Sony proves terrorism works

[ChuckNORRIS4Cup]

South Korea is still South Korea, and there was no invasion or anything besides political posturing.

People were also paranoid about the Sochi games, especially with all the anti-Russian propaganda coming from US and Canadian media, it turned out fine as well.

So odds are, nothing is going to happen other than political posturing by North Korea.

I know North Korea likes to make threats and try and scare people, but it's the ones when he has no threats, and just does it for fun, which catch people off guard. I bring up South Korea, because a list of things have happened from the expense of North Korea for fun, in the last roughly 8 years. But this cyber hacking ability that North Korea holds, is becoming the new generation of war, which is something not many are used to. It affects everyone, without actually using weapons of mass destruction.

July 5, 2006 - North Korea test fires a Daepodong 2 missile

October 9, 2006 - North Korea nuclear test

25 May 2009 - North Korea nuclear test

12 February 2013 - North Korea nuclear test

July 30, 2006: Several rounds are exchanged near a South Korean post in Yanggu, Gangwon

March 26, 2010: A South Korean naval vessel, the ROKS Cheonan, was allegedly sunk by a North Korean torpedo near Baengnyeong Island in the Yellow Sea

November 23, 2010: North Korea's artillery fired at South Korea's Yeonpyeong island in the Yellow Sea, killing 4 South Koreans

In 2011 it was revealed that North Korea abducted four high-ranking South Korean military officers in 1999

October 10, 2014: North Korean forces fired anti-aircraft rounds at propaganda balloons launched from Paju.

I still wouldn't trust the odds.

[Amish Rake Fighter]

What more then better target for North Korea.

Japan, where Sony is based.

According to some of those leaked emails, the heads in Japan didn't even want to make the movie.

Some of the stuff in those emails is pretty interesting though, screening the movie for the Assistant Sec. of State months before release, the use of specific RAND Corporation employees as consultants and the fact that they all think Adam Sandler is an @sshole for wanting $200 Million for making a 'Candyland' movie

[Grapefruits]

It was only a matter of time before the hacker collective Anonymous put their two cents in regarding the Sony hack. Early on Friday, one of Anon’s many Twitter accounts set their sights on North Korea, the hacker group known as #GOP (aka Guardians of Peace) and Sony Pictures regarding the decision to pull The Interview from theaters. From the looks of things, they are planning on releasing the movie to the world themselves. From Twitter:

http://uproxx.com/movies/2014/12/anonymous-north-korea-plan-release-the-interview/

---------------------------------------------------------------------------------------------

All the twitter comments are in the link. Anyone still think it's a marketing ploy?

[Twilight Sparkle]

all this talk about NK saying all this bull****, trying to flex nuts, those a-holes aren't going to do anything. so tired of these jackasses saying this and that, and not following through. one thing i read was those ass holes from "anonymous" said that the "GOP" arent't even a NK hacker group, so the whole thing is probably a work. whatever it is, you didn't see kim jong-il bombing the us for the team america movie

[M A K A V E L I 96]

[The Bookie]

I guess this is what happens when you make a marketing exec the IT director

also this is happening this morning

North Korea's internet appears to be under mass cyber attack

+

http://www.vox.com/2014/12/22/7433873/north-korea-internet-downKCNA

Internet connectivity between North Korea and the outside world, though never robust to begin with, is currently suffering one of its worst outages in recent memory, suggesting that the country may be enduring a mass cyber attack a few days after President Obama warned the US would launch a "proportional response" to North Korea's hack against Sony.

"I haven't seen such a steady beat of routing instability and outages in KP before," said Doug Madory, director of Internet analysis at the cybsecurity firm Dyn Research, according to Martyn Williams of the excellent blog North Korea Tech. Madory explained, "Usually there are isolated blips, not continuous connectivity problems. I wouldn't be surprised if they are absorbing some sort of attack presently."

While it's entirely possible that this is due to run-of-the-mill maintenance or technical issues, it's hard to miss that the outage comes just days after President Obama condemned North Korea as responsible for the massive cyberattack against Sony and pledged a "proportional" US response.

The outage also comes as China is investigating the accusations against North Korea over the Sony hack. North Korea's internet access is wired through China, which gives China more or less direct control over North Korea's access to the outside world.

Yes, North Korea does have the Internet. Very few citizens have access to it, it's slow, and the connection is shaky. But it allows North Korea's state media, its propagandists, and its vaunted cyberwarfare divisions a way to access the outside world, as well as ways for sympathetic Koreans in South Korea and Japan to link up with the Hermit Kingdom. The country is wired through China, North Korea's northern neighbor and sole ally.

