[liberationtech] confused by the Sony hack

[Nathan Andrew Fain]

On 22/12/2014 06:58, Julio Cesar Fort wrote:
> Remember that Sony has pissed off hackers and
> information-wants-to-be-free sort of activists in the past. Its ties
> with MPAA and RIAA to clampdown torrent sites or its fierce
> persecution against PS3 hacker Geohot, for example, drew the ire of
> tons of hackers who hacked them left and right.
> Sony got a free penetration test in 2011 from LulzSec, groups affiliated
> with Anonymous and every other basement-dwelling hacker that bothered to
> point a SQL injection scanner against its websites.

This is the definitive reason why I question USG's claims. First we have
every right to doubt their claims until they show real evidence. The
worlds patience for "trust us, we have evidence" was completely burned
with "trust us, they have WMD's". We are now supposed to accept
sanctions on the same grounds? Even if someone feels placing additional
sanctions on N.K. carries low risk (in the brand protection sense) we
should care on the grounds of this history.

And next...

On 18/12/2014 23:47, Erich M. wrote:
> The attackers must have been long into Sony before. Mapped the entired
> network just as the NSA or GCHQ would do and then hit abruptly with a
> none too sophisticated exploit but one that worked. Exfiltrated data
> then swiped the disks, the file index alone is 1 GB text

On 21/12/2014 19:33, Erich M. wrote:
> A month later one of the leading US media companies in the US owned by
> close US ally Japan is being bashed and humiliated.The company's
> databases including highly sensitive and financial data are
> immediately distributed all over the net. Disgruntled Sony employees
> or hacktivists risking a zillion years in US jails because they don't
> like Sony?

risking a zillion years for the lulz is *exactly* the behavior, the alma
mater, of such hackers. And ironically the last time some "hactivists"
went to prison for a zillion years was for Sony. And you are right, they
would have to have been sitting in the network for some time. And this
is yet another reason to point to fragments of lulzsec. Data that can be
copied, is copied. It should be assumed the data cache (yes, even the 1
GB file index you mention) from the previous Sony hack was still around
and still actionable. The events from the current attack show how weak
Sony's security was, even years after the lulzsec events. This only
makes the old trove all the more actionable. And everything, I mean
*everything*, in this current attack fits the lulz moto.

but really, if the US can't produce the killer WMD,err cyberwar evidence
this time around they they should stop while they are ahead before they
come out of this looking like fools. maybe I'm digging myself into a
Donald Trump "he doesn't have a birth certificate" moment but the USG
lost the ability to obtain support for any action without clear evidence.