[liberationtech] confused by the Sony hack

Virilha liberationtech at cheiraminhavirilha.com
Sat Jan 10 09:48:21 PST 2015 

Totally agree.

USA/UK: Belgacom, Petrobras, SWIFT, Huawei
North Korea: Sony?

no rights to complain.. at all.

--Virilha

----- Message from Julio Cesar Fort <juliocesarfort at gmail.com> ---------
     Date: Mon, 22 Dec 2014 16:58:43 +1100
     From: Julio Cesar Fort <juliocesarfort at gmail.com>
Reply-To: liberationtech <liberationtech at lists.stanford.edu>
  Subject: Re: [liberationtech] confused by the Sony hack
       To: liberationtech at lists.stanford.edu


> Hi all,
>
> I'm no expert in cyber war but since when a nation-state intrusion
> involves dropping docs, exposing corporate secrets, leaking upcoming
> movies in Bittorrent and changing the wallpapers of employees's
> workstations? If this was really a government-sponsored attack, it
> sets a very strange precedent that puts nation-state attacks in
> parallel with hacktivists trying to prove a point.
>
> This seems to be at least the second time in less than a year that
> officials attribute attacks by parroting what a private cybersecurity
> firm suggested. The same happened some time ago with Unit 61398 -- the
> US government went as far as putting those men on a wanted list.
> Moreover, attribution in cyber attacks does not seem to be an easy
> task and the media picked up the whole North Korea thing immediately
> after the breach was disclosed. Attribution at such early stage in an
> investigation seems to be a very irresponsible thing to do.
>
> In my opinion Sony Pictures is playing the victim card here. By
> claiming it was a state-sponsored attack they can divert the attention
> away from their poor information security and risk management
> practices and claim it was defenseless.
>
> Remember that Sony has pissed off hackers and
> information-wants-to-be-free sort of activists in the past. Its ties
> with MPAA and RIAA to clampdown torrent sites or its fierce
> persecution against PS3 hacker Geohot, for example, drew the ire of
> tons of hackers who hacked them left and right.
> Sony got a free penetration test in 2011 from LulzSec, groups affiliated
> with Anonymous and every other basement-dwelling hacker that bothered to
> point a SQL injection scanner against its websites.
>
> Furthermore, how's that hacking an entertainment company, pissing off
> a few executives and Angelina Jolie can be considered an act of war?
> If so, don't get me started about NSA/GCHQ hacks against Belgacom,
> Petrobras, SWIFT, Huawei... these companies, unlike Sony Pictures, are
> part of the critical infrastructure and national interest of the
> affected countries.
>
> It would be great if the FBI and other government officials pointing
> fingers at North Korea would come up with actual evidence other than
> scaremongering that will be used to conveniently pass their agenda -
> i.e., more funding for cyber operations, change in surveillance laws, etc.
>
> For those claiming this was an act of war by North Korea, I urge you to
> come up with clear and verifiable evidence or just shut up.
>
> My $0.02,
>
> - --
> Julio Cesar Fort
>
> Key fingerprint: A42D 190A CAF6 A31B 92D3 7F6F 4FA6 5332 08F5 E4B7
> Public key:
> https://pgp.mit.edu/pks/lookup?op=get&search=0x4FA6533208F5E4B7
> - -
>
>
>
> On 21/12/14 05:02, Erich M. wrote:
>> On 2014-12-19 13:05, Joseph Lorenzo Hall wrote:
>>
>>>>> Any ideas on which narrative (or combination thereof) is
>>>>> right?
>>
>>>> Both miss IMHO the point. This was clearly a politically
>>>> motivated attack by a nation state intended to create the
>>>> severest immediate impact possible on Sony. Hitting the
>>>> technical, informational and soon
>>
>>> you take a pretty evidence-free position on attribution here that
>>>  seems completely unwarranted.
>>
>> Why? I did not attribute it to any organisation or nation state in
>> particular. This is impossible at this stage and I _do not
>> believe_ much in the North Korean connection either. This was an
>> attack of a pretty uncommon type, clearly intended to disrupt
>> Sony's business as long as possible and eventuelly destroy the
>> company thereafter. Apparently it was very well planned and this
>> not only on the technical layer. Most of the damage to Sony was and
>> will be done on the information layer: when these tons of personal
>> and sensitive data leaked onto the net are being exploited by
>> common criminals. As to the quality of the intruders' carefully
>> crafted narrative just mind the subject of this thread is "confused
>> by the Sony Hack." Four weeks after this spectacular attack and
>> despite so many different moves of the attackers it still cannot be
>> attributed. This kind of quality points as well to a state
>> sponsored organization. Greetings Erich
>>
>>
>>
>>
>>
>>
>>
> --
> Liberationtech is public & archives are searchable on Google.  
> Violations of list guidelines will get you moderated:  
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.  
> Unsubscribe, change to digest, or change password by emailing  
> moderator at companys at stanford.edu.


----- End message from Julio Cesar Fort <juliocesarfort at gmail.com> -----

More information about the liberationtech mailing list