
North Korean Spy to Be Charged in Sony Pictures Hacking - NN88
https://www.nytimes.com/2018/09/06/us/politics/north-korea-sony-hack-wannacry-indictment.html
======
madrox
I work in the entertainment industry for a major Sony competitor. This hack
was when entertainment execs started listening to their infosec people. It
wasn't just IT. Media apps also got more secure and data retention policies
got much, much more disciplined. The paranoia was real. I'd dare say it's why
the big social media data retention scandal came out of the election instead
of Hollywood.

I've always been suspicious of the touted NK connection. It seemed flimsy
then, and it seems flimsy now. However, all these years later, I don't know
why they'd be interested in keeping up security theater, so I assume someone
closer to it than I knows all the facts.

~~~
openasocket
There's some fairly extensive information publicly available in support of the
NK connection. I'll point to [https://www.operationblockbuster.com/wp-
content/uploads/2016...](https://www.operationblockbuster.com/wp-
content/uploads/2016/02/Operation-Blockbuster-Report.pdf) (disclaimer: I
worked with the team that wrote that report, though not on Operation
Blockbuster itself). That information shows that the group behind the Sony
Hack were a previously unknown APT group. Analysis of malware used, C&C
servers, and even re-used certificates connect this group to a variety of
other attacks in the years prior, all targeting various South Korean
entertainment and financial institutions. The report I linked to provides more
information.

~~~
rando444
As someone else that's spent a large amount of time looking into this, I'd
like to offer a dissenting opinion.

I agree with the analysis linking the groups.. however, the final conclusion
is because the other attacks were attributed to NK, then we must also
attribute these attacks to NK.

I think these assumptions need to be questioned.

The sophistication of the attacks is so out of proportion with North Koreas
abilities, it almost reaches the point of absurdity.

I mean we're talking about an entire country full of people that are denied
access to the internet, most do not have computers, and many don't even have
the electricity to run them. We're talking about a country where refrigerators
are luxury and purchased by the middle class to store books since they don't
have steady electricity that would allow them to keep food cold.

When you look at the sophistication of the attacks, it's an amazing leap to
assign such sophisticated cyber attacks to a country that runs it's entire
computer infrastructure as an government controlled Intranet that people still
access over dial-up modem.

I mean even just using Occams razor on the South Korean bank attacks...

You're going to require extremely educated people, who have the requisite
hacking skill and mindsets, which often require unfettered access to
information that is denied to most everyone, and small details like the fact
that the attackers also are knowledgeable in multiple spoken languages and
other things that are so out of the ordinary for NK.

What is more likely.. that all of these sophisticated attacks are being done
by a country that can barely keep the power on, or that they are done by
someone _pretending_ to be North Korea and using them as a scapegoat?

Personally I think it's the latter.

~~~
openasocket
I disagree with the idea that the DPRK is not capable of such attacks. They've
demonstrated they are capable of creating nuclear weapons and ICBMs, I don't
think it's such a stretch to say they are capable of APT attacks. Especially
when you consider that the DPRK gets a lot of support from China, which also
engages in cyber attacks. It wouldn't be difficult to send DPRK citizens to
China to be educated and instructed in computer technology. More difficult,
but still possible, is covertly sending north koreans to various western
institutions to receive an education in cyber security. Recall that Kim Jung
Un himself was educated in Switzerland.

There's also the possibility that the APT group is partially or completely
composed of foreigners hired to engage in these attacks on behalf of the DPRK.
I know one of the people on Operation Blockbuster believed that this was
"contracted out" to some clandestine group. This would explain the attackers
being multi-lingual. It would also explain why many of their attacks focus on
financial institutions and theft. This focus has been proposed as a way for
the DPRK to get international currency to make purchases and evade sanctions,
but it would also make sense for a group that is in it for the money.

~~~
jessaustin
Can we get an estimate of how much money was stolen/earned/misplaced/whatever
in this hack?

~~~
openasocket
In the Sony hack? None. But many of the Lazarus group's other attacks have
resulted in getting significant amounts of money. There was the theft with the
Bangladesh bank a few years ago, where they got away with around $100M US.
There were some other, smaller incidents involving banks in Vietnam and
Taiwan. And the Lazarus group is believed to be behind the WannaCry
randsomware, idk how much they got from that.

~~~
jessaustin
This undercuts either the APT classification or the identification of the APT
with DPRK. It's not as though Sony doesn't have any money; a group that steals
money would have stolen some. In that case there would have been some sort of
credible trail to follow.

