Hacker News new | past | comments | ask | show | jobs | submit login
Did North Korea Really Attack Sony? (schneier.com)
173 points by dozy on Dec 24, 2014 | hide | past | web | favorite | 99 comments

I'm dismayed that this piece is repeating Marc Rogers's gross misportrayal of the linguistic situation of the Koreas, saying that "Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one, since North Koreans use a unique dialect." First of all, North Korean doesn't have "a unique dialect" but a number of regional dialects, just like South Korea, and like the situation in many languages. But again as in many major languages, a supra-regional, standard Korean language came into being, based on the central dialect region around Seoul which was the capital for many centuries. Before that the capital was Kaesong, which is in the same central dialect region as Seoul though it is now in North Korea. This happened before the division of the peninsula. Even today, the standard Korean taught and spoken in North Korea is based on this common standard with the South. The differences between regional dialects within either North or South Korea are far greater than the difference between the standard Korean spoken in the North and the South. The difference is mainly in words (especially any technology-related vocabulary introduced after the end of WWII) and spelling, and it's a lot like the differences between British and American English. You're never going to say that something written in English can't have been written by Americans because they have a unique dialect.

Also, as far as I know the codes didn't contain any Korean. Instead, what they found was that it seems to have used Korean text encoding, like EUC-KR. People have pointed out that this is a South Korean encoding, but North Koreans also use it since you hardly find any software that supports the official North Korean encoding. Again, if someone uses a British English locale, that isn't proof that it can't be an American. When it comes to text encoding and locale, you usually use whatever is available that lets you type in your own language.

To understand the language situation in Korea, let's imagine that we divided the Italian peninsula in half just north of Rome. Does it follow that now there are two dialects, North Italian and South Italian? No. Italian has a bewildering variety of regional dialects, and our arbitrary line doesn't correspond to a genuine dialect border. Similarly, the DMZ cuts across the central dialect region in Korea.

More importantly, Italians will continue to write and be taught in Standard Italian, which was developed based on the Tuscan dialect long before our artificial division of the peninsula. It won't be as if they would start from scratch and create new standard languages based on the Milanese dialect in the North and the Roman dialect in the South. Even independent countries such as Germany, Austria and Switzerland find it useful to use the same standard German as each other, even if it's not necessarily based on a dialect spoken wothin their borders. There will inevitably be differences in vocabulary and spelling, but the differences will be far less than if we imagined a naïve model where each country creates its own standard (which is what basically happened in Scandinavia).

Your comparison of Korean to Italian isn’t helpful, because you’re confusing dialects and languages. Italy has many regional languages including Piedmontese, Lombard, Venetian, Sicilian, Sardinian, Neapolitan, etc., and of course Italian (based on the Tuscan language). Each regional language has many dialects, so for example in Piedmont you have the Turinese dialenct of Piedmontese from Turin, which is distinct from the Piedmontese dialect in other areas. The dialects vary substantially, from one village to another—even different suburbs of a city can have different words for certain things.

Confusingly, Italians would call Piedmontese or Lombard a “dialetto” as much as they would call Turinese a “dialetto”. The word basically means a dialect or regional language, depending on the context. There is also a political element to it—the Italian government has suppressed the regional languages for years, and even now does not recognise them as languages, against academic opinion.

To be clear, Italians would also (generally) refer to Welsh as a “dialetto” of English, despite the fundamental difference of Welsh and English. (In fact they would usually also often refer to the U.K. as “inghilterra”.) The word “dialetto” as currently used in normal Italian speech simply does not correspond 100% with the English word “dialect”, much like the word “camello” doesn’t correspond to “camel”.

The regional languages generally are not mutually intelligible, although this depends on which dialects two speakers speak, and how “stretto” (strong) the dialect is (I don’t know what the academic term for this is). So for example Vercellese (from Vercelli) is linguistically close to Novarese (from Novara) even though Vercellese is classed as Piedmontese and Novarese is classed as Lombard (despite being a Piedmontese city). The distinction is ultimately arbitrary—there is a gradation of dialects from Piedmontese to Lombard. Vercellese for example has many grammatical elements of Lombard (e.g. it uses the Lombard lü (meaning “he” or “him”) instead of the Piedmontese chiela).

Also, an older or more rustic speaker is more likely to speak a “stretto” dialect, because they’ll use more words and expressions originally belonging to that dialect (or to the regional language). Over the years, the regional languages have absorbed many words from Italian, replacing the traditional words. Now, the same thing is happening to Italian with English words (e.g. the word “goal” replacing “rete”, or “babysitter” replacing “tata”, or “shopping” replacing “spesa”—the English word in each case sounds more modern or cool to Italian speakers).

The linguistic situation is basically the same as with Catalan and Spanish. Catalan is as much a “dialect” of Spanish as Piedmontese would be a “dialect” of Italian. In fact, you could just as rightfully say that Italian is a “dialect” of Piedmontese. The difference is political, not academic.

I am well aware of the language situation in Italy, and I hesitated a bit before using it as an example. I probably should have qualified my use of the word "dialect" as you rightly point out. I do remind people from time to time that the regional languages in Italy are languages in their own right, and indeed the "dialects" spoken in Italy don't form a natural subgroup of the Romance languages, either (Piedmontese and Lombard are probably closer to the subgroup of the Western Romance languages that includes French rather than the one that contains Italian). But for my point here the distinction between languages and dialects is not important. The point is that in all of Italy, regardless of the local dialect or regional language, people are taught standard Italian. If we divide Italy, the Southern half is not going to switch to, say, Neapolitan, or the Northern half to Lombard, in spite of the rich literary traditions of these regional languages.

