So, remember President Obama’s promise of a “proportional response” to North Korea on this Sony hacking mess?
I’m sure it’s just a coincidence. Probably involves a goat and some chewed wires or something. Hell it’s Vox, they may end up correcting the post later, they tend to do that a lot lately.
Open thread.
Karen in GA
Why, we have a company here that just had a hacking problem. What are the odds, amirite?
beth
Has anyone read this CNN story about the US helping ship a convicted Cuban spy’s sperm out to Cuba in exchange for better conditions for Alan Gross? I’d have liked to be in on those negotiations. What a weird story.
http://www.cnn.com/2014/12/21/world/americas/cuban-spy-artificial-insemination/index.html?hpt=hp_t1
schrodinger's cat
North Korea has the intertoobz? Who knew?
Rosalita
Vox’s website is annoying as hell
mikej
It’s very likely it’s just internet tough guys running scripts against random nork ip addresses.
Mnemosyne
I dunno, a cyberattack for a cyberattack doesn’t seem that disproportionate. A disproportionate response would be to shoot a hellfire missile into Kim Jong-un’s imperial palace. What am I missing?
Elizabelle
More reasons to like George RR Martin. From The Guardian:
Link to Geo RR Martin’s blog, which is lively.
Elizabelle
I hope Mr. Martin and independent theatres get first copies of “The Interview” when it’s released.
Maybe in January or February, and with even more buzz. Not like it was ever an Oscars contender.
People can do “Fuck yeah, Freedom” viewings.
I hope they leave their guns at home.
schrodinger's cat
BTW whatever happened to Nate Silver? He seems to be getting not as many links as he did when he was at NYT.
Snarki, child of Loki
It’s gotta be super-easy to DDOS a set of 2400 baud modems, just sayin’.
Butch
One of the first pieces ever to appear on Vox was a ludicrous discussion that called certain types of news stories “vegetables.” I decided at that point never to visit the site again.
Zandar
@Mnemosyne: I actually don’t think it’s disproportionate, I think A) it probably really is a goat-based outage, B) if the US really wanted to mess with North Korea’s internet capabilities, we wouldn’t need much more than a hungry goat, and C) Vox is probably jumping the gun on this like they always do.
schrodinger's cat
BTW I am off to join the hibernation kitteh, who is now on the ICHC/lolcats homepage, second from the top.
MattF
The article mentions that NK’s internet connections to the rest of the world are all routed through China, so there’s all sorts of possibilities.
srv
Who doesn’t Obama hate?
Shakezula
@Butch: Could they have meant evergreens?
PaulW
South Korea is reportedly upping the security on their MMO servers…
? Martin
I doubt this is the US gov. Anonymous already said they’d go after N Korea and this is the kind of thing they’d have no problem pulling off. Shutting down N Koreas internet would be easier to do than shutting down the Playstation network.
Butch
@Shakezula: I think the point being made was that they’re routine but good for you, or something. Wonkette wrote a hilarious piece in response.
I'mNotSureWhoIWantToBeYet
Doesn’t seem to be a DDOS. Akamai Map.
FWIW.
Cheers,
Scott.
(Who would guess it’s just rickety infrastructure rather than the NSA or CIA or …)
The Other Bob
Why should the US government retaliate against a government who hacked the systems, of a private, Japanese corporation? Why does the US Gov’t even have a role here?
Tree With Water
That’s great. Probably end up short-circuiting NK’s nuclear weapons sites. “Boom”.
Corner Stone
Has anyone seen any credible info that NoKo is in fact behind the Sony stuff?
Forgive me if I’m highly sceptical and don’t swallow what the admin is pushing.
CONGRATULATIONS!
@The Other Bob: Sony Pictures is an American corporation, not Japanese.
I think your point remains valid: why is the government taking military action on behalf of ANY private business?
@Corner Stone: No. Just assertions from the usual suspects without any evidence provided whatsoever.
Corner Stone
Having read the Vox article, I am surprised Max Fisher didn’t include Puff the Magic Dragon as one of the likely culprits. He went ahead and included everyone else, so it’s kind of insulting.