Why could this be happening? Did the US launch a cyber attack against North Korea in retaliation for the Sony hack? On the one hand, the White House has reportedly ruled out any sort of "demonstration strike" cyber reprisal against North Korean internet targets. On the other, that does not necessarily rule out a possible American effort to simply disrupt or sever North Korea's connection to the outside internet, if only to block future attacks.

It's also possible that China is attempting to shut down North Korea's internet connections with the outside world, perhaps so as to avoid future North Korean attacks that would embarrass China. While China is North Korea's patron, it also typically seeks to tamp down the Hermit Kingdom's provocations, which Beijing rightly sees as bad for Chinese interests.

Vigilante hackers could also theoretically be responsible, perhaps in an attempt to punish North Korea for the Sony attack, although past efforts by groups such as Anonymous have been spectacular failures.

While it's possible that North Korea is preemptively closing off its own internet access, hoping to prevent or preempt any US reprisal attacks, that would not explain why connectivity occasionally pops back up, suggesting that either an outage or a deliberate attack is the cause.

[jdatb]

Lol north Korea lost their internet

[Butters Stoch]

Sony changed their mind but most theatres still aren't willing to show it.

[The Bookie]

http://marcrogers.org/2014/12/21/why-i-still-dont-think-its-likely-that-north-korea-hacked-sony/

Why I *still* dont think it’s likely that North Korea hacked Sony.

So the FBI has come out and said it. North Korea was behind the Sony hack. With some pretty strongly worded rhetoric, they lay out exactly why they feel confident enough to lay the blame for this criminal act at the doorstep of a foreign nation. Finally, they express their deep concern about how these events unfolded, stating that these events pose “one of the gravest national security dangers to the United States”. Pretty strong stuff. World-cyber-war One here we come.

Let’s take a look at the evidence that led the FBI to this conclusion. (At least the evidence that they were willing to share publicly).

• Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

So what they are saying here is that the malware found in the course of investigating the Sony hack bears “strong” similarities to malware found in other “known” malware attacks. Specifically, they are referring to the similarities between the malware found during this attack – Destover, the malware found to be at the heart of the attack against the Saudi based Aramco in 2012 – Shamoon, and the malware found at the heart of the massive cyberattack which brought most of Seoul to its knees in 2013 – Dark Seoul.

Aside from the fact that all three of these were above average cyber attacks which used a piece of malware, what exactly are the links and similarities they are referring to?

First, let’s look at each of these other attacks -

Shamoon: Was modular Windows malware discovered in August 2012 bySeculert, targeting companies in the oil and energy sectors. In particular, Shamoon was found to have infected 30,000 the Saudi arm of the oil and gas giant “Aramco”. While many speculated that Shamoon was the work of a nation state, others were not convinced. Kaspersky in particular carried out an in-depth analysis of Shamoon later that year concluding that the malware was “quick and dirty” and that the code,written by amateurs, was riddled with silly mistakes. Shamoon was attributed to a group known as “the Cutting Sword of Justice”.

DarkSeoul: On June 25 2013, Korea suffered a series of crippling cyber-attacks that coincided with the 63rd anniversary of the start of the Korean War. The attacks were carried out by multiple actors and ranged from DDoS attacks through to incursion by malware, later identified to be “DarkSeoul”. Analysis of the “DarkSeoul” samples showed that this group had been responsible for several other high profile attacks including the devastating “Jokra” attacks against South Korean Banks and Television Broadcasters, and numerous major attacks against companies in the Korean financial sector in May 2013. Symantec attributed the attacks to a group of South Korean hackers called the “DarkSeoul gang“. They did not believe that it was the work of North Korea but suggested it was possible that The “DarkSeoul Gang” was working to the benefit of North Korea or possibly even on their payroll.

So while North Korea has certainly been hinted at for each of these two hacks, the evidence is flimsy and speculative at best. So, what about the similarities? Well, ignoring the IP addresses, as we will discuss these later, these are the “links”.

