Word On Dec 21, 2014 11:58 PM, "Julio Cesar Fort" <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all, > > I'm no expert in cyber war but since when a nation-state intrusion > involves dropping docs, exposing corporate secrets, leaking upcoming > movies in Bittorrent and changing the wallpapers of employees's > workstations? If this was really a government-sponsored attack, it > sets a very strange precedent that puts nation-state attacks in > parallel with hacktivists trying to prove a point. > > This seems to be at least the second time in less than a year that > officials attribute attacks by parroting what a private cybersecurity > firm suggested. The same happened some time ago with Unit 61398 -- the > US government went as far as putting those men on a wanted list. > Moreover, attribution in cyber attacks does not seem to be an easy > task and the media picked up the whole North Korea thing immediately > after the breach was disclosed. Attribution at such early stage in an > investigation seems to be a very irresponsible thing to do. > > In my opinion Sony Pictures is playing the victim card here. By > claiming it was a state-sponsored attack they can divert the attention > away from their poor information security and risk management > practices and claim it was defenseless. > > Remember that Sony has pissed off hackers and > information-wants-to-be-free sort of activists in the past. Its ties > with MPAA and RIAA to clampdown torrent sites or its fierce > persecution against PS3 hacker Geohot, for example, drew the ire of > tons of hackers who hacked them left and right. > Sony got a free penetration test in 2011 from LulzSec, groups affiliated > with Anonymous and every other basement-dwelling hacker that bothered to > point a SQL injection scanner against its websites. > > Furthermore, how's that hacking an entertainment company, pissing off > a few executives and Angelina Jolie can be considered an act of war? > If so, don't get me started about NSA/GCHQ hacks against Belgacom, > Petrobras, SWIFT, Huawei... these companies, unlike Sony Pictures, are > part of the critical infrastructure and national interest of the > affected countries. > > It would be great if the FBI and other government officials pointing > fingers at North Korea would come up with actual evidence other than > scaremongering that will be used to conveniently pass their agenda - > i.e., more funding for cyber operations, change in surveillance laws, etc. > > For those claiming this was an act of war by North Korea, I urge you to > come up with clear and verifiable evidence or just shut up. > > My $0.02, > > - -- > Julio Cesar Fort > > Key fingerprint: A42D 190A CAF6 A31B 92D3 7F6F 4FA6 5332 08F5 E4B7 > Public key: > https://pgp.mit.edu/pks/lookup?op=get&search=0x4FA6533208F5E4B7 > - - > > > > On 21/12/14 05:02, Erich M. wrote: > > On 2014-12-19 13:05, Joseph Lorenzo Hall wrote: > > > >>>> Any ideas on which narrative (or combination thereof) is > >>>> right? > > > >>> Both miss IMHO the point. This was clearly a politically > >>> motivated attack by a nation state intended to create the > >>> severest immediate impact possible on Sony. Hitting the > >>> technical, informational and soon > > > >> you take a pretty evidence-free position on attribution here that > >> seems completely unwarranted. > > > > Why? I did not attribute it to any organisation or nation state in > > particular. This is impossible at this stage and I _do not > > believe_ much in the North Korean connection either. This was an > > attack of a pretty uncommon type, clearly intended to disrupt > > Sony's business as long as possible and eventuelly destroy the > > company thereafter. Apparently it was very well planned and this > > not only on the technical layer. Most of the damage to Sony was and > > will be done on the information layer: when these tons of personal > > and sensitive data leaked onto the net are being exploited by > > common criminals. As to the quality of the intruders' carefully > > crafted narrative just mind the subject of this thread is "confused > > by the Sony Hack." Four weeks after this spectacular attack and > > despite so many different moves of the attackers it still cannot be > > attributed. This kind of quality points as well to a state > > sponsored organization. Greetings Erich > > > > > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJUl7MMAAoJEE+mUzII9eS3irAQANGrL+wsqSlmDrG9mvXkl/Yk > p5s5AxUYJuV046r7RzZNiq1A+qXZnKnuqbjZHQ/l5Z+/9fkEqKsGhkghcreOlsjs > oe35+pDFwdV+FyWU8ITUnVL6BEOtukz5ey+QHHAbv1aKMDSXnbFvDZVvLoNWG2Yq > UQjwGt4K5Txz+FzvB7h3MhWCUMnLm145K5QP5QPDtjC4LMysjeEaUWlevlQFUhMD > Dw6Jp3acCujXzzIhWtITXwb0kuASLK3nivTx3V2Dj8CBwTwE7PUdolTXUcUeygfz > hq0qfi/VLcM/3uPXfddPoQT4TTZlkqi3cNSmMulkRv2UH7te/hSksDMK6nt9vgiQ > nXw9W622+kkoiIzdE9+PaIgRTJ3H36GiI5boUEZAGOVu3sFBcb3mU17Ed26IJAAR > gY+fFe9IVpW1ll/ogEDBaa7sWm1eOGThztJTk3nVhCTE5q16nsV/AFJ2azXhwnSe > 7NZavaHe9Rt44RgMdxhLVQjxU9JWMqkG03wUJVp7rggUBZj0TP28TZy6pmCyBpHG > 0J0ulRt1mMwZo1PaTLygX+1WwHfCRsvzO/alJmCs3ffrp/rUJWH3rLLnqpm6BDfs > 8+EFKW9ZO9bJU1DowmRsoQ/sev1Cu9VncEREDaF0OplWzreP+XOC4B3Kcka0fF38 > 5uPZPRaoM/TWqmlZjNNx > =cLGe > -----END PGP SIGNATURE----- > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > [email protected]. >
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
