2014/03/Ziad K Abdelnour Addressing FPC Event.jpg
Print Print This Page

Blog

The Sony Breach: The Evidence vs Politics

By : Ziad K Abdelnour| 23 December 2014
Please Share!TwitterFacebooktumblrGoogle+PinterestLinkedIn

Blaming North Korea for the Sony breach may be like blaming Benghazi on a video. The Sony breach may be much larger than is being admitted and It may affect your household.

Everyone is agog at the recent breach at Sony Pictures in Hollywood.  Movies that have yet to be distributed were downloaded and put on peer to peer sharing sites called torrents. Emails were leaked that showed far left Democrats insulting Obama and making some pretty nasty racist jokes about him. Angelina Jolie was called a no talent bitch and other actors, like Leonardo DiCaprio and Will Smith’s children, were also insulted. The FBI quickly blamed North Korea with absolutely no evidence and later doubled down after saying they had investigated the case. President Obama condemned Pyongyang. However, I would like you to consider the possibility that the condemnation of North Korea as the Hackers before any reasonable investigation has been done is very much like blaming Benghazi on a video almost no one saw and we now know was not the reason for the attack on the American ambassador and personnel.  Here are the primary reasons I say that:

  • The hackers asked for money in blackmail emails days before the attack and no one said anything about the movie until after the hack.
  • The hack was done from a Starwood Hotel in Bangkok, Thailand unless that hotel allowed itself to be used as a VPN tunnel.
  • When the group posted in Korean AFTER the US made a North Korean connection, the Korean writing was incorrect and appeared to have been done by a translator.
  • Sony is saying there was help from inside the company because the hackers knew exactly were to go to get the most important material from their servers. Additionally, they had key passwords that could not be gained from inside the hack.
  • WhiteHat Security has the contract for Sony.  A source inside WhiteHat says they believe the breach was not done North Korea.
  • FBI is pressuring those doing a report to find it was North Korea. I call BS. Check out as per below a screen shot of what appeared on computer screens at Sony.

Holiday Gift Guide

The official estimate by Sony of losses due to the hack is $75 Million. That amount is based upon box office receipts; real losses may range $1 billion and beyond. The Sword of Damocles hanging over their heads is the fact that newer PlayStation game consoles are directly connected to Sony Pictures allowing PlayStation owners to rent movies from the same library that was compromised. That means millions of people who have entered personal information including credit card numbers could be at risk. This follows on the breach of the same system in 2011 that exposed over 100-million user accounts. Moreover, MasterCharge Corporation has recently sent a notice to those accepting their card that there will be a charge for every card where the information has been compromised.  That charge alone could conceivably bankrupt the company.

Almost certainly Sony will rush to claim that there is no chance of a compromise of their customer’s information. Yet, as you can see from the screen capture, the PlayStation advertises that one can stream new movies directly from the same library that was compromised. There is little reason to believe the hackers did not access personal and credit card information. IF that database was compromised the information would include not only card numbers like in the Target breach, but expiration dates and security numbers.

Of course it is difficult to calculate the financial impact of insults to box office stars as well as a major financier and producer Megan Ellison. Additionally, in this bastion of Democratic sensibilities, their racist remarks about President Obama might certainly impact the company financially and in other ways. Simply the specter of millions of credit cards being sold on the black market and charges for each card so compromised bumps the possible losses well up to that billion-dollar mark.

Let’s deal with the issue of North Korea. Starting at the beginning, the hackers’ emails simply said they wanted money, not the removal of a class-D comedy. At least one of the emails read “We’ve got great damage by Sony Pictures,” The subject line was “Notice to Sony Pictures Entertainment Inc.” they were signed “God’sApstls” which was later connected to the GOP.

“We’ve got great damage by Sony Pictures,” writes “God’sApstls” in the message that was sent 21 Nov., with the subject line: “Notice to Sony Pictures Entertainment Inc.” The body read “The compensation for it, monetary compensation we want,” it continues. “Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You’d better behave wisely.”

The emails were sent to Sony Pictures Entertainment president Doug Belgrad; Steven Bersch, president of Sony Pictures worldwide acquisitions; and president of production, Michael De Luca.  They were also sent to Sony Pictures chiefs Michael Lynton and Amy Pascal. We now know Pascal did not open her copy, but we do not know yet if any other recipients failed to open theirs or simply ignored them. The emails make no reference to North Korea or the movie The Interview.

On the 22nd anyone inside the company could tell the system had been compromised. A red skull overwritten by HACKED BY #GOP greeted workers with a message detailing where the leaked movies would be posted.

Hacked by GOP

One employee told the Los Angeles Times they ended up writing with pen and paper and using the FAX to communicate with other offices.