From: http://securelist.com/blog/research/67985/destover/

1. Just like Shamoon, the Destover wiper drivers are commercially available EldoS RawDisk drivers.
2. Just like Shamoon, the Destover wiper drivers are maintained in the droppers’ resource section.
3. Just like Shamoon, the DarkSeoul wiper event included vague, encoded pseudo-political messages used to overwrite disk data and the master boot record (MBR).
4. Just like DarkSeoul, the Destover wiper executables were compiled somewhere between 48 hours prior to the attack and the actual day of the attack. This means it is highly unlikely that the attackers spear-phished their way into large numbers of users, and highly likely that they had gained unfettered access to the entire network prior to the attack.
5. The Shamoon components were compiled in a similarly tight time-frame prior to their deployment. The CompiledOn timestamps all fall within five days of their executables’ detonation. Nearly all were compiled on Aug 10, 2012 (between 00:17:23 and 02:46:22) and set to detonate on Aug 15, 2012. That is a tight window to quietly deploy these binaries considering that tens of thousands of machines were destroyed with this payload.
6. In all three cases: Shamoon, DarkSeoul and Destover, the groups claiming credit for their destructive impact across entire large networks had no history or real identity of their own. All attempted to disappear following their act, and did not make clear statements but did make bizarre and roundabout accusations of criminal conduct, and instigated their destructive acts immediately after a politically-charged event that was suggested as having been at the heart of the matter.
7. Images from the DarkSeoul ‘Whois’ and Destover ‘GOP’ groups included a ‘Hacked by’ claim, accompanied by a “warning” and threats regarding stolen data. Both threatened that this was only the beginning and that the group will be back. It appears that original skeletal artwork was also included in both.

While some of these similarities certainly strongly hint at a similar operation and a shared DNA between these pieces of malware, it is hardly a smoking gun. Furthermore, the strength of this particular line of analysis weakens when you consider just how much sharing happens in the malware world. Many of these pieces of malware use publicly available tools and libraries. Many of these pieces of malware are based on malware source code that has been sold/released/leaked and is therefore accessible and easy to use. Finally many of these pieces of malware are available for purchase. Indeed, the malware SaaS (software as a service) industry is booming – why write a complex piece of malware that requires specialist skills to write when it is likely to be deprecated as soon as the AntiVirus vendors record its signature. Malware SaaS operations sell wannabe malware hackers new, currently undetectable pieces of malware with a guarantee that, so long as the user pays a service charge, they will rebuild the malware to make it once again undetectable should it ever fall into the hands of the authorities.

While there is insufficient evidence to say that is what’s going on in the case of these three attacks and the malware at the heart of them, I see no effort to prove that it isn’t the case either. Lastly, it’s pretty weak in my books to claim that the newest piece of malware is the act of a nation state because other possible related pieces of malware were *rumored* to be the work of a nation state. Until someone comes up with solid evidence actually attributing one of these pieces of malware to North Korea I consider this evidence to be, at best, speculation.

• The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

What the FBI is essentially saying here is that some of the IP addresses found while analyzing the malware samples and the logs of the attack have been used in the past by North Korea. To me, this piece of evidence is perhaps the least convincing of all. IP addresses are often quite nebulous things. They are addresses of machines connected to the Internet. They are neither good, nor bad.

The IP address is never what is interesting. It’s what’s running on the system that has that IP address that is interesting. Furthermore, to imply that some addresses are permanent fixtures used by North Korean hackers implies a fundamental misunderstanding of how the internet works and in particular how hackers operate.

For starters, hackers – at least the ones that want to stay out of jail – do NOT use their own machines or websites as staging points for operations. Instead, they hijack other vulnerable systems and route their traffic through them – and often many others – as a way to hide their origin. You know IP addresses such as those belonging to hotels in Thailand for examples.

My good friend Dr Krypt3ia has done some excellent analysis on this in his latest blog:

http://krypt3ia.wordpress.com/2014/12/20/fauxtribution/

In it, he looks at the IP addresses reference by the FBI and most importantly the systems behind them. Here is a summary of what he finds (though I urge you to go read his article in full).

• 202.131.222.102 – Thailand
• 217.96.33.164 – Poland
• 88.53.215.64 – Italy
• 200.87.126.116 – Bolivia
• 58.185.154.99 – Singapore
• 212.31.102.100 – Cyprus
• 208.105.226.235 – USA

With the exception of the US address, which appears to belong to a company based in NY, all of these appear to be addresses of known proxys open to the public. If you check these IP addresses against any of the leading IP reputation services, such as SpamHaus or Project Honeypot, you find that in fact these addresses have been used for both spam and as Command and Control (C2) addresses for malware. No North Koreans: just common garden internet cybercriminals.

The only thing that clearly we can’t examine here is whether or not the FBI has some undisclosed signals intelligence from other agencies implicating these addresses in North Korean spying operations. However, even if that were the case, I would suggest that, because of the fact that these addresses are being used by common cybercriminals as part of their regular operations, even that evidence would be tainted to some extent

• Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

Wait, what? They are referencing the Shamoon and DarkSeoul attacks again! You can’t use the same piece of evidence as two separate pieces of evidence!

So in conclusion, there is NOTHING here that directly implicates the North Koreans. In fact, what we have is one single set of evidence that has been stretched out into 3 separate sections, each section being cited as evidence that the other section is clear proof of North Korean involvement. As soon as you discredit one of these pieces of evidence, the whole house of cards will come tumbling down.

