Welcome Guest [Log In] [Register]
Welcome to Toegoff. We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
The Sony Hacks; Was it Really Done by North Korea?
Topic Started: Dec 18 2014, 02:04 PM (237 Views)
Toegoff
Member Avatar
Administrator

Hey folks!
For those unaware on the Sony Hacks, you can read a play by play here:
https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/

It's BAD...as in anyone in there security staff should be fired on the spot for their ignorance or apathy kind of bad....and that's not just blowing it out of proportion. It's bad.

A group identified as the GOP (Guardians of Peace) has hacked Sony revealing TONS of personal plain text emails, accounts, passwords, salaries, social security numbers, movies, etc...yes it's horribly bad.
The group also used SONY'S OWN SERVERS to distribute the information...any network analyst who doesn't notice a spike in terabytes leaving their network should be fired without question.

As a result of theaters refusing to show The Interview (a movie that parodies Kim Jung Un including killing him) combined with this massive attack, Sony has decided to pull the movies from showing at theaters and even pull it from digital download.

The true question...was it North Korea that actually attacked Sony? I think there is a WHOLE OTHER debate regarding Sony pulling the movie and caving to 'terrorist demands' so to speak. That's for another thread. The real question, was this done by North Korea? There are a few major red flags that stuck out to me. Let's say that this was North Korea that hacked Sony with the primary goal of getting "The Interview" pulled.

Too Much Information Released -
If you want someone to cave to your demands, this seems like a LOT of info released. You can prove your attack by publicly releasing some information while privately sending Sony some of the other parts you have, and even still make threats that you have even more. When you release THIS MUCH INFO in such a short period of time (about a month) you run the risk of playing your hand early. Sony could likely come back and say, "Fuck it. You've already destroyed as horribly. What more can you do?" -- I'm not sure what's worse than private emails bashing the presidents race, high level management salary information, contract negotiations, etc. If there is MORE to this hack that's a lot bigger than this, then DAMN.

This Looks Like Insider Work -
Despite what 'the movies' want to show you, most hacking isn't some guy in a dimly lit room wearing a ninja costume typing furiously at 500 words per minute. An attack of this scale says one of two things. "Sony's security is so incredibly bad it is beyond reason" or "Sony's security is really bad, and an insider (be them fired or not) got all this information." What do I mean in this? Once your inside a companies private network, things become MUCH easier. It's getting through that first layer that can be the real challenge. Now a good company sets up multiple levels of security. For an example, when I started working at Penn Stainless, we had a 'file server'...very very common for many companies. There was, however, NO security or authentication on it. Now, does the average user know how to get where they shouldn't? Absolutely not. They see their home drive located at \\Server1\users\JDoe and that's as far as they get. However...if they simply typed in \\Server1\ all those files and folders open up to them. My first couple months here was spent getting REALLY important information (Financials, benefits, etc) onto a completely different server, and locking down both of these servers with folder permissions. Getting IN to that server is tough, but I also noticed upon coming to Penn Stainless that some employee accounts that were terminated WERE STILL ACTIVE. These things slip through the cracks...and when they do, bad things happen. Because of that, I find it far more likely that someone already had inside access to Sony rather than 'broke' their way in. Knowing the network and server layout ... even to a minimal level is a HUGE advantage.

North Korea Blame = Less Investigation -
Part of the problem with international hacking is that it's so god damn difficult to track and prosecute. If you want to get the FBI off your back, staging it as an 'international crime' ...especially one in North Korea where you KNOW their leadership won't work with America, is a pretty good start. No doubt this will still be investigated heavily, but hacking is not something that's super easy to track...intelligent hacking that is. Yes every device connected to the internet needs an IP address and MAC address, but those things can be so easily spoofed (or faked). You are almost forced to await someone to make a mistake (someone that is elite anyway).

How the Hacks were Distributed -
Pastebin and BitTorrent. Doesn't this seem odd for North Korea to use to distribute? I mean, I guess you could research up ways to distribute this information, but Pastebin and BitTorrent just don't seem like things that would be used by North Korea. What would be used? I'm not sure. I haven't heard ANY word of a Chinese equivalent leaking this stuff first. To me, if you made an attack of this scale with the desire to pull "The Interview" you want the world to know it was North Korea. You want the world to know how superior you are. Wouldn't you use Chinese outlets for your leaked information? Sure that data will get onto American outlets quickly. No doubt about that. It's where they're 'first published' that causes me to scratch my head.

-----------------

Ultimately I have no idea. Imagine just how much these hacks would sell for. Sony competitors would pay a pretty penny for something like this. Hell you could even black mail Sony for this. This seems like a grudge or vengeance. Clearly if data is stored in plain text, Sony has HORRIBLE security protocols. I'm not arguing that. What I guess I am arguing is that it seems highly suspect that North Korea would actually be involved in this take down. Who knows though...maybe I'm totally wrong =\
 
Toegoff
Member Avatar
Administrator

I actually forgot one more piece of data -
http://imgur.com/qXNgFVz

This is how it all started. This appeared on EVERYONE'S computer at Sony.
Does this REALLY seem like North Korea? It's instinct I'll admit, but I don't see this as North Korea =\
 
Toegoff
Member Avatar
Administrator

Also interesting, apparently when you emailed the GOP at the beginning of this, you received the following automated email back (facebook link is dead)

This is what you get when you send an email to the GOP :p
I am the head of GOP.
I appreciate you for calling us. The data will soon get there. You can find what we do on the following link. https://www.facebook.com/pages/The-Guardians-Of-Peace/604245239697994
God bless us.
God's Apostles

God bless us? God's Apostles? Again, that just seems really weird to me. This looks more and more like it ISN'T North Korea
 
ACDCFan89
Member Avatar
Woof Woof Woofies!
Toegoff
Dec 18 2014, 02:16 PM
Also interesting, apparently when you emailed the GOP at the beginning of this, you received the following automated email back (facebook link is dead)

This is what you get when you send an email to the GOP :p
I am the head of GOP.
I appreciate you for calling us. The data will soon get there. You can find what we do on the following link. https://www.facebook.com/pages/The-Guardians-Of-Peace/604245239697994
God bless us.
God's Apostles

God bless us? God's Apostles? Again, that just seems really weird to me. This looks more and more like it ISN'T North Korea
Well, the leaders of North Korea are pretty much treated as gods, and if google translate is used for that, a translation like that could come about. So it's not out of the realm of possibility it was North Korea.
 
thewryness
Member Avatar
Chicka Bow!
North Korea's been the bad guy for the last couple of years so if someone needed an easy way out, they could use NK as a scapegoat. I can see Dear Leader being a little miffed about a movie where he's killed but this 'hack-and-slash' job does not seem like his style. As for the religious angle... that does not make sense either.
http://en.wikipedia.org/wiki/North_Korea%27s_cult_of_personality

Strangely, all this reference to religion makes me think of South Korea. Just my thoughts.
 
Unfie
Member Avatar
Big Sweaty Moose Bleepers
If I were Seth Rogen or James Franco right now I'd be pretty happy about this. Most people are like children. Tell them they can't have something and they'll want it even more. The movie is getting waaaay more exposure than it otherwise would have.
 
Toegoff
Member Avatar
Administrator

It's interesting that the FBI has officially blamed North Korea for this attack, which again, just sits wrong with me. I can think of a couple explanations -

1 - The FBI has a suspect in mind...and has pretended to 'take the bait' so to speak. The hackers pretended to be North Korea and so the FBI is saying, "Oh yep! It's North Korea Alright" to build a false sense of security.

2 - The FBI knows something WAY beyond what is being released. There may be pieces that answer some of the oddities or damning evidence that is 100% confirmation. Whatever it may be, they don't want to release it to the public for fear of jeopardizing the investigation further.

----------

Ultimately, I just don't see North Korea behind this...I guess we'll see what develops.
 
ZetaBoards - Free Forum Hosting
Join the millions that use us for their forum communities. Create your own forum today.
Learn More · Register Now
« Previous Topic · General Forum · Next Topic »