
Some experts don't buy the FBI claim that North Korea hacked Sony - dnetesn
http://www.latimes.com/business/hiltzik/la-fi-mh-these-experts-still-dont-buy-20141221-column.html
======
tessierashpool
At the moment that I'm writing, not one of the ten highest-ranked comments
here addresses _any_ of the technical detail or substance in the
counterarguments which white hat experts have raised.

Bruce Schneier is one of these skeptical experts.

[http://motherboard.vice.com/read/the-best-thing-we-can-do-
ab...](http://motherboard.vice.com/read/the-best-thing-we-can-do-about-the-
sony-hack-is-calm-down)

The IP address blog post by Dr Krypt3ia makes the FBI look silly beyond words.

[http://krypt3ia.wordpress.com/2014/12/20/fauxtribution/](http://krypt3ia.wordpress.com/2014/12/20/fauxtribution/)

The Marc Rogers post makes a lot of sense to me.

[http://marcrogers.org/2014/12/21/why-i-still-dont-think-
its-...](http://marcrogers.org/2014/12/21/why-i-still-dont-think-its-likely-
that-north-korea-hacked-sony/)

I remember a time when a discussion like this on Hacker News would have
concerned itself with the technical details of the analysis, in an honest
attempt to discern the truth of the matter, rather than a bunch of opinionated
political rambling, and although that was a very long time ago, I still
consider that type of discussion more worth our time here.

~~~
martincmartin
On the other hand, Hacker News commenters have been complaining about the
dropping quality of Hacker News comments since soon after Hacker New started.

------
drzaiusapelord
I think denials of state actor hacking is bewildering. Its seem more credulous
that a previously unknown hacker group (the GOP? Really?) suddenly take down
Sony in such an elaborate fashion, especially when a movie literally
protraying the murder of NKorea's leader is about to be released (In June N
Korea vowed to "mercilessly destroy" anyone involved with The Interview.)
Groups like the Lizard Squad who perform Sony attacks tend to have a history
and reputation. This group has no history. That itself should be a huge mark
against those who go against the FBI's claim.

Not to mention we have a massive history of NK and Chinese cyberwars against
the west. Often both countries working hand in hand, with the NK hacker team
reported to be headquartered in a hotel in a Chinese city under the auspices
of the Chinese government. Shenzhen I believe.

I think a lot of this "debate" is centered on how people feel about the USG
and specifically its foreign policy. I think a lot of black-hat and grey-hats
tend to idealize autocratic regimes like Russia, China, N Korea, Syria, Iran,
etc because they are "counters" to US foreign policy, so they often will take
an anti-US spin on things. This isn't technology or informed commentary. Its
just the same lazy outrage politics that has taken over any other type of
discourse on the internet. From a rational perspective, this attack obviously
points to the NK regime. Its fits their MO, their history, and, if we take the
FBI's claims as true, their technology and capabilities.

The same way many anti-US/anti-Western commentators were telling us that those
weren't Putin's troops in Crimea or in Eastern Ukraine. They kept saying "more
proof" when it was obvious no amount of proof would convince them. They just
had an anti-US bone to pick and liked the attention of being contrarian.

I also think its emotionally comforting to pretend there isn't a massive
multi-party cyberwar going on, all the time. I think people want to believe
its just some bad apples, not nation states and their leadership ordering
attacks left and right, with impunity. Its a little scary to think what is
possible from a determined attacker and how little of our industry and
practices are focused on security.

~~~
tomp
Weapons of mass destruction, Syrian rebels, CIA torture, Snowden is a traitor,
the Wikileaks suppression, ...

I think that it's not entirely irrational to believe the opposite of whatever
USG says about foreign policy.

~~~
mikeash
What about the many correct statements they've made over the years?

Sometimes they lie. Sometimes they're innocently wrong. Sometimes they're
right. It _is_ irrational to knee-jerk believe the _opposite_ of what they say
just because they're _sometimes_ lying or wrong.

If you don't trust them, fine. I don't trust them either. But that means that
you should evaluate for yourself, not simply believe the opposite of what they
say.

