Friday, December 19, 2014

The FBI's North Korea evidence is nonsense

The FBI has posted a press release describing why they think it's North Korea. While there may be more things we don't know, on its face it's complete nonsense. It sounds like they've decided on a conclusion and are trying to make the evidence fit. They don't use straight forward language, but confusing weasel words, like saying "North Korea actors" instead of simply "North Korea". They don't give details.

The reason it's nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it's own malware from scratch.

Here's the thing with computer evidence: you don't need to keep it secret. It wouldn't harm Sony and wouldn't harm the investigation. It would help anti-virus and security vendors develop signatures to stop it. It would crowd source analysis, to see who it really points to. We don't need to take the FBI's word for it, we should be able to see the evidence ourselves. In other words, instead of saying "IP addresses associated with North Korea", then can tell us what those IP addresses are, like "203.131.222.102".

But the FBI won't do that. They aren't in the business of protection but control. The idea that Americans should protect themselves and decide for themselves is anathema to the FBI.

13 comments:

Yair Silbermintz said...

I think "the FBI now has enough information to conclude that the North Korean government is responsible for these actions." is a pretty straightforward, non weasel word statement.

chad holbrook said...

Yes, it is straight forward. "We have stopped actually working on this because we have enough manufactured evidence to prove to ignorant and uninformed reporters that our lies are true."

Matt Kenefick said...

"While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:"

I swear. Did anyone even read this report other than Yair Silbermintz and myself? Or are we all just jumping on the "I hate the government that protects me" bandwagon?

Charlie McHenry said...

The FBI offered this as a proof: "Analysis of the data deletion malware...revealed links to other malware that the FBI knows North Korean actors previously developed." I don't see anything in this article that offers any counter-proof, other than the assertion that all hackers "share code." Not sure that is either valid or germane. Further, the FBI notes the activity of Japanese-based N. Korean hackers that would have such access. This article appears to be more nonsense than the FBI's press release at this point.

Unknown said...

The Malware was compiled on a Windows system running the Korean Language Pack. This fact should have been released by now. It's strong evidence. As the CEO of SnoopWall, @Miliefsky says it's a fact that it was a North Korean attack and that #GOP = #DPRK - and I will release my report by end of day Monday....stay tuned...

Mike said...

They should really be revealing some solid evidence regarding "enough information".

Lefty said...

"The Malware was compiled on a Windows system running the Korean Language Pack."

Except they don't use Windows in North Korea, they use "Red Star OS". Moreover, the dialect of Korean spoken in the North is different than that supported by the language pack.

Unknown said...

Surprise, surprise. FBI is telling "true" stories after North Korea said that Guantanamo and other CIA operations are against the human rights ... they really think we are dumb as a piece of bread.

El Spiero said...

Thanks for posting the truth Robert. We need more people like you to speak out against these frauds

RML said...

Aside from the similarity/proximity with the anti Prophet (supposed) film that instigated the Benghazi murders, who stands to financially gain by this entire Sony imbroglio?

-- When and how the Interview is released will surely break records of some kind.

-- who stands to gain if Sony loses big-time? How many shorts are out there?

Industrial espionage and old fashioned Obvious-Adams marketing may have jumped the rail to a new world level?

Unknown said...

The North Koreans use WINE to run Windows on their Red Star OS. The Windows compiled exe, “igfxtrayex.exe” was developed in Windows, not Linux and using the Korean Language Pack.

Keith said...

Here's the more likely scenario: Sony suffered an initial insider attack and consulted with the CIA and FBI. Everybody decided to turn lemons into lemonade by snookering North Korea to participate in the hack later on in the process, because North Korea is stupid. So voila, an insider attack is now cyberwar, we should all watch a shitty movie in the name of freedom, and we should let the NSA and the FBI surveil the whole internet, to defend our precious 1st Amendment rights.

Unknown said...

I'm just a low-level hacker, but the FBI's case sounds weak to me: http://tonylimaassociates.com/2014/12/north-korea-really-hack-sony/