North Korea and Sony
- Thread starter TPOKE
- Start date
The conspiracy theorist in me still holds out hope that this is true however is being embellished into one of the biggest trolls of all time. Think about it, Hollywood has always held to the premise that any publicity is good publicity. This low rent, piece o' crap movie has world wide attention, world wide fame and the delaying of it's opening may be Sony taking advantage of a great situation. Think about how many people would have gone and seen the opening of it prior to the N Korea threats, and now compare that to the opening once things settle down. I think it is a cash cow in the making. The cyber stuff is one thing, the threats are bogus. Roggan was threatened with his life a year ago wasn't he once NK learned of the filming (or did Sony make this up?). I don't think he has felt like his life was ever in trouble.
Also, I love the Alamo Drafthouse thumbing their nose to NK by putting out the cult classic Team America (oops, Paramount, just pulled the plug on this idea).
This is 'Merica, show the dam films.
Also, I love the Alamo Drafthouse thumbing their nose to NK by putting out the cult classic Team America (oops, Paramount, just pulled the plug on this idea).
This is 'Merica, show the dam films.
Not a troll. I might have believed that had they not pulled the film from release. Rogan and Franco are huge names and the movie would have done well had they released it. Sony lost a lot of money by pulling it. They won't be able to recoup the lost money by releasing it on Blue Ray/On Demand.
I think they were concerned about the possibility of violence at a theater like we saw a couple years ago. The threat potentially affected every other movie in theaters at present, so no theater chain wanted a part of it either. This isn't Sony acting in a vacuum.
I'd be willing to bet the hackers responsible had basically nothing to do with North Korea. Sony is apparently now convinced the whole thing was an inside job, and given what's been released, I believe it.
I'd be willing to bet the hackers responsible had basically nothing to do with North Korea. Sony is apparently now convinced the whole thing was an inside job, and given what's been released, I believe it.
Unless something changed in the last few hours, the US government has now established that this was all perpetrated by the North K government, and is now deciding on a course of action.
I don't think that they would have done anything at a movie theater, but I think you have to worry that some mentally unstable individual who already lives in the US, would look at this as an opportunity to do something terroristic and think that he could get away with it because everyone would assume it was the North Koreans.
You're right, I hadn't seen the latest news that anyone had determined it really was North Korea who perpetrated the hack. When I was reading about it yesterday, Sony was convinced it was an inside job and was concerned about violence at movie theaters and the impact that would have across all movies.
I'm almost not sure how to think about it now. In a weird way, the fact that North Korea did this almost makes me less concerned about them. If this is the kind of stuff they're worried about, it makes them seem smaller.
I'm almost not sure how to think about it now. In a weird way, the fact that North Korea did this almost makes me less concerned about them. If this is the kind of stuff they're worried about, it makes them seem smaller.
Everyone really needs to change the way they think about cyber security; it's not IF you get 'hacked' it's when. What is going to make CIO's keep their job is preventing data from leaving your network. This doesn't mean companies should abandon their firewalls, but they need products like Net Witness, Fireeye and Bit9 that prevents the theft of data.
I was at a cyber security conference and they had a speaker there that pretty much does incident response, and there have been plenty of companies that have gone out of business because of the theft of their R&D.
Funny story, at the same conference a former White House cyber security adviser said that in a rare meeting between Obama and China's president, Obama told him that they need to stop sponsoring 'hackers' to steal IP. The Chinese present response was pretty much "prove it", a few weeks later information leaked that a recent hack was traced to a known Chinese sponsored hacker. The hacker was arrested and we have no idea what happened to him, probably just moved and still working for the government, but the message was sent by the Obama admin that they know and have proof about what China is doing.
The same speaker talked about other top countries that are good at cyber warfare, US and Russia were 1a and 1b, followed by a few Euro countries, Brazil, Israel, and Iran (among others). He said in the 3rd tier group was North Korea, so while I hear people say that NK couldn't pull this off, I kind of shake my head at them if I am going by what this former White House adviser said.
