I noted with interest the assertion by FBI director James Comey that North Korea is definitely behind the Sony attacks, as they were occasionally “sloppy” and did not obfuscate IP addresses in use. These were identified as being exclusively North Korean, said Comey.
Now on the one hand, for the FBI to make such an assertion, and have it announced by its director no less, the bureau must be fairly certain of its findings. However, in the past, attributing the source of a hack to a nation state has proved very difficult indeed.
Whether it was the Aurora attacks against Google, the RSA breach and subsequent Lockheed Martin hack, or the recent Regin malware, it is exceedingly difficult to say with certainty who was behind the attacks.
We have all seen the graphics in those cool hacker movies where signals are bounced around the world from satellite to servers and back again to cover the tracks of a hack attack, but in reality, there are far more sophisticated ways of doing such things. There are also ways of spoofing IP address and other such data that might mean it is nearly impossible to say exactly where something came from, let alone, who was behind it.
The political implications of naming a nation state from which a hack originates are immense, and not to be taken lightly, but especially not at face value
With the recent Regin malware, while the discoverers are pretty certain which western government was behind it, another frontline security company that picked up the dropper for the malware some two years ago, is not nearly so sure.
The reason that there can be such variance is that different groups, bodies and organisations use different criteria to identify such things and so the interpretation and weighting of such criteria can vary greatly.
There is also the fact that so much of the work to establish the origin of such attacks is so far beyond the comprehension of any non-technical person, that it requires a leap of faith for most of us, with trust in the spokesperson a major factor.
Then there is also the political agenda to consider.
The DPRK is no friend of the US administration. Therefore, playing devil’s advocate for a moment, there must be a large section of the infosec community who would look at director Comey’s statement and say ‘well they would say that, wouldn’t they’.
The political implications of naming a nation state from which a hack originates are immense, and not to be taken lightly, but especially not at face value.
Therefore, I’m afraid, without detailed specifics from the FBI as to its investigation with proofs and evidence, it is still impossible to say whether North Korean hackers are actually behind the Sony hack, or whether a civilian Chinese group previously used by the Chinese government carried out the attack for the DPRK, or whether Russian hackers did it for ransom and when they couldn’t get any dosh decided to make it political — all of which have been suggested by people more qualified than me as plausible scenarios.
The broader consensus seems to be that whomever carried the Sony hack, it was with the awareness and possibly the blessing of the DPRK government.
Subscribers 0
Fans 0
Followers 0
Followers