~~~
balabaster
You have to remember though that they're a _political_ party - they say what
it is politically advantageous for them to say, or what they can spin it to
look like. There is no black and white nor right or wrong in their eyes, only
angles, spin and PR. How true they are being at any given time depends only on
how they can use it to their advantage. If it is politically advantageous to
tell the truth, they will do so, if it is politically advantageous to distract
from, cover up or lie about, they they will equally do so. You can't trust
them, all you can trust is if their angle currently aligns with your goals.

This is how dishonest bills get piggybacked through while everyone is looking
in the wrong direction, this is why political arrests are made, this is why
the Government backtracks on Whistleblower protections and they condemn
countries that use torture to achieve their ends... until they themselves are
caught doing it, only to throw their hands up and say "Hey, it was necessary!"
You can't have your cake and eat it too.

Life isn't black and white, it's grey. Nobody is innocent, everyone has
capability of good and evil (if you choose to look at it that way). But when
you can only trust someone as far as their political agenda, how do you know
when to trust them and when not to?

I agree with your point though of not automatically believing or disbelieving
in what they have to say, you have to look at whether it is more politically
advantageous to be truthful or deceitful... but with more and more information
coming out that shows the level of their deceit, you have to wonder if
anything they say is true or if it's all spun for political advantage.

------
k-mcgrady
Although I don't like to believe everything the government says (and I have no
idea whether they are correct or not in this situation) please stop turning HN
into conspiracy theory central. The last week has seen a few of these 'experts
debunk North Korea theory' on the front page every day. Due to the fact the
FBI has withheld some of their evidence from the public we won't know. Unless
we can see all of the evidence we won't know their reasoning. If the US was
threatening war with NK over this I would be much more worried and glad to see
these posts but considering the only action they are even considering is
putting NK on a 'terrorism list' they probably aren't all that confident in
their own evidence never mind the stuff they've made public.

I guess my point is please stop posting this stuff. Whenever anything
newsworthy happens the 'experts' (in any field) come out in force debunking
stuff when they don't have all the evidence. It drives me nuts. I know this is
a community and if people find it interesting it'll end up on the front page -
that's fine, it's just getting a little annoying.

~~~
joelrunyon
I don't think they're "debunking" anything as much as asking certain questions
that lots of people have.

I think it's worth having that discussion. Nobody is proposing any
conspiracies - just due diligence.

~~~
k-mcgrady
Of course, but the discussion has taken places several posts per day for the
last week. Unless the FBI releases more information or Sony releases more
information there's likely nothing new to discover.

~~~
xnull2guest
Haven't those discussions been largely mixes of new people? I think it's fair
for the people who didn't get a chance to weigh in the first time to have
their own deliberation about it.

~~~
talmand
But you don't understand, once it's been posted it never needs to be discussed
ever again. If you didn't read it the first time then tough luck. My theory is
the half-life of a subject is ten years before absolutely no one is bothered
about it being discussed again.

~~~
joelrunyon
I'm pretty sure this is sarcasm.

~~~
xnull2guest
I didn't consider that. I hope so.

~~~
talmand
It is indeed sarcasm.

This is one of my pet peeves on sites like this, the assumption that if a
story was discussed once then everyone for all time can just refer to the
appropriate thread and heaven forbid an alternate thread pop up. It's as if
having a different discussion at the same time or at some point later by
people who have not heard of the story before and most likely have no clue the
previous thread exists is a serious problem.

~~~
ForcesOfOdin
Thank you. I know that feel. As for the OP : it's probably Russia, pretending
to be Chinese hackers working out of North Korea. Destabilization indeed.
North Korea's 1000 IP internet (seriously, their whole country, USA has almost
1billion IPs) was shut down for a long time recently. Things are moving!
Speculate! Speculate! Speculate!