Being involved in cyber security at work has really opened my eyes to all these recent 'hacks'. And I keep putting hack in quotes because in my opinion they're not hacking in the old school way. They're using social engineering to get people to give them their un/pw, or using malware to capture un/pw's then using VPN's to connect and gain access.
I can talk all day about this crap, but I'll stop rambling.
I was at a cyber security conference and they had a speaker there that pretty much does incident response, and there have been plenty of companies that have gone out of business because of the theft of their R&D.
Funny story, at the same conference a former White House cyber security adviser said that in a rare meeting between Obama and China's president, Obama told him that they need to stop sponsoring 'hackers' to steal IP. The Chinese present response was pretty much "prove it", a few weeks later information leaked that a recent hack was traced to a known Chinese sponsored hacker. The hacker was arrested and we have no idea what happened to him, probably just moved and still working for the government, but the message was sent by the Obama admin that they know and have proof about what China is doing.
The same speaker talked about other top countries that are good at cyber warfare, US and Russia were 1a and 1b, followed by a few Euro countries, Brazil, Israel, and Iran (among others). He said in the 3rd tier group was North Korea, so while I hear people say that NK couldn't pull this off, I kind of shake my head at them if I am going by what this former White House adviser said.
Being involved in cyber security at work has really opened my eyes to all these recent 'hacks'. And I keep putting hack in quotes because in my opinion they're not hacking in the old school way. They're using social engineering to get people to give them their un/pw, or using malware to capture un/pw's then using VPN's to connect and gain access.
I can talk all day about this crap, but I'll stop rambling.
OSUIvan,
I remember reading about 4-5 yrs ago that someone, as an experiment and to prove a point, went to a major company and dropped "contaminated" thumb drives all around their parking lots. They in turn were able to show that a significant percentage of them got plugged into the computers inside the company, which if they had been programmed with a more pernicious program could have been used to corrupt the company's system. As humans, the curiosity of the people who found them overwhelmed their common sense not to plug them into their companies computer network.
I am amazed sometimes about how much info people put out on their facebook and other social media outlets. It's like some people have no sense of privacy or think it can never lead to anything bad happening to them.
I remember reading about 4-5 yrs ago that someone, as an experiment and to prove a point, went to a major company and dropped "contaminated" thumb drives all around their parking lots. They in turn were able to show that a significant percentage of them got plugged into the computers inside the company, which if they had been programmed with a more pernicious program could have been used to corrupt the company's system. As humans, the curiosity of the people who found them overwhelmed their common sense not to plug them into their companies computer network.
I am amazed sometimes about how much info people put out on their facebook and other social media outlets. It's like some people have no sense of privacy or think it can never lead to anything bad happening to them.
That's what a unnamed group did in Iraq (he wouldn't tell us who did it), they left thumb drives every where and US troops plugged them into their computers, some on the secure network.
The Saudi oil company who had all their PC's crashed, the community strongly thinks it was Iran who was able to get an employee to take a thumb drive and plug it into a pc on their network, that thumb drive installed malware on the PC that got them access to the network and brought down all their computers.
To go back to a story that I heard at my conference, a drug company was hacked, the 3rd party response team went in, cleaned it up told them what to do to fix it. They did everything but had not yet implemented 2 factor log in's, the hackers had the email addresses of everyone and emailed a PDF to some of their scientists asking them to fill out the form about the incident which installed malware and the got the rest of the R&D they needed to sell it to a company in China who beat them to the market and they went out of business. The email came in so soon that they didn't have time to put their 2 factor log in on their VPN, and they were able to get in.
The Target and Home Depot hackers got access through contractors, not because of an employee. So now you have to worry about what your contractors and customers have access to because you have no idea what their security is like.
It's a freaking crazy world right now, and I think what happened to Sony shows us that the next big war is going to happen in cyber space. and do not be surprised if american ISPs have to shut down the internet because of a major attack in the future. That would kill our economy. It's scary to think about it.