The situation in Korean is not qualitatively different, either. For instance, the Jeju "dialect" (now sadly moribund) is definitely not mutually intelligible with other dialects of Korean some authorities would insist on classifying it as a separate language. Even the mainland dialects (as they are traditionally considered as opposed to distinct languages) are considerably different from each other, not just in lexical items but in the existence of different grammatical categories (e.g. distinguishing between yes/no and wh-questions), morphology (the conjugation of verbs and adjectival verbs is all different), and phonology (different consonant and especially vowel inventories, different stress/pitch systems), to the degree that I wonder how much communication would be possible if it had not been for the imposition of standard Korean.

I used Italy as an example instead of the U.S., because it is a stretch to say that the U.S. has different dialects as the speech is quite uniform across the vast country compared to what you see in Korea; or the U.K., where the existence of Scots complicates the analogy. I did not intend to minimize the diversity of regional languages in Italy.

In the case of Italy, I would also doubt (as you do) that a hypothetical “North Italy” would choose anything other than Italian as its official language, because the use of Italian goes back a lot further than the unification of Italy, and it’s the obvious and easy choice as a national language. The government simply doesn’t care about the regional languages dying out, and there’s no reason to think that a new North Italian government would have a different viewpoint. The main motivation, in the case of Italy, was just to have everyone speaking the same language.

However, it’s certainly possible for a country and a population to completely change language in a generation. The Italian generation of people that is now about 60 years old are effectiviely bilingual—they were taught in Italian at school, but (generally) spoke their regional language at home. The generation after that spoke only Italian, and the generation before that spoke only the regional language. (Obviously this is a bit of a generalisation.) So it’s quite straightforward for a country to change it’s language over the course of 20 years or so.

I have a colleague in the Netherlands who believes that the Netherlands will at some point adopt English as its official language. I personally doubt it, but it is nevertheless definitely possible. All it would take is for the government to decree that all schoolchildren be taught in English at school. Dutch people (and particularly Dutch school-teachers, which is the important thing) would easily be able to carry that policy out. The first generation of schoolchildren to pass through to adulthoold would probably choose to speak in English as their primary language, as has happened in Italy.

Also Brussels has changed from a Flemish speaking city to a French speaking one in a short space of time.

From what I remember, the main differences between the DPRK and ROK in terms of language are that the North doesn't use Sino-Korean words ("pure" Korean tends to predominate), and the vast majority of post-war loan words obviously aren't used.

You've got the gist, but North Korea does use tonnes of Sino-Korean words, which are like words of Greek and Latin origin in English. You can't simply eliminate such words from the language altogether. What you can do is to favour pure Korean words over Sino-Korean when coining new terms or standardizing terms for technical usage. So North Korea might use a bit less Sino-Korean than the South (I'm not even sure though, because there are other factors such as loanwords in South Korea displacing Sino-Korean words there). But this makes barely a blip on the language as a whole since so many basic words in Korean are Sino-Korean. Even most North Korean terms you're ever likely to hear are Sino-Korean: Juche, Son'gun, Chollima, Rodong missiles...

To add on to this: In South Korean newspapers you'll often find Hanja (the original Chinese characters) on news sites or in the paper or even on the news. It may be simply to clarify a phrase, or for when someone has passed away, there's a character for that. So South Koreans may not know a lot of Chinese characters, but they know the basics and they are quite aware where many words come from-- In North Korea to emphasize their Korean-ness they have little to none of these Hanja anywhere, they don't learn it in school like a South Korean child would, either.

On top of this, you'll find that those English loanwords are almost nonexistant in North Korea. Where South Koreans will simply say "Ice cream", North Korea has the word "얼음보숭이" which literally translates to "ice fluffly thing".

There's also differences in the speech styles (a very complicated and extensive topic in itself) and verb endings. NK prefers some styles where SK prefers others-- But like it was said farther up, the difference really comes down to something like US/British English, obviously different but still very mutually intelligible.

Actually, they do teach Chinese characters in school in North Korea; it is a common misconception that they don't. They teach 3,000 characters, which is numerically even more than the 1,800 characters taught in South Korea in school. But as you said, in North Korea you don't even see the very limited usage of Chinese characters in newspapers that you see in South Korea, so it is not much beyond a subject you learn in school. You could say the same about the situation in South Korea, though, since the usage of Chinese characters is really, really limited, mostly to certain newspapers.

The notion that North Koreans say 얼음보숭이 (ŏrumbosung'i) for "ice cream" is a bit of a myth. The authorities in North Korea did indeed introduce this word as a part of a linguistic purification effort, but it doesn't really seem to have caught on. A 1962 North Korean dictionary only has 아이스크림 (aisŭk'ŭrim) "ice cream", just as in South Korea. A 1981 edition of another dictionary and a 1984 encyclopedia introduce 얼음보숭이 (ŏrumbosung'i), but the official dictionary that appeared in 1992 again has 아이스크림 (aisŭk'ŭrim) "ice cream" and not 얼음보숭이 (ŏrumbosung'i). The 1992 dictionary also has 에스키모 (esŭk'imo) "eskimo", which in North Korea is a popular everyday word for "ice cream" which comes from a name of a brand that was popular there.

You have plenty of examples of South Korean language authorities introducing "purified" (often pure Korean) words to replace loanwords, which don't necessarily catch on. For "stapler", the official South Korean dictionary has the pure Korean translation 찍개 (jjikgae), for instance. But I have never seen this term in the wild—instead, people say 스테이플러 (seuteipeulleo) "stapler", or more commonly, 호치키스 (hochikiseu) "Hotchkiss". There is a limit to how much official language policy can dictate actual usage, whether it is in North or South Korea.

Well fancy that-- Everything I knew was a lie!

Would you happen to know anything about the usage of konglish in North Korea then, as in words besides 아이스크림 or 에스키모? Is it more frequent near the border or just as spread through as it is in SK?

Are you talking about loanwords from English in the Korean used in North Korea? Korean was already borrowing words from English decades before the division of the peninsula, as you can see in writings from the Japanese colonial period. So North Korea inherited a lot of these same loanwords. It has nothing to do with South Korean influence, if that's what you're suggesting, as the language communities of the North and South have been effectively cut off from each other since the war.

