Did North Korea Really Attack Sony?

I&#x27;m dismayed that this piece is repeating Marc Rogers&#x27;s gross misportrayal of the linguistic situation of the Koreas, saying that &quot;Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one, since North Koreans use a unique dialect.&quot; First of all, North Korean doesn&#x27;t have &quot;a unique dialect&quot; but a number of regional dialects, just like South Korea, and like the situation in many languages. But again as in many major languages, a supra-regional, standard Korean language came into being, based on the central dialect region around Seoul which was the capital for many centuries. Before that the capital was Kaesong, which is in the same central dialect region as Seoul though it is now in North Korea. This happened before the division of the peninsula. Even today, the standard Korean taught and spoken in North Korea is based on this common standard with the South. The differences between regional dialects within either North or South Korea are far greater than the difference between the standard Korean spoken in the North and the South. The difference is mainly in words (especially any technology-related vocabulary introduced after the end of WWII) and spelling, and it&#x27;s a lot like the differences between British and American English. You&#x27;re never going to say that something written in English can&#x27;t have been written by Americans because they have a unique dialect.<p>Also, as far as I know the codes didn&#x27;t contain any Korean. Instead, what they found was that it seems to have used Korean text encoding, like EUC-KR. People have pointed out that this is a South Korean encoding, but North Koreans also use it since you hardly find any software that supports the official North Korean encoding. Again, if someone uses a British English locale, that isn&#x27;t proof that it can&#x27;t be an American. When it comes to text encoding and locale, you usually use whatever is available that lets you type in your own language.

<i>Tellingly, the FBI&#x27;s press release says that the bureau&#x27;s conclusion is only based &quot;in part&quot; on these clues. This leaves open the possibility that the government has classified evidence that North Korea is behind the attack.</i><p>I am surprised that the article doesn&#x27;t end here. Other press reports have highlighted that there is classified evidence that has not been disclosed, and it seems odd to me that Schneier would play this aspect down in a story involving cyberattacks, North Korea, the FBI and the US intelligence community.

This piece pretty much echoes what I&#x27;ve felt since I first read about all the speculation and FBI report.<p>I&#x27;m just glad someone with credibility was able to come out and say it, I just hope (but doubt) that mainstream media will follow up on it and ask the right questions going forward.

Just like this article, several other entities may be skeptical on assertions that North Korea is involved given the past involving Iraq&#x27;s imaginary WMD...etc. Also, cyber attacks may be common in future, for whatever may be the reasons involved.<p>In future, if some Hollywood studio makes a movie on Russia&#x27;s Putin or on China and if hackers claiming from the injured country do similar cyber-attack on that studio and If USA retaliates and if Russia&#x2F;china counter-retaliates and if this spills into physical world, then we can have nightmarish situations&#x2F;tensions and may be full blown war. Worse, another country may do that sort of attack from some other country to hide its trail. Hope proper sense and calm minds prevail to prevent such nightmare. But such possibility exists in theory.<p>As solution, world needs an international, independent, competent panel&#x2F;forum&#x2F;group to investigate openly&#x2F;transparently all cyber-attacks and find out culprits rather than doing mere guess work. Also, evidence of the crime need to be put in public domain to avoid conspiracy theories. This can be on the lines of international court of justice&#x2F;United nations ...etc. Since parties involved are entities like Sony which are not connected to national defence directly, we need not fear national secrets leaking out ...etc i.e. it can be done without impacting the sovereignty of the nations involved.<p>Without such arrangement, stability and peace of the world will always be in question for any cyber attack on any major country such as USA&#x2F;Europe&#x2F;China&#x2F;Russia ...etc.<p>TL,DR: Cyber-attacks on economic entities such as Sony or Google in the past involving several countries need to be investigated by international body rather than a single country and evidence of the crime need to be in public domain to avoid conspiracy theories.

So he posits 5 possibilities, 3 of which directly involve NK? He basically says he doesn&#x27;t know what to think, but maintains the evidence is weak, like every other tech journalist.<p>I do agree its a good possibility the government has a lot more classified evidence it&#x27;s not sharing with us, and we&#x27;re trying to put together a puzzle with only half the pieces.

If North Korea is involved I think it was after the initial attack (theory #4 in the article). As he says in the article: <i>&quot;the explicit North Korean connection -- threats about the movie The Interview -- were only made by the hackers after the media picked up on the possible links between the film release and the cyberattack&quot;</i>. North Korea may not have even been aware of the movie until the hack.<p>It seems like Sony is playing up the North Korea connection because it could only help them. They would lose more credibility (and potentially lawsuits [1]) if it&#x27;s a 14yo hacker doing it for the lulz. State sponsored hacking is a Big Deal, and many would give leniency to Sony if that&#x27;s a true story.<p>[1] <a href="http://abcnews.go.com/Entertainment/wireStory/sony-faces-4th-employee-lawsuit-hack-27726230" rel="nofollow">http:&#x2F;&#x2F;abcnews.go.com&#x2F;Entertainment&#x2F;wireStory&#x2F;sony-faces-4th...</a>

