I am surprised that the article doesn't end here. Other press reports have highlighted that there is classified evidence that has not been disclosed, and it seems odd to me that Schneier would play this aspect down in a story involving cyberattacks, North Korea, the FBI and the US intelligence community.
They will claim this to get out of some clerical error. They will claim this for anything. It's unverifiable, it's unbelievable, it's a wonder any publication with some journalistic integrity left would read anything into it.
Here is attorney general Holder invoking state secrets to cover up what was eventually revealed as a lowly FBI clerk checking the wrong box:
http://www.wired.com/images_blogs/threatlevel/2014/02/holder...
This wasn't even an important case! Think what these people will do when the stakes are higher.
It's your choice whether to take these guys at their word in any particular instance. But some of us don't take their word alone as evidence for much, unless it's backed up by evidence which stands up to independent review.
NSA lies to senate about surveillance on U.S. citizens living inside the country: http://www.politifact.com/truth-o-meter/article/2014/mar/11/...
CIA lies about torture and it's effectiveness: http://www.nytimes.com/2014/12/10/opinion/the-senate-report-...
FBI lies to U.S. courts about surveillance records: https://www.eff.org/deeplinks/2011/05/fbi-chastised-court-ly...
If anything should be learned from the Iraq debacle, it's that.
Why would you blindly "just trust them" when there's enough history to show that skepticism is a much healthier attitude.
But they really, honestly had reason to believe that Iraq had WMDs (yes there were doubters and skeptics, and of course they get the bulk of the attention after the fact, but many actually believed it).
Aside from defectors and people trying to lie their way to something, add that Saddam himself wanted the world (particularly Iran) to think that the Iraq government had WMDs. Iraq believed that having WMDs was a good defense (a good example since then is North Korea), so they tried to play the middle ground where they could seem to have WMDs hidden away, and could act as if they had that ace in the hole, but they would play along with UN inspectors just enough to try to avoid an attack, adding just enough mystery to the whole thing that there were open doubts. Intelligence is tough when the person you're trying to prove is doing something is also trying to convince you that they're doing something.
The game of chicken didn't turn out well. But the recurring narrative that innocent Iraq was all along say no no no look where you want and the US invented the situation is historical revisionism.
Moreover, basically what he's saying is there is more than one possible probable actor whereas the FBI discounted the rest. It's not that insightful.
Schneier is a pretty smart guy, but like everyone else has biases (I mean, tendencies). Not saying he's wrong here as I, as most everyone, have no first or second hand knowledge about this incident. Just saying that just because it's Schneier does not give him any more credibility in this than anyone else, unless he knows something about this incident most people don't know.
When someone talks about security, and links to Schneier, I give their argumet more credit. If they link to GRC I give them less credit, and sometimes I dismess their comment.
I realise this is a bad thing. Gibson is going to be right occasionally and Schneier is going to be wrong sometimes.
But is this a generally sound policy? Find the experts and "not-experts" and decide how much time to spend investigating what they say accordingly; or should I be evaluatin arguments equally regardless who makes the arguemtn (with exceptions for obvious trolls and wingnuts)?
Also, as far as I know the codes didn't contain any Korean. Instead, what they found was that it seems to have used Korean text encoding, like EUC-KR. People have pointed out that this is a South Korean encoding, but North Koreans also use it since you hardly find any software that supports the official North Korean encoding. Again, if someone uses a British English locale, that isn't proof that it can't be an American. When it comes to text encoding and locale, you usually use whatever is available that lets you type in your own language.
More importantly, Italians will continue to write and be taught in Standard Italian, which was developed based on the Tuscan dialect long before our artificial division of the peninsula. It won't be as if they would start from scratch and create new standard languages based on the Milanese dialect in the North and the Roman dialect in the South. Even independent countries such as Germany, Austria and Switzerland find it useful to use the same standard German as each other, even if it's not necessarily based on a dialect spoken wothin their borders. There will inevitably be differences in vocabulary and spelling, but the differences will be far less than if we imagined a naïve model where each country creates its own standard (which is what basically happened in Scandinavia).
Confusingly, Italians would call Piedmontese or Lombard a “dialetto” as much as they would call Turinese a “dialetto”. The word basically means a dialect or regional language, depending on the context. There is also a political element to it—the Italian government has suppressed the regional languages for years, and even now does not recognise them as languages, against academic opinion.
To be clear, Italians would also (generally) refer to Welsh as a “dialetto” of English, despite the fundamental difference of Welsh and English. (In fact they would usually also often refer to the U.K. as “inghilterra”.) The word “dialetto” as currently used in normal Italian speech simply does not correspond 100% with the English word “dialect”, much like the word “camello” doesn’t correspond to “camel”.