However, there are often differences in the spelling of such loanwords between the North and the South. So you have 프로그람 (p'ŭrogŭram) in the North but 프로그램 (p'ŭrogŭraem) in the South for "programme", 텔레비죤 (t'ellebijyon) in the North but 텔레비전 (t'ellebijŏn) in the South for "television", and 미싸일 (missail) in the North but 미사일 (misail) in the South for "missile". This is due to the fact that the standardized spelling of loanwords (a problematic and much debated area of Korean orthography) was frequently reformed in South Korea, and probably in the North as well, so the principles of spelling have turned out quite differently between the two. Also, as North Korea uses a lot of loanwords from Russian, even loanwords originally from English tend to be absorbed in the Russian pronunciation, such as 땅크 (ttangk'ŭ) for "tank" or 뜨락또르 (ttŭrakttorŭ) for "tractor" as opposed to SK 탱크 (t'aengk'ŭ) or 트랙터 (t'ŭraekt'ŏ) which is closer to the English pronunciation.

The official language policy in both the North and the South tends to discourage loanwords from English, but it seems a bit more successful in the North, especially when it comes to post-1945 loanwords. If you only focus on the differences between the North and the South, then you see many cases where North Korea uses native Korean words whereas South Korea uses loanwords from English. But you can't extrapolate from that and conclude that North Korea doesn't use loanwords from English at all. This would be a misconception, just like the false notion that North Korea doesn't use Sino-Korean words.

I wasn't implying at all that the North's use of loanwords was due to the South, I was asking how widespread are the English loanwords around the border compared to the far far North. -- Because the South has embraced loanwords much more than the North, would it be not uncommon to possibly hear 찍개 somewhere in the North as opposed to 스테이플러.

Didn't know about the Russian pronunciation thing, is 도꾜/도쿄 also included in that?

Sorry for the late reply as I didn't see this until now.

There is no reason for there to be a difference in English loanword usage in North Korea between the border area and the far far North. Remember, the DMZ is a tightly sealed border and there has been virtually zero cross-border exchange that would influence the language since the Korean War. If we were talking about normal national boundaries with some cross-border linguistic exchange then there would be a gradient of linguistic features taken from the neighbouring state near the border and diminishing as you move away from it, but with the DMZ there is no such thing.

찍개 is a recent South Korean neologism for 'stapler'. There is no reason that North Korea would use the same word. I don't know what they call staplers in North Korea, though.

Once again, the point is that English loanwords were being used in Korean before the division of the peninsula, and afterwards, North and South Korea followed completely separate paths of linguistic evolution. There was no way for people near the border regions to be influenced by what people were speaking on the other side. You might flip the question and ask whether South Koreans near the DMZ are more likely to use pure Korean words due to North Korean influence, and again the answer is no for the same reasons.

도꾜 is the traditionally common spelling for Tokyo that is based on maximum phonetic similarity. In South Korea, the spelling was reformed to 도쿄 to conform to standardized rules about how to write Japanese loanwords, where all non-initial "k" sounds were to be mapped to ㅋ. So this is more of a phonemic spelling. Roughly speaking, "phonetic" refers purely to the sounds, while "phonemic" goes into the more abstract level of grouping the sounds that are considered mere variations of a single sound to the speakers of that language. However, due to widespread resistance, the South Korean reform didn't go all the way in making it phonemically regular—otherwise, we would be writing 토쿄 instead, using ㅌ everywhere for "t" (in concession to the traditional practice, we write ㄷ for initial "t").

This reform took place in the 1980s in South Korea, and didn't affect North Korea, which still writes 도꾜 for Tokyo. It has nothing to do with Russian pronunciation. If we imitated Russian pronunciation, it would come up as something like 또끼오 or even 또끼워.

Place names side, I like that Korean orthography is morpho-phonemic rather than striving for purely phonemic spelling. The same morpheme tends to be spelled the same everywhere it's used, which promotes reuse and actually tends to make writing in bulk easier. It also isolates the written word from shifts in pronunciation over time a little more, something that hangul otherwise runs into problems with anyway.

In practice the orthography is sort of a middle step between the hanja spelling for many morphemes and their pronunciation. Multiple hanja end up mapping to the same hangul block because they're homophones, so there's some information loss, but spelling is morphemic enough that you can recognize the same morpheme in different arrangements. If you can guess what hanja it might be though you can often understand a word more deeply.

" if someone uses a British English locale, that isn't proof that it can't be an American" -- I'd take that further and ask, if this was such an advanced attack, wouldn't a bit of language misdirection be thrown in?

On a somewhat unrelated note, some people believe this is what the founder of Bitcoin did.

> Both his forum posts and his comments in the bitcoin source code used such Brit spellings as optimise and colour.[1]

1: http://www.wired.com/2011/11/mf_bitcoin/all/

Sigh, sounds very familiar, like what people say about Mandarin and Cantonese, those who don't know.

This is a different hack, but I think they more reliably differentiated between North Korea and South Korea, due to the IP addresses? "Korea seeks U.S. help in reactor hacking probe" http://m.koreaherald.com/view.php?ud=20141222001202&ntn=0

From what I've seen in the South Korean media, no one is talking about North Korean involvement in this separate hacking incident of nuclear reactors. The codes seem to be different from those used in previous attacks blamed on North Korea.

Note that linguistic evidence doesn't come into this, just as one wouldn't usually be speculating about which English-speaking country a hacker was from simply based on the code.

A good writeup on explaining the language diversity in the Korean peninsula.

What's interesting about North Korea is that they force Korean words on everything. For example, a word will spell the same in South Korea and can only be differentiated by context, intonation and use of chinese characters. Newspapers in South Korea is a good example of this as it almost requires a basic knowledge of traditional Chinese characters. North Korea seems to have none of it and has a political agenda to "purify" the language and it leads to lot of weird looking Korean words and leads to confusion.

