Loading...
post-template-default single single-post postid-13378 single-format-standard

Was North Korea Really Responsible for Hacking Sony’s Computers?

Alex Constantine - December 25, 2014

Sony's Hacked Computers -- A Cyber Gulf of Tonkin?

Edited by Alex Constantine

From the New York Times:

New Study Adds to Skepticism Among Security Experts That North Korea Was Behind Sony Hack

By NICOLE PERLROTH

 DECEMBER 24, 201

A number of private security researchers are increasingly voicing doubts that the hack of Sony‘s computer systems was the work of North Korea. ...

Security researchers say they need more proof. “Essentially, we are being left in a position where we are expected to just take agency promises at face value,” Marc Rogers, a security researcher at CloudFlare, the mobile security company, wrote in a post Wednesday. “In the current climate, that is a big ask.”

Mr. Rogers, who doubles as the director of security operations for DefCon, an annual hacker convention, and others like Bruce Schneier, a prominent cryptographer and blogger, have been mining the meager evidence that has been publicly circulated, and argue that it is hardly conclusive.

For one, skeptics note that the few malware samples they have studied indicate the hackers routed their attack through computers all over the world. One of those computers, in Bolivia, had been used by the same group to hack targets in South Korea. But that computer, as well as others in Poland, Italy, Thailand, Singapore, Cyprus and the United States, were all freely available to anyone to use, which opens the list of suspects to anyone with an Internet connection and basic hacking skills.

For another, Sony’s attackers constructed their malware on computers configured with Korean language settings, but skeptics note that those settings could have been reset to deflect blame. They also note the attackers used commercial software wiping tools that could have been purchased by anyone.

They also point out that whoever attacked Sony had a keen understanding of its computer systems — the names of company servers and passwords were all hard-coded into the malware — suggesting the hackers were inside Sony before they launched their attack. Or it could even have been an inside job.

And then there’s the motive. Government officials claim the Sony attacks were retaliation for “The Interview,” a feature film about two bumbling journalists hired by the C.I.A. to assassinate North Korea’s leader. In a letter last June, North Korea’s ambassador to the United Nations called the film “an act of war.” But naysayers point out that, as far as they can tell, Sony’s attackers did not mention the film as motivation until that theory percolated in the media.

The simpler explanation is that it was an angry “insider,” Mr. Rogers wrote. “Combine that with the details of several layoffs that Sony was planning, and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.”

On Wednesday, one alternate theory emerged. Computational linguists at Taia Global, a cybersecurity consultancy, performed a linguistic analysis of the hackers’ online messages — which were all written in imperfect English — and concluded that based on translation errors and phrasing, the attackers are more likely to be Russian speakers than Korean speakers.

Shlomo Argamon, Taia’s Global’s chief scientist, said in an interview Wednesday that the research was not a quantitative, computer analysis. Mr. Argamon said he and a team of linguists had mined hackers’ messages for phrases that are not normally used in English and found 20 in total. Korean, Mandarin, Russian and German linguists then conducted literal word-for-word translations of those phrases in each language. Of the 20, 15 appeared to be literal Russian translations, nine were Korean and none matched Mandarin or German phrases.

Mr. Argamon’s team performed a second test of cases where hackers used incorrect English grammar. They asked the same linguists if five of those constructions were valid in their own language. Three of the constructions were consistent with Russian; only one was a valid Korean construction.

“Korea is still a possibility, but it’s much less likely than Russia,” Mr. Argamon said of his findings. ...

It is also worth noting that other private security researchers say their own research backs up the government’s claims. CrowdStrike, a California security firm that has been tracking the same group that attacked Sony since 2006, believes they are located in North Korea and have been hacking targets in South Korea for years.