Actually the whole "we don't like movies about Dear Leader" supposed
motivation is only superficially reasonable. From the leaked email it's clear
that this was a chaotic capricious organization that wouldn't have hesitated
to fire embittered IT (or simply IT-aware) staff, who would then have been
well-placed to do everything that was done to Sony. (I especially liked the
unencrypted Word docs they had of nothing but hundreds of passwords. Passwords
don't belong in Word docs!) "Guardians of Peace" had a special hatred for Sony
execs, while e.g. Rogen and Franco were afterthoughts.

~~~
openasocket
Some of their attacks involve stealing money, but not all of them. Regardless,
that argument is circumstantial at best. Look at the report
[https://www.operationblockbuster.com/wp-
content/uploads/2016...](https://www.operationblockbuster.com/wp-
content/uploads/2016/02/Operation-Blockbuster-Report.pdf) . There was re-use
of malware, C&C infrastructure, and RSA certificates, that is hard evidence.

------
onetimemanytime
>> _Mr. Park, who also went by the alias Pak Jin Hek, is unlikely to see the
inside of an American courtroom. The United States has no direct, formal
relations with North Korea and did not communicate with its reclusive
government ahead of the charges._

And if he did find himself in a court, a couple of professors and escapees can
testify that unless he did what he did, he'd be in jail, along with all his
extended family. Not guilty. Now maybe he didn't have to be that successful,
but we don't know all details beyond reasonable doubt.

------
jedberg
What I really want to know is how did they learn the skills to do this? And
more importantly, if they had that kind of access to outside information, how
do they not know about the atrocities they are involved in? Or is it a catch
22 where if they don’t help then they become a victim?

~~~
monocasa
Remarkably low level citizens (basically grad students) have access to public
(monitored) internet.
[https://www.youtube.com/watch?v=Orcmmra9oLQ](https://www.youtube.com/watch?v=Orcmmra9oLQ)

My guess is that, like the incubator baby thing in Iraq, the more heinous
crimes are just made up. It's easy to make up stories when there's no way to
refute them.

The defector stories are already internally inconsistent.
[https://www.theguardian.com/world/2015/oct/13/why-do-
north-k...](https://www.theguardian.com/world/2015/oct/13/why-do-north-korean-
defector-testimonies-so-often-fall-apart)

EDIT: Would love to hear something counter in addition to the downvotes.
Particularly against Shin Dong-hyuk's testimony which is hugely internally
inconsistent, and also the basis for the idea of North Korea's concentration
camps.

~~~
openasocket
We have large amounts of testimony and evidence for DPRK concentration camps,
dating back decades. It's not like we are relying on a single person's
testimony. For instance, we have satellite imagery of the prison camps.

Also, the guardian article that you linked to literally states that just
because there are inconsistencies doesn't mean that there aren't serious human
rights abuses, including the existence of prison camps.

~~~
monocasa
> We have large amounts of testimony and evidence for DPRK concentration
> camps, dating back decades. It's not like we are relying on a single
> person's testimony.

For camp 14, the supposed concentration camp, we have two eyewitnesses. Shin
Dong-hyuk, and Kim Yong. Both of their stories are hugely inconsistent, and
they get paid based on how crazy their stories are.

> For instance, we have satellite imagery of the prison camps.

We have satellite imagery that they have prisons. We don't have any imagery of
abuses.

> Also, the guardian article that you linked to literally states that just
> because there are inconsistencies doesn't mean that there aren't serious
> human rights abuses, including the existence of prison camps.

Yeah, it's a Guardian article. You can't rock the boat too much.

~~~
openasocket
There is not one concentration camp, there are over a dozen. And while I could
only find those two you mentioned as eyewitnesses to camp 14, we have plenty
of other witnesses to the other camps. Dozens of people going back decades.
And even if you consider the entirety of their testimony suspect, these
witnesses bare the physical signs of torture and malnutrition.

I'm unclear on what exactly your position is. Are you just skeptical of
stories like boiling people in molten iron? If so I can understand. Do you
believe that these political re-education camps exist? What about the policy
of sending an entire family, including children, to prison if one member of it
commits a political offense? Do you believe that these camps are host to
abuses, including the torture of prisoners as punishment, forced labor, and
inadequate access to food and medical care?

~~~
monocasa
> There is not one concentration camp, there are over a dozen.

Over a dozen prison camps. Camp 14 was the "hotel California" camp supposedly,
the others are focused on rehabilitation and release.