Kaesong was also the capital a long ass time ago during the Koryo dynasty which was overthrown in a coup and Chosun dynasty was created by a general (we'll see the same thing in 1960s creating the modern ROK). The longest reigning and oppressive regime. North Koreans still refer to themselves as Chosun people and much of modern Korean identity lends from this era. The word Korea also comes from Koryo or Coree in French.

Tellingly, the FBI's press release says that the bureau's conclusion is only based "in part" on these clues. This leaves open the possibility that the government has classified evidence that North Korea is behind the attack.

I am surprised that the article doesn't end here. Other press reports have highlighted that there is classified evidence that has not been disclosed, and it seems odd to me that Schneier would play this aspect down in a story involving cyberattacks, North Korea, the FBI and the US intelligence community.

Because why exactly would anyone believe the US government after they have invoked the "secret evidence" trope for the billionth time?

They will claim this to get out of some clerical error. They will claim this for anything. It's unverifiable, it's unbelievable, it's a wonder any publication with some journalistic integrity left would read anything into it.

Here is attorney general Holder invoking state secrets to cover up what was eventually revealed as a lowly FBI clerk checking the wrong box:


This wasn't even an important case! Think what these people will do when the stakes are higher.

But surely the military industrial complex has the incentive to have the public's best interest at heart when it come to defining cyber warfare doctrine?

On the flip side, other fairly recent claims of classified evidence from US officials have proven to be unfounded -- most notably, the claims of active Iraqi nuke and chemical weapons programs which were the stated basis for George W. Bush's invasion. And other more recent examples, like Clapper's lie to Congress about bulk data collection, seem to indicate that the culture of US intelligence hasn't changed since then in any fundamental respect.

It's your choice whether to take these guys at their word in any particular instance. But some of us don't take their word alone as evidence for much, unless it's backed up by evidence which stands up to independent review.

US officials have lied so many times it's difficult to give credibility to anything they say:

NSA lies to senate about surveillance on U.S. citizens living inside the country: http://www.politifact.com/truth-o-meter/article/2014/mar/11/...

CIA lies about torture and it's effectiveness: http://www.nytimes.com/2014/12/10/opinion/the-senate-report-...

FBI lies to U.S. courts about surveillance records: https://www.eff.org/deeplinks/2011/05/fbi-chastised-court-ly...

I don't think that holds weight. The federal government employs nearly 3 million people, and of course some of them will lie to better serve their interests. You'd reasonably expect this. You see racists making similar arguments about random minorities - a few isolated cases expanded into a gross stereotype.

To blanket dismiss any statement as untrustworthy is unwise and misguided.

The problem with liars isn't that they lie, it's that sometimes they tell the truth.

Secret evidence can be used to justify whatever whims the gatekeepers of that evidence wish to pursue politically.

If anything should be learned from the Iraq debacle, it's that.

That focus on Iraq is strange. I'm French and when Bush provided so-called "evidence" at the UN, people here were laughing and media were skeptic. From comments on HN, it seems Bush was taken seriously in other circles of the world, which may explain why some US citizen boycotted French products after we said we would create a worldwide axis against war.

> From comments on HN, it seems Bush was taken seriously in other circles of the world,

Not sure if you heard the news, but Bush quickly invaded Iraq. I think it's safe to assume he was taken seriously.

> which may explain why some US citizen boycotted French products after we said we would create a worldwide axis against war.

Some US citizens just like to complain about foreigners to be more patriotic (as if that would help). I would doubt most people could explain anything about french foreign policy.

The net effect was to shout "he's got a gun!" at the critical moment of action - a security council vote, IIRC.

I didn't think Saddam was a serious threat to the west at the time, but the relentless hype did make me think it over one night: what if? And then I saw that anything asymmetrical he could do would quickly result in his destruction. Even if he had all the dirty weapons possible at his disposal, he wouldn't have been able to use them.

And, of course, what came out later makes governmental prognostications now from secret evidence almost impossible to believe. Western governments, in particular US and UK, lost their credibility. Secret evidence is used for political purposes, not for security. The case for covert interception of communications is severely weakened. Probably even our security is damaged.

Exactly! It honestly beats me. The tone around the news in India was that the so-called "evidence" was total bullshit. I, too, was amazed to learn that there were people who believed it.

Hmm... I wonder if there is any sort of equivalency between the Gatekeepers of Evidence and the Guardians of Peace.

As the other commenter said, there was also "classified evidence" that Saddam had weapons of mass destruction.

Why would you blindly "just trust them" when there's enough history to show that skepticism is a much healthier attitude.

IIRC, a lot of the evidence in the Saddam case came from a defector from Iraq that spun a story to tell the Americans what they wanted to hear. No one bothered to do enough verification of what they were hearing because it was what they wanted to hear.

I recall something of the sort, yeah.

This doesn't change anything I said, though. Regardless of where it comes from, "hidden facts" from agencies with an agenda that don't necessarily align with citizens are not to be automatically trusted.

North Korean defectors have also done this.

The common narrative is that the US contrived the whole thing to justify an attack. This is how that unfortunate situation gets used to explain all sorts of nefarious conspiracies.

But they really, honestly had reason to believe that Iraq had WMDs (yes there were doubters and skeptics, and of course they get the bulk of the attention after the fact, but many actually believed it).

Aside from defectors and people trying to lie their way to something, add that Saddam himself wanted the world (particularly Iran) to think that the Iraq government had WMDs. Iraq believed that having WMDs was a good defense (a good example since then is North Korea), so they tried to play the middle ground where they could seem to have WMDs hidden away, and could act as if they had that ace in the hole, but they would play along with UN inspectors just enough to try to avoid an attack, adding just enough mystery to the whole thing that there were open doubts. Intelligence is tough when the person you're trying to prove is doing something is also trying to convince you that they're doing something.

The game of chicken didn't turn out well. But the recurring narrative that innocent Iraq was all along say no no no look where you want and the US invented the situation is historical revisionism.