NonyNony
@Zandar:
D) If it isn’t an infrastructure outage, it’s could well be a
millionhandful of US-based teenage-to-twenty-somethings who decided to take the matter into their own hands. The internet is pretty full of folks who are willing to do things like that if they thing someone needs to be “taught a lesson”.The trick is – even if the folks who attacked Sony told Sony that they were North Koreans pissed about “The Interview”, there’s no reason to actually believe it absent other evidence. Even if the attacks originated in North Korea it could still be US or Japanese or other hackers who found out Sony was protecting their Internet connections with digital cheesecloth and decided to screw with them using systems in North Korea they’d already owned.
catclub
@CONGRATULATIONS!:
Does that include the TPM summary of FBI statements? Looked like there was some evidence there.
Shalimar
@CONGRATULATIONS!: The US has a long history of taking diplomatic and military action on behalf of private businesses. It’s frequently disgusting, but it isn’t new. At least a dictatorship is the target this time, and we aren’t overturning a democracy to impose a dictatorship. See also United Fruit, et al.
Bystander
I’m wondering how long before the Guardians of Peace change their name lest they be acronymically confused with a far more ruthless, destructive criminal organization.
? Martin
@NonyNony: This is a pretty strange attack. I can’t conceive of what the motives might be. The Interview wasn’t going to be a big film. Sony has been financially damaged, but nobody has profited from that damage. Framing NK seems to be an exercise in redundancy – what are we going to do to NK that we wouldn’t already be predisposed to doing or aren’t already doing.
OTOH, NK has a long and sordid history of doing shit like this. Hell, it wasn’t even that long ago that they were still kidnapping Japanese nationals to run their Japanese language programs. They’ve bankrupted the country building monuments and celebrations to their leaders that provide no economic benefit to the nation. The only aspect of this that anyone really questions is whether NK has the capacity to do this (nobody questions that they are of a mind to get butthurt over a movie), and that part of it is actually quite easy to hire – even from SK. We’re not talking about blowing up schools – it’s pwning a corporation for lulz and a paycheck. It’s trivial to find people willing to do that. Fuck, people do that even without the paycheck.
Corner Stone
@catclub: If you (the general you) wanted to read the CERT finding recently published, it’s pretty interesting. If you’re in to that sort of stuff.
It looks like a cocktail of tools, none of which seem overly sophisticated. But packaged together seem like a nasty bit of business.
This CERT report doesn’t address how the bad actors got into the network in the first place. Which, to me, is the more interesting part.
edited slightly
Villago Delenda Est
@Bystander: Pretty much my thought when I saw what they were using as an abbreviation.
Do they really want to be associated with a bunch of Bond villains?
catclub
@Corner Stone: Thanks!
Villago Delenda Est
@NonyNony: If whoever hacked Sony claimed they were cats with an attitude problem, would Sony just accept that without bothering to check?
Probably not, although given how fucked up Sony’s US operations are, being run by MBA vermin and all, well, who knows.
Mnemosyne (iPhone)
@? Martin:
I don’t find it outside the realm of possibility that NK would want to embarrass a major Japanese corporation, especially if they can embarrass the US at the same time. It’s not like there’s much love lost between Japan and the rest of Asia, especially since Japan’s right-wingers have been running their mouths off again.
catclub
@Butch:
I am not saying they are right, but I am asking: Did you read all of Richard Mayhew’s post just above on single payer in Vermont? I didn’t.
samiam
So cute when ball juicers try explain the internet when they don’t have much of a grasp on it themselves. Think Ted Stevens calling it a series of tubes.
The US gov’t has much better things to do than DDoS a country. One of the bluntest crudest internet attack tools there are. A tool reserved for lazy script kiddies who have a disagreement with some guy running a gaming server.
burnspbesq
I don’t have any illusions about the probability that this will happen, but it’s nice to see.
http://www.taxanalysts.com/taxcom/taxblog.nsf/Permalink/UBEN-9RXJSE?OpenDocument
P.S. to Zandar: You wearing your Duke gear proudly after yesterday’s kicking of UK ass?
burnspbesq
@samiam:
So what are you recommending, asshole?