But without more proof, skeptics are unlikely to simply demur to F.B.I. claims. “In the post-Watergate post-Snowden world, the USG can no longer simply say ‘trust us’,” Paul Rosenzweig, the Department of Homeland Security’s former deputy assistant secretary for policy, wrote on the Lawfare blog Wednesday. “Not with the U.S. public and not with other countries. Though the skepticism may not be warranted, it is real.”

Mr. Rosenzweig argued that the government should release more persuasive evidence. “Otherwise it should stand silent and act (or not) as it sees fit without trying to justify its actions. That silence will come at a significant cost, of course — in even greater skepticism. But if the judgment is to disclose, then it must me more fulsome, with all the attendant costs of that as well.”

http://bits.blogs.nytimes.com/2014/12/24/new-study-adds-to-skepticism-among-security-experts-that-north-korea-was-behind-sony-hack/?_r=0

Gawker: "A Lot of Smart People Think North Korea Didn't Hack Sony":

"... Independent, skeptical security experts have been poking holes in this theory for days now. Evidence provided by the FBI last week in an official accusation against the North Korean government was really more of a reference to evidence—all we got were bullet points, most of them rehashing earlier clues. It still doesn't seem like enough to definitively pin the attacks to North Korea. Security consultant Dan Tentler didn't take long to brush off the FBI's points. But the weightiest rebuttal of the case against North Korea has come from renowned hacker, DEFCON organizer, and CloudFlare researcher Marc Rogers, who makes a compelling case of his own. Highlights:

The broken English looks deliberately bad and doesn't exhibit any of the classic comprehension mistakes you actually expect to see in "Konglish". i.e it reads to me like an English speaker pretending to be bad at writing English. ...

It's clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony's internal architecture and access to key passwords. While it's plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam's razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as.

"The attackers only latched onto 'The Interview' after the media did – the film was never mentioned by GOP right at the start of their campaign. It was only after a few people started speculating in the media that this and the communication from DPRK "might be linked" that suddenly it became linked.""

http://gawker.com/a-lot-of-smart-people-think-north-korea-didnt-hack-sony-1672899940

Hewlett-Packard also suspects that a mole at Sony was involved:

"An assessment by HP published on Dec. 19 detailed how 'several factors support that North Korea played a role in the attacks.' HP noted that 'it is difficult to discern whether the regime acted alone. It is plausible that the actors responsible for this attack relied on the assistance of an insider.'"

http://www.businessinsider.com/stop-saying-north-korea-didnt-hack-sony-2014-12#ixzz3MvRqVlfs

Wired, December 23, 2014: "Experts Are Still Divided on Whether North Korea Is Behind Sony Attack":

Robert Graham, CEO of Errata Security, who has been a vocal skeptic of the government’s attribution, says he thinks the government is divided on the issue, but that certain parties forced a public statement.

“I don’t think the NSA is on board and I don’t think the entire FBI is on board, either,” he speculates. Rather, he thinks someone in a political position inside the FBI, not actual investigators, got hold of a report from Mandiant, the security firm hired to investigate Sony’s breach, which said that there were similarities to other attacks attributed to North Korea. These FBI insiders read this and “wanted it to be North Korea so much that they just threw away caution,” he suggests. The degree of attention focused on the Sony hack combined with “leaks” from anonymous government officials pointing the finger at North Korea made it a fait accompli that the administration would have to officially attribute the attack to North Korea. “There’s this whole group-think that happens, and once it becomes the message, it’s really hard to say no it’s not this,” Graham says.

http://www.wired.com/2014/12/sony-north-korea-hack-experts-disagree/

Mandiant

Mandiant, contracted by the government to investigate the cyber-intrusion, is named for David Mandia, a former military intelligence officer. About him (from the company's website):

