No announcement yet.

Sony hack: A new pearl harbor?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Sony hack: A new pearl harbor?

    This article has an interesting slant on the recent hacking of Sony. I hadn't been interested in the hacking because it affected the movie business; something only marginally connected to reality in my opinion. But the author of this article proposes that the Sony hack is a sea change in perception at least of the power of corporations. I ask the question: will corporations begin to practice self censorship and even covertly modify their business plans and decisions out of fear of hackers?

    Will hedging against hacking attacks add an appreciable amount to the cost of doing business?
    "I love a dog, he does nothing for political reasons." --Will Rogers

  • #2
    Re: Sony hack: A new pearl harbor?

    I know of one global brand that had it's regional office network compromised and files encrypted by an Eastern European based(suspected/likely) outfit in exchange for some serious money.

    Similar but different.

    I think it's safe to say both crime and warfare will be conducted in more hybrid(digital and meatspace mashup) ways.

    Looks at the Arab Spring.

    It started with a single guy who lit himself on fire and it was catalyzed by mobile and internet connectivity.

    In Libya and Egypt the digerati alpha nerds didn't have physical meatspace capability, but they found connections in the form of soccer/football hooligan clubs to be the street cred at the meatspace coalface.

    I would hazard a guess that future crime and irregular warfare activities will be led by the organizations with the most effective balance between anonymous(or resolving to legally nebulous jurisdictions) digital capability combined with deniable links to existing meatspace illicit networks or covert/clandestine sovereign capability.

    The term hybrid warfare has been used with increasing frequency in the past year with Ukraine/Crimea.

    The same can be applied to hybrid criminal activity.


    • #3
      Re: Sony hack: A new pearl harbor?

      Originally posted by photon555 View Post
      This article has an interesting slant on the recent hacking of Sony. I hadn't been interested in the hacking because it affected the movie business; something only marginally connected to reality in my opinion. But the author of this article proposes that the Sony hack is a sea change in perception at least of the power of corporations. I ask the question: will corporations begin to practice self censorship and even covertly modify their business plans and decisions out of fear of hackers?

      Will hedging against hacking attacks add an appreciable amount to the cost of doing business?
      The answer to your first question is almost certainly. The answer to your second question is less clear. Businesses which rise to significance in the marketplace do so by holding at least a significantly pragmatic view of matters. One way to catch a glimpse at how the impact of this type of piracy might affect businesses is to look at how the shipping industry reacts to real piracy. Look at this post by one substantial player in one substantial company from 2011 to peer behind the curtain: http://www.informationdissemination....rates-are.html

      I think this level of piracy is significantly higher in its impact and also in its reach. You can avoid the coastline of Somalia by hundreds of miles to somewhat reduce the risk of piracy, but you cannot distance yourself from hackers except through investing in defenses. At that point, it because a raw risk reduction decision--is it worth the risk of loss to take effective measure to protect the assets? That is for every firm in such a position to decide for themselves.


      • #4
        Re: Sony hack: A new pearl harbor?

        Just had a thought. What will happen if one day a hacker manages to encrypt all the data on AWS? ;)

        Originally posted by lakedaemonian View Post
        I know of one global brand that had it's regional office network compromised and files encrypted by an Eastern European based(suspected/likely) outfit in exchange for some serious money.


        • #5
          Re: Sony hack: A new pearl harbor?

          Originally posted by touchring View Post
          Just had a thought. What will happen if one day a hacker manages to encrypt all the data on AWS? ;)
          That would be a wide spread global problem, rather than a niche local/regional problem.

          The one I'm aware of was a case of sophisticated extortion by an illicit network.

          The targeting of something like Amazon Web Services can be quantified using the CARVER tool.


          Something like AWS is Critical(due to increasing levels of critical digital outsourcing), Accessible(with the right skillset), Recuperation(without, or even with, NSA levels of processing power, cracking it could be a long-term problem unless voluntarily decrypted by offenders), Vulnerable(with the right skillset), Effect(potentially very widespread), and Recognized(Page 1 headline for a big chunk of the world).

          Potential offenders tempted to commit such an action would go well beyond just extortionists to include genuine terrorist networks, sovereign states direct action/proxy, even activist groups taking Greenpeace "attention whoring" to the next digital level or further towards the merge of activism/terrorism as with ALF/ELF "digital tree spiking".

          But in having said that, tools the CARVER matrix are just as useful on defense as Amazon's security would be allocating resources to mitigate risk.