I don't want to get into an argument here but calling it "historical revisionism" is absolutely disrespectful to the rest of the world.

Historical revisionism is polls showing a huge percentage of Americans still think Saddam was involved in 911.

USA had no business invading Iraq (nor practically any other country, for that matter) and using the excuse that "Saddam claimed he had them to look tough" in order to justify so many tragedies (mostly foreign but also American) is egregious.

When someone performs threat assessment they do it based on facts and not on posturing or they'd prosecute every internet troll out there.

ugh. I'm going to stop now because I'm pissed but I'm going to let you know that you're basically apologizing for crimes against humanity with what sounds like kinder garden excuses.

This isn't some lowbrow conspiracy site, and I don't expect the participants to have the sort of superficial, facile understanding of world events that you've so evidently demonstrated. If reality makes you "pissed", you should stick to gentler pastures that conform with your worldview.

I don't think the US should have invaded Iraq for purely pragmatic and financial reasons. That does nothing to change the actual complex, convoluted reality that led to the decisions that were made, and then the long and fruitless, but very intense, search for WMDs after the attack.

You know, we found WMDs after the attack. They were just the wrong ones.

President George W Bush led the US into war in Iraq on the back of assertions that Saddam Hussein had recently-built weapons of mass destruction, supplies that had only increased in the aftermath of the 9/11 terror attacks.

Yet all the chemical weapons found by soldiers were manufactured before 1991, the Times reported. They consisted largely of 155-millimeter artillery shells or 122-millimeter rockets – not designed for mass destruction, and produced in the 1980s during the Iran-Iraq war.

According to the Times, the reports were embarrassing for the Pentagon because, in five of the six incidents in which troops were wounded by chemical agents, the munitions appeared to have been “designed in the US, manufactured in Europe and filled in chemical agent production lines built in Iraq by Western companies”.


> we found WMDs after the attack

The text you quote confirms chemical weapons but not weapons on mass destruction

They are WMDs by certain standards of international law on the technicality of belonging to a certain class of chemical munitions. The shells they were packaged in were not designed for mass dispersal, however the classification is on the stuff inside the shells.


Evading? How in the...

I'm sorry, acting emotionally offended by reality (and hurling spurious and misplaced claims like "kinder garden excuses") is the domain of the rank imbecile, and has absolutely no place on HN. This sounds hostile, but quite honestly you should take it as such - your reply is outrageous nonsense. It is a crime against any reasonable discourse.

And FWIW, "my government" is the Canadian government. But remarkably I have an ability to see the world as a complex gradient of shades, where there is no simple right, no simple wrong, and where people who pretend that they are should be mocked into silence.


Both of you are breaking the HN guidelines by being personally abusive. Please stop.

You should read up on it more.

In his evidence, the former Downing Street communications director rejected suggestions that he had been asked to "beef up" the dossier on Iraq's weapons of mass destruction and said its purpose had not been "to make a case for war".

But Major General Michael Laurie, who was the Ministry of Defence’s director general, intelligence collection, from 2002 to 2003, told the inquiry that making a case for war was “exactly its purpose”.

Maj Gen Laurie added that he and his colleagues were told that a previous intelligence dossier “did not make a strong enough case” and for months he was “under pressure to find intelligence that could reinforce the case” for war.

His evidence, which is the first time such a senior intelligence officer has directly contradicted the Blair government’s official line on the dossier, will restart the row over whether Downing Street “sexed up” the September 2002 document to persuade the public and MPs that the 2003 invasion of Iraq was necessary.

Maj Gen Laurie’s comments were made in private last year and have only now been published by the inquiry chairman, Sir John Chilcot, along with newly-declassified government memos and other evidence heard behind closed doors.


edit - also note that this is from The Telegraph. Whatever else they are, they are definitely not conspiracy minded anti-establishment types.

You should read up on it more.

Firstly, what the British government did or didn't do is not really relevant to conversations about the US government.

Secondly, even if the UK government were at all relevant to this conversation, telling someone to "read up" when providing information that doesn't remotely contradict what they're replying to is terribly boorish behavior. Note that I didn't say that the government had compelling evidence -- I said that they read the tea leaves and got the impression that there were WMDs. Yes, this overriding belief will make intelligence that might be a collage of coincidental and second-hand things perhaps seem more consequential than they should have been. But regardless, the overarching belief was that Iraq legitimately had a WMD program and stockpiles, courtesy of the Saddam regime trying to convince everyone that such was exactly the case.

Firstly, what the British government did or didn't do is not really relevant to conversations about the US government.

If you actually think that regarding this subject, then you have not looked into the events leading up to the Iraq war at all, and you definitely should read up on it more.

Regarding the aluminum tubes: the DOE's analysis, which found that they probably weren't used to enrich uranium, was classified. However, the CIA's analysis that it probably was used to enrich uranium wasn't. The two findings were released within a day of each other, back in 2001.

Because the former was classified, when congress decided to go to war, they were not presented with the DOE's findings. Only the CIA's.

If not nefarious, what would you call this? Convenient?

This thread hilariously earned me a glorious slowban. Hacker News literally descends into yet another conspiracy site.

However why don't you contrast your comment with mine. Are you actually countering anything I've said?

No, you actually aren't. But somehow in these sorts of black/white discussions people think they can find one sort-of thing and then say "aha". Hardly.

Yes I am. You claimed there was no nefarious conspiracy. I claimed that hiding information from congress when they're deciding to go to war shows the opposite. I would label anyone doing the same when the consequences are so high (thousands of lives) as such.

Since you seem to disagree, I wanted to know how you classify the hiding and twisting of this, and other pieces, of information.

Also, you need to realize that not everyone viewed the administration in the same light as you apparently did back then. My peer group was split close to 25/25/50 on them being: lying bastards, well intentioned but full of shit, and justified. But we were only in our early 20s. Older people seemed to be more accepting of what they were saying.

