Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack.
But the FBI never sent Sony the report.
The Dec. 13, 2013 FBI Intelligence Assessment, “Potential Impacts of a Data-Destruction Malware Attack on a U.S. Critical Infrastructure Company’s Network,” warned that companies “must become prepared for the increasing possibility they could become victim to a data destruction cyber attack.”
The 16-page report includes details on previous malware attacks on South Korea banking and media companies—the same incidents and characteristics the FBI said Dec. 19th that it had used to conclude that North Korea was behind the Sony attack.
The report, a copy of which was obtained by The Intercept, was based on discussions with private industry representatives and was prepared after the 2012 cyber attack on Saudi Aramco. The report was marked For Official Use Only, and has not been previously released.
In it, the FBI warned, “In the current cyber climate, the FBI speculates it is not a question of if a U.S. company will experience an attempted data-destruction attack, but when and which company will fall victim.”
The detailed warning raises new questions about how prepared Sony should have been for the December hack, which resulted in terabytes of commercial and personal data being stolen or released on the internet, including sensitive company emails and employee medical and personal data. Multiple sources told The Intercept that the December 2013 report raises new questions about what Sony—which is considered by the U.S. government as part of “critical infrastructure”—did or did not do to secure its systems in the year before the cyber attack.
Earlier this month, the FBI formally accused North Korea of being behind the Sony hack. “Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed,“ the Dec. 19th FBI press release said. “For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.”
The FBI also recently referred to specific evidence they say led them to determine North Korea’s involvement, including the use of the same infrastructure, IP addresses, and similarities between the Sony attack and last year’s attack against South Korean businesses and media.
North Korea has repeatedly denied involvement in the Sony cyber attack.
The FBI warning from December 2013 focuses on the same type of data destruction malware attack that Sony fell victim to nearly a year later. The report questions whether industry was overly optimistic about recovering from such an attack and notes that some companies “wondered whether [a malware attack] could have a more significant destructive impact: the failure of the company.”
In fact, the 2013 report contains a nearly identical description of the attacks detailed in the recent FBI release. “The malware used deleted just enough data to make the machines unusable; the malware was specifically written for Korean targets, and checked for Korean antivirus products to disable,” the Dec. 2013 report said. “The malware attack on South Korean companies defaced the machine with a message from the ‘WhoIs Team.’”
Sony did not respond to The Intercept’s questions about whether they had received the report, but the FBI confirmed that Sony was not on the distribution list. “The FBI did not provide it directly to them,” FBI spokesman Paul Bresson told The Intercept. “It was provided to several of our outreach components for dissemination as appropriate.”
Multiple sources familiar with the report and FBI channels for distribution said only if members of their IT department were members of the voluntary organization Infragard, which also received the report, would they have even seen it at all.
The report obtained by The Intercept includes pages of check-lists and step-by step guidance for U.S. companies on how to prepare for, mitigate and recover from the same exact type of hack that hit Sony. Those sorts of “best practices” are critical for companies trying to fend off cases like the Sony attack, Kurt Baumgartner, Principal Security Researcher at Kaspersky Lab, told The Intercept.
Sony was “not adequately following best practices for a company of its size and sector,” Baumgartner said. “The most obvious, had they followed netflow monitoring recommendations, they would have noticed the outbound exfiltration of terabytes of data.”
Had Sony gotten the FBI report, they also would have received specific guidance prepared by the Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team for preparation and planning for a successful destructive malware attack. Sources familiar with the 2013 report believe if Sony had followed these guidelines the effects of the cyber attack would have been far less severe.
The real question, then, is whether more could have been done to prevent the Sony hack, and if so, what. “Korean data was available since then—nobody really paid any attention to it,” a source within the information security industry told The Intercept. “
“The question is, who dropped the ball?” the source said. “Was the information in this report not shared or was information ignored?”
Photo: Nick Ut/AP
This whole North Korea thing is a bunch of bull.
The SONY hack killed two birds with one stone.
First bird was scooping up all email correspondence with the hope of finding a fresh trace on Snowden, he’s now working with SONY on the screen production of ‘No place to hide’. Second bird is to stir the media into a frenzy so that CISA (Cybersecurity Information Sharing Act of 2014) would get pushed through Congress. All this idiotic North Korea and The Interview movie hype is just sheer nonsense.
