Sony Hack, An Inside Job – North Korea, A Scapegoat

North Korea continues to make no secret of its immense delight in the hack attack on Sony Pictures Entertainment, the studio behind The Interview, a film that lampoons the world’s youngest head of state, Kim Jong Un. Meanwhile, the U.S. Federal Bureau of Investigation struggles to whisper into any gullible ears tales of a North Korean connection.

The regime’s public relations arm boasted that a blow had been struck against the “ill-famed cesspool of injustice,” (i.e. America), and added that North Korea “highly esteems the righteous action taken by the “Guardians of Peace,” as the hackers styled themselves, though North Korea is not aware of their residence.”

Results of a series of analyses at the Volta Times reveal that the FBI may have been wrong, at the least, when they identified North Korea as the entity responsible for the recent hack of Sony.

According to cyber security experts, there seems to be unanimous conclusion from a plethora of evidence collected from the trail of the hacking, to suggest the ferocious cyber-attack was most probably an inside job.

The Guardians of Peace used malicious software that destroyed some of Sony’s systems, which enabled them to retrieve and subsequently publish reams of sensitive data, ranging from employees’ Social Security numbers and executives’ paychecks–which bore a racially-biased tint–to producers’ intemperate and risible e-mails.

In one leaked e-mail, a Sony employee called Oscar-winning actress Angelina Jolie “a minimally talented spoiled brat”. Another set of emails between several Sony executives made fun of United States President Barack Obama himself, asserting that the Black president – whose father hailed from the African State of Kenya, and who identifies as an African American – would only fund or produce Slave-themed films. Surely no Sony employee would utter those words in Obama’s presence.

Along with these shameful revelations, the hackers also threatened violence against cinema chains that screened the film, which is about two reality TV figures landing an interview North Korean leader, Kim Jong Un, only to be recruited by the CIA to assassinate him. The spoof contains a scene during which the youthful North Korean president’s head explodes. (Our publication refrains from displaying such malice.)

America’s cyber-gumshoes quickly accused Pyongyang, the North Korean seat of government, of masterminding the assault—a charge Mr. Kim’s courtiers have denied. The FBI alleged that some lines of code the hackers employed are similar to ones used by North Korean hackers in the past. The U.S. Bureau also noted that internet addresses “associated with known North Korean infrastructure” were used in the attack.

However, experts in cybernetics say savvy hackers from elsewhere could have easily orchestrated the scenario to trick investigators into blaming North Korea. “It’s not difficult to send someone down the wrong path,” says Howard Schmidt, a former Obama administration official who advises companies on cyber-security. Code from previous hacks sometimes leaks online, allowing people to copy it. And cyber-criminals typically use internet addresses associated with other hackers to try to throw sleuths off their scent.

On December 30, 2014, the New York Post reported that American cyber security firms have found concrete evidence pointing to a former Sony worker who may have helped in the Sony attack, and that the hack was definitely not the brainchild of North Korean cyber terrorists.

The paper noted in an online edition:

One leading cybersecurity firm, Norse Corp., said [Dec. 29] it has narrowed its list of suspects to a group of six people — including at least one Sony veteran with the necessary technical background to carry out the attack, according to reports.

The New York Post’s assertions directly contradict the claims expressed by the nation’s top federal law enforcement agency, which blamed the cyber-attack on North Korea just within days of the hack making headlines.

Furthermore, top security researchers have pointed to more reasons why the North Korean regime may be innocent.

In their initial e-mail to Sony, the hackers asked for money but did not mention The Interview; they only latched onto the film after journalists broached the notion of a possible link between the hack and the satire.

Marc Rogers of CloudFlare, a web-security firm, writes that the attackers possessed a deep knowledge of Sony’s systems and their e-mails appeared to be written by an English-speaker deliberately pretending to be bad at writing the language. He concludes that a disgruntled current or former Sony employee could be behind the attack.

 FBI is holding firm to its conclusions

But the FBI still claims it has additional information from “sensitive sources and methods” that points to North Korean involvement. Nonetheless, in the absence of more detail, it remains difficult to draw any firm conclusions.

U.S. officials were undoubtedly under pressure to find someone to blame, quickly.

The FBI’s announcement had direct financial implications at Sony Pictures. The studio then decided to delay a planned Christmas Day release of the film in question.

Deciding how to respond to North Korea’s alleged involvement continues to pose a strategic challenge for the US. Mr. Obama has publicly promised a proportional response to what he has referred to as an act of “cyber-vandalism.” Not “cyber-terrorism” as some Washington pundits had earlier coined the attack.

Recent events in North Korea suggest it is hardly a coincidence that North Korea’s internet has suffered outages, including one that occurred soon after a North Korean spokesman accused Mr. Obama of being “reckless in words and deeds like a monkey in a tropical forest.”

That comment was unabashedly racist, and perhaps Pyongyang deserves the backlash!

However, American attacks on North Korea’s internet could provoke reprisals. America’s heavy reliance on the internet means it is especially vulnerable to online attacks.

According to the New York Times, America has asked China, which is a conduit for much of North Korea’s internet traffic, to rein in Mr. Kim’s alleged hackers. Such diplomacy is worth a try, but America’s cause will be hampered by its decision in May 2014 to indict several Chinese soldiers in absentia for their alleged involvement in hacking the systems of American private companies.

Observers question the early logic of the FBI’s claims, which now seem more like quick judgments made in haste, perhaps to create a distraction or to impose additional sanctions on North Korea. As evidence gathers, the claims are crumbling apart.

Senior vice president at cybersecurity firm Norse Corp., Kurt Stammberger used Sony’s leaked human-resources documents to cross-reference information with communications on hacker chat rooms and on the firm’s own network of web sensors. His analyses supported the claim that North Korea was not responsible for the hack.

“When the FBI made this announcement, just a few days after the attack was made public, it raised eyebrows in the community because it’s hard to do that kind of an attribution that quickly — it’s almost unheard of,” Stammberger told Bloomberg News. “All the leads that we followed which had a Korean connection turned out to be dead ends.”

Politico Pro also reported that FBI agents who were involved in the investigations were briefed copiously by Norse.

Mr. Stammberger informed the press that after meetings with the agency, the FBI would avail themselves to the new findings. “They are very open and grateful for our data and assistance,” he said. But he wondered if they would share any of the data and findings from his cybersecurity firm with the public.

Strong evidence of an inside job

Peradventure, the FBI and the U.S. government were thrown off, we can now confirm, by the look of the virus at the center of the Sony hack. The virus was, in no doubt coded in a Korean coding language environment.

The New York Post added that the malware virus was similar to one that was used in targeting South Korean banks and media companies in 2013. However, as Bloomberg News reported, that piece of information was not enough to infer a North Korean connection, according to Trend Micro, a software development firm. The malware in question is available on the black market and can be used without a great amount of technical know-how.

“A lot of malware is kind of like a Roomba – it shuffles around the computer network, bumps into furniture and goes in spirals and looks for things kind of randomly,” Stammberger told Bloomberg.

 He reiterated:

“This was much more like a cruise missile. This malware had specific server addresses, user IDs, passwords and credentials, it had certificates. This stuff was incredibly targeted. That is a very strong signal that an insider was involved.”