Kevin Mandia - Senior Vice President and Chief Operating Officer

As Senior Vice President and Chief Operating Officer, Kevin oversees all operations since December 2013, when FireEye acquired his company, Mandiant. Before Mandiant, Kevin was the Director of Computer Forensics at Foundstone (acquired by McAfee Corporation) from 2000 to 2003, and the Director of Information Security for Sytex (later acquired by Lockheed Martin) from 1998 to 2000. Kevin was also a United States Air Force Officer, where he was as a computer security officer in the 7th Communications Group at the Pentagon, and a special agent in the Air Force Office of Special Investigations (AFOSI). He holds a B.S. in computer science from Lafayette College and a M.S. in forensic science from The George Washington University.

https://www.fireeye.com/company/leadership.html

GlobalResearch suggests that hackers much closer to home were responsible: "Sony Hack Blamed on North Korea Bears Hallmarks of U.S. Intelligence Operation."

The FBI told their story about North Korea attacking Sony. Before we retaliate, read what they didn’t tell you.

20 DECEMBER 2014
http://fabiusmaximus.com/2014/12/20/rebuttal-holes-fbi-north-korea-sony-attack-74873/

Summary: The government blames North Korea of the Axis of Evil for the attack on Sony, a claim quite like the bogus claims of the past we so credulously believed. No matter how often they lie to us, Americans believe what the government tells us. They lie, we believe, their lies are exposed — rinse, repeat. It makes us easy to govern, incapable of self-government, and quite different than our skeptical unruly forebearers. We can do better. This is a great day to begin. Read this and decide for yourself.

Contents

Articles questioning the FBI’s story

About the attack

Dissenting voices to the official story

Remember this before you believe

Major media see the story

For More Information

(1)  Articles questioning the FBI’s story

While most journalists report official government statements, and cite only approving voices, there are a few who quote dissenters. We should pay attention to these few, considering the long list of government lies attributing evil deeds to designated foes. Learning from experience is the beginning of strength.

  1. Sony Pictures hackers say they want ‘equality,’ worked with staff to break in“, Jacob Kastrenakes and Russell Brandom, The Verge, 25 November 2014 — An interview with the hackers. Ignored by journalists; blockbuster news if true.
  2. Sony Hack: Studio Security Points to Inside Job“, The Hollywood Report, 3 December 2014
  3. North Korea Almost Certainly Did Not Hack Sony“, Kim Zetter, Wired, 17 December 2014
  4. Reaction to the Sony Hack Is ‘Beyond the Realm of Stupid’“, Jason Koebler, Motherboard, 17 December 2014
  5. Why You Should Demand Proof Before Believing The U.S. Government On North Korea and Sony“, Jeffrey Carr (cybersecurity expert, CEO of Taia GlobalWikipedia bio), Digital Dao, 17 December 2014 — Excellent background on the cyber-intel agencies and their vendors, and the dubious past of cyber-attack attribution.
  6. Why the Sony hack is unlikely to be the work of North Korea“, Marc Rogers (of web-traffic optimizer CloudFlare), 18 December 2014 — 1st of 2.
  7. US reportedly blaming North Korea for Sony Pictures hack. But why?“, Graham Cluley, 18 December 2014 — Repeats points made elsewhere.
  8. Sony, the DPRK, and the Thailand – Pyongyang Connection“, Jeffrey Carr, Digital Dao, 19 December 2014  — The story becomes more complex.
  9. North Korea Hacked Sony? Don’t Believe It, Experts Say“, Paul Wagenseil, Tom’s Guide, 19 December 2014
  10. Sony hack was the work of SPECTRE“, By Robert Graham (CEO), Errata Security, 19 December 2014 — A logical alternative analysis shows the weakness of the FBI’s case.
  11. How the FBI says it connected North Korea to the Sony hack — and why some experts are still skeptical“, Christina Warren, Mashable, 20 December 2014
  12. Lets blame our perennial adversary!“, the grugq (bio herehis website), undated — The attacker has strong media skills.
  13. Update: “Fauxtribution ?” at Krypt3ia (pseudonomeous hacker), 20 December 2014
  14. Update: Comment by Marcus Ranum, e-security expert (bio here) & on the FM website’s team of authors, posted at Free Thought Blogs, 21 December 2014
  15. Update: “Why I *still* dont think it’s likely that North Korea hacked Sony.“, Marc Rogers (of web-traffic optimizer CloudFlare), 21 December 2014 — 2nd of 2, with more detail.
  16. Update: “Sony hacker language“, Language Log, 21 December 2014 — Linguistic analysis of the hackers’ writing.