          But I think it's fair to say that efforts by genuine terrorists trying to blow up bridges and genuine activists trying to dangle from them with activist signs will shift towards the digital, especially if the cost to conduct such an operation and the risk of capture is potentially low.


          • #6
            Re: Sony hack: A new pearl harbor?

            There are plenty of questions being raised about this so-called hack and its alleged country of origin. Heck, there are still open questions about Pearl Harbor.

            Given the stories bandied about in the press about the alleged oddities of KJU, I'd expect him to be delighted by the publicity. If the man has Dennis Rodman as his goodwill ambassador, surely he'd be up for a movie premier party with Rogen and Franco. His daddy loved the movies and they do say KJU is a chip off the old block. First day sales following a premier in Pyongyang could hardly be worse than the "million dollar" opening Sony execs are spinning as a success. "The Interview" managed to beat out Free Willy 3 in first day sales by some seven thousand bucks. That's winning!

            Personally, the whole thing smells like moonshine to me. I think people are being played yet again by our cloak and dagger snoops and their mighty Wurlitzer. And since we seem to eat this vomit up like it's ice cream I know better than to swim against the tide. Allow me to join in the chorus:

            Oceania, Tis For Thee. Tis for thee...

            Such a pleasure to lose oneself in the crowd of popular opinion and delusion. But I do have a question about the source. How come stories from Natural News slide so easily down the throat around here?

            Can there be any rational person left among us who doesn't know that Natural News is a wingnut "alternative medicine" site? Don't get me wrong, I enjoy tickling the amygdalas of paranoid nutters as much as the next guy but how many chemtrails, fluoridation of water and vaccine hysteria articles does one need to wade through before figuring out Natural News is bunk? We laugh at InfoWars and relegate old PCR to the corner, but a slimy guy like Mike Adams is okay?

            I guess everybody has to have their own olfactory threshold for bullshit. For some, it's the 9/11 truth stories:

            Today's "national IQ test," if you will, is whether people yet realize 9/11 was an inside job. To watch the WTC 7 building fall into its own footprint, demolition style, and somehow fail to grasp that this was a carefully-planned demolition job is just as idiotic as not being able to count how many times you jump rope.

            Jumping rope and 9/11 truth - how the sheeple have been trained to avoid unpopular truth about WTC 7
            For others it's the articles peddling natural cures for ebola and encouraging mothers to avoid the MMR vaccine, oldsters to avoid flu shots and the AIDS conspiracy stuff.

            "Conventional medicine's explanations of HIV and AIDS are a medical myth at best; and outright quackery at worst. There is no such thing as a virus that "causes" AIDS, since the very definition of AIDS is widely disputed by scientists around the world. (And patients are often diagnosed with AIDS who have no HIV whatsoever.)"

            The AIDS myth exposed: Why experts are challenging conventional AIDS mythology
            So why does a site like Natural News have any currency here on iTulip?
            Last edited by Woodsman; 12-28-14, 03:39 PM.


            • #7
              Re: Sony hack: A new pearl harbor?



              • #8
                Re: Sony hack: A new pearl harbor?

                Security experts investigating the devastating hack against Sony Pictures appear to be moving away from the theory that the attack was carried out by North Korea, focusing instead on disgruntled former employees of the firm.

                Researchers at Norse cybersecurity claim that six former employees could have compromised the company’s networks, arguing that accessing and navigating selective information would take a detailed knowledge of Sony’s systems.

                Norse is not part of the official FBI investigation, but did brief the government on Monday, the company said. Though noting that the findings are “hardly conclusive”, Norse senior vice president Kurt Stammberger told the Security Ledger that nine researchers had begun to explore the theory that an insider with motive against Sony would be best placed to execute a hack.

                The team had started by examining a leaked database of employees made redundant during a a restructuring in May.

                Of six people Norse claim had involvement with the hack, one was a former staffer made redundant in May after 10 years at the firm. She had a very technical background and had used social media to berate the company after losing her job, it is claimed.

                Working with pro-piracy activists in the US, Asia and Europe, she may have used secretive discussion forums and IRC (chat) to coordinate the attack, researchers claim.

                “We see evidence for those two groups of people getting together,” Stammberger said.

                and the Bureau's response . . .

                Could the North Korean's outsourced their hack to disgruntled ex-employees . . . they kid us not.


                • #9
                  Re: Sony hack: A new pearl harbor?

                  Hubris reigns . . .