Sony had been warned by other sources.
http://www.cnn.com/2014/12/20/us/sony-pictures-lawsuits/
In addition this is one giant propaganda campaign, just be patient and pay attention watch what comes out of this, it’s the “cyber” equivalent of 9/11 designed to further an agenda.
As far as the FBI not warning Sony, I don’t buy it. They shouldn’t need a warning. Every company should already know that there are hackers out there and you have to take data security seriously. As the article points out they only sent these warnings to companies that were participating in one of their programs. So Sony, who wasn’t participating in the program, didn’t get the warning. My question is, did Sony make a silly mistake in their IT security or did they take all the prudent steps that they were supposed to be taking and still got hacked? In the Snowden files there was a lot of information about how a government could take over an individuals computer. Are there steps in place to ensure that a foreign government (like North Korea) can’t take over a US computer?
You’re absolutely right about Sony not needing a warning. Their information security function is all but nonexistent. Even Sony employees complained about it. For instance, see: “Sony Pictures hack was a long time coming, say former employees” . Quotes from the article:
“But some former employees, who asked to remain anonymous, have told us that they’re disappointed but not surprised by the massive hack given Sony Pictures’ long-running lax attitude toward security. They say that employees highlighted specific vulnerabilities on company websites and systems that were never addressed.”
and
“Sony’s ‘information security’ team is a complete joke,” one former employee tells us. “We’d report security violations to them and our repeated reports were ignored. For example, one of our Central European website managers hired a company to run a contest, put it up on the TV network’s website and was collecting personally identifying information without encrypting it. A hack of our file server about a year ago turned out to be another employee in Europe who left himself logged into the network (and our file server) in a cafe.”
The article then goes on to describe an understaffed and dysfunctional information security group and an essentially clueless director of information security . . .
“Sony Pictures has said little about its security failures since the hack, but seven years ago, its information security director was very chatty about “good-enough security.” Back in 2007, Jason Spaltro, then the executive director of information security at Sony Pictures Entertainment, was shockingly cavalier about security in an interview with CIO Magazine. He said it was a “valid business decision to accept the risk” of a security breach, and that he wouldn’t invest $10 million to avoid a possible $1 million loss. He seemed not to consider the costs of a breach that are harder to immediately calculate, such as the blow to a company’s reputation, the loss of trust among employees, or the possibility that James Franco might be upset that the world now knows he gets paid $6,000 to drive himself to movie sets. The current debacle is Sony’s second major headline-making breach; in 2011, hackers got access to data for millions of Playstation users.”
I read the FBI report and it doesn’t say anything that InfoSec standards and best practices haven’t been saying for twenty years. The best characterization of Sony’s head of information security is that he is clueless, incompetent and criminally negligent.His head should roll, but it won’t, because there is a glaring absence of governance and risk management in the organization. If the CEO and Board had a clue, he wouldn’t have been in the job in the first place . . .
But they are in good company . . . just think DoD, Department of State and NSA . . .
The best part about this whole charade?
InfraGard was hacked by LulzSec which then released InfraGard emails and member lists.
https://en.wikipedia.org/wiki/InfraGard#LulzSec_attacks
The even better part?
LulzSec was run by an FBI informant named Sabu.
And the FBI busted Sabu and turned him into an informant. What is your point?
I think all the incessant scheming, double-crossing and cgi-fighting for control of the w.w.w. is hurting tlnc’s head. *or, that may be pure projection.
~ 8 skate obsti-Nate.
@Nate
June 2011 was a busy month for Sabu.
LulzSec not only managed to hack InfraGard and Sony in June of 2011, but Sabu also became an informant for the FBI on June 7th 2011.
Thank god for tight schedules.
I just realized there is now more evidence that an FBI informant is responsible for the latest Sony attack than North Korea.
If the timing doesn’t interest you, maybe we can agree that relying on security advice from an organization that was previously hacked by the same group of misfits that also previously hacked Sony is probably not the best way to protect against purported state sponsored intrusions.
That timing only tells me that after Lulz’s efforts against Infragard, Sabu got nabbed and immediately abandoned the cause, joining the FBI.
Good for you!! Strange that you are the only one saying that, and you haven’t proven an once of credibility that would make me want to take you serious.