I sifted through these articles, each linking to other sources, and assembled the this summary. I believe it shreds the FBI story; at the very least it destroys the certainty about the attackers’ identity. Read and decide for yourself.

(2)  About the attack

Hewett Packard posted an excellent summary of the attack and North Korea’s capabilities and possible role. Seetheir August 2014 report about North Korea’s cyber capabilities. They discuss the Chongryon, a group of North Koreans in Japan who run its some of its most important cyber and intelligence programs.

Also see the detailed analysis posted by Risk Based Security.

Why does the government tell us so little of the evidence? Some speculate that the NSA provided much of the evidence, but they’re keeping this SIGINT secret (e.g., Nicholas Weaver at Mashable). That’s logical. The pseudonymous but well-known information security expert going by the handle “the gugq” agrees: “I’ll accept the Feeb’s answer, I just don’t believe they’ve shown their work. Mostly because it’s not their work, they just copied from NSA.” As you see below, after more thought he became more skeptical. So should you.

History suggests skepticism about these stories, given the history of US government and its corporate allies exaggerating the power of designated US foes. The Soviet Union was ominous superpower until it collapsed after years of internal rot (unnoticed by our lavishly funded intel agencies). Brian Honan (info security expert; bio herereminds us of the 1998 “Solar Sunrise” attack by Iraq on US Army websites? US Deputy Defense Secretary John Hamre said it was “the most organized and systematic attack to date” on US military systems. A massive multi-agency task force eventually arrested 4 teenage boys. See the details here.

(3) Dissenting voices to the official story

(a)  The best summary I’ve seen in rebuttal to the FBI’s story — Excerpt from Marc Rogers’s article (red emphasis added):

  • (1)  The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending to be bad at writing English.
  • (2)  The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. {details and cites follow}
  • (3)  It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords. … Occam’s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as.
  • (4)  Whoever did this is in it for revenge. The info and access they had could have easily been used to cash out, yet, instead, they are making every effort to burn Sony down. {explanation follows}
  • (5)  The attackers only latched onto “The Interview” after the media did – the film was never mentioned by GOP right at the start of their campaign. It was only after a few people started speculating in the media that this and the communication from DPRK “might be linked” that suddenly it became linked. I think the attackers both saw this as an opportunity for “lulz” and as a way to misdirect everyone into thinking it was a nation state. After all, if everyone believes it’s a nation state, then the criminal investigation will likely die. …
  • (6)  Whoever is doing this is VERY net and social media savvy. That, and the sophistication of the operation, do not match with the profile of DPRK up until now.
  • (7)  {B}laming North Korea is the easy way out for a number of folks, including the security vendors and Sony management who are under the microscope for this. …
  • (8)  It probably also suits a number of political agendas to have something that justifies sabre-rattling at North Korea …
  • (9)  It’s clear from the leaked data that Sony has a culture which doesn’t take security very seriously. …
  • (10)  Who do I think is behind this? My money is on a disgruntled (possibly ex) employee of Sony.

Rogers’ follow-up post provides more detail, and with analysis even more critical of the FBI story. His conclusion:

We don’t have any solid evidence that implicates North Korea, while at the same time we don’t have enough evidence to rule North Korea out. … calling out a foreign nation over a cybercrime of this magnitude – something serious enough to go to war over – should not be taken lightly.