So where does that leave us? Well essentially it leaves us exactly where we were when we started. We don’t have any solid evidence that implicates North Korea, while at the same time we don’t have enough evidence to rule North Korea out. However, when you take into consideration the fact that the attackers, GOP, have now released a message saying that Sony can show “the Interview” after all, I find myself returning to my earlier instincts – this is the work of someone or someones with a grudge against Sony and the whole “Interview” angle was just a mixture of opportunity and “lulz”.

I am no fan of the North Korean regime. However I believe that calling out a foreign nation over a cybercrime of this magnitude – something serious enough to go to war over – should not be taken lightly. The evidence used to attribute a nation state in such a case should be solid enough that it would be both admissible and effective in a court of law. As it stands, I do not believe we are anywhere close to meeting that standard.

[Heretic]

LOL

http://www.youtube.com/watch?v=gPAPNHbzCE4

[Grapefruits]

Sony changed their mind but most theatres still aren't willing to show it.

Do people even care to go and see it in theaters anymore? I'm sick of hearing about it frankly.

[M A K A V E L I 96]

"We ensure the security of your data unless you make additional trouble," the message said.

Looks like Sony is making additional trouble, so we should see some more embarrassing Sony leaks.

[Neversummer]

For those who thinks that the movie is a great idea ... if some Middle Eastern country made a movie about assassinating Obama or Harper ... you would say go for it, show it in theatres, no problems ... in the name of Free Speech?

The premise of The Interview is so friggin ridiculous ... if I was American, I'd be embarrassed by the sheer stupidity of this movie.

[JeremyCuddles]

Hard to put a movie in theatres when the theatres don't want it. The theatres made the ultimate choice of pulling the movie, not Sony.

[Grapefruits]

Was watching the news earlier, has a report about them releasing the movie. They interviewed a guy who said that he was going to the movie to show North Korea that America can't be pushed around.

'Murica.

[Jägermeister]

For those who thinks that the movie is a great idea ... if some Middle Eastern country made a movie about assassinating Obama or Harper ... you would say go for it, show it in theatres, no problems ... in the name of Free Speech?

The premise of The Interview is so friggin ridiculous ... if I was American, I'd be embarrassed by the sheer stupidity of this movie.

I'd be fine with that?

It's a freakin' movie. An actor playing some fake guy killing a parody of a real person who is played by another actor isn't offensive.

[Miss Korea Bob.Loblaw]

For those who thinks that the movie is a great idea ... if some Middle Eastern country made a movie about assassinating Obama or Harper ... you would say go for it, show it in theatres, no problems ... in the name of Free Speech?

The premise of The Interview is so friggin ridiculous ... if I was American, I'd be embarrassed by the sheer stupidity of this movie.

You are rambling on about hypotheticals without even looking anything up. Death of a President was a British what-if movie where GW Bush gets killed. Heavily censored everywhere including the States.

[M A K A V E L I 96]

You are rambling on about hypotheticals without even looking anything up. Death of a President was a British what-if movie where GW Bush gets killed. Heavily censored everywhere including the States.

US politicians on the Bush movie: “Despicable". “That anyone would even attempt to profit on such a horrible scenario makes me sick.”

US politicians on the Kim Jung-un movie: "LOL. Freedom of speech, democracy, etc. I love James Flacco".

[Whale Tail]

Sony made The Interview available online on Wednesday but only in the US

Sony Pictures is distributing its film The Interview online, after a cyber-attack and a row over its release.

The film is being offered through a dedicated website - seetheinterview.com - as well as via Google and Microsoft but is only available in the US.

Sony had previously pulled the film, whose plot centres on a plan to assassinate North Korean leader Kim Jong-un.

The cancellation had been criticised by US President Barack Obama.

Since then, several hundred independent cinemas across the US have come forward offering to show the title.

The digital deal means the film is available through Google services YouTube and Play, and Microsoft's Xbox Video platform.

The film costs $5.99 (£3.80) to rent, or $14.99 to buy, Sony said.

"It has always been Sony's intention to have a national platform on which to release this film," said Michael Lynton, chairman and chie executive of Sony Entertainment, in a statement.

I wonder if they will have more sales from this on people watching it at home and actually purchasing or renting it? Compared to movie theater prices.

[Neversummer]

US politicians on the Bush movie: “Despicable". “That anyone would even attempt to profit on such a horrible scenario makes me sick.”

US politicians on the Kim Jung-un movie: "LOL. Freedom of speech, democracy, etc. I love James Flacco".

This ... precisely.