This logic is pretty weak. Infragard’s purpose is to help companies face such attacks, not to make them invulnerable to attacks. It only takes one idiot or one forgotten upgrade and you’re open to an attack.
There probably isn’t a company out there, no matter their cybersecurity efforts, that hasn’t been hacked. JPMorgan Chase has invested hundreds of millions in cybersecurity and still got hit.
You have to admit that the clusterfuck here is slightly comedic. We have the government hiring people like Sabu to hack companies like Sony, while the government is busting people like Sabu for hacking companies like Sony. It isn’t hard to imagine that part of Sabu’s deal involved helping the government with zero days.
You certainly are taking this topic very seriously. And you really can’t get much more serious than having a mushroom cloud moment about North Korean hacking. Do you buy this crap from just Obama, or did you unhinge your jaw for Bush too? Maybe you can have Colin Powell give a talk about mobile hacking vans.
Yes, it is much easier to burn down a house than to build one. Who’d a thunk? Direct your message to the Intercept. Still, you would hope a company selling workplace safety advice would have a longer number of “Days Since Last Accident” than your average company.
And Nate, the real purpose of InfraGard is to create an unholy alliance of government and industry to snitch and spy on average citizens like you and me. You don’t really buy this Player’s Club crap do you?
It is interesting how certain issues becomes shibboleths. I would recommend that you don’t make North Korean hacking and Privatized Fusion Centers features of the Democratic brand.
It is kind of funny I suppose but not very surprising. It’s basically how informants work.
That could be a possibility but unless there is evidence of that, it is merely speculation.
It interests me and I think it is a serious matter, so I guess I do take cybersecurity seriously! So what? And do I buy what crap from Obama? Are you being purposely vague? If you are asking if I believe the FBI who says it is North Korea, then no. I want further evidence or verification from the security researcher community.
Got any documentation, evidence, claims, anything – to support this assertion? According to Infragard’s site, there are 80 chapters and over 50,000 members. Use some common sense here – if this was a conspiracy to spy on us, how do you keep that secret across so many members. One of the sectors is health and hospitals; why would they want to spy on us!? Hell, I have a friend in law enforcement who has been to Infragard meetings and he seems like a pretty stand-up guy! You sound scared and confused, and your claims seemingly baseless.
@Nate
Do you mean “work” in the same way torture “works” or do you mean “work” like we should learn how to ass rape better by following the advice of enthusiastic ass rapers and then while we are ass raping people we will write reports on what people should do to not get ass raped, while at the same time purposefully undermining the effectiveness and security of “ass chastity belts” or “chasstity belts” and pepper spray.
I never found the “This is the way the world works” argument to be very persuasive. One day all of the psychopathic behavior we excuse because it is performed in the name of the State will rightfully be judged as moral abomination–like slavery–and we will be revealed as the monsters we are. We are going to be our own twisted version of our horribly racist grandfather. It’s funny to think about the things we believe today that in the future will be ridiculed, rejected and relegated (god I hate alliteration) to the fringes of belief.
I agree completely.
A well reasoned position.
Ummmm. They didn’t really keep spying or mass corporate cooperation in that endevor a secret did they? Thank you Snowden! Also, I think we are going to need some more time between the lying, spying, and ass rape before cries of “common sense” are considered anything but desperate diversion.
As you demonstrated with your well founded doubts about the Obama Administration’s assertion of Korean complicity, trust is in very short supply these days.
Here is a Report from the ACLU entitled “The Surveillance-Industrial Complex: How the American Government Is Conscripting Businesses and Individuals in the Construction of a Surveillance Society”
https://www.aclu.org/files/FilesPDFs/surveillance_report.pdf
Here is a quote from the part on InfraGard:
———
But there is evidence that InfraGard may be closer to a corporate TIPS program, turning private-sector corporations – some of which may be in a position to observe the activities of millions of individual customers – into surrogate eyes and ears for the FBI. For example, several program members told the Plain Dealer that “they received through InfraGard a list of Web sites frequented by terrorists and were monitoring their computer networks to see if anyone on their systems visited those pages.”
