
North Korea, Denying Sony Attack, Proposes Joint Investigation With U.S. - fivedogit
http://www.nytimes.com/2014/12/21/world/asia/north-korea-denying-sony-attack-proposes-joint-investigation-with-us.html
======
crdoconnor
Reasons for pretending that North Korea did it rather than a disgruntled ex-
employee:

Sony executives:

* Sony gets tons of free publicity for its new movie.

* It diverts attention away from those emails that were starting to make certain Sony execs look really bad.

* They don't look quite so hopeless and incompetent if they're getting hacked by a nation state.

FBI/CIA/NSA/DOD:

* It's something that can be used to deflect heavy criticism of their all-pervasive surveillance.

* It's something they can use to wangle more money - to face the exciting new "cyberwar" threat.

Reasons for North Korea denying involvement if they actually did it:

...

~~~
sroerick
Does anyone here know of a single infosec professional who thinks DPRK
committed the attacks?

~~~
walshemj
Certainly the evidence as described and the way NK has presented indicates its
a strong possibility.

If you act like a mad man (in terms of diplomacy) don't be surprised if people
assume the worst.

~~~
sroerick
What evidence? Do you mean the FBI press release?

~~~
pdabbadabba
This is quite a challenge you've set for us. You claim that there are no
infosec professionals who think NK did it. Exclude, apparently, the FBI from
the universe of infosec professionals. And then refuse to credit the
description of the evidence provided by the FBI, literally the only
organization likely to have direct access to the evidence.

I'm not saying that the FBI is totally trustworthy on this, but it's one thing
to distrust them and quite another to accord no epistemic weight at all to
their claims about the evidence. While they may have ulterior motives, they
(and NK itself) are also the ones best positioned to tell us the truth, if
they choose to do so. And while, again, one should not take it on faith that
the FBI always tells the truth, I'd trust them over the NK propaganda
apparatus any day of the week.

~~~
sroerick
I made no such claim. I'm no expert in this regard, and my knowledge base
should be understood here as a layman's.

I read the FBI report, and while I'm sure that there is plenty left out of the
report, their diagnosis was based largely on first, structural and tactical
similarities to other, earlier DPRK attacks, and second, North Korean IP
addresses that were pinged by the malware. Both of these, to my layman's
understanding, seem easily falsifiable.

All I stated is that within my own circles and based on the infosec
figureheads I follow, that I have not seen a single individual who claims to
have been convinced that this is indeed a DPRK attack. Because I'm obviously
somewhat filter bubbles, I was asking for individuals whose opinion I could
get which would help me expand my own filter bubble.

Dave Aitel has been raised as a counter example, and while he's certainly not
unbiased, it's tough to find people in this field who are in fact unbiased, so
I'm grateful to hear his opinion. I'd like to find more counter-opinions.

------
splike
I find this whole thing really weird, and I suspect sites like reddit are
being manipulated by someone.

Lets the timeline right

1\. North Korea makes its disapproval of The Interview public and complains to
the UN in the summer of this year

2\. Sony is hacked and passwords are leaked. The passwords are the focus of
the story

3\. A couple of days go by, no mention of North Korea or The Interview

3.5 I've gotta be missing something here

4\. Theaters (not Sony directly) decide the pull The Interview because of
threats from NK

5\. FBI blames NK for sony hack

6\. Obama gets involved (?????)

The sequence of events just makes no sense. Then there are sites like reddit
that are completely consumed by the story. The number of posts about it is
insane, and there is little skepticism about the bizarre sequence of events or
the blaming of NK.

~~~
digi_owl
Maybe i should check closer, but i never got the impression that NK was behind
the threats that made theaters pull The Interview.

As best i understand they were "just" online threats, but came in the wake of
similar threats to Sony employees and their families.