                  The Sony Hack Fraud
                  by Justin Raimondo • December 31, 2014

                  The progression of the government’s case indicting North Korea for hacking Sony’s computer system – and revealing the petty ego-trips of Hollywood’s glitterrati – was succinctly summed up by computer security expert Jeffrey Carr in a pithy tweet:

                  “NK did it 100%
                  OK, NK did it w/ help
                  OK, NK outsourced it
                  OK, NK was told later and bought them drinks
                  God dammit, NK is guilty of something”

                  The idea that Kim Jong-un was so enraged by a “comedy” that dramatizes his assassination – and, in the process, underscores the juvenility of its creators – was never all that credible to begin with. And the case for pinning the hack on the Hermit Kingdom goes rapidly downhill when one examines the initial communications from the “Guardians of Peace,” as the hackers dubbed themselves, which never so much as mentioned “The Interview” and instead simply demanded money. It wasn’t until the media and the FBI itself suggested a North Korean connection that the hackers picked up on this diversion and ran with it.

                  Speaking of diversions: the FBI announced a few days after the hack that they had “conclusive” evidence of North Korea’s guilt. The malware, they said, was “similar” to the kind that had been used by suspected North Korean hackers in the past and was “in the Korean language.” This is laughable, since a) the malware was widely disseminated and easily obtainable, b) the “Korean language” spoken in the north is significantly different from the southern dialect, and c) anyone who wanted to cover their tracks would be very unlikely to leave these rather transparent “clues.”

                  What other “evidence” do the feds have? Well, it seems the malicious software unleashed on Sony’s systems tried to contact an IP address (or addresses) “in North Korea,” as the War Street Journal reported. Yet as cyber-security expert Jeffrey Carr points out: “There is a common misconception that North Korea’s ITC is a closed system [and] therefore anything in or out must be evidence of a government run campaign. In fact, the DPRK has contracts with foreign companies to supply and sustain its networks.” Carr goes on to point out that the company that does this for the North Koreans is Loxley Pacific, located in Thailand.

                  “One of the easiest ways to compromise the Internet backbone of a country is to work for or be a vendor to the company which supplies the backbone. For the DPRK, that’s Loxley, based in Bangkok. The geolocation of the first leak of the Sony data on December 2 at 12:25am was traced to the St. Regis hotel in Bangkok, an approximately 13 minute drive from Loxley offices.

                  “… If one or more of the hackers involved in this attack gained trusted access to Loxley Pacific’s network as an employee, a vendor, or simply compromised it as an attacker, they would have unfettered access to launch attacks from the DPRK’s network against any target that they wish. Every attack would, of course, point back to the hated Pyongyang government.”

                  In short, the technical “evidence” supporting the narrative woven by those geniuses in Washington is rubbish. Yet they are still sticking by it – because, after all, government officials can never admit they were wrong. Especially since the President of the United States went out on a very thin limb and vowed to retaliate against North Korea – a pledge apparently carried out a few days ago. Two cyber-attacks took down the Hermit Kingdom’s pitiably small Internet structure, which consists of about as many IP addresses as can be found in a single block in Brooklyn.

                  USA! USA!

                  There’s just one problem: a rising chorus of independent cyber-security professionals are virtually unanimous in the opinion that the Obama administration muffed it. The North Koreans, they say, didn’t hack Sony – and our “retaliation” is looking more and more like unprovoked aggression. As Carr writes:

                  “Under international law, ‘the fact that a cyber operation has been routed via the cyber infrastructure located in a State is not sufficient evidence for attributing the operation to that State’ (Rule 8, The Tallinn Manual). The White House must responsibly evaluate other options, such as this one, before taking action against another nation state. If it takes such action, and is proved wrong later, which it almost certainly will be, the reputation of the U.S. government and the intelligence agencies which serve it will be harmed.”

                  Eviscerated is more like it.

                  So, if it wasn’t the North Koreans, then who are the hackers – and what was their motive? Marc Rogers, principal security researcher at Cloudflare, gave us a clue early on:

                  “Hard-coded paths and passwords in the malware make it clear that whoever wrote the code had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s (just) plausible that a North Korean elite cyber unit could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of a pissed-off insider. Combine that with the details of several layoffs that Sony was planning and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.”