I found the original story: 60% of thumbdrives got plugged in and if they had official govt logos on it, they got plugged in at a 90% rate. Scarier? The test was conducted at the Dept of Homeland Security the one place you would think that workers would be on high alert for such skullduggery.
Too Stupid for Words
Too Stupid for Words
What I don't get is why the US of A isn't employing their own hackers like these other countries to hack China, Iran and Russia. I mean the US isn't a Christian nation anymore so I don't get why we won't retaliate. I would think we could cripple a country like N Korea.
I think that I was most surprised to hear that our country had given their country a computer. Time to make them give it back.
You think we aren't Vito? Snowdens leaks weren't just about spying on Americans.
Posted from Rivals Mobile
Posted from Rivals Mobile
I just heard from a lady with pink hair and pink glasses on the Rachel marrow show that sony's network security was pretty neglected and ripe for the picking. I didn't agree with her that it wasn't a national security issue. Making threats specifically to the 9-11 scale should get you some severe punishment. Either publicly or covertly I don't care.
I can't help but be amused by it too. I'm glad I not the only one. For fifty years our government has played the North Korea scare card that they are going to lunch a nuclear attack at any moment every though they can't build a basic power grid. Now we find out the one thing they can do is hack email and the government is trying to sell us leaking that Adam Standler is an *** is a national security issue.
As a cyber-security analyst for a major corporation, I am very concerned about this Sony deal. But probably not for the reason you think.
My concern is with the US government. They are going to be pressed to take action. Unfortunately it is almost always wrong. What they'll do is pass some national cyber-security standard that will be even more intrusion into how we do business. This will be the way they start telling us how we must build out networks. Guess what? Uniformity will be a killer. It won't work because the technology changes too quickly and the government isn't quick enough to keep up.
Also, just a guess here, but they'll also have some 'preferred vendors' list and they'll almost assuredly be Democrat friendly. We'll see.
What the US government should do is be an offensive cyber arm for us since we can't actively go after the bad guys. So far they've been pretty good about a few things in this regard. They just need to be a bit more aggressive.
My concern is with the US government. They are going to be pressed to take action. Unfortunately it is almost always wrong. What they'll do is pass some national cyber-security standard that will be even more intrusion into how we do business. This will be the way they start telling us how we must build out networks. Guess what? Uniformity will be a killer. It won't work because the technology changes too quickly and the government isn't quick enough to keep up.
Also, just a guess here, but they'll also have some 'preferred vendors' list and they'll almost assuredly be Democrat friendly. We'll see.
What the US government should do is be an offensive cyber arm for us since we can't actively go after the bad guys. So far they've been pretty good about a few things in this regard. They just need to be a bit more aggressive.
This part of your post seems very unlikely. By the time anything like that could get underway, we will most likely have a Republican president and a Republican majority in congress.
Haven't they decided now that the system wasn't hacked, they just stole someone's password to get into Sony? Kim's hackers, or whoever, may not be the genius hackers we first thought.
JV, killing a foreign head of state is against the law, I think. That's not to say we've never done it or at least tried. Leaders of ISIS or Al-Queda are fair game because they are heads of terrorist organizations, not heads of state. I'm with you though, Kim's family is the poster child for Little Man Disease and needs to be "taken out." (Cue James Franco: "Wuuuuuut??"
I heard a guy say today that our retaliation would likely be something non-technological because we don't want to get into a cyber pissing contest with Kim. We could hack into each others' power grids and shut down electricity but the US would suffer the most from that kind of attack. He said Kim can't keep the electricity on anywhere for 24 hours straight on a good day without interference.
I did hear the little troll's minions were having trouble with "connectivity" Monday, however. I'm sure we're maintaining plausible deniability.