At this point in time i think there is a subset of internet trolls that get
their "lulz" from finding some high profile controversial topic and throwing
random threats at whoever is involved.

~~~
baddox
Every article I have seen claims that the threatening emails were sent by the
same hackers, although I haven't seen any reasoning behind this claim. Two
examples:

[http://www.theverge.com/2014/12/16/7402649/sony-hackers-
thre...](http://www.theverge.com/2014/12/16/7402649/sony-hackers-threaten-
terror-attacks-on-people-seeing-the-interview)

[http://abcnews.go.com/Entertainment/theaters-now-pull-
team-a...](http://abcnews.go.com/Entertainment/theaters-now-pull-team-america-
screenings-day-interview/story?id=27689728)

~~~
digi_owl
That Verge article is perhaps what i was missing. Seems the threats were
attached to a copy of previously unreleased emails from the Sony hack. Thus at
least demonstrating that the threat is coming from someone that has access to
the files from the hack.

Now if that is the same as the original hacker(s), never mind if they are
actually attached to NK in any way, is another issue entirely.

------
Mobiu5
Am I mistaken, or did the "hacker group" only mention The Interview AFTER the
media proposed the connection? It seems like whoever hacked sony (edit: or
somebody else!) just took advantage of an opportunity to cause some chaos. And
the whole "FBI confirms NK" thing seems shady. None of this quite adds up.

------
lotsofmangos
I've said this elsewhere, but if this whole thing was perpetrated by the North
Korean state because of the potential offence to North Korea from showing
their leader being killed, why has the scene of their leader being killed been
leaked by the hackers supposedly controlled by North Korea and is now posted
all over reddit?

~~~
cordite
Was that scene actually leaked by them, or someone upset that their movie
didn't get released?

~~~
kristofferR
It was just a link in one of the thousands of emails they leaked, so I doubt
it was intentionally leaked.

~~~
lotsofmangos
So the story is that a state level actor who is pissed at a company over a
particular bit of video, steals a load of data and then does not check the
stolen data for the video they are pissed about before publicly releasing it
online themselves, while simultaneously demanding that it isn't released in
any format ever?

I'm not saying that this isn't what has happened, as governments are capable
of wonderfully insane levels of stupidity at times, but it does seem
relatively unlikely.

This more looks like someone who is massively pissed with Sony, not a
particular film, and is just running with the NK angle for comedy chaos-monkey
reasons.

------
blueflow
I have some trust issues on that topics, it wouldn't be the first time they
made something up.

And its just in time to distract from the CIA report.

~~~
joelrunyon
It's a little sad that we're having a bigger discussion about a movie than we
are about torture. Priorities eh?

~~~
onewaystreet
We've had that discussion for the last 8 years. What's more to say?

~~~
diyorgasms
Have we really been having that discussion? Maybe I just haven't been paying
close enough attention, but I was unaware that we were anally raping prisoners
under the pretense of "feeding" and "hydrating." In fact the media dog and
pony show about the hunger strikes specifically said nasal intubation for
feeding, which was presented as being unpleasant but an humane manner of
keeping the prisoners alive.

Couple that with the revelations that we have tortured at least one prisoner
to death, and I think there is plenty of cause for the dialog about torture to
continue.

------
saranagati
im really not one for conspiracy theories but this one just seems so obvious.

* sony gets hacked.

* a few news articles about it.

* cia torture facilities get leaked and admitted.

* news coverage all over about it.

* US federal government does something its never done before and calls out a specific nation state as the attacker for the sony breach.

* news coverage of sony skyrockets and cia stuff disappears from media.

* us government goes on to say that they need to increase their "cyber defense" by having more control over the internet to protect individuals and companies from other nation states.

edit: oh also wasnt it just earlier this week that there was an article on hn
about sock puppets?

------
sopooneo
If it really was North Korea, why would they deny it? Doesn't an act of
retaliation require the perpetrator to take credit in order for it to have any
benefit to them? Or could it be that North Korea is publicly denying it with
the understanding that everyone really knows it's them?

~~~
ncallaway
It wouldn't be entirely outside of North Korea's MO to deny the attack even if
they launched it. For example, after (very probably) being the actor behind
the sinking of the Cheonan they aggressively denied being involved.

