Totally agree.
USA/UK: Belgacom, Petrobras, SWIFT, Huawei
North Korea: Sony?
no rights to complain.. at all.
--Virilha
----- Message from Julio Cesar Fort <juliocesarf...@gmail.com> ---------
Date: Mon, 22 Dec 2014 16:58:43 +1100
From: Julio Cesar Fort <juliocesarf...@gmail.com>
Reply-To: liberationtech <liberationtech@lists.stanford.edu>
Subject: Re: [liberationtech] confused by the Sony hack
To: liberationtech@lists.stanford.edu
Hi all,
I'm no expert in cyber war but since when a nation-state intrusion
involves dropping docs, exposing corporate secrets, leaking upcoming
movies in Bittorrent and changing the wallpapers of employees's
workstations? If this was really a government-sponsored attack, it
sets a very strange precedent that puts nation-state attacks in
parallel with hacktivists trying to prove a point.
This seems to be at least the second time in less than a year that
officials attribute attacks by parroting what a private cybersecurity
firm suggested. The same happened some time ago with Unit 61398 -- the
US government went as far as putting those men on a wanted list.
Moreover, attribution in cyber attacks does not seem to be an easy
task and the media picked up the whole North Korea thing immediately
after the breach was disclosed. Attribution at such early stage in an
investigation seems to be a very irresponsible thing to do.
In my opinion Sony Pictures is playing the victim card here. By
claiming it was a state-sponsored attack they can divert the attention
away from their poor information security and risk management
practices and claim it was defenseless.
Remember that Sony has pissed off hackers and
information-wants-to-be-free sort of activists in the past. Its ties
with MPAA and RIAA to clampdown torrent sites or its fierce
persecution against PS3 hacker Geohot, for example, drew the ire of
tons of hackers who hacked them left and right.
Sony got a free penetration test in 2011 from LulzSec, groups affiliated
with Anonymous and every other basement-dwelling hacker that bothered to
point a SQL injection scanner against its websites.
Furthermore, how's that hacking an entertainment company, pissing off
a few executives and Angelina Jolie can be considered an act of war?
If so, don't get me started about NSA/GCHQ hacks against Belgacom,
Petrobras, SWIFT, Huawei... these companies, unlike Sony Pictures, are
part of the critical infrastructure and national interest of the
affected countries.
It would be great if the FBI and other government officials pointing
fingers at North Korea would come up with actual evidence other than
scaremongering that will be used to conveniently pass their agenda -
i.e., more funding for cyber operations, change in surveillance laws, etc.
For those claiming this was an act of war by North Korea, I urge you to
come up with clear and verifiable evidence or just shut up.
My $0.02,
- --
Julio Cesar Fort
Key fingerprint: A42D 190A CAF6 A31B 92D3 7F6F 4FA6 5332 08F5 E4B7
Public key:
https://pgp.mit.edu/pks/lookup?op=get&search=0x4FA6533208F5E4B7
- -
On 21/12/14 05:02, Erich M. wrote:
On 2014-12-19 13:05, Joseph Lorenzo Hall wrote:
Any ideas on which narrative (or combination thereof) is
right?
Both miss IMHO the point. This was clearly a politically
motivated attack by a nation state intended to create the
severest immediate impact possible on Sony. Hitting the
technical, informational and soon
you take a pretty evidence-free position on attribution here that
seems completely unwarranted.
Why? I did not attribute it to any organisation or nation state in
particular. This is impossible at this stage and I _do not
believe_ much in the North Korean connection either. This was an
attack of a pretty uncommon type, clearly intended to disrupt
Sony's business as long as possible and eventuelly destroy the
company thereafter. Apparently it was very well planned and this
not only on the technical layer. Most of the damage to Sony was and
will be done on the information layer: when these tons of personal
and sensitive data leaked onto the net are being exploited by
common criminals. As to the quality of the intruders' carefully
crafted narrative just mind the subject of this thread is "confused
by the Sony Hack." Four weeks after this spectacular attack and
despite so many different moves of the attackers it still cannot be
attributed. This kind of quality points as well to a state
sponsored organization. Greetings Erich
--
Liberationtech is public & archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech.
Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu.
----- End message from Julio Cesar Fort <juliocesarf...@gmail.com> -----
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at compa...@stanford.edu.