> Dozens of people going back decades. And even if you consider the entirety
> of their testimony suspect, these witnesses bare the physical signs of
> torture and malnutrition.

Dozens of the literally tens of thousands of North korean defectors. But it's
only the ones with the sketchy stories for some reason that get the limelight.

> And while I could only find those two you mentioned as eyewitnesses to camp
> 14, we have plenty of other witnesses to the other camps. Dozens of people
> going back decades. And even if you consider the entirety of their testimony
> suspect, these witnesses bare the physical signs of torture and
> malnutrition.

I mean, they were under sanctions during a famine. Nearly everyone was
malnourished.

> Are you just skeptical of stories like boiling people in molten iron? If so
> I can understand.

Yes, skeptical to say the least.

> Do you believe that these political re-education camps exist?

I believe that prisons should be focused on rehabilitation and integration
back into society, I guess you can call that "political re-education".

> What about the policy of sending an entire family, including children, to
> prison if one member of it commits a political offense?

I doubt that this exists. What's more likely is that political dissonance
(which was outlawed by the US in times of war also), is hard to keep to an
individual in the extremely family centric societies of the east, including
North Korea and would tend to pull in family members who didn't report it.

> Do you believe that these camps are host to abuses, including the torture of
> prisoners as punishment, forced labor, and inadequate access to food and
> medical care?

I think that's true of nearly all prisons, including those in the US. And
before you go calling "whataboutism", I think that's core to the distinction
made between a "concentration camp" and a prison.

My main issue is how it gets portrayed as worse than the Nazis or Unit 731,
when there's essentially no reliable evidence to the fact. All in a context
where there's a push for a war with them, and we've manufactured evidence for
the past few wars.

------
NN88
_HERES THE INDICTMENT:_ [https://www.justice.gov/opa/pr/north-korean-regime-
backed-pr...](https://www.justice.gov/opa/pr/north-korean-regime-backed-
programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and)

------
sillyquiet
It kind of blows my mind that North Korea is responsible for Spider-Man
joining the MCU.

~~~
jedberg
I’ve heard this a few times but I’m not super familiar with the ins and outs
of the MCU and who owns (owned) what.

Can you connect the dots for me?

~~~
chrisdsaldivar
When Sony was hacked over The Interview a bunch of emails were leaked
including some between Sony and Marvel. Apparently Spiderman was supposed to
be in Captain America: Civil War but the deal fell through. When the emails
leaked about it fans went nuts a pushed Sony to include Spiderman in the MCU
which ended up happening. Sony still has the rights to Spiderman he's just
part of the MCU now.

I'd recommend reading the emails. They show just how badly Sony needed
Marvel's help to make a good Spiderman. Here's my favorite
[http://imgur.com/XiqC6fz](http://imgur.com/XiqC6fz)

Edit: Also Sony was trying to make their own Spiderman universe instead of
being part of the Marvel Cinematic Universe.

~~~
laken
For some further background, many of the most popular Marvel characters'
rights were sold off years before the MCU & Disney acquisition, such as
Spiderman.

Disney has tried to get back as many as they could, and are continuing to do
so. Off the top of my head, Universal currently owns theme park rights to
Spiderman, Avengers, X-Men, and Fantastic Four on east-coast USA. In regards
to film rights, Fox owns X-Men and Fantastic Four, and Sony owns Spiderman.
One of the reasons Disney is pushing hard for acquiring Fox is to get back the
X-Men rights from Fox, as that's the 'easiest' way to add them into the MCU.

~~~
sillyquiet
Universal also owns Hulk and his rogue's gallery with a few exceptions.

------
OliverJones
I wish someone could explain the logic of indicting foreign nationals when
there's no hope of bringing them to trial. A 179-page criminal complaint must
have cost a substantial sum.

Justice Department could have spent that money explaining "correct horse
battery staple" ([https://xkcd.com/936/](https://xkcd.com/936/)) to its own
people, and so made us all a bit safer.

~~~
the_watcher
It substantially limits their movement, as it increases the caution needed to
enter any country with which the US has an extradition treaty.

As to explaining password security, the Justice Department is a law
enforcement agency, not a security agency.

~~~
TACIXAT
North Koreans aren't known for their international travel.

~~~
b5ec5a483dfd14
North Korean hackers actually travel abroad to their target country for 2
years according to the business insider article someone liked to in this
thread. Seems possible they may travel again.

------
LinuxBender
One person? Anyone else feel their spidey senses tingling?

