FBI briefed on alternate Sony hack theory

Uploaded on 2015-01-08 in GOVERNMENT-Law Enforcement, GOVERNMENT-Defence

FBI agents who are investigating the Sony Pictures hack were briefed recently by a security firm that says its research on the attacks points to laid-off Sony staff and not to North Korea, as the perpetrator.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Hackers who targeted Sony Pictures over the release of the film The Interview “got sloppy” and inadvertently revealed their links to North Korea, according to the director of the FBI.

James ComeyPicture: James Comey, the director of the Federal Bureau of Investigation

Speaking at the International Conference on Cyber Security James Comey said hackers had mistakenly sent messages that could be traced to IP addresses used exclusively by North Korea.

Comey said the North Korean origins of the cyber attack were evident despite the use of proxy servers in other countries to throw investigators off their trail.

"It was a mistake by them," he said. "It made it very clear who was doing this."

The US federal investigations chief added that he had a “very high confidence” that the attack was carried out by North Korea, “as does the entire intelligence community”.

However researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.
The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.

“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Kurt Stammberger said in an interview as his company briefed FBI investigators Monday afternoon.

He said the briefing was set up after his company approached the agency with its findings.
Stammberger said after the meeting the FBI was “very open and grateful for our data and assistance” but didn’t share any of its data with Norse, although that was what the company expected.

The FBI afterwards said that it is standing behind its assessment, adding that evidence doesn’t support any other explanations.

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the US intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

In addition to Norse’s analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean.
The official said law enforcement is still treating the incident as an “active criminal investigation” but that that may or may not lead to a prosecution built on evidence that goes beyond a reasonable doubt.

And recently US Director of National Intelligence James Clapper has said at a cybersecurity conference that he suspects his North Korean counterpart to be behind the hack of Sony Pictures. The Daily Beast reports that Clapper said during his talk at the International Conference on Cybersecurity that General Kim Youn Chol may have been behind the hack.

Clapper explained that if North Korea were behind the hack, then General Kim would have had to authorise the action. General Kim is a four-star general in charge of North Korea's Reconnaissance General Bureau, the organisation that Clapper claims is responsible for the Sony hack.

Sony’s chief exec Kazuo Hirai said he does not expect the November cyber attack on the company's film studio to have a significant financial impact on the entertainment conglomerate, two weeks after the studio rolled out the movie after the attack.

"We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas. "However, I do not see it as something that will cause a material upheaval on Sony Pictures business operations, basically, in terms of results for the current fiscal year."

The studio, Sony Pictures Entertainment, said separately that the film, "The Interview," has generated revenue of $36 million (23 million pounds).

http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory

http://uk.businessinsider.com/us-official-names-the-north-korean-general

http://world.einnews.com/article/243326473/qroI9QR0FlWGYhvP

http://uk.reuters.com/article/2015/01/06/uk-sony-cybersecurity

http://www.theregister.co.uk/2015/01/08/sony_megahack_financial_impact/

« ‘Anonymous’ Call For Revenge On Charlie Hebdo Terrorists
Dark Web thrives despite Operation Onymous »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

CYMAR

CYMAR

CYMAR The “CYBER” Smart Solution to offer sustainability and bring resilience to Global SMART Terminals and protect the supply chain of the World’s economy.

Alcatel-Lucent Enterprise (ALE)

Alcatel-Lucent Enterprise (ALE)

We are Alcatel-Lucent Enterprise. Our mission is to make everything connect with digital age networking, communications and cloud solutions.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

Couno

Couno

Couno is a trusted provider of IT support services throughout the UK and Europe.

GrayHats

GrayHats

GrayHats is a platform-based cybersecurity company devoted to delivering comprehensive, scalable, and proactive protection for businesses in an ever-evolving threat landscape.