[liberationtech] confused by the Sony hack

Julio Cesar Fort juliocesarfort at gmail.com
Sun Dec 21 21:58:43 PST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

I'm no expert in cyber war but since when a nation-state intrusion
involves dropping docs, exposing corporate secrets, leaking upcoming
movies in Bittorrent and changing the wallpapers of employees's
workstations? If this was really a government-sponsored attack, it
sets a very strange precedent that puts nation-state attacks in
parallel with hacktivists trying to prove a point.

This seems to be at least the second time in less than a year that
officials attribute attacks by parroting what a private cybersecurity
firm suggested. The same happened some time ago with Unit 61398 -- the
US government went as far as putting those men on a wanted list.
Moreover, attribution in cyber attacks does not seem to be an easy
task and the media picked up the whole North Korea thing immediately
after the breach was disclosed. Attribution at such early stage in an
investigation seems to be a very irresponsible thing to do.

In my opinion Sony Pictures is playing the victim card here. By
claiming it was a state-sponsored attack they can divert the attention
away from their poor information security and risk management
practices and claim it was defenseless.

Remember that Sony has pissed off hackers and
information-wants-to-be-free sort of activists in the past. Its ties
with MPAA and RIAA to clampdown torrent sites or its fierce
persecution against PS3 hacker Geohot, for example, drew the ire of
tons of hackers who hacked them left and right.
Sony got a free penetration test in 2011 from LulzSec, groups affiliated
with Anonymous and every other basement-dwelling hacker that bothered to
point a SQL injection scanner against its websites.

Furthermore, how's that hacking an entertainment company, pissing off
a few executives and Angelina Jolie can be considered an act of war?
If so, don't get me started about NSA/GCHQ hacks against Belgacom,
Petrobras, SWIFT, Huawei... these companies, unlike Sony Pictures, are
part of the critical infrastructure and national interest of the
affected countries.

It would be great if the FBI and other government officials pointing
fingers at North Korea would come up with actual evidence other than
scaremongering that will be used to conveniently pass their agenda -
i.e., more funding for cyber operations, change in surveillance laws, etc.

For those claiming this was an act of war by North Korea, I urge you to
come up with clear and verifiable evidence or just shut up.

My $0.02,

- -- 
Julio Cesar Fort

Key fingerprint: A42D 190A CAF6 A31B 92D3 7F6F 4FA6 5332 08F5 E4B7
Public key:
https://pgp.mit.edu/pks/lookup?op=get&search=0x4FA6533208F5E4B7
- -



On 21/12/14 05:02, Erich M. wrote:
> On 2014-12-19 13:05, Joseph Lorenzo Hall wrote:
> 
>>>> Any ideas on which narrative (or combination thereof) is 
>>>> right?
> 
>>> Both miss IMHO the point. This was clearly a politically 
>>> motivated attack by a nation state intended to create the 
>>> severest immediate impact possible on Sony. Hitting the 
>>> technical, informational and soon
> 
>> you take a pretty evidence-free position on attribution here that
>>  seems completely unwarranted.
> 
> Why? I did not attribute it to any organisation or nation state in 
> particular. This is impossible at this stage and I _do not
> believe_ much in the North Korean connection either. This was an
> attack of a pretty uncommon type, clearly intended to disrupt
> Sony's business as long as possible and eventuelly destroy the 
> company thereafter. Apparently it was very well planned and this
> not only on the technical layer. Most of the damage to Sony was and
> will be done on the information layer: when these tons of personal
> and sensitive data leaked onto the net are being exploited by
> common criminals. As to the quality of the intruders' carefully
> crafted narrative just mind the subject of this thread is "confused
> by the Sony Hack." Four weeks after this spectacular attack and
> despite so many different moves of the attackers it still cannot be
> attributed. This kind of quality points as well to a state
> sponsored organization. Greetings Erich
> 
> 
> 
> 
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUl7MMAAoJEE+mUzII9eS3irAQANGrL+wsqSlmDrG9mvXkl/Yk
p5s5AxUYJuV046r7RzZNiq1A+qXZnKnuqbjZHQ/l5Z+/9fkEqKsGhkghcreOlsjs
oe35+pDFwdV+FyWU8ITUnVL6BEOtukz5ey+QHHAbv1aKMDSXnbFvDZVvLoNWG2Yq
UQjwGt4K5Txz+FzvB7h3MhWCUMnLm145K5QP5QPDtjC4LMysjeEaUWlevlQFUhMD
Dw6Jp3acCujXzzIhWtITXwb0kuASLK3nivTx3V2Dj8CBwTwE7PUdolTXUcUeygfz
hq0qfi/VLcM/3uPXfddPoQT4TTZlkqi3cNSmMulkRv2UH7te/hSksDMK6nt9vgiQ
nXw9W622+kkoiIzdE9+PaIgRTJ3H36GiI5boUEZAGOVu3sFBcb3mU17Ed26IJAAR
gY+fFe9IVpW1ll/ogEDBaa7sWm1eOGThztJTk3nVhCTE5q16nsV/AFJ2azXhwnSe
7NZavaHe9Rt44RgMdxhLVQjxU9JWMqkG03wUJVp7rggUBZj0TP28TZy6pmCyBpHG
0J0ulRt1mMwZo1PaTLygX+1WwHfCRsvzO/alJmCs3ffrp/rUJWH3rLLnqpm6BDfs
8+EFKW9ZO9bJU1DowmRsoQ/sev1Cu9VncEREDaF0OplWzreP+XOC4B3Kcka0fF38
5uPZPRaoM/TWqmlZjNNx
=cLGe
-----END PGP SIGNATURE-----

More information about the liberationtech mailing list