                  It looks like Rogers was right on the money. An independent investigation carried out by Norse Security, a respected Silicon Valley company, came up with what they regard as conclusive evidence as to the identity of at least one of the hackers – a ten-year Sony employee with major technical skills who was recently laid off, a woman called “Lena” in news accounts. According to Norse Vice President Kurt Stammberger, the group consists of six people residing in Thailand, Canada, Singapore, and the US. How did Norse arrive at this conclusion? As a writer for Slashdot put it: ”

                  “Rather than starting from the premise that the Sony hack was a state sponsored attack, Norse researchers worked their investigation like any other criminal matter: starting by looking for individuals with the ‘means and motive’ to do the attack.”

                  The hackers, it seems, outed themselves when they released that massive data dump, which included files from Sony’s human resources department. Last spring Sony fired an awful lot of people – and the Norse team traced their virtual footprints. The culprits had an intimate knowledge of the structure of Sony’s computer system, and this was therefore the logical place to look. Norse uncovered posts on social media where ex-employees vented their anger at being let go, and uncovered Internet Relay Chat forums where these disgruntled types got in touch with known hackers – including one person linked to a server on which the original version of the malware had been constructed in the summer of this year.

                  The Norse team has met with the FBI and presented their findings, but the feds don’t seem too interested. They are sticking by their totally debunked story, at least so far. Just like the neocons who maintain to this day that Saddam Hussein really did have those “weapons of mass destruction” – and that we were right to invade Iraq and murder more than half a million Iraqis in cold blood.

                  Indeed, the Obama administration’s absurd “investigation” seems to have been modeled on the Bush administration’s propaganda campaign in the run up to the Iraq war, in which every possible bit of pseudo-“evidence” was twisted to conclude that Saddam Hussein was building “weapons of mass destruction.” Starting with a preordained conclusion, they proceeded to construct a case based on factoids that seemed to confirm it.

                  Like the neocons who were desperate for a pretext to invade Iraq, the Obamaites have an agenda of their own: targeting North Korea and citing the alleged threat of a “cybernetic Pearl Harbor” in order to gin up public support for “cyber-security” legislation that would give the government greater power to regulate the Internet as a “public utility.” They’ve been agitating for this for quite a while and clearly see the Sony hack as their doorway to success.

                  Can the Obama administration “stay the course,” as the Bushies used to say, and ignore the rising tide of skepticism? We’ll see. I somehow don’t think they’ll be backing down and offering that apology demanded by Kim Jong-un.

                  In any case, the lessons of the Sony hack harken back to basic libertarian principles:

                  1) Never take the government’s word for anything – they always have an agenda and will make up “facts” to fit the occasion.

                  2) The private sector is invariably more efficient than the public sector – the government’s phony investigation was and is bullshit, while it took independent Internet entrepreneurs to uncover the truth.

                  3) Government-connected companies are just as bad as the government itself – as Jeffrey Carr puts it:

                  “Federal agencies’ demand for cyber threat intelligence is voracious and they pay well. That demand is frequently met by companies like Mandiant, now part of FireEye – the company handling Sony’s incident response. The problem is that these companies have no oversight and no standardized vetting of sources.”

                  I wrote about Mandiant and the great “cyber-war” scam here, but there’s another angle not mentioned by Carr: the enormous amount of government money that goes into “cyber-security” is incentive for these companies to tell the feds only what they want to hear. The result is an echo chamber effect that blinds both parties to reality.

                  Which brings us back to the Iraq model and the causes of the “intelligence failure” that enabled the neocons to lie us into war. The simple fact of the matter is that our rulers aren’t interested in the truth because they believe they can create their own reality. As one top Bush administration official told journalist Ron Suskind during the run-up to the war:

                  “The aide said that guys like me were ‘in what we call the reality-based community,’ which he defined as people who ‘believe that solutions emerge from your judicious study of discernible reality.’ … ‘That’s not the way the world really works anymore,’ he continued. ‘We’re an empire now, and when we act, we create our own reality. And while you’re studying that reality – judiciously, as you will – we’ll act again, creating other new realities, which you can study too, and that’s how things will sort out. We’re history’s actors…and you, all of you, will be left to just study what we do.’”

                  This is precisely what the “mainstream” media has been doing all throughout this episode: studying the pronouncements of government officials and relaying this new “reality” to the American people with the kind of shameful subservience once only found in totalitarian countries. The result is that even if the government’s narrative is definitively debunked, the average person – who isn’t following this story as closely as the computer experts – will continue to believe Sony was hacked by those evil North Koreans, and that we have to take “defensive” measures like bringing down Pyongyang’s Internet and empowering the government to regulate the online world. As George W. Bush once put it: Mission accomplished!

                  Richard Vogel/AP