------
snarfy
The government has no credibility anymore, conspiracy theories aside. This is
the real problem. Even if they are telling the truth, nobody believes them.

~~~
dragontamer
US Government only had credibility in the 40s, when the office of censorship
stamped out anti-war propaganda and the DoD spent millions (billions in
today's money) on Pro-War propaganda.

The trend continued in the 50s and 60s with McCarthyism being a "soft censor".
It wasn't technically illegal to talk about Communism or other governments...
but if you did, you'd probably lose your job.

We've got freer speech today compared to back then. So naturally, anti-
government claims are going to be louder today than ever before.

~~~
debacle
At least we used to just call it the Department of War.

It was much more honest.

~~~
dragontamer
Bull __ __.

The 1798 Sedition Act outlawed speech, outlawed prominent authors who were
critical to the Adam's administration. Hundreds of dollars in fines and months
in prison. (worth a lot in today's money)

The First Amendment was passed in 1791. And only seven years later, the US
Government was already censoring its citizens who were critical of the
presidency.

The Bill of Rights only has as much power as the people who watch over the
government. It was a battle to get the government to recognize our rights in
the 1700s, just as much as it is a battle to get them recognized today.
Welcome to politics, this sort of thing _never_ changes.

And don't just look at the past with rose-colored lenses. Look at it
critically. Politics / government has always been a dirty business.

"Democracy is the worst form of government, except for all others"

May I remind you: the Government (and Media) lied about the USS Maine so that
we'd get into the Spanish-American war. "Remember the Maine, to Hell with
Spain". We also lied about a number of facts in WW2, but fortunately history
proved that we were in the moral right to do so in that war.

The US Population is far wiser and smarter today. The difference is that we're
no longer ignorant to blatant lies from our government. So I'd argue that
today's government is more honest than our ancestors / forefathers even.

------
downandout
So let me get this straight. The North Korean government publicly warns that
the release of The Interview will cause dire consequences. Shortly before the
release of the film, said dire consequences occur. The moment the movie is
pulled, all of a sudden the consequences stop. Right, that doesn't sound like
NK was involved at all.

The real question is: why are these "experts" \- including some here on HN -
taking such extreme and unfounded positions on this? I think it's quite likely
that they didn't do the hacking themslves. Perhaps they paid members of
Lulzsec to do this on their behalf. But to deny that NK is behind this is
absurd and makes the whole security community look crazier than Kim Jong-Un.

~~~
gthaman
My understanding is that the movie was not once mentioned by the hacker(s) or
the victim (Sony) but rather the first mention of the movie was by a popular
American news outlet.

In this context the two narratives of "north korea did it, okay?" and "perhaps
one of the 8,000 laid off tech department workers at Sony did it" are easy to
understand.

Sony's multiple layoffs of its digital unit workers gave certain employees
time to orchestrate this.

And on the cry wolf side, the big 3 American media companies started going
down their own rabbit hole of speculation and fear mongering.

Do you remember the last time (if ever) any of these "News Outlets" have
rescinded their accusations (especially regarding 'war') after making such
strong accusations for so long ?

~~~
downandout
_In this context the two narratives of "north korea did it, okay?" and
"perhaps one of the 8,000 laid off tech department workers at Sony did it" are
easy to understand._

These two narratives are not mutually exclusive. NK could easily have hired
one of these people. I don't know who carried it out but I'm 99% sure I know
who is behind it.

~~~
lotsofmangos
_I don 't know who carried it out but I'm 99% sure I know who is behind it._

And how confident are you that this isn't the Dunning–Kruger effect in action?

------
rgbrenner
North Korea said in June that The Interview was a "wanton act of terror" and
promised "merciless" retaliation if it was released. Said it was an "act of
war" and "is absolutely intolerable"

[http://time.com/2921071/kim-jong-un-seth-rogen-the-
interview...](http://time.com/2921071/kim-jong-un-seth-rogen-the-interview-
james-franco/)

Edit: In July they made a complaint to the UN about the film, saying: "To
allow the production and distribution of such a film on the assassination of
an incumbent head of a sovereign state should be regarded as the most
undisguised sponsoring of terrorism as well as an act of war,"
[http://www.theguardian.com/film/2014/jul/10/north-korea-
un-t...](http://www.theguardian.com/film/2014/jul/10/north-korea-un-the-
interview-seth-rogen-james-franco)

<sarcasm>I'm sure they had nothing to do with what happened to Sony</s>

~~~
yourad_io
Great find.

EVERYONE - we found the guilty party; they had motive.

No other parties could possibly also have had motive (and motive===guilt), so
we can stop looking now.</s>

~~~
rgbrenner
You seem to be in need of this: [http://www.merriam-
webster.com/dictionary/motive](http://www.merriam-
webster.com/dictionary/motive)

 _motive: something (as a need or desire) that causes a person to act_

There is a difference between a motive and stating you intend to take an
action.