I don't know what they were selling you in the US, but that's straight up untrue. UN Inspectors were repeatedly telling the Security Council that Iraq was complying with WMD regulations and that in a matter of months, they'd be able to verify if all claims were true.

As usual, incompetent American intelligence was used instead since it was convenient.

This is a neat turn-around. Historical revisionism. That's good.

As usual, incompetent American intelligence was used instead since it was convenient.

It was actually the finest in British confectionery, with lashings of custard.


I'm starting to realize that quite a few on HN actually have no idea what happened during this period (too young?), and at this point they're just going by what they read on Reddit.


Iraq's cat and mouse game with the UN, which was a condition of the ceasefire from GW I, had been going on for years. The UN had passed resolution after resolution authorizing force, any of which gave the US -- if they even decided that they wanted its mandate -- the legal right to remove Saddam. Yes, when it was apparent the US had had enough, Iraq started complying, but it was too late for the US administration. Tough, but this notion that it was all cooperation and the US just wanted a fight is pure absurdity, and has absolutely no basis in actual reality.

But it does appear in the black/white simplified story that so many tell.

I actually remember this very clearly. In fact, I questioned my own memory of this when I read your comment (since it was so clearly the opposite of what I remember) until I went back and had a look and it looks like I was right.

For what it's worth, it's entirely possible that we were just exposed to different media narratives at the time. My parents remember it the same way too. The news about the reports from Hans Blix and Mohamed AlBaradei saying Iraq was complying with the requests of inspectors after Resolution 1441. Colin Powell's so-called evidence. These were front-and-center in The Hindu in India and there were editorials about it all the time.

Certainly the idea that the doubters were few is not particularly convincing in the face of that.

EDIT: Ah, you edited your comment to contain more than just the first line after I began replying. FWIW, I don't think it's US-Evil Saddam-Good. It's obvious to me that people were questioning the degree to which US military action was justified.

Quoting Resolution 1441 is a bit disingenuous since from the very day the US decided to attack Iraq there were people saying that it did not justify military action. In fact, I recall that they fell back on using it as justification after it became clear that any resolution asking for war would not pass.

Schneier is a skeptic. And skepticism garners more page views and also street credibility. It's not a bad way for him to get into the news every once in a while.

Moreover, basically what he's saying is there is more than one possible probable actor whereas the FBI discounted the rest. It's not that insightful.

Schneier is a pretty smart guy, but like everyone else has biases (I mean, tendencies). Not saying he's wrong here as I, as most everyone, have no first or second hand knowledge about this incident. Just saying that just because it's Schneier does not give him any more credibility in this than anyone else, unless he knows something about this incident most people don't know.

I'd be really interested to hear from HN about "appeal to authority".

When someone talks about security, and links to Schneier, I give their argumet more credit. If they link to GRC I give them less credit, and sometimes I dismess their comment.

I realise this is a bad thing. Gibson is going to be right occasionally and Schneier is going to be wrong sometimes.

But is this a generally sound policy? Find the experts and "not-experts" and decide how much time to spend investigating what they say accordingly; or should I be evaluatin arguments equally regardless who makes the arguemtn (with exceptions for obvious trolls and wingnuts)?

Schneier himself makes a couple of appeals to authority (Allan Friedman, Jonathan Zittrain) by essentially saying I believe this because so and so told me something (and I think their logic and conclusions are sound). But in neither case provides opposing opinions (as though there might not be).

But, to your question. I think we should question everyone one's assertions. Lots of experts, I mean true domain experts, will opine one way, just to be wrong down the road. So, maybe being an expert gives them an edge over a non expert but it does not make them automatically right.

Appeal to authority (as a fallacy) refers to advancing the opinion of a prominent figure for something on which they themselves are not an authority. Citing Schneier on computer security is not an appeal to authority. Appeal to authority is citing his opinion on the best way to prepare coffee.

> Appeal to authority (as a fallacy) refers to advancing the opinion of a prominent figure for something on which they themselves are not an authority.

This is incorrect. An appeal to authority is when an argument is claimed to be true because someone of authority has stated it. It is a fallacy when the authority of the person has nothing to do with whether the argument is true or not. For example, if a maths authority makes a maths claim, that doesn't mean their claim is true since their authority in maths doesn't determine the validity of their claim. The truth of their claim is determined by looking at the maths itself.

> Citing Schneier on computer security is not an appeal to authority.

It could be, if you're arguing that it's true because Schneier said it. Obviously something relating to computer security isn't true because Schneier says so.

That said, appeals to authority are somewhat necessary in discourse, since we don't have the time to explore all arguments on their own merits. I believe that claims that Schneier has made in the past are truthful, and therefore conclude that I can place some trust in other claims he makes without fully exploring them, but that trust may be misplaced.

Appeal to authority would be something like, "North Korea wasn't behind the attack because Schneier says so." To avoid an appeal to authority, you cite Schneier but make use of his arguments. "According to Schneier, North Korea wasn't behind the attack because if North Korea was behind the attack a different locale would have been used."

The fallacy still applies when the authority gives an opinion on some topic they are knowledgeable about; the fallacy isn't about the relevance of the authority so much as the use of the appeal.

I think that's a simplification. You can appeal to a en expert in A about something regarding A and still be considered an appeal to authority fallacy --that is because 'authorities' can make bad judgments, have biases, etc.

This piece pretty much echoes what I've felt since I first read about all the speculation and FBI report.

I'm just glad someone with credibility was able to come out and say it, I just hope (but doubt) that mainstream media will follow up on it and ask the right questions going forward.

I sincerely doubt the mainstream media will give Schneier any air time, as his view point isn't sensationalist enough to sell well.

But I also think his skepticism is spot on. This "explanation" is too conveniently tidy for me to find it all that believable.

But that someone has zero credibility when it comes to distinguishing nuances in the Korean language.

N Korea has the motive, means, and track record for this kind of thing. And please let's all agree such hacking is not some impossible rocket science. Any group of young teens/hackers with enough time could've pulled it off. Especially such a relatively easy target as sony.

