Attacks/Breaches
1/7/2015
04:25 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
100%
0%

FBI Director Says 'Sloppy' North Korean Hackers Gave Themselves Away

Bureau chief says hackers occasionally forgot to use proxy servers, while the Director of National Intelligence says North Koreans have no sense of humor.

FBI Director James Comey, today, said that the hackers who compromised Sony Pictures Entertainment usually used proxy servers to obfuscate their identity, but "several times they got sloppy."

Speaking today at an event at Fordham University in New York, Comey said, "Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using ... were exclusively used by the North Koreans.

"They shut it off very quickly once they saw the mistake, but not before we saw where it was coming from."

It is perhaps possible that the servers in North Korea were not the original source, but were themselves proxy servers. The FBI has other reasons to attribute the attack to North Korea, Comey said -- including psychological profiles the Bureau's behavioral analysis unit developed about the attackers and the results of red team simulations.

“There is not much in this life that I have high confidence about,” said Comey. “I have very high confidence in this attribution, as does the entire intelligence community.”

Director of National Intelligence James Clapper also spoke, quite bluntly relating tales of a tense dinner meeting he had in North Korea in November with "General Kim," a North Korean government official he believes was central to the Sony attack. Presumably he was referring to General Kim Yong-Chol, director of Unit 586, which includes Unit 121 -- the country's center of cyber-attack operations, recently estimated to be 6,000-troop strong.

Clapper said that Kim kept "pointing his finger at my chest and saying the US and South Korean exercise was a provocation to war and of course not being a diplomat, my reaction was to lean back across the table and point my finger at his chest."

"They really do believe they are under siege from all directions," said Clapper, "and painting us as an enemy that is about to invade their country every day is one of the chief propaganda elements that's held North Korea together."

"They are deadly, deadly serious," he said, "about affronts to the supreme leader, whom they consider to be a deity."

As for The Interview, the new Sony comedy about assassinating Kim Jong-Un, Clapper said he watched it over the weekend "and it's obvious to me that North Koreans don't have a sense of humor."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
tjgkg
50%
50%
tjgkg,
User Rank: Apprentice
1/9/2015 | 3:33:38 PM
Re: So Now What ?
I'm not really too concerned with retaliation as North Korea is really not worth the effort. Sony and other US corporations as well as government institutions should learn some lessons and continue to harden their systems. And despite what the FBI says, there is still evidence that an ex-Sony employee did this and not NK.

In any case Obama did some retaliation which is fine. I would be more concerned about NK's attacks on civilians and shooting missiles over countries. They truly would be insane to launch any nuclear attack on anyone because they would be wiped out in 10 minutes. Plue they could supply terror organizations and rogue states with missile and other types of technology. So corporations have a significant responsibility to take care of their cyber systems.
tjgkg
50%
50%
tjgkg,
User Rank: Apprentice
1/9/2015 | 3:26:34 PM
Re: Blaming the Victim
Assuming that North Korea did in fact do this, and there are reports that it was done by an ex-Sony employee, the subsequent attacks on NK's internet more than evened the score. In fact I would suggest that they did not even absorb a fraction of what we really could do to their systems. Let's face it, they don't have much of an internet and the country is basically functioning as it did in the seventeenth century.
tjgkg
50%
50%
tjgkg,
User Rank: Apprentice
1/9/2015 | 3:22:56 PM
Re: Sony , B-Movies and $ 2 bins
There was a movie about 10 years ago that fantasized about assassinating George W. Bush. Of course in Hollywood that was OK because of our first Ammendment and all that. But can you imagine Hollywood putting out the same movie but substituting Bush with Obama? That will NEVER happen because of Hollywood's ideological bent.
lacertosus
50%
50%
lacertosus,
User Rank: Apprentice
1/9/2015 | 3:21:22 PM
Re: Blaming the Victim
Agreed. Also, I can't belive America lost its first cybarwar! 
TerryB
50%
50%
TerryB,
User Rank: Ninja
1/9/2015 | 1:39:43 PM
Re: Sony , B-Movies and $ 2 bins
I tend to agree with @jeff, the really strange thing here was using the the real person. There has been plenty of movies where the "good guys" (us) went into North Korea on some operation and shot their way out. Even more movies where China and Russia are the bad guys, or least hosting the bad guys, and nothing came of it. The diference here was personalizing to that nutcase Kim. Had they abstracted it, doubtful any of this would have happened.