North Korea has a motive AND has publicly stated they intend to take action.
They should not be surprised if they are the prime suspect when that action
occurs.

~~~
yourad_io
> You seem to be in need of this: [http://www.merriam-
> webster.com/](http://www.merriam-webster.com/)

Wow, thanks! Bookmarked.

> There is a difference between a motive and stating you intend to take an
> action.

Barely. You've made your motive public and added a threat on top of that.

> North Korea has a motive AND has publicly stated they intend to take action.

NK has a long history of threatening everyone and their mothers with doom and
gloom and nuclear boom, and we're all still here (i.e. they rarely follow
through).

But even then - let's look into the threat a bit, shall we? I can't actually
find the original source, best I could do (I gotta run - apologies) is:

> "If the US administration allows and defends the showing of the film, a
> merciless counter-measure will be taken," the spokesman was quoted as
> saying. [1]

So, their __merciless counter-measure __, that they vowed to on a world stage,
was in fact:

"We'll pay someone to hack Sony, then deny it"

..? Really? (Let alone that the original threat was obviously aimed at the US
administration).

[1] [http://www.bbc.co.uk/news/world-
asia-28014069](http://www.bbc.co.uk/news/world-asia-28014069)

PS: Back in June, Rogen responded on Twitter: "People don't usually wanna kill
me for one of my movies until after they've paid 12 bucks for it.". That's
exactly what I would do.

~~~
rgbrenner
> Wow, thanks! Bookmarked.

You're welcome (I can tell that's not sarcasm, since it doesn't have any
sarcasm tags ;)

> "We'll pay someone to hack Sony, then deny it"

NK doesn't always admit to things they do. They denied kidnapping japanese
citizens for 25 years, until they admitted it 2002.

The Cheonan was sunk by an NK torpedo.. NK denies it.. but an international
investigation said NK sunk it.. condemned by the UN security council. (later a
defector from NK said the crew that sank it were honored as heros.)

Assuming NK to act rational is sometimes asking for too much.

------
justcommenting
add schneier to the list of skeptics: [http://motherboard.vice.com/read/the-
best-thing-we-can-do-ab...](http://motherboard.vice.com/read/the-best-thing-
we-can-do-about-the-sony-hack-is-calm-down)

------
mathieuh
North Korea could produce evidence definitely proving they had nothing to with
it and it would still be dismissed as propaganda. The number of people who
believe that north Koreans are all brainwashed, and yet will accept
unquestioningly all of this crap made up about NK is astounding.

Do people /honestly/ think that they have to have haircuts "in line with a
socialist lifestyle"? Even after their national TV network reported that it
was slander?

Regardless of what you think about NK, it's a product of the circumstances
that led to its creation, and it's a bit rich for the American government in
particular to say these kinds of things about NK.

~~~
rl3
> _Do people /honestly/ think that they have to have haircuts "in line with a
> socialist lifestyle"?_

Yes. [0],[1]

> _Even after their national TV network reported that it was slander?_

Setting aside the implicit credibility you're ascribing to North Korea, I
think you may have been confused with another story. [2]

> _Regardless of what you think about NK, it 's a product of the circumstances
> that led to its creation, and it's a bit rich for the American government in
> particular to say these kinds of things about NK._

I agree, the US clearly does not have the moral standing to sully North
Korea's good name with accusations so serious as computer hacking. [3]

\---

[0] [http://news.bbc.co.uk/2/hi/asia-
pacific/4157121.stm](http://news.bbc.co.uk/2/hi/asia-pacific/4157121.stm)

[1]
[http://en.wikipedia.org/wiki/Let%27s_trim_our_hair_in_accord...](http://en.wikipedia.org/wiki/Let%27s_trim_our_hair_in_accordance_with_the_socialist_lifestyle)

[2]
[http://www.washingtonpost.com/blogs/worldviews/wp/2014/03/26...](http://www.washingtonpost.com/blogs/worldviews/wp/2014/03/26/are-
the-men-of-north-korea-really-being-forced-to-get-kim-jong-un-haircuts/)

[3]
[http://en.wikipedia.org/wiki/Yodok_concentration_camp](http://en.wikipedia.org/wiki/Yodok_concentration_camp)

