[liberationtech] confused by the Sony hack
Andrés Leopoldo Pacheco Sanfuentes
alps6085 at gmail.com
Sun Dec 21 22:01:19 PST 2014
Word
On Dec 21, 2014 11:58 PM, "Julio Cesar Fort" <juliocesarfort at gmail.com>
wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>
> I'm no expert in cyber war but since when a nation-state intrusion
> involves dropping docs, exposing corporate secrets, leaking upcoming
> movies in Bittorrent and changing the wallpapers of employees's
> workstations? If this was really a government-sponsored attack, it
> sets a very strange precedent that puts nation-state attacks in
> parallel with hacktivists trying to prove a point.
>
> This seems to be at least the second time in less than a year that
> officials attribute attacks by parroting what a private cybersecurity
> firm suggested. The same happened some time ago with Unit 61398 -- the
> US government went as far as putting those men on a wanted list.
> Moreover, attribution in cyber attacks does not seem to be an easy
> task and the media picked up the whole North Korea thing immediately
> after the breach was disclosed. Attribution at such early stage in an
> investigation seems to be a very irresponsible thing to do.
>
> In my opinion Sony Pictures is playing the victim card here. By
> claiming it was a state-sponsored attack they can divert the attention
> away from their poor information security and risk management
> practices and claim it was defenseless.
>
> Remember that Sony has pissed off hackers and
> information-wants-to-be-free sort of activists in the past. Its ties
> with MPAA and RIAA to clampdown torrent sites or its fierce
> persecution against PS3 hacker Geohot, for example, drew the ire of
> tons of hackers who hacked them left and right.
> Sony got a free penetration test in 2011 from LulzSec, groups affiliated
> with Anonymous and every other basement-dwelling hacker that bothered to
> point a SQL injection scanner against its websites.
>
> Furthermore, how's that hacking an entertainment company, pissing off
> a few executives and Angelina Jolie can be considered an act of war?
> If so, don't get me started about NSA/GCHQ hacks against Belgacom,
> Petrobras, SWIFT, Huawei... these companies, unlike Sony Pictures, are
> part of the critical infrastructure and national interest of the
> affected countries.
>
> It would be great if the FBI and other government officials pointing
> fingers at North Korea would come up with actual evidence other than
> scaremongering that will be used to conveniently pass their agenda -
> i.e., more funding for cyber operations, change in surveillance laws, etc.
>
> For those claiming this was an act of war by North Korea, I urge you to
> come up with clear and verifiable evidence or just shut up.
>
> My $0.02,
>
> - --
> Julio Cesar Fort
>
> Key fingerprint: A42D 190A CAF6 A31B 92D3 7F6F 4FA6 5332 08F5 E4B7
> Public key:
> https://pgp.mit.edu/pks/lookup?op=get&search=0x4FA6533208F5E4B7
> - -
>
>
>
> On 21/12/14 05:02, Erich M. wrote:
> > On 2014-12-19 13:05, Joseph Lorenzo Hall wrote:
> >
> >>>> Any ideas on which narrative (or combination thereof) is
> >>>> right?
> >
> >>> Both miss IMHO the point. This was clearly a politically
> >>> motivated attack by a nation state intended to create the
> >>> severest immediate impact possible on Sony. Hitting the
> >>> technical, informational and soon
> >
> >> you take a pretty evidence-free position on attribution here that
> >> seems completely unwarranted.
> >
> > Why? I did not attribute it to any organisation or nation state in
> > particular. This is impossible at this stage and I _do not
> > believe_ much in the North Korean connection either. This was an
> > attack of a pretty uncommon type, clearly intended to disrupt
> > Sony's business as long as possible and eventuelly destroy the
> > company thereafter. Apparently it was very well planned and this
> > not only on the technical layer. Most of the damage to Sony was and
> > will be done on the information layer: when these tons of personal
> > and sensitive data leaked onto the net are being exploited by
> > common criminals. As to the quality of the intruders' carefully
> > crafted narrative just mind the subject of this thread is "confused
> > by the Sony Hack." Four weeks after this spectacular attack and
> > despite so many different moves of the attackers it still cannot be
> > attributed. This kind of quality points as well to a state
> > sponsored organization. Greetings Erich
> >
> >
> >
> >
> >
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJUl7MMAAoJEE+mUzII9eS3irAQANGrL+wsqSlmDrG9mvXkl/Yk
> p5s5AxUYJuV046r7RzZNiq1A+qXZnKnuqbjZHQ/l5Z+/9fkEqKsGhkghcreOlsjs
> oe35+pDFwdV+FyWU8ITUnVL6BEOtukz5ey+QHHAbv1aKMDSXnbFvDZVvLoNWG2Yq
> UQjwGt4K5Txz+FzvB7h3MhWCUMnLm145K5QP5QPDtjC4LMysjeEaUWlevlQFUhMD
> Dw6Jp3acCujXzzIhWtITXwb0kuASLK3nivTx3V2Dj8CBwTwE7PUdolTXUcUeygfz
> hq0qfi/VLcM/3uPXfddPoQT4TTZlkqi3cNSmMulkRv2UH7te/hSksDMK6nt9vgiQ
> nXw9W622+kkoiIzdE9+PaIgRTJ3H36GiI5boUEZAGOVu3sFBcb3mU17Ed26IJAAR
> gY+fFe9IVpW1ll/ogEDBaa7sWm1eOGThztJTk3nVhCTE5q16nsV/AFJ2azXhwnSe
> 7NZavaHe9Rt44RgMdxhLVQjxU9JWMqkG03wUJVp7rggUBZj0TP28TZy6pmCyBpHG
> 0J0ulRt1mMwZo1PaTLygX+1WwHfCRsvzO/alJmCs3ffrp/rUJWH3rLLnqpm6BDfs
> 8+EFKW9ZO9bJU1DowmRsoQ/sev1Cu9VncEREDaF0OplWzreP+XOC4B3Kcka0fF38
> 5uPZPRaoM/TWqmlZjNNx
> =cLGe
> -----END PGP SIGNATURE-----
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20141222/5048dcb5/attachment.html>
More information about the liberationtech
mailing list