It is also possible that the program serves as a more controlled version of the FBI’s watch list distribution program “Project Lookout” (see p. 19). There is a long and unfortunate history of cooperation between government security agencies and powerful corporations to deprive individuals of their privacy and other civil liberties, and any program that institutionalizes close, secretive ties between such organizations raises serious questions about the scope of its activities, now and in the future.
———
A new defence agreement between the US, Japan and South Korea will be signed on Monday. No ratification by the US Senate is required.
“For the envisioned pact, no additional domestic process for approval is necessary as the subjects of the signing will not be the three nation but their defense ministries, the official explained.”
Seoul to sign intelligence pact with Japan, US
By Jun Ji-hye
South Korea, the United States and Japan will sign an arrangement Monday to share military intelligence on North Korea’s nuclear and missile programs, the Ministry of National Defense said Friday.
Despite some built-in limitations, the pact will be the first of its kind for Seoul and its former colonial ruler.
To address Korea’s concern, Washington will mediate between Seoul and Tokyo.
“The arrangement does not mean direct sharing with Japan. We will give our intelligence first to the U.S. and the tips will then be shared with Japan upon our approval, and vice versa,” a ministry official said.
He added that vice ministers from the three countries will sign the pact separately without gathering for a ceremony.
The three have been discussing intelligence sharing since May when they agreed on the need for it in the face of Pyongyang’s evolving security threats during defense ministers’ talks, dubbed the Shangri-La Dialogue, in Singapore.
“All three have been paying attention to the nuclear and missile threats from the repressive state since it conducted a third nuclear test on Feb. 12, 2013,” the official said. “The isolated state ratcheting up its threats is raising concerns not only in South Korea but in Japan, Hawaii, Guam and on the U.S. mainland.”
The agreement comes two years after a bilateral intelligence-sharing pact between Seoul and Tokyo foundered at the last minute due to fierce public criticism of the government’s secretive handling of negotiations.
At the time, the Lee Myung-bak administration had pushed for the agreement to be signed to enable the two sides to share comprehensive intelligence directly.
For the envisioned pact, no additional domestic process for approval is necessary as the subjects of the signing will not be the three nations but their defense ministries, the official explained.
Seoul and Washington have had a bilateral military intelligence sharing agreement since 1987, while the U.S. and Japan signed one in 2007.
The official stressed, “Cooperation between the three nations is expected to boost the quality of intelligence on the North, which will enable the allies to respond to possible provocations in a swifter fashion.”
However, opposition among the public against signing such a pact is also expected. The Korean Peninsula was ruled by Japan from 1910 to 1945, and resentment over its atrocities, such as the sexual enslavement of Korean women for its troops, still runs deep among a number of South Koreans.
The strengthening military cooperation between Seoul, Washington and Tokyo is also expected to cause resistance from China and Russia, with some critics claiming that the trilateral pact is the de facto beginning of cooperation in the U.S.-led missile defense (MD) system.
Regarding the issue, the official said, “The intelligence-sharing pact is unrelated to joining the MD system. South Korea has plans to develop its own Kill Chain preemptive strike and Korean Air and Missile Defense (KAMD) systems. The U.S. has its own as well. The allies’ intelligence-sharing will boost the interoperability of such systems.”
Duce I tried public transport and my train was late. What time does this leave us to conduct business?.
Yours late already
jim
I know what you’re thinking, benitoe … ‘Lets Invade Luxemburg’.
*but I think that ship has sailed ~
I reckon someone at Sony in charge of IT security is out of a job. I wonder how to explain your involvement – or how to avoid explaining it – in this kind of situation. Any creative suggestions out there – no dont worry it is not me I am just curious … honestly!
I followed Greenwald over here like a sort of lost puppy groupie from the Guardian. But I’m increasingly turned off by the seemingly petty tone here.
This is a complaint that seems to emerge with some frequency lately and it puzzles me. Greenwald started with his own blog, Unclaimed Territory, migrated to Salon, then moved on the Guardian. At all of those subsequent places there were writers who engaged in producing what could accurately be described as less than intellectually edifying pieces. And at all of those places, it seemed to me that there were readers who came for Greenwald’s writing without managing to indulge in, let alone assign blame for, the writing that didn’t interest them.