The regional languages generally are not mutually intelligible, although this depends on which dialects two speakers speak, and how “stretto” (strong) the dialect is (I don’t know what the academic term for this is). So for example Vercellese (from Vercelli) is linguistically close to Novarese (from Novara) even though Vercellese is classed as Piedmontese and Novarese is classed as Lombard (despite being a Piedmontese city). The distinction is ultimately arbitrary—there is a gradation of dialects from Piedmontese to Lombard. Vercellese for example has many grammatical elements of Lombard (e.g. it uses the Lombard lü (meaning “he” or “him”) instead of the Piedmontese chiela).
Also, an older or more rustic speaker is more likely to speak a “stretto” dialect, because they’ll use more words and expressions originally belonging to that dialect (or to the regional language). Over the years, the regional languages have absorbed many words from Italian, replacing the traditional words. Now, the same thing is happening to Italian with English words (e.g. the word “goal” replacing “rete”, or “babysitter” replacing “tata”, or “shopping” replacing “spesa”—the English word in each case sounds more modern or cool to Italian speakers).
The linguistic situation is basically the same as with Catalan and Spanish. Catalan is as much a “dialect” of Spanish as Piedmontese would be a “dialect” of Italian. In fact, you could just as rightfully say that Italian is a “dialect” of Piedmontese. The difference is political, not academic.
> Both his forum posts and his comments in the bitcoin source code used such Brit spellings as optimise and colour.[1]
This is a different hack, but I think they more reliably differentiated between North Korea and South Korea, due to the IP addresses? "Korea seeks U.S. help in reactor hacking probe" http://m.koreaherald.com/view.php?ud=20141222001202&ntn=0
Note that linguistic evidence doesn't come into this, just as one wouldn't usually be speculating about which English-speaking country a hacker was from simply based on the code.
What's interesting about North Korea is that they force Korean words on everything. For example, a word will spell the same in South Korea and can only be differentiated by context, intonation and use of chinese characters. Newspapers in South Korea is a good example of this as it almost requires a basic knowledge of traditional Chinese characters. North Korea seems to have none of it and has a political agenda to "purify" the language and it leads to lot of weird looking Korean words and leads to confusion.
Kaesong was also the capital a long ass time ago during the Koryo dynasty which was overthrown in a coup and Chosun dynasty was created by a general (we'll see the same thing in 1960s creating the modern ROK). The longest reigning and oppressive regime. North Koreans still refer to themselves as Chosun people and much of modern Korean identity lends from this era. The word Korea also comes from Koryo or Coree in French.
I'm just glad someone with credibility was able to come out and say it, I just hope (but doubt) that mainstream media will follow up on it and ask the right questions going forward.
But I also think his skepticism is spot on. This "explanation" is too conveniently tidy for me to find it all that believable.
N Korea has the motive, means, and track record for this kind of thing. And please let's all agree such hacking is not some impossible rocket science. Any group of young teens/hackers with enough time could've pulled it off. Especially such a relatively easy target as sony.
Oh by the way, N Korea did launch a mid range ballistic missile (albeit a crude one).
> It's possible, but that employee or ex-employee would have also had to possess the requisite hacking skills, which seems unlikely.
Considering the number of laid off techies, I think it is somewhat "more than unlikely".
I don't know where you got the second part.
> This is the work of independent North Korean nationals.
Mr. Schneier doesn't clearly understand people who lived in a totalitarian country. If this national lives in North Korean, there is no way he will dare such an attack without being instructed by the government. This level of freedom doesn't exist in his mind. And it doesn't make sense for a North Korean still holding the same ideology to live outside North Korea, he would either completely abandoned that or go back to North Korea.
> This is the work of hackers who had no idea that there was a North Korean connection to Sony until they read about it in the media.
This doesn't explain the Korean language used in the code. It might be a South Korean, but from my knowledge, it's very hard to imagine a South Korean risking going to the jail either fighting for North Korean or even find it fun. (Hint - South Korean people don't like the people from north who are pointing Thousands of cannons and missiles to them). As for why this is not the same encoding as North Korean dialect, I know people from mainland China use encoding of Traditional Chinese from Taiwan. It is very easy for me the imagine that North Korean government offices use such settings so that they can access resources from South Korea (much more abundant and still without language barrier.)
> It could have been an insider
This hacker has been hurting regular Sony employees. From my understanding, only people with mental problems will direct their hatred towards a company to random regular employees (his own ex-coworkers). People with mental problems don't usually possess the hacking skills demonstrated in this case.
> The initial attack was not a North Korean government operation, but was co-opted by the government.
It is hard to imagine a hacker targeting Sony with the plan to profit from selling the information to North Korean government and then intentionally leave some trace towards North Korea (the Korean language in code). This attack must have originated from North Korea, and that's the conclusion FBI is suggesting.
Depends on the mental problem. The category is far too broad to make a sweeping statement like that. Anything from being slightly narcissistic to being a paranoid schizophrenic can be considered a "mental problem" under one definition or another. Most of these do not involve any diminished technical skills.
In addition, I could cynically retort that anyone who orchestrated such a reckless and damaging attack as this isn't exactly the most mentally stable.
