Monday, December 22, 2014

No, byte this.

I'm not sure what to make of the claims that North Korea is behind the hacking of Sony Corp, since the FBI sort of thinks they did it, but then again, lots of people think they didn't. I don't think it helps that North Korea's message seems a bit mixed on the matter; they didn't do it, but if the US retaliates, then it is on like Donkey Kong! (Against "the whole US mainland"--so, like, Hawaii should feel pretty secure from one of NK's sturdy Aquatic Annoyance Devices.) Seems kind of defensive to me.

So I also don't know what to make of the situation where North Korea's internet went down.  I mean, really, is there any good reason to think the US directly participated in an attack on that nation's information infrastructure? (Maybe they should just ring their provider or something.) Is that how the US rolls?

I still think it's weird to imagine that this is all over a comedy movie that might even be a bit of a bow-wow.  But it looks like the young dictator is still consolidating power, so killing the odd army minister or uncle or religious proselytizers, or even people who watched soap operas, is just how he validates who is really in charge. So it really doesn't do for him to be lampooned in a movie that will probably somehow still be pirated and watched in North Korea anyway. (I think I like the idea, a little, myself.) In the world of a dictator (whose father was a noted cinephile and probably a very, shall we say, dominating influence on him?) trying very hard to grasp and hold the reins of power, something like a movie that doesn't cast him in the best of lights seems far more significant to him than it might to people in a culture where our elected leaders are regularly shredded in the press and television programs.

It's cheap, of course, to malign North Korea's ruler in a comedic vehicle. His regime is associated with the tactics of starvation, imprisonment, labor camps, rape, and torture. The people of North Korea are suffering under a yoke that is anything but comedy gold. It's actually appalling. And there's only so much any of us can do about it, either.

Except to point out that Kim's Macklemore haircut really isn't as face-slimming as he thinks it is.

1 comment:

mikey said...

I think where people who aren't active in the internet security realm go wrong is to view a 'hack' as some monolithic event. But in real life, a network breach is a process, always evolving and changing. First the initial successes at planting the malware or phishing result in some co-opted user credentials. Then you have to gain access to AD/LDAP or similar to escalate the access entitlements associated with those credentials. Then you have to leverage those to gain access to IT/Sysadmin/Service accounts in order to bypass the applications and read the databases directly. The whole thing typically takes weeks or months.

The point is that both things can be true. The original penetration of Sony's enterprise network could have been done by anyone. But at some point the greatest profit opportunity could have been perceived to be simply selling that access to the NorKor intel community, particularly a known offensive hacking group usually called Silent Chollima.

Of course, the process could have worked differently - NorKor intel contracting with Bulgarian hackers to get into the Sony network, but any kind of hybrid Nation State/Private Enterprise initiative would send these kinds of mixed signals. At the end of the process, North Korea is the benefactor and the driving force behind the attack, and therefore should certainly be considered the source of the attack.

The Red Line for Journalism

  I wonder why Speaker Johnson is so passionately weighing in on the Ronna firing… oh… https://t.co/Ek1OdMBDyN pic.twitter.com/uh7JEewLpr ...