Now, Greenwald was one of the founding writers/editors here, but he is not the managing editor (as far as I know), nor is his vision for this site the only one applicable. And, one would presume – as a courtesy at the very least – this site would extend the same editorial freedom to the other writers that he, Mr. Scahill and Ms Poitras – all founding members as well, so one wonders why they get a pass on fielding complaints about writing that twists knickers – demanded as a condition of making this their home venue.
It’s really not all that hard to identify writers that one prefers not to consume and to scroll on by, just as one would do with the trolls in the comments who have proven themselves nothing more than speedbumps and/or amusement for folks who feel like indulging their inner masochist.
Seriously, people, let your inner Grinch progress to the point where his heart grows three sizes and get over the petty annoyances of reading things absolutely no one is forcing you to read. :-s
Where is bahhummingbug when you need him? ;-}
Here I is, darlin’! Happiness itself to see you here again … somebody needs to class-up this joint (they’re writing articles about ‘butt bombs’ … on Christmas Day!).
Mabel says (to the ‘girl who can ‘can’)… Merry Christmas.
xo,
d:
While I obviously think it wouldn’t be fair to attribute everything in every article here to Greenwald personally, this is a very different dynamic than when he was a writer at the Guardian or Salon. He is a lead visionary on this project in a very substantial way, and I think more general, broader themes like tone, focus, and style (he has said many times he is a fan of ‘adversarial’) are a reflection of the direction that he and a handful of other people have decided to steer this ship. I’m actually starting to feel a little uncomfortable posting on this site. The Guardian was one thing, a liberal paper with diverse voices of which Greenwald was one. I’m starting to get a very “anti-government” vibe from TI, and that’s not something I want to be a part of. If others do, well, it’s a free country, good on them, but that’s not my thing. Robust and diverse debate is one thing, across-the-board anti-government groups are another.
So the news here is that the FBI says the world is going to end because of hackers and the FBI also says that North Korea hacked Sony.
Are we really going to be subjected to InfraGard reports and have to take them seriously?
It’s going to be a long winter.
Side Note: What the hell is a US company? Is it a company where the majority of stockholders are US citizens? Is it a company that pays most of their taxes to the United States? Is it a company that checks a box and says they are a US company? If a foreign company has a subsidiary while they are in the United States does that subsidiary automatically become a US company?
Shouldn’t we be worried that foreign companies are infiltrating our borders in order to steal services and benefits that we provide exclusively to US companies? Often these foreign companies pay little to nothing in taxes back into our economy and also refuse to culturally assimilate.
Thousands of foreign corporations spill over our borders every day displacing American corporations and weakening our economy and our national security. Many of these foreign companies regularly engage in criminal activities both here and at home.
At this rate by the year 2028, 95% of all companies located in the US will be foreign companies.
Is this what we want to tell our children?
The answer is, of course, of course not.
I worked at a Japanese car engine plant in Tennessee. The signs on the security fence warned that the laws and protections of the USA were not in effect on this Japanese sovereign property.
I should have stayed in Tennessee’s Little Japan. When I walked out of the plant’s gate back into the USA I was picked out of airport security by facial recognition technology, shackled and flown around the country on a grand tour of Federal penitentiaries Special Housing Units for six weeks without a bail hearing. They kept me under their control for about five years before letting me plead No Contest to a misdemeanor or go to trial and face twenty years and a two hundred and fifty thousand dollar fine. They claimed it was all about when I caused a flight to divert because I was passing a kidney stone five months earlier but the prosecutor told the judge that he believed I had learned my lesson and I got off with just my six weeks rendition and torture.
I am beginning to think it might of had something to do with me worrying about the security of industrial control systems and beginning to sniff around with Wireshark and Metasploit it was right around the time when they were implementing Stuxnet. Then again I am probably crazy. Don’t mind me. Merry Christmas
@TheScaleman-I’m surprised not one person has replied to this claim of yours? What is “Wireshark” & “Metasploit”? Was an ambulance waiting to take you to get medical care when the plane made the “diverted” landing? I don’t know how your lawyer allowed you to plea anything in relation to the flight because it was the decision of the pilot to make not yours. Your claims are suspect.
Iirc, read yesterday (The ‘paper of record’, I believe) Sony was part of U.S. ‘critical infrastructure’ … which was news to me!
Where would national security be without the patriotic propaganda provided by Zero Dark Thirty?