(b)  From the Mashable article (links added):

Jeffrey Carr, cybersecurity expert {see Wikipedia} and CEO of Taia Global, is one of the skeptics. He told Mashable that “one of the biggest mistakes is that because an attack can be traced to the North Korean Internet that somehow means it’s the North Korean government. That’s a false assumption, because the North Korean Internet is basically provided by outside companies, in this case a Thai company. Nothing presented excludes alternate scenarios, so why jump to the most serious one?”

Carr notes that it appears the FBI is getting most of its intelligence from private security companies, without vetting or verifying that information. He added: “The White House is now getting ready to take some kind of action, as if it’s a sure thing that the North Korean government is involved. Meanwhile you have the hackers who actually are responsible laughing because this is the most epic false flag ever.”

(c)  More from Jeffrey Carr, from his Digital Dao articles:

Is North Korea responsible for the Sony breach? I can’t imagine a more unlikely scenario than that one, and for many of the same reasons that Kim Zetter detailed in her excellent article for Wired. {December 17}

There is a common misconception that North Korea’s ITC is a closed system therefore anything in or out must be evidence of a government run campaign. In fact, the DPRK has contracts with foreign companies to supply and sustain its networks. … For the DPRK, that’s Loxley, based in Bangkok. Thegeolocation of the first leak of the Sony data on December 2 at 12:25am was traced to the St. Regis hotel in Bangkok, an approximately 13 minute drive from Loxley offices.

This morning, Trend Micro announced that the hackers probably spent months collecting passwords and mapping Sony’s network. That in addition to the fact that the attackers never mentioned the movie until after the media did pretty much rules out “The Interview” as Pyongyang’s alleged reason for retaliation. If one or more of the hackers involved in this attack gained trusted access to Loxley Pacific’s network as an employee, a vendor, or simply compromised it as an attacker, they would have unfettered access to launch attacks from the DPRK’s network against any target that they wish. Every attack would, of course, point back to the hated Pyongyang government.

Under international law, “the fact that a cyber operation has been routed via the cyber infrastructure located in a State is not sufficient evidence for attributing the operation to that State” (Rule 8, The Tallinn Manual). (December 19}

(d)  From the grugq’s post (bio herehis website):

This is a media blitz campaign by a group that is steeped in Internet culture and knows how to play to it. They can manipulate it to maximum effect. This is definitely far more sophisticated than the usual rhetoric from North Korea. … To handle this sophisticated media / Internet campaign so well would require a handler with strong English skills, deep knowledge of the Internet and western culture. This would be someone quite senior and skilled. That is, I can’t see DPRK putting this sort of valuable resource onto what is essentially a petty attack against a company that has no strategic value for DPRK.

(e)  Robert Graham (CEO of Errata Security) provides another perspective at their website. Here are two excerpts.

While there may be more things we don’t know, on its face {the FBI press release is} complete nonsense. It sounds like they decided on a conclusion and are trying to make the evidence fit. They don’t use straight forward language, but confusing weasel words, like saying “North Korea actors” instead of simply “North Korea”. They don’t give details.

The reason it’s nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it’s own malware from scratch. (19 December 2014)

My story … better explains the evidence in the Sony case than the FBI’s story of a nation-state attack. In both cases, there are fingerprints leading to North Korea. In my story, North Korea is a customer. In the FBI’s story, North Korea is in charge. However, my story better explains how everything is in English, how there are also Iranian fingerprints, and how the threats over The Interview came more than a week after the attack. The FBI’s story is weak and full of holes, my story is rock solid.

I scan the Internet. I find compromised machines all over the place. Hackers have crappy opsec, so that often leads me to their private lairs (i.e. their servers and private IRC chat rooms). There are a lot of SPECTRE-like organizations throughout the world, in Eastern Europe, South America, the Islamic world, and Asia. At the bottom, we see idiot kids defacing websites. The talented move toward the top of the organization, which has nebulous funding likely from intelligence operations or Al Qaeda, though virtually none of their activities are related to intelligence/cyberwar/cyberterror (usually, stealing credit cards for porn sites).