NonyNony
@? Martin:
But this is actually exactly my point – why assume that North Korea has done this as a political act when it could also be a group of homegrown hackers just doing it for the lulz?
It could very well be that Sony was targetted for the Interview because of a hatred of Seth Rogan and/or James Franco, with the “we’re from North Korea and we’re very upset about this movie” part being a bit of a joke by the guys who broke Sony’s network. It is the kind of thing some of my punk-ass friends would have thought was hilarious back in the mid-90s.
samiam
@burnspbesq: Glad you asked. S TF U and let the adults handle it. Stick to things you are mentally equipped to do like feeding your pets and not drooling on yourself….at least not too much.
Hal
@srv:
Once again it’s Obama’s fault. Commander and chief of the military, but Congress has the power of the purse.
Mnemosyne (iPhone)
@NonyNony:
As quoted in #27, though, there do seem to be some markers in the code that appeared in previous, verified attacks by NK. I’m not as confident as you are that some random script kiddies would know those markers or be able to insert them into the code with just enough randomness to make it look plausible.
I’m not saying NK couldn’t have been framed, but it would have needed to be done by someone with a pretty good understanding of the previous attacks. I’m not sure a random 4Channer would have access to that.
MattF
NYT article on collapse of NK’s network:
http://www.nytimes.com/2014/12/23/world/asia/attack-is-suspected-as-north-korean-internet-collapses.html?hp&action=click&pgtype=Homepage&module=first-column-region®ion=top-news&WT.nav=top-news
Calouste
@Shalimar: And of course the most infamous case, overthrowing the Iranian government in 1953 on behalf of Anglo-Persian (later British Petroleum) because they didn’t want to pay the Iranians the same oil royalty rates that the American oil companies were paying the Saudi’s. Good job Ike.
No One of Consequence
RIP Joe. Watching you sing was painful, but listening to you sing was wonderful.
Heaven’s Band just got another great vocalist.
Peace,
– NOoC
Tone in DC
The last two Congresses have been unutterably, execrably worthless.
The next legislature promises to be worse.
More executive orders, BHO. Make these idjits use Vitter’s entire stash of diapers as they continue to shit their pants on a continual basis.
Corner Stone
@Mnemosyne (iPhone):
There’s a reason they are called script kiddies. They bricolage (ha M_C!) already existing tools others have developed and proven to work. The fact that there is some code or signature seen elsewhere from a malignant entity means about as much as the fact that a hundred dollar bill has traces of cocaine on it.
drkrick
The evidence for those attacks that were “previously verified” as coming from North Korea doesn’t hold up to close examination much better than Star Wars science does. At the very least, they’d have had to have outside help. I understand that the data download of what they pulled from Sony Pictures would have caused a collapse of their infrastructure comparable to what they’re experiencing today.
Corner Stone
@drkrick:
Is there Star Wars science? I always thought the Jedi were a bunch of bullies and thugs using a cult like mythos to cower the ignorant and less informed. Didn’t know someone tried to prove how a lightsaber could extend a certain length and then stop reliably. Wouldn’t it be like holding on to a thermonuclear nightstick?
Bob In Portland
Just a question: How are we sure that North Korea was behind the Sony hacking? I mean, the FBI seems to have fucked up the 9/11 investigation, never seems to have taken an interest in the Extraordinary Rendition program. Their eventual anthrax villain (after it was first alleged to be Saddam, then a guy at Fort Detrick before they settled on another guy at Detrick, but again without any proof, seems to be particularly bad at solving crimes where the CIA has left its fingerprints.
So, while I realize that the default setting here at Balloon Juice and throughout the liberal blogosphere is that a “bad guy” like Kim hacked Sony, what specific proof is there?
Shalimar
@Tone in DC: The next Congress is going to more eventful, if you like banging your head against your desk or a random wall. They will get far more bills passed, then bitch about how much Obama hates democracy for vetoing bills that include things like requiring him to castrate himself in public. It’s going to be a competition to see which republican official can come up with the most creative cruelty. Good times.
