3 min read

Sony hackers failed to hide their North Korean IP addresses, says FBI

Graham CLULEY

January 09, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Sony hackers failed to hide their North Korean IP addresses, says FBI

Did they or didn’t they?

That’s the question everyone is asking in the computer security industry – is it really plausible that North Korea was responsible for the hack against Sony Pictures which saw the company’s computer grind to a halt with images of skulls, and documents and internal emails leaked to the internet?

In fact, it’s not just the security nerds who are interested in where the attack might have come from. I’ve lost count how many times in the last month family and friends unconnected to the security business have asked me who I believe was most likely to have perpetrated the hack.

Personally, I would be very surprised if North Korea was to blame. It just seems very odd behaviour and out of character for a country to make such an obvious assault against a particular business. Normally, state-sponsored hackers would be more interested in silently spying, and not drawing attention to themselves with payloads more likely to appeal to a teenage heavy metal fan.

sony-gop-600

But then, North Korea *is* a very odd country, and its leaders even stranger…

Maybe it is *possible* that a country run by a chap like Kim Jung-un would take offence at a comedy movie that portrayed his assassination (even though, let’s not forget, the initial communications between the hackers and Sony executives demanded money, and didn’t mention the film).

*Possible*, but likely? I, like many others in the computer security arena, remain unconvinced.

A disgruntled former employee sounds much more plausible to me.

Not that my opinion matters much, because the United States authorities are convinced that North Korea is to blame, and have even levied sanctions as a result.

And, realising that there are many who are skeptical about the blaming of North Korea, FBI director James Comey has given a speech at the International Conference on Cyber Security (ICCS) at Fordham University in New York, promising to reveal more information about how the agency came to its conclusion.

According to Comey the hackers “got sloppy”, occasionally forgetting to disguise their identity online by using proxy servers that bounce an internet connection around the world. Instead, claims Comey, the attackers revealed IP addresses that are exclusively used by North Korea.

“In nearly every case, [the hackers] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy.

“Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using… were exclusively used by the North Koreans.”

“They shut it off very quickly once they saw the mistake. But not before we saw where it was coming from.”

Unfortunately, Comey wasn’t prepared to take any questions after his talk – so it’s hard to be sure how the FBI confirmed that those North Korean IP addresses weren’t proxies themselves, perhaps deliberately commandeered by hackers to send investigators in the wrong direction.

Furthermore, the mystery of why the hackers only started to mention “The Interview” movie that has apparently enraged the North Korean regime so much *after* the media suggested it as a possible motive. Remember, the hackers initially said they were after money.

Unfortunately for us, the FBI says it cannot provide more information about how it came to its conclusion for national security reasons:

“I want to show you, the American people, as much as I can about the why, but show the bad guys as little as possible about the how. This will happen again and we have to preserve our methods and our sources.”

However, without more compelling evidence, or even some sliver of detail that might support the FBI’s case that it was a state-sponsored attack by North Korea, many of us will remain continue to dubious about the claim.

As security research Marc Rogers notes, Comey’s speech promised much but fundamentally failed to deliver the smoking gun necessary to prove North Korea’s involvement.

And for that reason, we’re right to remain skeptical.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For
Silviu STAHIE

May 19, 2022

3 min read
Researchers Find Thousands of Websites that Record Everything You Type Researchers Find Thousands of Websites that Record Everything You Type
Radu CRAHMALIUC

May 16, 2022

2 min read
Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read