~~~
sopooneo
But taking on the role of arm-chair rogue nation, why?

I can image three reasons. First as I mentioned above, you might make official
denials with the understanding that everyone assumes you did it anyway.
Second, there might be internal infighting between the people who did it and
the people who issued the denial. Or third, you might do it with the plan to
take credit, then get cold feet afterwards when you realize how much heat it's
bringing down, and then deny.

Or is there any other hypothetical rational for such acts that I am missing?

~~~
ncallaway
Another rationale is that you want the attack to _happen_ , but you don't want
negative repercussions for being the actor that caused it. This is essentially
the first scenario you present.

The Cheonan incident followed a very similar path. S Korea and the United
States identified N Korea as the actor. N Korea denied the involvement and
offered to work with the nations to lead an open investigation into the
incident. N Korea's official denial was enough cover for China and Russia to
disagree that N Korea was involved in the incident. The ultimate UN statement
on the attack was a condemnation of the attack, but no official party was
declared responsible.

This gives N Korea the benefit of terrorizing the S Korean navy, while
avoiding a direct military or economic response. It's a game of brinksmanship
where they want to push their actions as far as possible to convince the world
that their threats are serious, while still minimizing the negative
repercussions that often follow from such actions.

~~~
crdoconnor
>This gives N Korea the benefit of terrorizing the S Korean navy, while
avoiding a direct military or economic response.

They've frequently done similar attacks and been completely open about it and
suffered not much in the way of a response.

>This gives N Korea the benefit of terrorizing the S Korean navy, while
avoiding a direct military or economic response. It's a game of brinksmanship
where they want to push their actions as far as possible to convince the world
that their threats are serious, while still minimizing the negative
repercussions that often follow from such actions.

Alternatively there was an almighty fuck up on the part of some part of the
South Korean navy and blaming the North Koreans helped them escape any
fallout.

------
UhUhUhUh
This whole deal really looks like a chess move (and a pretty good one too)
more than a pissed-off reaction. This feels Russian to me.

------
dschiptsov
Oh, come on. There is a simple theory that "all oversimplified/naive theories
are wrong" (this is, by the way, a consequence of "all mental theories are
wrong, but some of them are useful).

The theory that North Korea was upset about a crappy movie and hacked Sony is
such a naive nonsense, it cannot be considered seriously. In is HN, after
all.)

Less naive could an idea that some guys hacked Sony (for money, what else?)
and used this as a "cover story". How does this happen? By a chance, like most
events in Universe.

The hack itself, probably, was due to neglected security, like WEP hot-spots,
unpatched Windows crap, everyone has Administrator privileges, updates
disabled - everyone knows how it is.

And in order to "save the face" everyone jumped on that naive story - it is
highly sophisticated hack by foreign intelligence, not an "admin" (or "fuck")
password on some hotspot or Windows domain. It was a media division, btw, not
a "techie" department.

I am exaggerating a bit about passwords, but the idea, I hope, is clear.

~~~
csandreasen
> _The theory that North Korea was upset about a crappy movie and hacked Sony
> is such a naive nonsense, it cannot be considered seriously._

I'd be inclined to agree with you if the North Korean government didn't
officially condemn the film last June and threaten retaliation if it was
released.

[http://time.com/2921071/kim-jong-un-seth-rogen-the-
interview...](http://time.com/2921071/kim-jong-un-seth-rogen-the-interview-
james-franco/)

~~~
dschiptsov
This is, most probably, correlation, not causation.)

~~~
csandreasen
I think it's interesting that Sony is hacked several months after North Korea
makes threatening remarks about a specific movie, the hackers make specific
threats about the release of the same movie, and the FBI states that their
forensic investigation turned up malware with code identical to malware
previously attributed to North Korean hacking and using the same C2 servers
and proxies, but the tech community won't even entertain the possibility that
it might be North Korea behind the attack.

------
cyorir
Would North Korea even have an interest in attacking a company like Sony
Pictures in this way? Normally, when a nation-state goes for a cyber attack,
they go after useful targets. For example, they go after a government to get
an upper hand in negotiations, or maybe they go after industry or academia, to
secure knowledge about some helpful technology. Sony pictures would not be a
canonical target for a nation-state, because they really don't have much to
offer a state like North Korea (it's not like this attack will help the
struggling North Korea film industry). In contrast, there would be more for
North Korea to lose if the US retaliates.

I can't quite understand the allegation that NK is behind this because I don't
see a motive.