Too bad this movie wasn't out before Dennis Rodman went over there, he might already be gone. I'm sure the CIA is saying "Why didn't we think of that?".
jeffcarson
50%
50%
jeffcarson,
User Rank: Apprentice
1/8/2015 | 5:51:00 PM
Re: Sony , B-Movies and $ 2 bins
I found no movies that advocated the assassination of a president by 'real' name.  The only hollywood movies that I found that suggested such violence against national leaders were those set in wars.  (or historical films)

('Team America' came closest)

If Sony Pictures released a similar movie that had the current leader of China or Russia, do you think there would not be repercussions?
Some Guy
50%
50%
Some Guy,
User Rank: Strategist
1/8/2015 | 3:08:23 PM
Blaming the Victim
There are real problems with blaming the victim. Escalating from words to coersion is not acceptable, and neither is blaming the victim as the strategy to ignore dealing with it.

Cyber or Cluster-bomb attack (the how) doesn't matter.
An Attack on US soil.
On US citizens.
To accomplish prior censorship.
In someone else's country.

What's next? Stick our heads in the sand? Theatre massacres? Power grid? Hospital operating rooms during surgery? Air Traffic Control? First responder systems? Ambulances? Police? Fire departments? That's the solution?

Just blame the victim and ignore it?

By this reasoning, it's OK to shoot people if they say something one doesn't like. Or like, maybe kill them in their workplace for a cartoon. Who can possible justify being on that side of this issue?

If history teaches us nothing, it's that ignoring bullies only encourages them and makes it worse the next time. And blaming the victim is a cop-out. Fix the problem, not the blame.
RalphDaly28
50%
50%
RalphDaly28,
User Rank: Apprentice
1/8/2015 | 1:45:20 PM
Re: Sony , B-Movies and $ 2 bins
Interesting discussion. SPOILER ALERT: While there is merit to claim that the movie might be in bad taste, the movie does not depict the assassination of Kim. The duo of nimwits travel to Korea with that intention to assasinate but they don't even come close. Kim dies in a helicopter vs. tank battle with Kim in the helicopter and the nimwit duo in the tank with someone from the North Korean information ministry. I found the movie to be better than I would have anticipated and much less objectionable given that I expected the assassination of Kim to be depicted which does not happen, although his demise is depicted quite graphically.

I think having taxpayer money being spent to protect or avenge Sony's business decision is not something I like to see. I also don't see much alternative. If we expect freedom of speech to be protected, we have to protect it even if it is commercial and idiotic. Just because they use cyber as a weapon should not make them immune when attacking US citizens or companies. Granted Sony is a Japanese corporation but Sony Pictures is operated primarily in the US. If North Korea destroyed a Sony studio with a bomb we would expect the government to do something about that even if no one is killed.
David Wagner
50%
50%
David Wagner,
User Rank: Black Belt
1/8/2015 | 10:29:27 AM
Re: So Now What ?
Ok now that we have confirmed it was N. Korea - Now what ?   I have heard sanctions ...etc.   What real  difference is that going to make ?   Were we not doing business with them already ?  


@technocrati- I think the answer is nothing. I think the real goal here is to just say, "we know you did it. We know how. And we're better at this than you so back off."

Despite all the posturing, North Korea has continued to make small gestures of reopening diplomatic relations with South Korea. There's no reason to let this get in the way of that. 
David Wagner
0%
100%
David Wagner,
User Rank: Black Belt
1/8/2015 | 10:26:55 AM
Re: Sony , B-Movies and $ 2 bins
I don't think any national government would be happy with a production about murdering their current sitting leader.  It is not funny.  Not a good joke at all.  It would not be surprising if the agrieved country would take the production to be aggressive propaganda. 


@wolf6305- I don't know. America seems to make at least one movie and sometimes several per year where we kill (or threaten to kill) our own President. Hollywood is a mashup of people form all over the world so some of those are actually made by and in other countries and released here. 

If an artist in North Korea specifically made a movie depicting out President being killed, I personally would not feel threatened, If the North Korean government made one, that would be an insult. 

I think the real issue is that media is so tightly controlled there that they don't want to believe (though they are capable of it) the difference between art and propoganda. 

I mean, really, if they wanted to understand, they'd have gone after Franco and Rogen, not Sony.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers