-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
I'm no expert in cyber war but since when a nation-state intrusion involves dropping docs, exposing corporate secrets, leaking upcoming movies in Bittorrent and changing the wallpapers of employees's workstations? If this was really a government-sponsored attack, it sets a very strange precedent that puts nation-state attacks in parallel with hacktivists trying to prove a point. This seems to be at least the second time in less than a year that officials attribute attacks by parroting what a private cybersecurity firm suggested. The same happened some time ago with Unit 61398 -- the US government went as far as putting those men on a wanted list. Moreover, attribution in cyber attacks does not seem to be an easy task and the media picked up the whole North Korea thing immediately after the breach was disclosed. Attribution at such early stage in an investigation seems to be a very irresponsible thing to do. In my opinion Sony Pictures is playing the victim card here. By claiming it was a state-sponsored attack they can divert the attention away from their poor information security and risk management practices and claim it was defenseless. Remember that Sony has pissed off hackers and information-wants-to-be-free sort of activists in the past. Its ties with MPAA and RIAA to clampdown torrent sites or its fierce persecution against PS3 hacker Geohot, for example, drew the ire of tons of hackers who hacked them left and right. Sony got a free penetration test in 2011 from LulzSec, groups affiliated with Anonymous and every other basement-dwelling hacker that bothered to point a SQL injection scanner against its websites. Furthermore, how's that hacking an entertainment company, pissing off a few executives and Angelina Jolie can be considered an act of war? If so, don't get me started about NSA/GCHQ hacks against Belgacom, Petrobras, SWIFT, Huawei... these companies, unlike Sony Pictures, are part of the critical infrastructure and national interest of the affected countries. It would be great if the FBI and other government officials pointing fingers at North Korea would come up with actual evidence other than scaremongering that will be used to conveniently pass their agenda - i.e., more funding for cyber operations, change in surveillance laws, etc. For those claiming this was an act of war by North Korea, I urge you to come up with clear and verifiable evidence or just shut up. My $0.02, - -- Julio Cesar Fort Key fingerprint: A42D 190A CAF6 A31B 92D3 7F6F 4FA6 5332 08F5 E4B7 Public key: https://pgp.mit.edu/pks/lookup?op=get&search=0x4FA6533208F5E4B7 - - On 21/12/14 05:02, Erich M. wrote: > On 2014-12-19 13:05, Joseph Lorenzo Hall wrote: > >>>> Any ideas on which narrative (or combination thereof) is >>>> right? > >>> Both miss IMHO the point. This was clearly a politically >>> motivated attack by a nation state intended to create the >>> severest immediate impact possible on Sony. Hitting the >>> technical, informational and soon > >> you take a pretty evidence-free position on attribution here that >> seems completely unwarranted. > > Why? I did not attribute it to any organisation or nation state in > particular. This is impossible at this stage and I _do not > believe_ much in the North Korean connection either. This was an > attack of a pretty uncommon type, clearly intended to disrupt > Sony's business as long as possible and eventuelly destroy the > company thereafter. Apparently it was very well planned and this > not only on the technical layer. Most of the damage to Sony was and > will be done on the information layer: when these tons of personal > and sensitive data leaked onto the net are being exploited by > common criminals. As to the quality of the intruders' carefully > crafted narrative just mind the subject of this thread is "confused > by the Sony Hack." Four weeks after this spectacular attack and > despite so many different moves of the attackers it still cannot be > attributed. This kind of quality points as well to a state > sponsored organization. Greetings Erich > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUl7MMAAoJEE+mUzII9eS3irAQANGrL+wsqSlmDrG9mvXkl/Yk p5s5AxUYJuV046r7RzZNiq1A+qXZnKnuqbjZHQ/l5Z+/9fkEqKsGhkghcreOlsjs oe35+pDFwdV+FyWU8ITUnVL6BEOtukz5ey+QHHAbv1aKMDSXnbFvDZVvLoNWG2Yq UQjwGt4K5Txz+FzvB7h3MhWCUMnLm145K5QP5QPDtjC4LMysjeEaUWlevlQFUhMD Dw6Jp3acCujXzzIhWtITXwb0kuASLK3nivTx3V2Dj8CBwTwE7PUdolTXUcUeygfz hq0qfi/VLcM/3uPXfddPoQT4TTZlkqi3cNSmMulkRv2UH7te/hSksDMK6nt9vgiQ nXw9W622+kkoiIzdE9+PaIgRTJ3H36GiI5boUEZAGOVu3sFBcb3mU17Ed26IJAAR gY+fFe9IVpW1ll/ogEDBaa7sWm1eOGThztJTk3nVhCTE5q16nsV/AFJ2azXhwnSe 7NZavaHe9Rt44RgMdxhLVQjxU9JWMqkG03wUJVp7rggUBZj0TP28TZy6pmCyBpHG 0J0ulRt1mMwZo1PaTLygX+1WwHfCRsvzO/alJmCs3ffrp/rUJWH3rLLnqpm6BDfs 8+EFKW9ZO9bJU1DowmRsoQ/sev1Cu9VncEREDaF0OplWzreP+XOC4B3Kcka0fF38 5uPZPRaoM/TWqmlZjNNx =cLGe -----END PGP SIGNATURE----- -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