My point is this. Our government has created a single story of “nation state hacking”. When that’s the only analogy that’s available, all the evidence seems to point in that direction. But hacking is more complex than that. In this post, I present a different analogy, one that better accounts for all the evidence, but one in which North Korea is no longer the perpetrator.  (19 December 2014)

(f)  From the Tom’s Guide article:

“There’s no evidence pointing to North Korea, not even the barest of hints,” Robert Graham, CEO of Atlanta-based Errata Security, told Tom’s Guide. “Some bit of code was compiled in Korea — but that’s South Korean (banned in North Korea, [which] uses Chinese settings). Sure, they used threats to cancel The Interview — but after the FBI said they might.”

(g)  Update: Comment by Marcus Ranum, cyber-security expert (bio here) and on the FM website’s team of authors.

The movie angle only cropped up 3 days into the attack, at which point the attackers latched onto it like a bunch of gamergaters who’d found another excuse for misogyny. Prior to the movie angle, there was no North Korea evidence, then it starts popping up.

The malware used is not specifically North Korean. It’s run of the mill stuff using techniques that were notoriously used in the ‘shamoon’ attack against Saudi Aramco (does that make it Israeli?). The “common elements” the FBI boneheads are talking about is the disk wipe module, which is the most popular scriptable disk wipe; I’ve used it myself. Please, nobody point the finger at me for this attack in spite of the “common elements”

This bears all the hallmarks of a bunch of sociopathic American hackers; more like something from the former “anti-sec” crew than anything state-sponsored. I’m guessing the FBI doesn’t want to talk about those “common elements” because anti-sec was being run by the FBI when they attacked Brazilian police and oil exploration assets.

If we ever find out who’s behind it, my money is on some badly adjusted American nihilists in the 20-30 year old unemployed trouble-maker or “security consultant” demographic. These attacks are not sophisticated; what makes them so bad is that they got a very deep foothold in Sony before they started causing trouble, and Sony’s infrastructure was deeply compromised. Most American companies, attacked in a focused manner, would fall just like Sony has.

Marcus sent me a follow-up note:

The attacks almost certainly (in my mind) are the work of some American sociopaths, probably guys pretty much like the antisec crew (which was led by an FBI informant). The tools in use are irrelevant; it would be like saying “the attacker used a gun, which points at Germany because it was an H&K” or “the attacker used a gun, which point to the US because Americans are gun nuts”.

The Korean in the malware comments appears to have been planted there as a deliberate red herring; it’s google translate quality. It would be like saying that”это фигня” shows I’m a KGB agent.

(h) Others experts have expressed skepticism, but with no details. Such Brett Thomas (CTO of internet services provider Vindicia; his bio):

. Another cautionary note, by Sean Sullivan (security advisor to Finnish internet security firm F-Secure):

Update: Robert M. Lee (Co-Founder at Dragos Security LLC , First Lieutenant USAF – cyberspace Operations Officer; bio here):

(4) Remember this before you believe .

The aide {Karl Rove} said that guys like me were ”in what we call the reality-based community,” which he defined as people who ”believe that solutions emerge from your judicious study of discernible reality.” I nodded and murmured something about enlightenment principles and empiricism.

He cut me off. ”That’s not the way the world really works anymore,” he continued. ”We’re an empire now, and when we act, we create our own reality. And while you’re studying that reality — judiciously, as you will — we’ll act again, creating other new realities, which you can study too, and that’s how things will sort out. We’re history’s actors . . . and you, all of you, will be left to just study what we do.”

— Karl Rove, as quoted in “Faith, Certainty and the Presidency of George W. Bush” by Ron Suskind, New York Times Magazine, 17 October 2004

(5) Some in the major news media see the story

Some journalists mix a few skeptical notes to the song played by the government and their journalist supporters. New articles after December 23 appear at this post.