That kind of award winning popular disinformation would be hard to replace in the event of its loss.
Expect some tribute paid to Sony for its fine service.
Sony cannot be that bad since Glenn Greenwald signed business deals with its executives after it distributed what you refer to as “patriotic propaganda”. Unless you believe Glenn Greenwald is wrong to deal with what he himself describes as propagandists. Do you?
You get a Grinchy Christmas gripe from me, TI. I followed Greenwald over here like a sort of lost puppy groupie from the Guardian. But I’m increasingly turned off by the seemingly petty tone here. To my mind, you might as well rename the site “I H8 Teh Govment dot com”. Minus a bunch of ranting about gun ownership and taxes, it looks to me like another libertarian-government-conspiracy-at-every-turn style news rag.
There have been some huge debates going on in the US recently involving government policy and its future course, obviously. The NSA leaks, the torture report, police-community relationships. I would find it odd if TI didn’t talk about those. But at some point stories become a stretch of the “Latest updates on Hurricane Katrina – what was Angelina Jolie wearing that day and did she have a nice or a bitchy look on here face?! Live coverage at five!” variety. There are different points of view and then there are huge stretches to find fault in just about any situation, with seemingly almost no other focus. I happened to comment on this article but I don’t think it’s the only example. The FBI wrote a thorough, detailed, prescient, and presumably helpful report but you’re not 100% sure if it was hand delivered? No comment from Sony, no comments on whether or not it was delivered through other channels, and, to me, and oddly irrelevant angle to take on a major story to begin with? Did Obama call them to chat about security at some point, did the CIA do a brunch with Powerpoints on the topic? I mean yes, corporate security and how that’s managed is important, but in a huge story on free speech, North Korea, and hacking, making this the central point seems a bit “Angelina did not sit next to Jennifer at a Democratic fundraiser – what does this say for the party in 2016?”
Sorry, again, the fact that I posted it under this article doesn’t mean it’s specific only to this one, just a general gripe.
I believe you’re being a little unfair. TI staff are defending the government as vigorously as they can. The government just isn’t giving them much material to work with.
For example, in this story, TI could easily denounce the FBI for producing no evidence of North Korean involvement, as this article does. Instead, they shift the debate to why this attack from North Korea wasn’t foreseen and prevented. This subtly bolsters the government’s claims by accepting them at face value.
Consider the claims of WMD in Iraq; the equivalent article in 2003 would have taken the government to task for not having prevented Saddam’s acquisition of weapons of mass destruction. The government really doesn’t mind a bit of criticism if it helps to build support for their agenda.
In this case the goal is to provide the FBI with direct authority to police the internet. I believe, you, I, the government and TI are all doing our best to achieve that goal. So in the spirit of Christmas, we should celebrate our common purpose, rather than quibble about distinctions of tone.
What did you get for Christmas, benitoe? *i left a lump of coal in your stocking ~
Look, this is simply logic, N. Korea doesn’t even have computers. I’ve seen hundreds (maybe thousands) of pictures … not one computer. *A lot of peasants and half-starved livestock, mostly.
So, not only do they not have the technical expertise for these kinds of digital-shenanigans, they don’t the hardware to implement them even if they did.
Merry Christmas,
bah.
Thanks! With all the lumps of coal I received, I now have a tremendous bonfire going, and am roasting marshmallows. If you drop by, you can have one. :)
From the article Benito referenced above:
“The evidence used to attribute a nation state in such a case should be solid enough that it would be both admissible and effective in a court of law. As it stands, I do not believe we are anywhere close to meeting that standard. – Marc Rogers, Director of Security Operations for DEF CON via The Daily Beast
Well, it was enough to invade Iraq, wasn’t it?. But back to the article referenced.
This comment quoted typifies the informational climate that our nation is and has been in for far too long. Authoritarian proffered ignorance.
I suggest reading the entire article, it’s very illuminating on the subject that Americans, and the world, are being continually fed what sounds (to most of us who are not versed on how the internet works on a technical level) to be convincing arguments to further reduce our individual and collective freedoms.
What the article explains further is that the FBI, by trotting out these vague suggestions of culpability that “Korea did it” and technical tidbits that are supposed to back up their assertions, either a) still think that we are all fools, b) don’t know enough about the internet themselves to make a case in the first place, and/or c) that the really could care less about what the public thinks at all.