On the other hand, historically the view of Japan as the important enemy is more strongly associated with the North. Fighting the Japanese occupation was probably a more important part of Kim Il-sung's political life than socialism and much of the divide between North and South was based on collaboration with occupiers than on a love/hate relation with capitalism...most Koreans in both countries at the time their civil war was hot were agrarian peasants.
25% of Koreans in Japan align politically with the DPRK - http://en.wikipedia.org/wiki/Chongryon
The rawdisk driver linked into Wiper is a reusable, publicly-available one, which has been used for many purposes including legitimate ones, and was written by someone from South Korea. That was compiled with a Korean locale (as you'd expect).
The result is a bit like saying Duplex Secure wrote Alcohol 120% because it uses the SPTD drivers - an invalid conclusion.
It's not. Sometimes, for international relations, things are classified, never released until much later. Having been party to a minor agreement, at least knowing about it, before the general media, gives you a ton of insight into how the USA operates.
To me at least, I came to the, "Business," operating model. In other words, the economic engine takes priority and the agreements I know of that were signed pushed that particular agenda.
Dollars, literally, make the world go round. The US dollar is the world, "Reserve," currency. There's a very good reason for that, and a very good reason the Secret Service is in charge of the US money supply.
Then again, perhaps I'm as much as insider as the author of the blog post. Eg, out of the loop.
It seems like Sony is playing up the North Korea connection because it could only help them. They would lose more credibility (and potentially lawsuits [1]) if it's a 14yo hacker doing it for the lulz. State sponsored hacking is a Big Deal, and many would give leniency to Sony if that's a true story.
[1] http://abcnews.go.com/Entertainment/wireStory/sony-faces-4th...
North Korea was well aware of The Interview ahead of the hack. See this article from June: http://www.theguardian.com/film/2014/jul/10/north-korea-un-t...
I personally think this is a misinterpretation of what happened. Media began heavily speculating it was tied to The Interview about 1-2 days after the hack was initially reported, but the hackers waited until Dec. 15 before explicitly mentioning it. If they wanted to take advantage of the sensationalism, why continue releasing messages and threats that clearly acknowledge Sony and the media between Nov. 24 and Dec. 15 while not mentioning The Interview until the most likely motive essentially became obvious?
Second, I think the group name "Guardians of Peace" is a fairly obvious allusion to "guarding international peace by preventing Sony from releasing The Interview", and is in line with just about everything they've been saying. And of course they were using that group name on day 1.
I'm not saying North Korea necessarily did it, but I think the actors either intended to stop the movie from the beginning, or intentionally framed North Korea by using a pretext of trying to stop the movie. I don't think they're a group of hacktivists who only appropriated The Interview as a motive after media speculation.
There's nothing obvious to me at all in that name referring to the things we later learned. It's a really generically vague name, so it's easy to project onto it.
My thought is we'll probably never know for certain unless perps reveal themselves, so saying NK definitely did it would be jumping to conclusions.
The real story is: Best. Marketing. Ever. And an international incident, to boot! (Well played, Sony. Even Obama was part of the story.). Seriously, the canceling the release was the story-making move. And the subsequent nonrelease release monetizes the situation. Couldn't have planned it any better. ;)
Satire - making fun of any alternative explanation that obviously isn't true.
Maybe I should be more literal next time.
Merry Xmasmukah and new year!
Unless of course they got a bargain on a VPS somewhere else..
It's well known NK had been complaining about the movie for months. And I doubt NK started hacking only 2 weeks before scheduled opening day.
Somehow I doubt that any supposed North Korean hackers would have followed the tenets of free software and distributed the original source to Sony along with the malware.
"strings is mainly useful for determining the contents of non-text files."
In future, if some Hollywood studio makes a movie on Russia's Putin or on China and if hackers claiming from the injured country do similar cyber-attack on that studio and If USA retaliates and if Russia/china counter-retaliates and if this spills into physical world, then we can have nightmarish situations/tensions and may be full blown war. Worse, another country may do that sort of attack from some other country to hide its trail. Hope proper sense and calm minds prevail to prevent such nightmare. But such possibility exists in theory.
As solution, world needs an international, independent, competent panel/forum/group to investigate openly/transparently all cyber-attacks and find out culprits rather than doing mere guess work. Also, evidence of the crime need to be put in public domain to avoid conspiracy theories. This can be on the lines of international court of justice/United nations ...etc. Since parties involved are entities like Sony which are not connected to national defence directly, we need not fear national secrets leaking out ...etc i.e. it can be done without impacting the sovereignty of the nations involved.
Without such arrangement, stability and peace of the world will always be in question for any cyber attack on any major country such as USA/Europe/China/Russia ...etc.
TL,DR: Cyber-attacks on economic entities such as Sony or Google in the past involving several countries need to be investigated by international body rather than a single country and evidence of the crime need to be in public domain to avoid conspiracy theories.
I do agree its a good possibility the government has a lot more classified evidence it's not sharing with us, and we're trying to put together a puzzle with only half the pieces.