JV, killing a foreign head of state is against the law, I think. That's not to say we've never done it or at least tried. Leaders of ISIS or Al-Queda are fair game because they are heads of terrorist organizations, not heads of state. I'm with you though, Kim's family is the poster child for Little Man Disease and needs to be "taken out." (Cue James Franco: "Wuuuuuut??"
I heard a guy say today that our retaliation would likely be something non-technological because we don't want to get into a cyber pissing contest with Kim. We could hack into each others' power grids and shut down electricity but the US would suffer the most from that kind of attack. He said Kim can't keep the electricity on anywhere for 24 hours straight on a good day without interference.
I did hear the little troll's minions were having trouble with "connectivity" Monday, however. I'm sure we're maintaining plausible deniability.
I'm not convinced that North Korea is involved. I agree with Anonymous. Most likely it is an inside job.
If it was an inside job then what did they gain? I would just think someone who would risk this would have some possibility of profiting off the hack. I just don't see how they have profited off the hack. I guess there is always that possibility that a disgruntled employee wanted revenge.
Also with how I have heard the hack happened I would think N Korea is fully capable of accomplishing the task.
Aggiesboy, If they deem N Korea a terrorist state could they legally take him out then? I understand China would throw a fit if we took him out also.
Also with how I have heard the hack happened I would think N Korea is fully capable of accomplishing the task.
Aggiesboy, If they deem N Korea a terrorist state could they legally take him out then? I understand China would throw a fit if we took him out also.
You simply can't exfiltrate that much data from the outside. It is almost a pedabyte of data. You know how long it would take to copy that amount of data across a wire? Months.
Posted from Rivals Mobile
Posted from Rivals Mobile
That's good info, dchi. I didn't know you were working that area now. Is peda- the next gazillion after giga- ? I hadn't heard the term.
Jonny, I don't think naming NK a "state which sponsors terrorism" would change his status as a head of state. We can't take out the leader of Iran or Syria either.
Jonny, I don't think naming NK a "state which sponsors terrorism" would change his status as a head of state. We can't take out the leader of Iran or Syria either.
Norse Data agrees with you, dchi. One of their honchos says Sony was not hacked from the outside, "it was nuked from the inside."
Their unauthorized investigation actually pointed to a woman who left Sony in May after working there 10 years. Said the hacking programs used were used by NK but also used by other hackers around the world.
It's beginning to look like one of those stories where many would say, "if Hollywood wrote this script, no one would believe it," JV.
Their unauthorized investigation actually pointed to a woman who left Sony in May after working there 10 years. Said the hacking programs used were used by NK but also used by other hackers around the world.
It's beginning to look like one of those stories where many would say, "if Hollywood wrote this script, no one would believe it," JV.
I do get some inside info from my position. What is really confusing is the WH and FBI pointing to NK. And yes, everyone in the business knows you can buy that specific malware if you know where to go. It was written by NK, and it has a call home option. My guess is the person who used it isn't a hacker in the traditional sense of having the ability to bypass security. More like they were a trusted insider who installed the software from the inside. Exfiltrated the data. Then, gave command and control to some outside group to start reeking havoc on the network.
However, it isn't without skill. Sony has tried to rebuild their network and already lost containment again. Which is impressive.
But the actual installing of the 'hack' i think is going to be very unsophisticated when all is said and done.
However, it isn't without skill. Sony has tried to rebuild their network and already lost containment again. Which is impressive.
But the actual installing of the 'hack' i think is going to be very unsophisticated when all is said and done.
They only have something like 1000 internet IP addresses. I have a feeling that most major corporations could withstand a DDoS attack better than NK.
If it is closer to 100 then it is much more possible. (I'd heard 800 terabytes.)
100 Tb over a 350 mbps connection would take around 750 hours of transfer time. That's of course if they did it all in one transfer. To be stealthy, you'd want to break it up and transfer it during times it would go unnoticed. That would still take months to exfiltrate that amount of data over a wan connection. Possible I guess considering we don't know exactly when the infestation started.
At 800 Tb, it would have taken closer to a full year. That wasn't going unnoticed.