The article also outlines behaviors quite clearly showing that the governments have literally no interest in presenting arguments that are solid enough that they would be both admissible and effective in a court of law.
This is true in this case, just as it has been in the cases of Manning, Assange, Binney, Snowden, Drake, Guantanamo, torture, rendition, the War on Terror™ et .al abrogations of justice, war crimes, and atrocities.
What this says is that across the board at the higher levels of government and corporate America (and around the world), we are no longer nations of laws (bank bail-outs, anyone?) and the only ones who care anymore are in prison, bankrupt, in exile for blowing the whistle, or not an immediate member of the governing/ruling class that wants to keep it this way, and not enough of the remainder are out in the streets protesting or lending a counter-narrative in whatever ways they are able to.
How to end it?
“Speak Up People” – jgreen7801
Vote Jeb Clinton/ Hillary Bush 2016
Well, satire aside Benito, I think there are some very mixed criticisms in TI that contradict somewhat (i.e., On the one hand the government being concerned about online security is treated as largely illegitimate and a ruse to spy on the citizenry; on the other they are apparently producing information so valuable that we should blame them for not preventing Sony’s hack by making absolutely sure that all corporations were up-to-date and trained on their findings). That said, those criticism are not coming from the same writer, so I’ll keep my gripes about general focus / tone and refrain from calling them outright self-contradictory.
Nic, become more familiar with tpp cispa “internet 2.” By the time some of these interests are done, you’ll be limited to expression or otherwise establishing a business presence only on establishment corporate subdomains, and fair use will be practically a thing of the past.
In hindsight, perhaps my tone here was uncharitable, so I’m sorry for that. I’m just concerned, overall, about what approaching any situation with a sort of zero-sum, dualistic David-and-Goliath view results in. It’s like a game of “I’ll get you before you get me” or “I’ll at least get in a good jab to make you that much weaker for when you try to take a jab at me”. Greenwald, to me, never seemed primarily motivated by “getting” anyone, he seemed to have a real sort of empathic reaction to the downtrodden, in various contexts, of which his writing was a natural result. I think it’s ideal to have an empathic reaction to everyone, but if it has to be one-sided, one-sided concern still reads differently than one-sided hostility, to me. It has a certain heart to it. Without some sort of driving, positive concern about building healthier communities for everyone, I think it turns into finger-pointing. Just my two cents.
http://rt.com/usa/217495-sony-hack-fbi-north-korea/
Someone thinks it was an inside job …
also an interestin theory… so we’ll never will know FOR SHURE I guess …
you probably should always believe what your personal choice (government, hackers, mainstream-media, etc) tells you ;-)
or ignore it…
An understatement.
http://www.cbsnews.com/news/did-the-fbi-get-it-wrong-on-north-korea/
Meanwhile the Dems have called witnesses to Congress, and CISPA is back on the table.
Does the author have an opinion of the FBI’s claims that the North Korean government is the hacker? History has shown that the truth of the matter is more likely NOT what the FBI or US government claims it is.
Just want to convey Merry Christmas/Happy Holidays/Happy whatever to all TI’ers and staff.
Blessings to all and to those who believe – keep praying in whatever your faith tradition is.
Peace.
The Sun is now moving North on it’s own power. I have unhitched the lines from the deck post. All is well. Peace.
I heared the earth is probably in fact a disk ! That is also the reason with its getting warmer ;-)
That is maybe the biggest problem of all mankind: We have an excuse for EVERYTHING, including war, killing children, waste resources, poison water and air and plants, and all the other stupid things we do… but as long as you have an excuse for it… its OK !
These are all nothing than stupid naked apes my friend ! Dreaming about a “better future” but do everything possible to not get there because of global lifestyle of suicide ! I hate all of you for that !
and fuck xmas… its just another excuse to consume more than you need… and to get drunk to forget your misbehaviour !
And you all know it … you know what you do and you know it is wrong ! And that makes you all guilty in the end…
idiots :-(
December 19, 2014: Initial Release
Is this it? https://www.us-cert.gov/ncas/alerts/TA14-353A
Better late than never I guess.
Why have I been only hearing about the Bolivia command control server and not the others?