Oh by the way, N Korea did launch a mid range ballistic missile (albeit a crude one).

You are glad he said what? He rules out a Sony insider and says NK must be involved in some way unless someone did it for the Lulz.

He didn't rule out a Sony insider.

> It's possible, but that employee or ex-employee would have also had to possess the requisite hacking skills, which seems unlikely.

Considering the number of laid off techies, I think it is somewhat "more than unlikely".

I don't know where you got the second part.

I think he's also missing the case where a disgruntled insider gives a beachhead and/or money to outsiders.

Just like this article, several other entities may be skeptical on assertions that North Korea is involved given the past involving Iraq's imaginary WMD...etc. Also, cyber attacks may be common in future, for whatever may be the reasons involved.

In future, if some Hollywood studio makes a movie on Russia's Putin or on China and if hackers claiming from the injured country do similar cyber-attack on that studio and If USA retaliates and if Russia/china counter-retaliates and if this spills into physical world, then we can have nightmarish situations/tensions and may be full blown war. Worse, another country may do that sort of attack from some other country to hide its trail. Hope proper sense and calm minds prevail to prevent such nightmare. But such possibility exists in theory.

As solution, world needs an international, independent, competent panel/forum/group to investigate openly/transparently all cyber-attacks and find out culprits rather than doing mere guess work. Also, evidence of the crime need to be put in public domain to avoid conspiracy theories. This can be on the lines of international court of justice/United nations ...etc. Since parties involved are entities like Sony which are not connected to national defence directly, we need not fear national secrets leaking out ...etc i.e. it can be done without impacting the sovereignty of the nations involved.

Without such arrangement, stability and peace of the world will always be in question for any cyber attack on any major country such as USA/Europe/China/Russia ...etc.

TL,DR: Cyber-attacks on economic entities such as Sony or Google in the past involving several countries need to be investigated by international body rather than a single country and evidence of the crime need to be in public domain to avoid conspiracy theories.

So he posits 5 possibilities, 3 of which directly involve NK? He basically says he doesn't know what to think, but maintains the evidence is weak, like every other tech journalist.

I do agree its a good possibility the government has a lot more classified evidence it's not sharing with us, and we're trying to put together a puzzle with only half the pieces.

If North Korea is involved I think it was after the initial attack (theory #4 in the article). As he says in the article: "the explicit North Korean connection -- threats about the movie The Interview -- were only made by the hackers after the media picked up on the possible links between the film release and the cyberattack". North Korea may not have even been aware of the movie until the hack.

It seems like Sony is playing up the North Korea connection because it could only help them. They would lose more credibility (and potentially lawsuits [1]) if it's a 14yo hacker doing it for the lulz. State sponsored hacking is a Big Deal, and many would give leniency to Sony if that's a true story.

[1] http://abcnews.go.com/Entertainment/wireStory/sony-faces-4th...

> North Korea may not have even been aware of the movie until the hack.

North Korea was well aware of The Interview ahead of the hack. See this article from June: http://www.theguardian.com/film/2014/jul/10/north-korea-un-t...

>the explicit North Korean connection -- threats about the movie The Interview -- were only made by the hackers after the media picked up on the possible links between the film release and the cyberattack

I personally think this is a misinterpretation of what happened. Media began heavily speculating it was tied to The Interview about 1-2 days after the hack was initially reported, but the hackers waited until Dec. 15 before explicitly mentioning it. If they wanted to take advantage of the sensationalism, why continue releasing messages and threats that clearly acknowledge Sony and the media between Nov. 24 and Dec. 15 while not mentioning The Interview until the most likely motive essentially became obvious?

Second, I think the group name "Guardians of Peace" is a fairly obvious allusion to "guarding international peace by preventing Sony from releasing The Interview", and is in line with just about everything they've been saying. And of course they were using that group name on day 1.

I'm not saying North Korea necessarily did it, but I think the actors either intended to stop the movie from the beginning, or intentionally framed North Korea by using a pretext of trying to stop the movie. I don't think they're a group of hacktivists who only appropriated The Interview as a motive after media speculation.

>I think the group name "Guardians of Peace" is a fairly obvious allusion to "guarding international peace by preventing Sony from releasing The Interview", and is in line with just about everything they've been saying.

There's nothing obvious to me at all in that name referring to the things we later learned. It's a really generically vague name, so it's easy to project onto it.

Out of the 5 possibilities Schneier listed, I found #1 (the one picked by FBI) mostly likely.

> This is the work of independent North Korean nationals.

Mr. Schneier doesn't clearly understand people who lived in a totalitarian country. If this national lives in North Korean, there is no way he will dare such an attack without being instructed by the government. This level of freedom doesn't exist in his mind. And it doesn't make sense for a North Korean still holding the same ideology to live outside North Korea, he would either completely abandoned that or go back to North Korea.

> This is the work of hackers who had no idea that there was a North Korean connection to Sony until they read about it in the media.

This doesn't explain the Korean language used in the code. It might be a South Korean, but from my knowledge, it's very hard to imagine a South Korean risking going to the jail either fighting for North Korean or even find it fun. (Hint - South Korean people don't like the people from north who are pointing Thousands of cannons and missiles to them). As for why this is not the same encoding as North Korean dialect, I know people from mainland China use encoding of Traditional Chinese from Taiwan. It is very easy for me the imagine that North Korean government offices use such settings so that they can access resources from South Korea (much more abundant and still without language barrier.)

> It could have been an insider

This hacker has been hurting regular Sony employees. From my understanding, only people with mental problems will direct their hatred towards a company to random regular employees (his own ex-coworkers). People with mental problems don't usually possess the hacking skills demonstrated in this case.

> The initial attack was not a North Korean government operation, but was co-opted by the government.

It is hard to imagine a hacker targeting Sony with the plan to profit from selling the information to North Korean government and then intentionally leave some trace towards North Korea (the Korean language in code). This attack must have originated from North Korea, and that's the conclusion FBI is suggesting.