~~~
brown9-2
Is it too hard to imagine that a member of the Kim court could have purchased
or ordered the services of hackers to curry favor with the leadership? You
might be looking for rationality and logic in the actions of a cult of
personality.

This is after all a country that in the past has kidnapped Japanese citizens
for purposes including producing movies for the NK film industry:

[http://en.wikipedia.org/wiki/North_Korean_abductions_of_Japa...](http://en.wikipedia.org/wiki/North_Korean_abductions_of_Japanese_citizens)

[http://en.wikipedia.org/wiki/Shin_Sang-
ok](http://en.wikipedia.org/wiki/Shin_Sang-ok)

~~~
TheOtherHobbes
It's not impossible. But it is a stretch.

How would a member of Kim Court know where to find hackers?

I'm not sure what percentage of people here know where to find those kinds of
hackers, and we're supposed to be IT experts.

So the idea that some underling in the world's one surviving Stalinist state,
which happens to have barely any Internet, knows where to hang out on DarkNet,
and also has a suitably impressive stash of BitCoins, and knows enough about
corporate politics to understand how to cause Sony Pix maximum humiliation -
all that sounds just slightly unlikely, no?

China? Maybe. Russia? Possibly. 4Chan and/or LulzSec? Uh huh.

But North Korea? Possibly not.

------
fivedogit
OP here. This thing is confusing the hell out of me. I go back and forth on a
daily basis as to whether I think it was the NKoreans or not. One major factor
in my head that I haven't heard stated elsewhere is this: If the government
says today "It was North Korea" and tomorrow a hacker group says "Lulz! It was
us. Gotcha!", that makes the FBI/CIA/NSA look _really, really_ bad. Bad enough
that it would outweigh any benefits to blaming the NKors. Why would the feds
go out on a limb like that if they weren't absolutely sure?

~~~
crdoconnor
>Why would the feds go out on a limb like that if they weren't absolutely
sure?

Because the military is likely angling for extra funding for its 'cyberwar'
divisions and they would like for that pesky torture stuff to be yesterday's
news.

~~~
fivedogit
Well sure, but my point is that being publicly wrong about the hack being
NKor's work would outweigh everything, including changing the subject re:
torture. Maybe I'm wrong about that, though.

~~~
click170
I think I disagree with you here.

I can easily see the American government blaming NK because that would (and
has) generate media attention and push the torture report out of the
spotlight.

That torture report is one of the best gifts they could have given the
terrorists. They now have undeniable proof that America tortured people. Even
if we put that aside, torturing people is what America prosecuted other war
criminals for, and here they are flaunting their own rules. Consequently,
they've lost all credibility and moral high ground.

I think being wrong about blaming NK is much easier to brush off than being
caught red handed violating the ethics that your own country established just
decades prior.

Think about it, if they're wrong about NK, everyone who suspected that is just
going to go "I knew it." and everyone else will wonder how they could have
blamed NK without being certain. Repercussions? None. Benefits? The People
have forgotten about that whole torture thing. Win Win for the WhiteHouse.

------
totony
Too much NK bashing. Just because a state is recluse and has barely any
relation with other states doesn't mean we can just speculate and blame them
for everything without _real_ proof.

------
robertszkutak
"While some computer experts still express doubts whether the North was
actually behind the attack, American officials said it was similar to what was
believed to be a North Korean cyberattack last year on South Korean banks and
broadcasters. One key similarity was the fact that the hackers erased data
from the computers, something many cyberthieves do not do."

I won't pretend to be an expert on information security but surely this isn't
anywhere close to being unique enough to point blame at North Korea?

~~~
eli
My understanding is that the code for the module that securely deletes files
is unusual and nearly identical.

But I share some of your skepticism.

------
joesmo
I can't wait to see this movie now, not because I think it'll be great but
just because of the controversy surrounding it. Especially if Sony doesn't
officially release it, I find it extremely ironic that so called hackers are
the ones threatening Sony (which is a dubious claim at best) and hackers will
likely be the ones to get it "released," considering Sony's lackluster (at
best) security.

~~~
ponyous
That's the bigger plan. Illuminati, they want us to see the movie.

</sarcasm>

~~~
crdoconnor
More like Sony is trying to make the best of a bad situation by generating
some free hype for a (probably shitty) movie.

------
frevd
An indirect proof of who hacked Sony is easy: depending on whether the
'Hackers' publish the movie or not (given they got access to it and given Sony
does not publish it as they say) will show who's behind it.

------
maxharris
Nothing that North Korea says should be treated as though it were legitimate.
This is a country that keeps something on the order of a quarter of a million
people in actual concentration camps, and tens of millions more utterly
brainwashed and in unspeakable poverty. This is now, today, in 2014.

[http://www.dailymail.co.uk/news/article-2565240/Voices-
damne...](http://www.dailymail.co.uk/news/article-2565240/Voices-damned-These-
horrifying-stories-concentration-camp-victims-reveal-chilling-clarity-week-
North-Korea-likened-Nazi-Germany.html)

[http://www.theatlantic.com/international/archive/2014/02/nor...](http://www.theatlantic.com/international/archive/2014/02/north-
koreas-horrors-as-shown-by-one-defectors-drawings/283899/)

[http://www.theblaze.com/stories/2014/02/19/eight-sketches-
of...](http://www.theblaze.com/stories/2014/02/19/eight-sketches-of-life-
inside-north-koreas-prison-camps-that-will-haunt-you/)

~~~
crdoconnor
It's also a country that when it scores one over on the US, never shuts up
about it:

[https://en.wikipedia.org/wiki/USS_Pueblo_%28AGER-2%29](https://en.wikipedia.org/wiki/USS_Pueblo_%28AGER-2%29)

They really have zero reason to deny culpability if they actually did do it.

------
krick
Literally every day now I run across something mentioning "Sony hack", but
haven't understood yet why it's so significant topic. It seems to gather way
more attention than I imagine something like this should. Every now and then
somebody gets "hacked", sometimes it's somebody pretty big, it's not that
uncommon that some really important data gets leaked, but it never goes
further than mentioning it on HN or something, no jokes about it on 9gag, no
North Koreas joining investigation. What's the matter?

Maybe it's because I missed original news. Can somebody provide link or
explanation why the heck it's so important that even completely non-technical
people buzz about it all the time?

~~~
blazespin
Because free speech is a constitutional right now being impugned by a bunch of
hackers or a tiny country. The U.S. looks completely powerless in the face of
it.

~~~
eli
The free speech angle always seemed like a stretch. Isn't Sony free to release
or not release movies as they see fit?

~~~
walshemj
And Hollywood could have pulled the prediction of Casablanca to avoid
upsetting Germany and the pro Nazi german americans - and there was serious
pressure put on Hollywood to do this.

~~~
nerfhammer
source? Casablanca was produced in 1942 and released in 1943

~~~
walshemj
the book describing the making of Casablanca is quite explicit about the
pressures the appeasers and American Nazis put on Hollywood.

[http://www.amazon.co.uk/The-Making-Casablanca-Bogart-
Bergman...](http://www.amazon.co.uk/The-Making-Casablanca-Bogart-
Bergman/dp/0786888148)

~~~
nerfhammer
Such pressures may have existed in the late 30's, but I don't see how there
could have been any pressure to "pull production" of Casablanca for the sake
of not offending Nazi germany given that its production was well after the US
had entered the war. As far as I can tell Warner Brothers had only first heard
of the script by January 1942.