Sony initially foolishly told workers they were dealing with an “IT matter”, but later acknowledged the very obvious hack to the staff, calling it a “brazen attack” comprised of “malicious criminal acts”.

It was not until the Monday after the breach, in a new message that advertised the latest document dump, the hackers asked Sony to “stop immediately showing the movie of terrorism which can break the regional peace and cause the war!” This was after the FBI had connected the incident to North Korea and is a cleaver way to obfuscate any other players in the situation. That message also read: “We’ve already warned you, and this is just the beginning.”

Of course, from that message and a profanity-laced exchange with freelance reporter Thomas Fox-Brewster last week it is obvious that the person writing was not a native English speaker. That does not make the players are Korean. The hackers signed an email ot Fox-Brewster with a phrase in Korean that contained errors and did not appear to have been written by a Korean native speaker either.

The group calling themselves Guardians of Peace with the logo #GOP took credit for the attack and the signature “God’sApstls” was embedded in the malware that was used to break into Sony’s computers, steal data, and erase thousands of sensitive documents. A reference to God related to a fully Communist state seems odd by itself.

The trail from those emails to North Korea grew even more shaky where Bloomberg News has reported that the perpetrators worked from a hotel in Thailand. North Korea does indeed have excellent hackers known as Bureau 21, but like all citizen of the self styled heaven on earth, they don’t roam around Asia staying in luxury hotels like the St. Regis which was the IP address of the attackers. Additionally, unnamed Sony executives told TMZ the hackers were helped by insiders who knew where the most embarrassing information could be found. Presumably, based upon culture and current events, Sony being a Japanese-owned company doesn’t go out of its way to hire North Korean sympathizers.

WHY DID THEY CAVE?

Yes, five major theater chains refused to show the film over Christmas break, but did not say they would never show it. While that was a major hit the controversy alone would probably guarantee more viewers than the movie would have had before the hack. The real reason my be that the Guardians of Peace may be blackmailing Sony; holding back even more salacious and damaging information than has already been released; threatening to dump millions, of credit cards on the black market; release the full Sony library of pictures; or use the portals presented by the hack to do damage to other groups. A good exemplar of their power might have been the breach of the SAG information about actors’ retirement and other benefits that closely followed the Sony hack. That breach may well have been through the Sony portal.

WHY DID IT HAPPEN?

It is my opinion that much of the blame can be laid at the feet of the several security companies that serve Sony, and perhaps Sony’s lack of diligence to know what was happening in their own systems. For example, WhiteHat Security had a contract for Sony and they didn’t update their software to one that probably would have prevented the breach. They had in hand software that has both passive and dynamic defenses while the one installed was only passive. WhiteHat either simply didn’t bother installing it or Sony was too cheap to pay for an upgrade.

The President is out there screaming this is unprecedented (not), and yes the Korean government (thank you FBI). It almost certainly had help from someone inside because they knew where to go to find those embarrassing emails and to get the best stuff. They also had closely held passwords. Sony admits to the insider component which is one of the problems with the North Korea narritive.

In great part it was their failure because they haven’t upgraded the system. They have a passive/dynamic system available, but for whatever reason, it was not put in place.  Additionally, either Sony fell down on their responsibility to inform WhiteHat of threats or WhiteHat deliberately ignored their responsibility to protect the firm.

Kevin Mandia, the head of Mandiant, the security company hired by Sony to investigate the hack, referred to the attack as “unprecedented,” “undetectable” and “unparalleled.” But several experts are skeptical of that description, putting the fault on Sony’s own security shortcomings.

WHAT ABOUT THE FBI?

The FBI claimed the breach was North Korea even before they could examine the evidence. Later they said “technical analysis of the data-deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed,” including “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.” That, of course, assumes no one else could have copied he script. Nor do they say they were the same, but similar. Unlike fiction writing, the code would have to be at least similar to get the job done. For example, very similar hacks have been used in earlier hacks in Saudi Arabia and other countries.

The FBI claims also the attack was uniquely sophisticated. It presents a case that a country without a computer infrastructure could launch such an assault. This isn’t an almost magical action adventure movie with unlimited resources and secret technology the FBI seems to suggest. The company Risk Based Security says the FBI has “not released any evidence to back these claims.” They add: “While the FBI certainly has many skilled investigators, they are not infallible.”

Why would the FBI target North Korea if there is little evidence to support that viewpoint? I don’t know the answer, but I suggest that a larger cyber-budget may play a part – or political goals by the current administration.

Much of this story remains untold. We will probably see information dribbling out over the next year and we may never know the full extent of the hack. If nothing else, it will be used for political purposes and those are still to see the light of day.

Share your thoughts…

Leave a Reply

Top