World News -- Last week, the FBI announced that it had gathered conclusive evidence to prove that the Government of North Korea had orchestrated the cyber-attack on Sony Pictures. This was followed by a verbal attack by president Obama who promised a “proportional response”.
In an almost immediate response, North Korea issued strong statement denying the allegations that it had been involved in the Sony attack and demanded an apology from the United States. Then a few hours later, something happened -- North Korea lost its connection to the web, an incident suspected to have been orchestrated by the U.S in response to the Sony attack or a preemptive move by Pyongyang to forestall a U.S attack.
Leading experts in cybersecurity are now claiming that the FBI’s findings were unsubstantial. The weakness in FBI’s evidence is best articulated by Marc Rogers in his article published in The Daily Beast.
The satirical movie “The Interview” was due to be released on Christmas and revolves around a plot to murder Kim Jong-Un, and thus North Korea would be interested in hacking Sony to prevent the release of the movie.
According to Marc Rogers, “the Director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for global CDN and DNS provider Cloudflare”, the 2014 Sony attack is likely to be work of a disgruntled employee who was due to be laid off. In his article, Rogers tares down all the evidence provided by the FBI.
First, he points out that the FBI’s finding that the Malware was similar to others used by North Korea is not a “remotely plausible evidence” that the attack was orchestrated by the DPRK.
By stating that, the FBI was more likely referring to Shamoon and DarkSeoul, malwares which were thought to have been launched by North Korea – findings which were also disputed by Rogers and other security experts.
He also discredited the second piece of evidence presented by the FBI and which referred to the “significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea.”
According to Rogers, just because an IP address has previously been used for Cybercrime activities it does not mean that the IP will always be linked to future cybercrime activities associated with it. Security experts understand that IP addresses can be permanent, however, at other times “IPs can last just a few seconds.”
The FBI should therefore have focused on the server rather than the IP address.
The IPs found in the Malware code were all, except one, public proxies and they have all been used by “malware operators in the past”.
According to Rogers, cybercriminals routinely use proxies to conceal their identities. Therefore, the FBI can’t use that to blame North Korea for the Sony attack.
Here is a brief of the evidence produced by Rogers and other experts to prove that North Korea did NOT hack Sony.
- The anti-North Korean bias of the movie was only brought up after the media highlighted that. The hackers never mentioned the film right from the start of the hacking activity.
- They dumped the data rather than use it, North Korea would have used it for propaganda or otherwise. This points to the fact that whoever hacked Sony was only interested in humiliating it.
- Blaming North Korea was an easier escape for the real people who orchestrated the hack or who provided the means through which it was facilitated.
- Blaming North Korea is also convenient for the U.S government. According to Rogers, “It’s the perfect excuse to push through whatever new, strong, cyber-laws they feel are appropriate, safe in the knowledge that an outraged public is fairly likely to support them.”
- The last bit of evidence is particularly interesting. According to Marc Rogers, “The Hard-coded paths and passwords found in the malware shows that whoever wrote the code had extensive knowledge of Sony’s internal architecture and access to key passwords.”
There is information that Sony was planning massive layoffs and the hacking could be better blamed on a disgruntled employee rather than the DPRK.
Rogers ends his article by stating that: I am no fan of the North Korean regime. However I believe that calling out a foreign nation over a cybercrime of this magnitude should never have been undertaken on such weak evidence. The evidence used to attribute a nation state in such a case should be solid enough that it would be both admissible and effective in a court of law. As it stands, I do not believe we are anywhere close to meeting that standard.
Photo Credit:Stefan Krasowski
0 comments:
Post a Comment