Who knows where to begin … as one man with an opinion, basing his opinion on the opinions of people who claim to have real facts, lets look at the debacle made of hubris…
When Sony bombs, they do so with great style.
Get your popcorn, this ride has been magnificent thus far & it could get even better. Especially with so many sensationalist media types not interested in facts. Really, the media made this in to the story of the year – this sort of thing happens after 6 months, but rarely does it get as much press time.
Before we begin, the pre-face …
If you’re aware of movements, there is one in the business world that is a primary motivator … money. It plays so many ways. Specifically, one thing people might or might not be aware of is operational security & company wide security. Security is an amazing conundrum.
Take physical security. You have security officers working at billion dollar business’s international headquarters making basic minimal wage. Make them contractors, so you do not have to pay them benefits and can save more money. Then you pay for shoddy cameras and a digital recording database that only records a third of every hour of the camera – by design. Then you pay an extra dollar to those people’s supervisors, that’s exactly how you want to make sure that your minimal wage personnel are all in line. Sounds really great right?
When we enter in to the companies data security, the situation is both better and worse. Two major items have been occurring since the early 90’s.
First, automation. You computer will do x & y to help you. Checking the weather, looking for news, log you into other computer systems on the network…see any problems here? Before you even see your desktop – since the end of the 80s your computer does things every time it turns on, things you might or might not double check unless you notice something “amiss”. Extend this to network tasks now, back ups? Automated. Network scans for new servers/desktops/hosts? Automated. Server side login in checks & unauthorized process checks? Automated. Whether it’s secure, working, hacked or broken is besides the point. The point is that this stuff is handled without any human intervention … you will never know something is wrong until it’s too late. See the piece on the Sands hack (Link).
Second, outsourcing. Everyone in the world has someone who is just starting out & will work for cheaper, without benefits & expect their payout later on … with globalization, you can have these people from around the world log in to your secure network and do menial security work for you! How great is that? You can open a door through all of your network security directly in to your sensitive data! Or just give them the map of where they are supposed to and not supposed to be…well, that’s never backfired on anyone right Sony? The solution, is one boss and expert of the company is an employee & these two people supposedly direct the entire work flow of their 3rd party group. Never mind if the third party is from the same country or another. A third party operates on a contract of sometimes specifically stipulated goals to give a false sense of security. Things like how many router updates a week they do or man hours spent logged in and active on the security logs (read, hitting next with one hand at the console while shopping ebay with the other).
Now, you have a basic idea of the state of security at most companies. Let’s begin the fun...
What we know …
- The first few demands which were private, but released open letter style later were more about work place rights.
- The first few demands contained no mention of North Korea by either side, nor did they reference any specific movies. You can see these off pastebin, if the motion to supress ran by Sony fails. No link included, purposefully.
- At some point, every source (literal definition, not blog re-post) has referenced an inside job.
- This attack came in stages.
- This attack was done over a period of time far longer than the popular media has been reporting.
- Most people with knowledge of security, acknowledge this attack is a generic malware based on previous successful hacks against other targets, that then was adapted to be used specifically against Sony at a later point. To clarify, it is not known or expected that the original authors that hit other companies have anything to do with the new attack on Sony.
- At a later point, prior to popular media attention – it appears other attackers piled on internet flash mob style to Sony.
- Sony turned to the US government for help.
- The US government officially denies North Korea is involved.
- The same day an unoffical Obama administrator claims they know it was North Korea, because of xxxxxxxxx? This source is rampantly cited by popular media culture, as it is absolutely unverifiable and it’s sensationalism is exponential to the ability to ever discredit it.
- There is an extra issue few people are talking about … Sony employees are already hostages inside North Korea & the US has been facilitating / proxy in negotiations on behalf of Japan. The Obama administration unofficial official claims this is why Obama will not come out publicly swinging against North Korea. (Link)
- Even if the US wanted to swing back at North Korea, they keep such a minimal public internet (only their capital city is allowed to physical access the internet as we know & very buildings in have the connection), it would be difficult to perform the type of hack that would constitute equal force. North Korea is considered a hardened installation essentially. Note, for clarity, the US claims to have established compromised host computers in the China connection North Korea uses & made progress in the past 2 years per some reports. (Link)
Touching on a few things here…
Without real data no one can comment … but based on the Second Iraq war strategy of mutually reinforcing false information (See the Cheney “treat as if classified” fiasco on NPR.org). We have someone in the Obama administration mysteriously using the tried and true formula to posture against North Korea for concessions at the negotiation table (Link).
The details are murky, but what all computer experts out there have widely claimed is that the US Federal investigation is saying anyone who uses a widely and publicly available remote drive wiping software product is in league or working for North Korea. See here about other parts of the package used in previous hacks of South Korea and Saudi Arabia (Link). One detail is semi-interesting. It could just as easily be support or discredit North Korea from the hack … the component of the malware used to actually do the wiping was compiled only days before the attack (Link).
In the same day this mysterious speaker is talking, other people are on record stating there is no connection. That day is 12/18/2014, Sony & FBI claim no evidence that North Korea is directly involved (Link). In a war of proxies anyone can claim anything unfortunately.
Update: 8 Months later…nothing…http://www.cnn.com/2014/12/26/opinion/yang-the-interview-sony-aftermath/index.html