Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/7/2015
04:25 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly
Twitter
RSS
E-Mail
100%
0%

FBI Director Says 'Sloppy' North Korean Hackers Gave Themselves Away

Bureau chief says hackers occasionally forgot to use proxy servers, while the Director of National Intelligence says North Koreans have no sense of humor.

FBI Director James Comey, today, said that the hackers who compromised Sony Pictures Entertainment usually used proxy servers to obfuscate their identity, but "several times they got sloppy."

Speaking today at an event at Fordham University in New York, Comey said, "Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using ... were exclusively used by the North Koreans.

"They shut it off very quickly once they saw the mistake, but not before we saw where it was coming from."

It is perhaps possible that the servers in North Korea were not the original source, but were themselves proxy servers. The FBI has other reasons to attribute the attack to North Korea, Comey said -- including psychological profiles the Bureau's behavioral analysis unit developed about the attackers and the results of red team simulations.

“There is not much in this life that I have high confidence about,” said Comey. “I have very high confidence in this attribution, as does the entire intelligence community.”

Director of National Intelligence James Clapper also spoke, quite bluntly relating tales of a tense dinner meeting he had in North Korea in November with "General Kim," a North Korean government official he believes was central to the Sony attack. Presumably he was referring to General Kim Yong-Chol, director of Unit 586, which includes Unit 121 -- the country's center of cyber-attack operations, recently estimated to be 6,000-troop strong.

Clapper said that Kim kept "pointing his finger at my chest and saying the US and South Korean exercise was a provocation to war and of course not being a diplomat, my reaction was to lean back across the table and point my finger at his chest."

"They really do believe they are under siege from all directions," said Clapper, "and painting us as an enemy that is about to invade their country every day is one of the chief propaganda elements that's held North Korea together."

"They are deadly, deadly serious," he said, "about affronts to the supreme leader, whom they consider to be a deity."

As for The Interview, the new Sony comedy about assassinating Kim Jong-Un, Clapper said he watched it over the weekend "and it's obvious to me that North Koreans don't have a sense of humor."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
macker490
50%
50%
macker490,
User Rank: Ninja
1/8/2015 | 10:15:19 AM
maybe. maybe not:
A foolish faith in authority is the worst enemy of the truth. --Albert Einstein
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
1/8/2015 | 9:54:51 AM
Re: Sony , B-Movies and $ 2 bins
"..That's the thing about free speech. You don't have to like what someone says. But they do have the right to say it..."

 

@Marilyn Cohodas     Yes this is true.   But is there such a thing as responsible free speech ?   I think so, and I would expect leaders of industry to consider and practice this as well.  
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/8/2015 | 9:43:02 AM
Re: Sony , B-Movies and $ 2 bins
"Aggressive propaganda" is an interesting way to describe how North Korea might perceive the movie. Though I wouldn't credit Seth Rogan & company with a political agenda.. just making a silly movie that apparently did pretty well in the (home) box office, in spite of the threats. That's the thing about free speech. You don't have to like what someone says. But they do have the right to say it...
Wolf6305
100%
0%
Wolf6305,
User Rank: Apprentice
1/8/2015 | 9:17:46 AM
Re: Sony , B-Movies and $ 2 bins
I don't think any national government would be happy with a production about murdering their current sitting leader.  It is not funny.  Not a good joke at all.  It would not be surprising if the agrieved country would take the production to be aggressive propaganda. 
SgS125
50%
50%
SgS125,
User Rank: Ninja
1/8/2015 | 9:17:26 AM
Even the benefit of doubt
Sure why not just throw out that the uber hackers were careless.

Or that sony was careless.

Just don't talk about REGIN anymore and they will be happy
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
1/7/2015 | 7:35:56 PM
So Now What ?

Ok now that we have confirmed it was N. Korea - Now what ?   I have heard sanctions ...etc.   What real  difference is that going to make ?   Were we not doing business with them already ?  

 

I am hearing everything but what Sony is doing to clean house.   Oh I guess it is kind of hard to update the public while email is still down.

Technocrati
50%
50%
Technocrati,
User Rank: Ninja
1/7/2015 | 7:24:13 PM
Sony , B-Movies and $ 2 bins

"...The Interview, the new Sony comedy about assassinating Kim Jong-Un, Clapper said he watched it over the weekend "and it's obvious to me that North Koreans don't have a sense of humor."

 

I am not sure how to take this statement.   Is this tongue and cheek ?  Flippant ?   Or just bad form ?    Either way  the comment does nothing to address the real issues here.   Whether you agree with Kim or not - that is not the point.   The movie was unnecessary and bad form - which is what Sony apparently does best.   You mean to tell me Sony executives could not find a better way to spend 50 M  ?   Who am I kidding ?   Of course not, they are Sony execs after all. 

 

That ridiculous given aside, I really don't think we should be wasting anymore taxpayer dollars on worrying about the N.Koreans in terms of Sony.   If they(Sony) want to produce completely disrespectful product ( in the name of freedom of Speech ) which is no better than a B-Movie comedy destine for the $2 bin.  

Don't expect tax dollars to clean up the mess  they make.   

<<   <   Page 2 / 2
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8071
PUBLISHED: 2019-10-17
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-10752
PUBLISHED: 2019-10-17
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
CVE-2019-12611
PUBLISHED: 2019-10-17
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupn...
CVE-2019-13657
PUBLISHED: 2019-10-17
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVE-2019-15626
PUBLISHED: 2019-10-17
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.