3 min read

Sony hackers failed to hide their North Korean IP addresses, says FBI

Graham CLULEY

January 09, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Sony hackers failed to hide their North Korean IP addresses, says FBI

Did they or didn’t they?

That’s the question everyone is asking in the computer security industry – is it really plausible that North Korea was responsible for the hack against Sony Pictures which saw the company’s computer grind to a halt with images of skulls, and documents and internal emails leaked to the internet?

In fact, it’s not just the security nerds who are interested in where the attack might have come from. I’ve lost count how many times in the last month family and friends unconnected to the security business have asked me who I believe was most likely to have perpetrated the hack.

Personally, I would be very surprised if North Korea was to blame. It just seems very odd behaviour and out of character for a country to make such an obvious assault against a particular business. Normally, state-sponsored hackers would be more interested in silently spying, and not drawing attention to themselves with payloads more likely to appeal to a teenage heavy metal fan.

sony-gop-600

But then, North Korea *is* a very odd country, and its leaders even stranger…

Maybe it is *possible* that a country run by a chap like Kim Jung-un would take offence at a comedy movie that portrayed his assassination (even though, let’s not forget, the initial communications between the hackers and Sony executives demanded money, and didn’t mention the film).

*Possible*, but likely? I, like many others in the computer security arena, remain unconvinced.

A disgruntled former employee sounds much more plausible to me.

Not that my opinion matters much, because the United States authorities are convinced that North Korea is to blame, and have even levied sanctions as a result.

And, realising that there are many who are skeptical about the blaming of North Korea, FBI director James Comey has given a speech at the International Conference on Cyber Security (ICCS) at Fordham University in New York, promising to reveal more information about how the agency came to its conclusion.

According to Comey the hackers “got sloppy”, occasionally forgetting to disguise their identity online by using proxy servers that bounce an internet connection around the world. Instead, claims Comey, the attackers revealed IP addresses that are exclusively used by North Korea.

“In nearly every case, [the hackers] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy.

“Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using… were exclusively used by the North Koreans.”

“They shut it off very quickly once they saw the mistake. But not before we saw where it was coming from.”

Unfortunately, Comey wasn’t prepared to take any questions after his talk – so it’s hard to be sure how the FBI confirmed that those North Korean IP addresses weren’t proxies themselves, perhaps deliberately commandeered by hackers to send investigators in the wrong direction.

Furthermore, the mystery of why the hackers only started to mention “The Interview” movie that has apparently enraged the North Korean regime so much *after* the media suggested it as a possible motive. Remember, the hackers initially said they were after money.

Unfortunately for us, the FBI says it cannot provide more information about how it came to its conclusion for national security reasons:

“I want to show you, the American people, as much as I can about the why, but show the bad guys as little as possible about the how. This will happen again and we have to preserve our methods and our sources.”

However, without more compelling evidence, or even some sliver of detail that might support the FBI’s case that it was a state-sponsored attack by North Korea, many of us will remain continue to dubious about the claim.

As security research Marc Rogers notes, Comey’s speech promised much but fundamentally failed to deliver the smoking gun necessary to prove North Korea’s involvement.

And for that reason, we’re right to remain skeptical.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read