~~~
mathieuh
The US appointed a puppet dictator (Syngman Rhee) who authorised the torture
and extermination of people for the crime of being a communist. They also
destroyed every single building in the North (not hyperbole, literally every
single building). Add to that the continued war games along the border and off
the north Korean coast and constant slander.

And I hate to resort to whataboutery, but let's not forget Guantanamo Bay and
the recently released reports about the US's torturing of prisoners.

As I said, believe what you want about NK, but their current situation did not
develop in a vacuum.

~~~
rl3
Regardless if North Korea's existence is a product of errors in US foreign
policy of the era, I fail to see how that warrants defending North Korea, much
less arguing that the US is somehow just as bad.

As far as Guantanamo Bay, I don't agree with torture in any form and believe
the detention facility there should not exist.

That said, something like Yodok isn't really on the same plane of existence. I
would class it as somewhere in between the Nazi concentration camps of WW2 and
Unit 731's atrocities. Guantanamo Bay may as well be Club Med compared to that
level of sadism and suffering.

------
hobs
I love comments about the "anti-hacker community" though the underlying link
to marco's blog (as this entire article is just commentary on original source
material) [http://marcrogers.org/2014/12/21/why-i-still-dont-think-
its-...](http://marcrogers.org/2014/12/21/why-i-still-dont-think-its-likely-
that-north-korea-hacked-sony/) gives his entire opinion.

I dont think its news to most of us here that the NK connection to the hack is
circumstantial; Sony's security has been penetrated by non-state actors
before, and without a lot of effort from what I can tell.

------
techtivist
I hate to feed conspiracy theories, but with the focus on state sponsored
cyber security threats, we completely forget that corporate sponsored threats
are equally potent.

Every time there's an attack on intellectual property of Western companies,
fingers are raised straight to state sponsored groups in China and Russia.
It's bewildering to me that privately sponsored attacks are hardly considered
seriously.

With the Sony attack we have been focusing on the movie, while the movie
could've been just an excuse for an attack that was aimed to financially
dismantle Sony, which it did.

~~~
dragontamer
Many corporations in China and Russia are state-sponsored. The whole communist
/ socialist thing blends government and corporations in a way that is alien to
the typical US Citizen.

    
    
        With the Sony attack we have been focusing on the
        movie, while the movie could've been just an excuse 
        for an attack that was aimed to financially dismantle
        Sony, which it did.*
    

But they didn't attack Sony proper. If they attacked Sony and stole the tech
to PS4 something, then it'd probably be China or Russia.

But these guys attacked Sony Pictures Entertainment... not just any part of
Sony. The scope of the hack IIRC doesn't go any further out than Sony's
Hollywood branch. Frankly, there aren't any corporations in the world who
actually care about a (probably) awful movie being made at some studio. And
the Chinese corporations that make movies are distinctly not competing against
Sony Pictures.

Sony Pictures Entertainment is the parent company of "Columbia Pictures" and
"MGM". Tell me, who the hell would attack "Columbia Pictures" ??

------
websitescenes
There is something interesting happening in the media in relation to hackers
and I think that is evident by the fact that this article refers to white hats
as "anti hackers". To me, that is a deliberate separation that is intended to
hide the good that hackers do.

~~~
valarauca1
Never attribute to malice what can be just as easily attributed to stupidity.

Largely outside of the hacker community, the _true_ definition of hacker is
lost. If you only look at popular culture there aren't a lot of in-roads to
the correct definition of hacking. Therefore how would the average person
know?

