Friday, 26 December 2014

Hack on Sony: FBI Still Blames North Korea Despite Experts’ Evidence

Written by 

The FBI is standing by claims that North Korea was behind the devastating cyber-attack on Sony Pictures Entertainment late last month — the largest in U.S. history —that crippled computer systems and allowed hackers to leak more than 100 terabytes of sensitive company data.

The FBI and Sony Pictures Entertainment say the attack and subsequent leaks were motivated by the film The Interview, which depicts a successful assassination attempt on North Korean leader Kim Jong-un. But many computer security experts contend that North Korea is not involved. As The New American has reported, these experts claim that a hacktivist group that goes by the names "God'sApstls" and "Guardians of Peace" was responsible, and that financial extortion —and not The Interview — was the motive.

The hackers leaked information damaging to the entertainment giant's reputation and revenues, but not before demanding "financial compensation" to prevent the leaks. The hacktivists claim that Sony Pictures Entertainment is guilty of practices that deserve punishment and they have appointed themselves to carry out that punishment. The hackers' familiarity with the infrastructure of the company's networks suggests that this may well have been an inside job.

Guardians of Peace made mention of The Interview only after the media speculated that North Korea was responsible and that the film was the motive. Even then, the mention of the movie was almost in passing and was a denial. In a statement to csoonline, the hacktivist group said,

We are an international organization including famous figures in the politics and society from several nations such as United States, United Kingdom and France. We are not under direction of any state. Our aim is not at the film The Interview as Sony Pictures suggests. But it is widely reported as if our activity is related to The Interview. This shows how dangerous film The Interview is. The Interview is very dangerous enough to cause a massive hack attack. Sony Pictures produced the film harming the regional peace and security and violating human rights for money. The news with The Interview fully acquaints us with the crimes of Sony Pictures. Like this, their activity is contrary to our philosophy. We struggle to fight against such greed of Sony Pictures.

It appears that the threat of a 9/11-style terrorist attack was an attempt to capitalize on the notoriety Guardians of Peace had garnered in the media. Even though the FBI said there was no credible threat, Sony Pictures Entertainment pulled the movie after major chains refused to show it. President Obama criticized the entertainment company for the decision, saying,

We cannot have a society in which some dictators someplace can start imposing censorship here in the United States because if somebody is able to intimidate us out of releasing a satirical movie, imagine what they start doing once they see a documentary that they don't like or news reports that they don't like. That's not who we are. That's not what America is about.

The president's remarks were made only hours after the FBI said that North Korea originated the hack and the threat of a terrorist attack.

But experts now say that theory is weak — based mainly on the Korean programming language in the malware used in the cyber-attack. Hector Monsegur, whose hacker name was "Sabu," is a former hacker with the infamous groups Anonymous and LulzSec. He claims that Sony was hacked as far back as six years ago. Moreover, he points out that hackers from all over the world use a variety of hacking languages to obscure their identities. As to the time frame of the hack, Monsegur explained, "It had to happen over a long period of time. You can not just ex-filtrate ... 100 terabytes of data in a matter of weeks. It's just not possible. It would have taken months, maybe even years to ex-filtrate something like 100 terabytes of data without anyone noticing." He also claims that that much data flowing into North Korea "would have shut down [the] North Korean Internet, completely," because of that country's Internet infrastructure.

Kurt Stammberger, senior vice president of the computer security company Norse, told CBS News that his organization's research into the breach at Sony Pictures Entertainment shows that it "was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history." He added, "Sony was not just hacked; this is a company that was essentially nuked from the inside." Many other cyber-security experts have agreed.

Though Norse has no involvement in the official Sony investigation, the company has conducted its own inquiry into the matter. Stammberger points out that a woman calling herself "Lena" has a connection to Guardians of Peace, and was also an employee of Sony Pictures Entertainment for 10 years. She was "in precisely the right position and had the deep technical background she would need to locate the specific servers that were compromised," he asserts.

Norse's website shows a video of Stammberger's interview with MSNBC, in which he says, "The data that we're seeing ... doesn't support the hypothesis that North Korea master-minded this operation.... This narrative that a country like North Korea has orchestrated and carried out the most devastating and costly cyber-attack in history just doesn't jive with the telemetry that we've been collecting and analyzing." Among the reasons for doubting Pyongyang's involvement, according to Stammberger, is the fact that "North Korea rarely backs away from any opportunity to take credit for provocative action." If the despotic nation is responsible, "Why are they denying connection to this now? Why not trumpet their victory and their technical prowess?"

Many observers believe the cyber-attack is being blamed on North Korea for political reasons, and that evidence which doesn't fit a certain agenda is simply being ignored.

In the meantime, the private sector is concerned about figuring out who really is behind the attack and what can be done to prevent similar hacks on other companies. Constitutionalists are placing their money on the private sector.

Photo: AP Images

Please review our Comment Policy before posting a comment