------
joelrunyon
A few questions:

1\. Does NK even have the capability to pull something like this off? They
seemingly fail at every other intimidation stunt they pull off & now they have
a massive success out of nowhere? Hm...

2\. Why would they deny it if they did it? It's very out of character for them
to not pounce on the chance of something being very embarrassing to the US.

3\. With all the talk of it being so complicated to pinpoint exactly where the
attacks came from, what info is the US gov using to pin this on NK (besides
the very easy narrative around the context of the movie). They have to have a
bit more intel than they're letting on...or something is fishy here.

~~~
joelrunyon
Adding to this, I really hope this isn't the digital version of WMDs-in-Iran-
type-event where we make up convenient excuses to intervene in countries that
are somewhat problematic.

~~~
hokkos
The USA won't intervene in a country with nuclear weapons and a few kilometers
from Seoul for crime without physical damages. NK won't hacknowledge it
because they want to appear as a victim in every way possible.

------
nkoren
Translation: "We have no idea how this attack was perpetrated, but would sure
like to find out."

(Nudge nudge, wink wink, you know what I mean, know what I mean?)

------
thatusertwo
Does it really matter who did this?

The future of the internet is changed as a result of this event, thats the
true meat of this situation.

------
blazespin
The Russians or NK could have secretly hired Chinese hackers to make it look
like NK. Now they can embarrass the U.S. for jumping the gun like they did in
Iraq and weapons of mass destruction (assuming the connection can not be
proved).

------
exabrial
I think there are more important things to worry about...

------
hooo
If NK did hack them, a joint investigation would be great as they'd learn what
techniques the US used to identify NK.

------
jdawg77
When was the last time most, if not all, of the community here hung out with a
guy or gal from the Foreign Service? Or better yet a member of the State
Department of the USA?

Or the equivalent in their home country; that's just as well, given that the
people I've met all over the world who work in their country's foreign service
department are generally good people.

If you haven't seen, "A Beautiful Mind," it's a great film and the math
literally helps explain why North Korea, despite evidence, might be a, "Sock
puppet," used by...well, let's see.

What country is having a really, really crappy time with economic sanctions
right now?

Maybe, just maybe, a bit of experience at interacting with the folks who
(gasp) make these kinds of decisions would make the whole situation easier to
explain. Or if most of us simply revisit kindergarten in the US, eg, the game
of, "Tag." Remember how to claim a cookie that you're not supposed to eat?

Touch it. "If I touch it, I own it," because nobody wants to eat the cookie
you touched after you liked your finger, right? So, Russia perhaps, "Licks
their finger," tunnels through, and then when we discover the breach, "Look,
it's the North Koreans!"

If not them, I'd say Luxembourg is behind it all. We know most American
companies that have operations overseas use them to launder (I mean, mitigate)
tax burdens in Europe, right?

~~~
jdawg77
-3, impressed.

Okay, I met the former ambassador to Sri Lanka and had tea with snacks when we
hung out. Present was a Vice President of the country I lived in - great guy.

I can't confirm nor deny, because I don't know, the exact status and titles of
the various members of the legislature I met while overseas because, frankly,
it wasn't my intent to keep a log then post it publicly.

To whit, I've also been listed as a reference for a prosecutor who became a
judge in California. However, none of this should be needed to, "Trot out," in
a response about foreign politics, which I have ample experience in personally
through multiple visits to many countries.

Thanks, though, for deflating my karma count - I need to remember, I'm sharing
here because it's fun, not because I'm winning a game. ;)

------
ohsnap
Anyone else frustrated that you can't have a conversation about this without
the vast majority of threads taking on a conspiratorial tone? I suppose it's
human nature for something with such power players as Sony/FBI/NK to seek out
hidden motives and what not - but the comment quality really drops off.

~~~
nerfhammer
Yes. At least it doesn't seem to mostly be the same regular posters you
recognize elsewhere.

I've started to think of conspiracy theorizing as some kind of base human
instinct