At least you never have to wonder whether the other team is better, as bad as democrats get sometimes.
Mustang Bobby
I think Kim Jong-un either tripped over the extension cord in his mom’s basement, or crashed his Apple IIc playing World of Warcraft.
Shalimar
@samiam: You were trying to prove he was right in calling you an asshole? Excellent job with that. You made Burns look reasonable and prescient by comparison.
Corner Stone
@Bob In Portland:
I don’t know about the “liberal blogosphere”, maybe they do accept the pronouncements that NoKo is the bad guy. But here at BJ there has been a pretty fair mix of those who are wondering just WTF is going on here, and not shaking their angry fists at Kim jong-un as a default. Right here in this thread, actually.
I, for one, have lost the plot that informs us who is benefitting from these attacks and this outcome.
Corner Stone
@Mustang Bobby:
I think he may have actually defeated the Legend of Zelda on his old school Nintendo.
Mnemosyne (iPhone)
@drkrick:
That’s why the operative theory seems to be that NK hired some bad actors to do it for them. I’m sure there are a metric ton of hackers in, say, Russia who would be happy to take a break from stealing credit card numbers to do something like this.
My operative theory is still that it was a disgruntled employee or employees since there have been some nasty layoffs at Sony in the past year. Script kiddies randomly getting lulz seems less likely to me than disgruntled ex-employees, but I suppose it’s possible.
burnspbesq
@samiam:
Please don’t tell me you consider yourself to be part of that group. That’s beyond laughable. You suck as a troll; why should anyone think you’re good at anything else?
NonyNony
@Mnemosyne (iPhone):
I’m not saying I’m confident in that at all – I’m saying that there’s nothing in the reporting that actually leads me to believe that North Korea has been verified as the source of the attacks, rather than just assumed to be the source.
The “markers in the code” thing, for example – anyone who has done any network security knows that this code gets passed around more than, well, insert your own analogy for things that get passed around here. The code for the earlier attack could have been developed in Russia or Scotland or the US or Canada or China or whatever and sold to people who had it stolen from them by someone sold it to people who sold it to someone in North Korea. That’s generally how it works – it isn’t like these guys worry about “copyright” or anything like that.
And IP addresses being owned by North Korea communicating with bots? Every organization of any size has similar computers in their infrastructure. They get “owned” by an attacker and the attacker uses them as yet another hop to obfuscate where they’re attacking from. Hell that actually almost counts as a point against the attacks being from NK in my eyes, unless the NK hacking squad is both incredibly sophisticated and incredibly naive simultaneously (it’s possible – I’ve known idiot college students like that – but unlikely for a government sponsored group which if they have Internet access in NK they pretty much have to be.)
I mean in many ways the most likely scenario is that it is some kind of North Korea sponsored idiocy, but given what I’ve read in the press so far I don’t see any positive evidence for it. Just that the people reporting on it have jumped directly from Sony saying “they said they were from North Korea” and law enforcement saying “North Korea could have done it” to reporting that North Korea did it. I’d like to see a few more dots connected myself because traces of the same code being used in different attacks months apart is not, really, evidence of anything.
I'mNotSureWhoIWantToBeYet
@burnspbesq: Very interesting. Thanks for the pointer.
Cheers,
Scott.
Bill Arnold
@Bob In Portland:
Short answer, we are not sure, and cannot be sure. No evidence has been shown. Words have been said about technical things that were seen, but they are second or third hand. (Forgery is possible at several levels.) Necessarily any public discussion/speculation is around possible motives, plausibility, etc.
I'mNotSureWhoIWantToBeYet
@NonyNony:
That introduces the dog that didn’t bark, though, doesn’t it? If they wanted to hurt Sony because of the “The Interview” movie, they could have dumped it on whatever public file sharing site got the other unreleased Sony films. Sony (and Rogan and Franco) won’t make any money if everyone and his brother can get the film off a Torrent or something.
They didn’t dump the film on the Internet.
Why?
Presumably because their “patrons” don’t want people to see it. And that leads us back to: Who wouldn’t want people to see it?
FWIW.
Cheers,
Scott.