FBI briefed on alternate Sony hack theory

Uploaded on 2015-01-08 in GOVERNMENT-Law Enforcement, GOVERNMENT-Defence

FBI agents who are investigating the Sony Pictures hack were briefed recently by a security firm that says its research on the attacks points to laid-off Sony staff and not to North Korea, as the perpetrator.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Hackers who targeted Sony Pictures over the release of the film The Interview “got sloppy” and inadvertently revealed their links to North Korea, according to the director of the FBI.

James ComeyPicture: James Comey, the director of the Federal Bureau of Investigation

Speaking at the International Conference on Cyber Security James Comey said hackers had mistakenly sent messages that could be traced to IP addresses used exclusively by North Korea.

Comey said the North Korean origins of the cyber attack were evident despite the use of proxy servers in other countries to throw investigators off their trail.

"It was a mistake by them," he said. "It made it very clear who was doing this."

The US federal investigations chief added that he had a “very high confidence” that the attack was carried out by North Korea, “as does the entire intelligence community”.

However researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.
The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.

“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Kurt Stammberger said in an interview as his company briefed FBI investigators Monday afternoon.

He said the briefing was set up after his company approached the agency with its findings.
Stammberger said after the meeting the FBI was “very open and grateful for our data and assistance” but didn’t share any of its data with Norse, although that was what the company expected.

The FBI afterwards said that it is standing behind its assessment, adding that evidence doesn’t support any other explanations.

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the US intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

In addition to Norse’s analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean.
The official said law enforcement is still treating the incident as an “active criminal investigation” but that that may or may not lead to a prosecution built on evidence that goes beyond a reasonable doubt.

And recently US Director of National Intelligence James Clapper has said at a cybersecurity conference that he suspects his North Korean counterpart to be behind the hack of Sony Pictures. The Daily Beast reports that Clapper said during his talk at the International Conference on Cybersecurity that General Kim Youn Chol may have been behind the hack.

Clapper explained that if North Korea were behind the hack, then General Kim would have had to authorise the action. General Kim is a four-star general in charge of North Korea's Reconnaissance General Bureau, the organisation that Clapper claims is responsible for the Sony hack.

Sony’s chief exec Kazuo Hirai said he does not expect the November cyber attack on the company's film studio to have a significant financial impact on the entertainment conglomerate, two weeks after the studio rolled out the movie after the attack.

"We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas. "However, I do not see it as something that will cause a material upheaval on Sony Pictures business operations, basically, in terms of results for the current fiscal year."

The studio, Sony Pictures Entertainment, said separately that the film, "The Interview," has generated revenue of $36 million (23 million pounds).

http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory

http://uk.businessinsider.com/us-official-names-the-north-korean-general

http://world.einnews.com/article/243326473/qroI9QR0FlWGYhvP

http://uk.reuters.com/article/2015/01/06/uk-sony-cybersecurity

http://www.theregister.co.uk/2015/01/08/sony_megahack_financial_impact/

« ‘Anonymous’ Call For Revenge On Charlie Hebdo Terrorists
Dark Web thrives despite Operation Onymous »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

QA Systems

QA Systems

QA Systems provides software testing solutions for safety and business critical sectors and software safety and security standards.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

C3.ai Digital Transformation Institute

C3.ai Digital Transformation Institute

The C3.ai Digital Transformation Institute is a research consortium dedicated to accelerating the benefits of artificial intelligence for business, government, and society.

Nonprofit Cyber

Nonprofit Cyber

Nonprofit Cyber is a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Lakera

Lakera

Lakera empowers developers and organizations to build GenAI applications without worrying about AI security risks.

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.