Out of the 5 possibilities Schneier listed, I found #1 (the one picked by FBI) mostly likely.<p>&gt; This is the work of independent North Korean nationals.<p>Mr. Schneier doesn&#x27;t clearly understand people who lived in a totalitarian country. If this national lives in North Korean, there is no way he will dare such an attack without being instructed by the government. This level of freedom doesn&#x27;t exist in his mind. And it doesn&#x27;t make sense for a North Korean still holding the same ideology to live outside North Korea, he would either completely abandoned that or go back to North Korea.<p>&gt; This is the work of hackers who had no idea that there was a North Korean connection to Sony until they read about it in the media.<p>This doesn&#x27;t explain the Korean language used in the code. It might be a South Korean, but from my knowledge, it&#x27;s very hard to imagine a South Korean risking going to the jail either fighting for North Korean or even find it fun. (Hint - South Korean people don&#x27;t like the people from north who are pointing Thousands of cannons and missiles to them). As for why this is not the same encoding as North Korean dialect, I know people from mainland China use encoding of Traditional Chinese from Taiwan. It is very easy for me the imagine that North Korean government offices use such settings so that they can access resources from South Korea (much more abundant and still without language barrier.)<p>&gt; It could have been an insider<p>This hacker has been hurting regular Sony employees. From my understanding, only people with mental problems will direct their hatred towards a company to random regular employees (his own ex-coworkers). People with mental problems don&#x27;t usually possess the hacking skills demonstrated in this case.<p>&gt; The initial attack was not a North Korean government operation, but was co-opted by the government.<p>It is hard to imagine a hacker targeting Sony with the plan to profit from selling the information to North Korean government and then intentionally leave some trace towards North Korea (the Korean language in code). This attack must have originated from North Korea, and that&#x27;s the conclusion FBI is suggesting.

Is there any information anywhere of how the intrusion was made? E.g was the admin server for Sony&#x27;s intranet accessible via remote desktop from the whole internet with the user and password admin&#x2F;admin? It&#x27;s a completely different situation than if it consisted of exploiting an unknown vulnerability in SELinux to get remote root access.

Their bandwidth is estimated to be in the neighborhood of 6Gbit&#x2F;s, and they allegedly grabbed 100TB of data. If my math is right that would take fifteen days for them to download.<p>Unless of course they got a bargain on a VPS somewhere else..

This piece is in fact even more speculative than the FBI&#x27;s announcement.

Everybody is a critic. Everybody has an opinion. Everybody is just writing rank speculation. The gov&#x27;t filed charges, so to speak, so lets see them play out their case.

Wired had a good article yesterday too, that made clear that there is still a lot of uncertainty. <a href="http://www.wired.com/2014/12/sony-north-korea-hack-experts-disagree" rel="nofollow">http:&#x2F;&#x2F;www.wired.com&#x2F;2014&#x2F;12&#x2F;sony-north-korea-hack-experts-d...</a>

But NK sure is a convenient bogeyman for the <i>real</i> agenda: to bring in CISPA: <a href="http://www.zdnet.com/article/white-house-wants-congress-to-revisit-controversial-cispa-style-cybersecurity-laws-after-sony-attack/" rel="nofollow">http:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;white-house-wants-congress-to-r...</a>

So, legitimate question: how is it possible to get North Korean comments out of a compiled binary?<p>Somehow I doubt that any supposed North Korean hackers would have followed the tenets of free software and distributed the original source to Sony along with the malware.

What&#x27;s funny to me is even with, &quot;Freedom of information act,&quot; in the USA some Americans act like everything is public record.<p>It&#x27;s not. Sometimes, for international relations, things are classified, never released until much later. Having been party to a <i>minor</i> agreement, at least knowing about it, before the general media, gives you a ton of insight into how the USA operates.<p>To me at least, I came to the, &quot;Business,&quot; operating model. In other words, the economic engine takes priority and the agreements I know of that were signed pushed that particular agenda.<p>Dollars, literally, make the world go round. The US dollar is the world, &quot;Reserve,&quot; currency. There&#x27;s a very good reason for that, and a very good reason the Secret Service is in charge of the US money supply.<p>Then again, perhaps I&#x27;m as much as insider as the author of the blog post. Eg, out of the loop.

And guessing the tinfoil conspiracy about Sony hacking itself wouldn&#x27;t stay secret long. :)<p>My thought is we&#x27;ll probably never know for certain unless perps reveal themselves, so saying NK definitely did it would be jumping to conclusions.<p>The real story is: Best. Marketing. Ever. And an international incident, to boot! (Well played, Sony. Even Obama was part of the story.). Seriously, the canceling the release was the story-making move. And the subsequent nonrelease release monetizes the situation. Couldn&#x27;t have planned it any better. ;)