People with mental problems don't usually possess the hacking skills demonstrated in this case.

Depends on the mental problem. The category is far too broad to make a sweeping statement like that. Anything from being slightly narcissistic to being a paranoid schizophrenic can be considered a "mental problem" under one definition or another. Most of these do not involve any diminished technical skills.

In addition, I could cynically retort that anyone who orchestrated such a reckless and damaging attack as this isn't exactly the most mentally stable.

There's no reason that the Nationals need be North Korean. There is diversity of political opinion in the South and not everyone loves Japan or has forgiven them for the long and brutal occupation. The film could easily be seen an attack on Korean sovereignty for any partisan of a unified Korean State. That a Japanese corporation is behind it certainly doesn't help.

On the other hand, historically the view of Japan as the important enemy is more strongly associated with the North. Fighting the Japanese occupation was probably a more important part of Kim Il-sung's political life than socialism and much of the divide between North and South was based on collaboration with occupiers than on a love/hate relation with capitalism...most Koreans in both countries at the time their civil war was hot were agrarian peasants.

If this national lives in North Korean, there is no way he will dare such an attack without being instructed by the government. This level of freedom doesn't exist in his mind. And it doesn't make sense for a North Korean still holding the same ideology to live outside North Korea, he would either completely abandoned that or go back to North Korea.

25% of Koreans in Japan align politically with the DPRK - http://en.wikipedia.org/wiki/Chongryon

I did not see any Korean language references in the malware code.

The rawdisk driver linked into Wiper is a reusable, publicly-available one, which has been used for many purposes including legitimate ones, and was written by someone from South Korea. That was compiled with a Korean locale (as you'd expect).

The result is a bit like saying Duplex Secure wrote Alcohol 120% because it uses the SPTD drivers - an invalid conclusion.

Is there any information anywhere of how the intrusion was made? E.g was the admin server for Sony's intranet accessible via remote desktop from the whole internet with the user and password admin/admin? It's a completely different situation than if it consisted of exploiting an unknown vulnerability in SELinux to get remote root access.

Their bandwidth is estimated to be in the neighborhood of 6Gbit/s, and they allegedly grabbed 100TB of data. If my math is right that would take fifteen days for them to download.

Unless of course they got a bargain on a VPS somewhere else..

They can use USB HDs. They can hack from China. The possibilities are endless.

It's well known NK had been complaining about the movie for months. And I doubt NK started hacking only 2 weeks before scheduled opening day.

This piece is in fact even more speculative than the FBI's announcement.

Everybody is a critic. Everybody has an opinion. Everybody is just writing rank speculation. The gov't filed charges, so to speak, so lets see them play out their case.

Wired had a good article yesterday too, that made clear that there is still a lot of uncertainty. http://www.wired.com/2014/12/sony-north-korea-hack-experts-d...

But NK sure is a convenient bogeyman for the real agenda: to bring in CISPA: http://www.zdnet.com/article/white-house-wants-congress-to-r...

CISPA was already vetoed due to inadequate privacy protections but the fundamental rationale of requiring private companies to share threat information with the government is pretty reasonable. CISPA just needs to be fixed and reintroduced which has been Obama's stance for a while.

So, legitimate question: how is it possible to get North Korean comments out of a compiled binary?

Somehow I doubt that any supposed North Korean hackers would have followed the tenets of free software and distributed the original source to Sony along with the malware.

man strings

"strings is mainly useful for determining the contents of non-text files."

What's funny to me is even with, "Freedom of information act," in the USA some Americans act like everything is public record.

It's not. Sometimes, for international relations, things are classified, never released until much later. Having been party to a minor agreement, at least knowing about it, before the general media, gives you a ton of insight into how the USA operates.

To me at least, I came to the, "Business," operating model. In other words, the economic engine takes priority and the agreements I know of that were signed pushed that particular agenda.

Dollars, literally, make the world go round. The US dollar is the world, "Reserve," currency. There's a very good reason for that, and a very good reason the Secret Service is in charge of the US money supply.

Then again, perhaps I'm as much as insider as the author of the blog post. Eg, out of the loop.

Dollars do not literally make the world go round. The world literally goes around because it was formed from a disc of swirling matter, and the lack of inertia and forces that would stop it.

There's no reason to be a pedant here.

Well, to be pedantic, there are many reasons. They range all the way from comedy, right through to just being a stickler for accuracy.

edit - looking at it again, jcd748 failed on accuracy as the earth does not lack inertia but rather possesses it in great quantities. 8.04×10^37 kg·m2, to give a rough figure.

Literally? Wow.

You're supposed to infer the figurative usage from the dramatic commas.

You mean the literal usage? http://www.merriam-webster.com/dictionary/literally (#2)

* long sigh *

Happy festivus!

And guessing the tinfoil conspiracy about Sony hacking itself wouldn't stay secret long. :)

My thought is we'll probably never know for certain unless perps reveal themselves, so saying NK definitely did it would be jumping to conclusions.

The real story is: Best. Marketing. Ever. And an international incident, to boot! (Well played, Sony. Even Obama was part of the story.). Seriously, the canceling the release was the story-making move. And the subsequent nonrelease release monetizes the situation. Couldn't have planned it any better. ;)

If it was all a marketing ploy they wouldn't have released private employee information that would open them up to lawsuits, or shut down their operations for several days. There's absolutely no way that Sony makes a profit on this adventure, and that would be the only reason to make it up. It's absolutely ridiculous to think otherwise.

If it was marketing, Sony would not have revealed the private emails of their executives. Obama would also not have stepped in, there is plenty of vetting that goes on in the federal government.

Let me explain the joke to you, since you seemed to have missed the cute emoticons.

Satire - making fun of any alternative explanation that obviously isn't true.

Maybe I should be more literal next time.

Merry Xmasmukah and new year!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact