", "The Deer Hunter" or
"Rambo I - First Blood" (whose director has just been interviewed in the
latest Cahiers du Cinema issue), it's all white-washed, depressing propaganda.
There are a few exceptions here and there (De Palma's "Redacted", Bigelow's
"The Hurt Locker", partially), but otherwise we're treated not as adults, but
as kids who need to be told "nice" stories about what's really happening
around us.

~~~
cjslep
What about a movie like _Syriana_?

------
thaumaturgy
Just earlier today I had a client asking me about the Sony breach, and I laid
out all the reasons I didn't think North Korea was actually behind it -- nor
did Schneier.

Then just a few hours later the New York Times came out with an article
claiming that they have information from some Washington sources that it has
been confirmed to be North Korea. I checked the author bylines, because Judith
Miller and the NYTimes, and David E Sanger I could see being politically
motivated to make a case like that on some pretty flimsy evidence, but Nicole
Perlroth has good tech journalist creds.

So, I dunno. Looks like it might be North Korea after all.

At the moment, I figure there are three scenarios, and none of them are really
wonderful to think about:

1\. It's China, working through or with North Korea. They certainly have the
ability (and in some cases, insider information), and they've been waging a
network and technology-based conflict around the world for years now. But, in
the past, they've been carefully diplomatic about managing relations between
North Korea and the rest of the world; it doesn't make sense for them to
suddenly paint a huge target on NK's back, and China's past exploits have been
kept pretty quiet. I don't understand why they'd want this one to be big and
public.

2\. It actually is North Korea. We've been led to believe that they exist in a
technological dark ages of sorts, with most of their infrastructure relying on
technology that would horrify the average HN user. They're certainly
belligerent enough, but now suddenly we find that they have not just the
technology to pull it off, but also the talent? How does that kind of talent
even develop under a strictly regimented government like North Korea's? What
kind of ability do they actually have?

3\. It's neither North Korea nor China. This is the most disturbing one to
think about; now that the NYTimes and Washington are involved, it smells a bit
like the kind of political maneuver with propaganda that we saw in the run-up
to the Iraq war. At the moment, this is still really feasible, and it makes me
wonder what Washington's motives might be.

Only time will tell for sure, I guess. Whoever is actually behind this, they
won't be able to stay quiet forever.

~~~
brenschluss
> 2\. It actually is North Korea. We've been led to believe that they exist in
> a technological dark ages of sorts, with most of their infrastructure
> relying on technology that would horrify the average HN user. They're
> certainly belligerent enough, but now suddenly we find that they have not
> just the technology to pull it off, but also the talent? How does that kind
> of talent even develop under a strictly regimented government like North
> Korea's? What kind of ability do they actually have?

See, this really isn't the case, and why most people believe this is beyond
me, when a google search would suffice. I'm not criticizing you, actually,
just pointing out that there's an incredible amount of misinformation out
there about North Korea. Look at these photographs of a technology trade fair
in Pyongyang this summer, for example:

[http://www.northkoreatech.org/2014/06/23/another-look-at-
the...](http://www.northkoreatech.org/2014/06/23/another-look-at-the-spring-
trade-fair/)

Most telling, IMO, is that a 32G usb is being sold for USD20, where at the
time of writing, the same product was nearly USD16 on Amazon US. That's a
remarkably low markup for a product, especially for one in North Korea. Also
considering that it's a high volume, low price product with so little of a
markup makes me think that other technologies must be very available and
accessible, and that NK is hardly the technological dark ages that popular
discussion has us think it is.

Of course, this all isn't to say that NK performed the hack, but I hardly
think that a lack of infrastructure would really be the barrier if North Korea
really wanted to train a cadre of hackers.

~~~
CamperBob2
The amount of $20 isn't relevant. What's relevant is how hard it is to come by
$20 in the DPRK.

~~~
brenschluss
Clearly not very hard, if the entire trade show is conducted in RMB, euros,
and usd.

~~~
coldtea
Or, you know, the entire trade show is:

a) for people in the higher echelons of the party that are paid more (and
might still be expensive to them), e.g. a 1% of the population

b) BS organised to give the impression that they are not behind, while in
reality nobody can afford those, and the buyers are "actors".

------
iopq
I just don't buy it. It was a far-fetched scenario in the first place. 99% of
the time if they didn't steal money it's just some people doing it for the
lulz. Of course they'll pretend to be North Korean. That's the funniest
explanation.

~~~
palmer_eldritch
Yeah, I can imagine the hackers releasing a torrent of the interview on the
date it was supposed to be premiered before Sony got on their knees. With a
simple message accompanying the movie: "lulz, trolled u".

------
kbart
At last some sane analysis that doesn't involve "terorists" or similar
bullshit. Though I find 5 ( _" The attackers only latched onto “The Interview”
after the media did – the film was never mentioned by GOP right at the start
of their campaign. It was only after a few people started speculating in the
media that this and the communication from DPRK “might be linked” that
suddenly it became linked. "_) contradicting to 2 ( _" <...> the code was
written on a PC with Korean locale & language"_). Anyway, I would bet my money
on the insider too -- the low sophistication level of malware combined with
excessive knowledge of internal infrastructure speaks for itself.

~~~
Jgrubb
> 2\. The fact that the code was written on a PC with Korean locale & language
> actually makes it less likely to be North Korea.

> Lets not forget also that it is _trivial_ to change the language/locale of a
> computer before compiling code on it.

~~~
ErrantX
What kbart means is; if the DRPK/Korea link came later this flies against the
fact that _before_ anything else it was compiled on a PC with Korean locale.

~~~
pionar
That still doesn't present a contradiction. The post says that they didn't
latch on to "The Interview" until after the media linked it. That doesn't mean
they weren't doing things to make people think it was coming from Korea.

~~~
thekingofspain
Yeah, especially because the Korean link was probably what started the "The
Interview" saga. Not really a contradiction.

------
codezero
Reposting from another thread because it's more relevant here:

Here's something I am curious about: if this was NK and it is in response to
The Interview, how did they get so deep so quickly? Other state sponsored
hacks seem to span multiple years with multiple iterative hacks that get
deeper into the target, but The Interview only wrapped shooting a year ago and
wasn't really publicly known until mid 2013.

~~~
lawnchair_larry
Other hacks have nothing to do with this one. Someone at Sony opened a
phishing email. That about does it.

~~~
codezero
Why don't other attacks act as a litmust test here? One person opening an
email doesn't open up access to every system and all the data in one fell
swoop. Ok an email was opened. And then... It takes time to go from one system
to the next, so why did his happen so fast?

~~~
lawnchair_larry
It doesn't take time once you get Domain Admin, and there is no indication of
how fast it happened. I've seen companies lose DA, and therefore their entire
enterprise, in hours. You can then push malware to everyone on the domain.

~~~
codezero
Thanks, this is helpful, I didn't realize so much of their infrastructure was
tied up with a single point of failure :(

------
fab13n
It's hard indeed to believe that anyone raised and living in DPRK would get
the skills, technical and social, demonstrated in this hack. But it's not
impossible that such a non-Korean person has been funded and helped by DPRK,
either before or after they've started gaining privileged access to Sony's
network.

So sure, that's not done by North Korean hackers, but it's not excluded that
it involves North Korean money.

I guess a strong clue will be to see if Sony's nightmares calm down after
they've scrapped the Interview, as allegedly expected by the hacker. I'd
rather bet on a bounty hunting follow-up, _a la_ 419Eater, which I confess I'd
find extremely entertaining.

~~~
elsjaako
Just because 90% of the country is technologically impaired doesn't mean they
can't do this. This would be like saying the USSR couldn't go into space
because they still did agriculture using horses.

NK has made their own Linux distribution, and they made nuclear bombs. Being
able to hack isn't out of the question.

~~~
fab13n
It's more the sociological Internet-savvyness which strikes me as unlikely
than the technical feat. Besides, we don't know the relative importance of
computer hacking skills vs. social engineering vs. victim incompetence in the
breach's success, although we know that all three were required to make this
possible.

------
peterwwillis
> _just how did whatever Data Loss Prevention (DLP) solution that Sony uses
> miss terabytes of data flying out of their network? How did their
> sophisticated on-premise perimeter security appliances miss such huge
> anomalies in network traffic, machine usage or host relationships? How did
> they miss Sony’s own edge being hijacked and used as public bittorrent
> servers aiding the exfiltration of their data?_

In my experience, nobody takes DLP seriously, except maybe [some] government.
It's more of a "At least we know about this issue; nobody feels like dealing
with it, so just flag it and continue as normal." In fact, almost all DLP and
similar systems i've seen were _intended_ to only record violations so they
have evidence to litigate with later.

> _It’s clear from the leaked data that Sony has a culture which doesn’t take
> security very seriously. From plaintext password files, to using “password”
> as the password in business critical certificates, through to just the shear
> volume of aging unclassified yet highly sensitive data left out in the open.
> This isn’t a simple slip-up or a “weak link in the chain” – this is a
> serious organization-wide failure to implement anything like a reasonable
> security architecture._

This is all large organizations. All of them. As one previous manager so
eloquently put it: "There are too many security violations for us to fix; all
we can do is prioritize and go after the biggest fish." The only places that
take security seriously are places that hire BOFH-quality security nazi
managers.

> _Who do I think is behind this? My money is on a disgruntled (possibly ex)
> employee of Sony._

Or a contractor (e.g. Snowden)

~~~
PhantomGremlin
I wanted to comment on these exact same things, e.g. "nobody takes DLP
seriously" and "this is a serious organization-wide failure". You have done a
nice job highlighting them. Unfortunately your comments are buried in the
middle of a very long discussion.

In general, in the numerous discussions I've read so far, people are much more
focused on this breech itself, not on the root causes nor how to prevent these
types of breeches in the future.

------
codeonfire
North Korea doesn't need amazing elite hackers to pull this off. That debate
precludes a simpler explanation that maybe they just paid an insider $500k to
install some software and dump some files. If the FBI has found such an
insider then maybe that is the evidence of NK involvement.

------
craigasketch
This all seems too political to me. I suspect the blame on North Korea is
really a fishing line to upset the real person's ego to hopefully get some
sort of lead.

While I don't doubt North Korea's technical ability I sincerely doubt this is
a real motive to attack Sony. Something screams ex-contractor to me and
planting evidence to come from NK seems like a plausible avenue to avoid being
caught.

------
bifrost
IMHO this is the best analysis of the situation.

~~~
AlyssaRowan
Yep, I concur. There is nothing I've seen about this with any particularly
strong tie to DPRK at all. Sony has pissed off enough people, internally as
well as externally, that it could plausibly be pretty much anyone. And they
have I think the worst reaction to it I've ever seen.

If anyone wants to learn anything from this: don't use P@ssword1 as a
password. If you've got that down, you're _already_ better than the Sony
studio.

------
ivanca
Really? Not a month has passed since the hack and the US officials already
declared they are sure it was North Korea, using very weak evidence?

This smells as fishy as it gets.

~~~
sd8f9iu
Since when does it take more than a month to find the origin of an attack?
We've seen the capabilities of the NSA, and I'd bet they've already made
grounds infiltrating NK computer networks in the past. If the perpetrator was
sloppy (e.g. forgetting to use a VPN once or something), it would make it even
easier.

~~~
paradite
As you said, NSA may have infiltrated NK computer networks, which means NSA
and other organizations which had infiltrated NK computer networks can use
compromised computers in NK as tools for hacking activities, hiding their real
identities. Considering many other possibilities like this, it is hard to
trace the real origin of the attacks.

------
cyphunk
I would place my bet on the individuals with access to the trove from the
Playstation Network hack.

It's odd how the epic Sony Playstation Network hack from a few years back
doesn't get discussed much in relation to the current hack. A signature of
lulzsec strategy from that era was the staging of information gained from one
intrusion to go deeper. So the passwords and information found through one
intrusion was utilized to span out and find intrusion into other networks, in
other companies or institutions. And this fermentation process before the
release of hacks was in the order of months or longer. We know from that
episode that Sony's network was penetrated deep. It would be foolish to not
consider if much of that information didn't remain "in play" for future
staging. But it seems everyone (meaning the FBI and Sony, the stakeholders in
the prior attack) thought the case was closed when Lulzsec was no more.

If I am right (and it is really not clear that I am), and the data from the
Playstation Network hack was at play, then there are two very interesting
things to note: 1. the attackers chose to devoid themselves of even the
anonymous brand. Action without brand takes intrusion as protest to a whole
new level. 2. The FBI's official finger pointing to north korea shows how far
behind they are in adapting to the new world and makes me wonder what future
trolling still await us.

------
xngzng
Didn't North Korea publicly denied their involvement? And America businesses
are believing NK is willing to go to war by attacking Americans on America
soil because of a movie?

~~~
barsonme
The latter might be true, but the first part isn't worth much as most
governments would flat out deny they hacked into a large foreign company.

~~~
konstruktor
For a country with a wrong sense of grandeur, constantly showing off their
military, it would be much more consistent to claim responsibility as a proof
of their power.

------
jaekwon
On a related note,

[http://www.laweekly.com/publicspectacle/2014/12/17/pulling-t...](http://www.laweekly.com/publicspectacle/2014/12/17/pulling-
the-interview-is-the-end-of-free-speech-in-hollywood)

"The truth is, America's commitment to free speech is dwarfed by our
commitment to capitalism. Seth Rogen can stand in his house and say anything
he wants about Kim Jong-un – but Sony has the choice to fund him, and even if
it agrees, AMC can still pull the plug. The corporation, not the individual,
has always had the power to decide what movie is a thoughtcrime. We're just
only now visibly seeing the suits flex their clout. Despite everything, Pascal
at least had the courage to greenlight a comedy about a sitting dictator. Will
she be the last studio boss who can make that claim?"

I wouldn't be surprised if it turns out that the hacks or threats weren't
conducted by NK, or by NK alone. This movie is in fact a threat to a
particular regime in NK, but it's also a blanket threat against all
totalitarian regimes (and corporations), and there are plenty that would be
upset about that.

I've been scouring Hollywood for movies that appeal to mass social, political,
or economic change that don't portray the instigators as crazed violent
goonies. There are none in recent memory. The ones that do strike a chord
become wild blockbuster hits and their motifs enter our collective
consciousness as light-sabres or guy fawkes masks, but they are the rare ones.
You don't find much of them in Hollywood because Hollywood does not instigate
change.

~~~
icantthinkofone
"This movie is in fact a threat to a particular regime in NK"

It's a movie. It's a comedy. It has Seth Rogan.

Have you ever seen any of the writings on the walls in NK or speeches by their
politicals?

~~~
jaekwon
2 years after Fight Club's (soap and Meatloaf) story of crazed terrorists
destroying towers to reset the economic system, some crazed terrorists did
exactly that.

Imagine what would happen if a likable character who _isn 't_ a crazed
terrorist assassinated a political figure on the big screen and became a hero.
Good feels all around, nothing wrong with killing a totalitarian leader,
right?

~~~
bradyd
6 years before Fight Club the World Trade Center had a car bomb set off in
it[1], so it's not like they got the idea from that movie.

[1]
[https://en.wikipedia.org/wiki/1993_World_Trade_Center_bombin...](https://en.wikipedia.org/wiki/1993_World_Trade_Center_bombing)

~~~
jaekwon
Thanks, I didn't know about that bombing.

------
mp4box
Here is the cached version of the linked article at the bottom of the post.

[https://webcache.googleusercontent.com/search?q=cache:https%...](https://webcache.googleusercontent.com/search?q=cache:https%3A%2F%2Fwww.riskbasedsecurity.com%2F2014%2F12%2Fa-
breakdown-and-analysis-of-the-december-2014-sony-hack)

------
dba7dba
I'm reading cnn report that quotes someone who says we underestimated N
Korea's cyber attack ability.

Well, I think that's STUPID to say.

Many are saying it could be some teenagers somewhere in a basement that pulled
this off. And guess what? A nation with 300 million is capable of getting
people around some computers to hack. They can develop nukes (or claim to
have) and develop short range ballistic missiles. If they are capable of it,
they are capable of pulling something off that some teens in a basement do all
the time.

And N Korea will do anything to protect the image/status of its fat leader.

In a sense, nothing to see, move on. It's only N Korea.

It's only the stupidity of the leadership at Sony that we underestimated, not
keeping up security and then laughable response.

------
dba7dba
Sony corrupting the American values...

They gave up the right of free speech.

And we are the only nation that's codified AND that's been practicing it for
hundreds of years.

Oh wait, Sony is owned by Japan... Must be especially sweet for N Korea,
kneeling US and Japan with one hit.

------
TheGunner
Great article, and a common sense approach to it at last. I can't believe this
myth NK is behind it is being perpetuated when facts point to someone with
insider knowledge and an agenda.

------
chinpokomon
For those critical of the article, have you any doubt that NK is behind these
events? If so, what wasn't mentioned, which is more compelling in your mind?

------
saurik
I believe this article was posted before the flurry of news in the last hour
from various credible sources claiming "US government officials" have laid
blame on North Korea.

[http://www.nbcnews.com/news/world/north-korea-behind-sony-
ha...](http://www.nbcnews.com/news/world/north-korea-behind-sony-hack-u-s-
officials-n270451)

[http://www.usatoday.com/story/news/world/2014/12/17/north-
ko...](http://www.usatoday.com/story/news/world/2014/12/17/north-korea-sony-
hack/20558135/)

------
mobiplayer
This totally smells like a new USS Maine sinking:
[http://en.wikipedia.org/wiki/USS_Maine_%28ACR-1%29#False_fla...](http://en.wikipedia.org/wiki/USS_Maine_%28ACR-1%29#False_flag_conspiracy_theories)

Expect new laws and regulations. Expect the public opinion to be against
"hackers", "encryption", "privacy" and all that shit, etc

------
stickshift
How about it was somebody from, say, South Korea who was hired by the North?

------
kokey
After this, gamergate and the 'trader genius schoolboy with $72 million'
people are going to have an even harder time distinguishing between reputable
news outlets and the unverified junk people share on Facebook.

~~~
TeMPOraL
There are pretty much no "reputable news outlets" in mainstream media.
Everyone has either an agenda, an axe to grind or just want to get more
pageviews for ad dollars.

------
Jongseong
The article has a really weak grasp of the language situation in the Koreas.
Setting aside the conclusion of the article, here is my input on the language-
related points (the first two), coming from a South Korean.

I have to say I find point 1 borderline offensive, that the English basically
isn't bad enough to be authentic "Konglish". It can't have been written by
North Koreans unless you see comprehension mistakes! Does the author know that
perhaps counterintuitively, English is the most widely taught foreign language
in North Korea? Or is he familiar with the barrage of English-language
propaganda put out by the North Korean regime?

I wouldn't describe it as "broken English" either. Stilted and unlikely to
have been produced by a complete native speaker, yes (e.g. old-fashioned
English subjunctive in "our request be met"), but not ungrammatical. I have no
particular trouble believing that it is an earnest attempt by a non-native
speaker to write correct English.

Point 2 is the weakest. I have no idea where the author got the notion of
North Koreans speaking their own dialects and traditional Korean being
forbidden. Korean like any language has regional dialects in both North and
South Korea, but the language itself was standardized before the division of
the peninsula based on the Central dialect region around Seoul. This dialect
region is split between the North and South so that for example the speech in
Kaesong, North Korea is similar to the speech in Seoul, but Pyongyang falls
outside this and falls into a different dialect region. Nevertheless, because
Standard Korean was established before the division, the standard speech in
North Korea is also based on the Central dialect. The Standard Korean spoken
by someone from the North is not as different from what you would hear from
someone from the South as one might imagine, as South Koreans may verify by
watching a North Korean news broadcast. There are of course differences in
orthography and vocabulary similar to what you would find between the UK and
US in English (thus the "helicopter" example supplied by the author), but this
has more to do with a natural divergence of the language after decades of
forced separation than anything.

The closest thing I can think of to the notion of traditional Korean being
forbidden is that North Korea banned Chinese characters from official writing
right away, while South Korea didn't go as far but still eliminated Chinese
characters from texts used in education. Korean has its own alphabet, but
Classical Chinese was the traditional literary language, and Sino-Korean
vocabulary (words derived from Classical Chinese) were often written in
Chinese characters in a "mixed-script" style reminiscent of Japanese. In both
Koreas, the end result was that Korean came to be written purely in the Korean
alphabet. In South Korea this was gradual as the mixed-script style held on
for a few decades, but by now most South Koreans have been educated writing
only using the Korean alphabet. At any rate, Koreans wouldn't be using Chinese
characters on computers anyway, North or South, so this is an irrelevant
historical detail by now.

What does the author mean by saying that "the code was written on a PC with
Korean locale & language"? That the actual coding was done in Korean? What
kind of programming language used by hackers is in Korean? I am not familiar
with the details of the Sony case so I would like to be enlightened on what
the author actually means here.

~~~
hashhash
Locale information includes things like encodings to allow a human language to
be stored as data.

It is probably the case that the most common encoding is ASCII, with the most
common modern encoding being UTF-8. If you're writing code you don't want
traced to a particular language, use ASCII.

You would only need a separate encoding if you were going to be writing the
code with special characters. In this case a Korean encoding would only be
useful for comments and string literals as most computer languages are ASCII
based. Since the messages from the malware are apparently in English, this
seems superfluous and more like a sign of a false flag operation. In this
context, setting a Korean locale is an unnecessary and ill-advised step that
would normally force you to go out of your way to get right.

Wikipedia has more specific information regarding Korean language encodings:
[http://en.wikipedia.org/wiki/Korean_language_and_computers](http://en.wikipedia.org/wiki/Korean_language_and_computers)

~~~
Jongseong
Thanks, I should have made the connection to encoding immediately. I've found
more info in <a
href="[http://www.theguardian.com/technology/2014/dec/02/north-
kore...](http://www.theguardian.com/technology/2014/dec/02/north-korea-hack-
sony-pictures-brad-pitt-fury">the) following Guardian article</a>:

“In the file we had a line with broken characters. Those characters didn’t
render right under any encoding, except EUC-CN [Chinese] and EUC-KR [Korean] …
In this case, the readme.txt file could be read fine under either EUC-CN and
EUC-KR, which means the file was most likely generated from a computer set in
either Chinese or Korean – or the hacker deliberately converted the file
(which seems unlikely),” Karpeles said.

I should add that EUC-KR is a South Korean legacy character encoding, but the
corresponding North Korean encoding (EUC-KP?) is hardly ever supported so in
practice North Koreans would be likely to use EUC-KR.

------
baconforce
It may not have been the work of NK, but it doesn't mean it wasn't sold to NK.

------
trhway
i guess it is obligatory here
[https://www.youtube.com/watch?feature=player_detailpage&v=tH...](https://www.youtube.com/watch?feature=player_detailpage&v=tHRyrybn_2w#t=4470)

------
ck2
Maybe Russia with false flag. Or even China.

But Russia really really doesn't like us and has nothing to lose with trade,
etc.

~~~
dagw
Bu the US is completely unaffected by this attack. If I was a hypothetical
Russian, wanting to run a hypothetical false flag operation to piss off the
US, I'd probably target something slightly more vital than some random movie
studio.

~~~
logfromblammo
If I were a hypothetical Russian, I would just crack some bank accounts with
my zombie network to launder some Gazprom money, fund anti-fracking
propaganda, and donate to anti-fracking lobbyists.

Hypothetically, this is occurring right now, and is less traceable, less
newsworthy, and more effective than a loud public attack on a major
multinational company. Hypothetically, I could probably keep it up for years
before anybody noticed.

------
tippytop
Upon browsing a few of these threads tonight, I've realized there is no worse
reading than a bunch of tech enthusiasts armchairing about geopolitics. I'm
out!

~~~
davidw
Hit the 'flag' button on political articles.