  1. Sony Hackers Snooped for Months, Then Planted 10-Minute Time Bomb“, Bloomberg, 18 December 2014 — Focuses on the largest fact inconsistent with the FBI’s story.
  2. Think North Korea hacked Sony? Think about this“, PC World, 18 December 2014.
  3. What is FBI evidence for North Korea hack attack?“, BBC, 19 December 2014 — They agree with a point Marc Rogers makes above (3.a.7): “{T}he attack being attributed to a nation state rather than an independent hacking group is the one glimmer of good news for Sony.” They quote him: “If it is a nation state people shrug their shoulders and say that they couldn’t have stopped it. It lets a lot of people off the hook.”
  4. Security experts: FBI report light on evidence linking North Korea to Sony hack“, Christian Science Monitor, 19 December 2014 — “The FBI statement that linked the Sony hack to North Korea relied on previously released and inconclusive evidence, said many cybersecurity insiders.”
  5. These experts still don’t buy the FBI claim that North Korea hacked Sony“, Los Angeles Times, 21 December 2014.
  6. Did North Korea Really Attack Sony?“, Bruce Schneier (CTO, security firm CO3), The Atlantic,  22 December 2014 — “It’s too early to take the U.S. government at its word”. The reasoning at the end by Allan Friedman (GW U’s Cyber Security Research Institute) makes zero sense (accusing the wrong party does not “serve as a warning to others that they will get caught if they try something like this.”)
  7. Was North Korea behind the Sony hack? Not all experts agree.“, Christian Science Monitor, 22 December 2014 —  “Some cyber specialists aren’t convinced that North Korea was the culprit. One critic calls the the FBI’s evidence ‘weak’ and ‘at best, speculation.’ Others back the FBI claims.” Pro-FBI article pretending to be skeptical.
  8. These Cybersecurity Experts Still Don’t Think North Korea Hacked Sony“, Buzzfeed, 22 December 2014 — “BuzzFeed News talks to cybersleuths who remain unconvinced of the FBI’s assertion that North Korea was behind the hack.”

This isn’t from a major publication, but still interesting. Good analysis but the title doesn’t match the text: “The Moral of Sony? Stop Doing Attribution“,  The Security Ledger, 19 December 2014.

Here’s a fascinating dissection of an early New York Times story about the hack, by the pseudonymous “Jericho”: “Anatomy of a NYT Piece on the Sony Hack and Attribution“, 19 December 2014. It shows the skill journalists use to create the shiny narratives that package information for us.

(6)  For More Information

(a)  Other posts in this series:

  1. Another day, another campaign of fearmongering in America: North Korea’s cyberattack on Sony., 18 December 2014
  2. The FBI told their story about North Korea attacking Sony. Before we retaliate, read what they didn’t tell you., 20 December 2014
  3. Why do we believe, when the government lies to us so often? When we change, the government also will change., 22 December 2014
  4. See how the news shapes our beliefs about the North Korea hack, 23 December 2014
  5. Marcus Ranum explains a major challenge of cyberwar: About Attribution (identifying your attacker).

(b)  All posts about cyberwar, cybercrime, and cyberterrorism.

(c)  Posts about propaganda and information operations run against us. Never forget or forgive, just learn from this history.

  1. Successful propaganda as a characteristic of 21st century America, 1 February 2010
  2. A note about practical propaganda, 22 March 2010
  3. Our leaders have made a discovery of the sort that changes the destiny of nations, 15 September 2010
  4. The easy way to rule: leading a weak people by feeding them disinformation, 13 April 2011
  5. Our minds are addled, the result of skillful and expensive propaganda, 28 December 2011
  6. Understanding our political system: the how-to guide by its builders, 7 October 2012
  7. We can see our true selves in the propaganda used against us, 14 May 2013
  8. A nation lit only by propaganda, 3 June 2013
  9. The secret, simple tool that persuades Americans. That molds our opinions., 24 July 2013
  10. We live in an age of ignorance, but can decide to fix this – today, 15 April 2014