~~~
websitescenes
Interesting take here: "Never attribute to malice what can be just as easily
attributed to stupidity."

I think there is much truth to your sentiment. My only qualm would be applying
it universally. I am sure there is malice in the world that is masked as
stupidity.

~~~
valarauca1
To apply something universally is idiotic and short sighed at best. No
philosophy applies everywhere, and in every case. Only though understanding
the events around you can you formulate a correct assessment.

This grew out of Enlightenment thinking in the 18th century. And its why our
modern courts have such foundation on understanding the circumstances,
evidence, etc. Also why we have "degrees" of murder.

~~~
websitescenes
I agree that acts attributed to malice, often, are merely manifestations of
ignorance. The use of "anti hackers" in this article may in fact be one of
these manifestations but I am hesitant to say "Never attribute to malice what
can be just as easily attributed to stupidity." as you had initially
suggested. It's just the word "never" that does not sit well with me. Your
most recent comment seems to share this position, so it appears we agree.

~~~
valarauca1
We do. I was just using a quote to express my opinion on the matter.

------
ChikkaChiChi
"Remember the Maine! To hell with Spain!"

The US has been seeking a tangible threat in cyberterrorism for years.
Anonymous is too ethereal and China is too big of a sleeping dragon for them
to poke. Enter a hack loosely tied to a movie about North Korea and BINGO; you
have an enemy to fight on the cyberfront.

------
oblique0123
That's nothing checkout this.

[https://www.facebook.com/unknownnewWarstrategies?hc_location...](https://www.facebook.com/unknownnewWarstrategies?hc_location=timeline)

The real Iraq war strategist + known secret strategies and not done
strategies.

------
debacle
It is much, much more likely that the FBI is pointing the finger at North
Korea in the interim while they actually try and figure out who did this. The
reasons are many:

* It might make the investigation easier if the culprits think that the FBI is looking at NK and thus are less careful than they might otherwise be.

* NK is an easy scapegoat. If the reality is that the perpetrators cannot be uncovered, the FBI looks more competent by pointing the finger (unprovably) at NK than saying "We have no idea."

* The FBI doesn't care if NK actually did it. If they can merely tangentially prove that NK was involved, it prevents a massive security breach from being an unsolved crime. To have a breach the size of Sony's remain unsolved would bolster every would-be hacker in the world.

------
oblique0123
That's nothing check out this.

[https://www.facebook.com/unknownnewWarstrategies?hc_location...](https://www.facebook.com/unknownnewWarstrategies?hc_location=timeline)

------
ExpiredLink
The politico-medial complex told you that North Korea was the culprit. Believe
it, immediately!

------
tokenadult
I take it that most of the people commenting on the issue in the submitted
article, and most of the people commenting on the issue here on Hacker News,
have visited the United States. All of us can read and write English. But how
many of those people have ever been to north Korea, or even to south Korea?
How many can read Korean and regularly follow the Korean-language press from
both sides of the demilitarized zone, or regularly have conversations with
Korean friends? Applying critical thinking to a complicated issue usually
requires domain-specific knowledge. One part of the domain-specific knowledge
here is knowledge of methods of unauthorized access to computer networks and
computer security measures, which many Hacker News participants have. But
another part of the domain-specific knowledge needed to size up the disputed
issues in this case is knowledge of Korean internal politics, and I think that
very few Hacker News participants have that knowledge or even attempt to gain
it.

AFTER EDIT: Someone's silent disagreement with my comment is evidence as I
type in this edit. On my part, I'd be glad to hear from people who have _all_
of the relevant forms of information about what happened recently to Sony and
about how various governments have responded to that before making up my mind.
So please join in the thoughtful discussion here if you have knowledge of the
geopolitics involved or of other issues I didn't even bring up above. What's
most persuasive in any discussion is actual evidence, and thoughtful
discussion of evidence from reliable sources is what I like best about Hacker
News.