Sony is pretty much aware of hacking methods, and they themselves indulged in some of it in the recent past. They don’t need FBI to teach them how hackers can attack.
https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
This sort of thing keeps happening to us. First it was the cavemen who commandeered planes and rammed them into our buildings, or so we believe. This time it’s an equally unqualified and ill-equipped group of state-sponsored individuals who are calling the shots – that’s our belief. And they somehow manage to do us harm, but their own conditions are so pathetic that we cannot appropriately respond with nukes and teach them a lesson.
I scanned the report, and compared it with some classic computer security books on my shelf. The advice hasn’t changed much.
I have a suggestion. The purpose of a backup is to restore, so a wise manager should, at random times, simulate a failure and ask the staff to restore systems from backups. It might be embarrassing, but the organization will learn what it is doing wrong. Even better, hire a “red team” who pretends to be an adversary.
Watching “The Interview” now streaming YouTube.
Not because I have any particular interest in this movie, but just because I can.
Would rather be at the theater reading tonight in NYC…
Merry Christmas everybody!
“Not because I have any particular interest in this movie, but just because I can.”
Well, you could watch thousands of movies. So, tell us why this one.
@ Charlene — Is it any good?
I see no reason to not suspect that SONY may have hacked itself.
Portraying themselves as the victim is one of the main methods which corporate capitalists use to
further an aggressive agenda.
If it worked to start wars, it will also work in other ways.
In the corrupt scheme of things what was revealed about SONY is probably of little importance, but for SONY to
be seen as a victim, like so many bankers and military predators, is a way to further the agenda of
corporate protections and spying by “government” agencies.
Also, there is the added benefit of the corporate state portraying North Korea in a more negative light.
It is a proven win/win for the corporate state to masquerade as the victim.
http://rt.com/usa/217495-sony-hack-fbi-north-korea/
seems you’re not the only one who thinks that ;-)
Thanks for the link.
My own tendency to suspect the dominators who claim victim-hood has been repeatedly reinforced by
democrats and republicans through the years and, not long ago, I was personally accused of
being the cause of grievous emotional injury by a person who had gone to great lengths to cause
furious divisiveness in the local liberal community.
I was shocked at how my words were misrepresented and the deviousness of the person who claimed they
(a liberal democrat) had suffered as a result of my trying to help.
It became clear that they wanted to use the pretense of victim-hood as a means of destruction and domination,
just like Wall Street’s Washington.
http://www.thedailybeast.com/articles/2014/12/24/no-north-korea-didn-t-hack-sony.html
seems that theory is getting momentum…
;-)
Too busy with Cointelpro-style activities.
I need to say it, because this whole story is spiraling out of control.. Sony is NOT a U.S. company… Why would the FBI go out of their way to inform? We, as Americans have to finally learn the lesson that we should be protecting America first and foremost…
Hasn’t pretty much everyone in the world been warning sony about their abysmal data practices for years? i don’t really think one more report from the feds for them to ignore would have made a difference.
Could we agree that Sony corp. has a security business unit or very similar? Therefore, it would be unreasonable to secure business critical assets such as intellectual property, unreleased movies and the like, in unsecure locations for example, connected to the web. I reject the idea that Sony had its system hacked it’s more like they purposely left the door open especially after the system shut down a year or two back. I think we are getting played like pawns in a global Corporate Governmental chess game. To what ends still yet to be seen?
Congress passing the CISA bill.
Hacking Sony allowed us to see those racist, malicious emails. Now we know why they make racist movies.
Thank you North Korea.
Jana, this article’s title does not match the contents of the analysis. You said the Intercept does not know if the FBI report was provided to Sony through Infragard. Do you even know if Sony is an Infragard member?
Also, could the information contained in the report have been conveyed through any other means, such as a different report? The distribution list indicates this document was primarily for internal purposes. Did you check with the FBI’s Key Partnership Engagement Unit? What about DHS’ responsibilities for critical infrastructure?
I agree this information should be shared as it is required by Executive Order but there are a lot of unknowns in your story.
Agreed. The headline says the FBI did not give the report to Sony, but the body of the story explains that it is unknown whether Sony received the report via some channel. So the headline is technically true, but this is the kind of hair-splitting for which we castigate the government. The bigger picture is that the government seems to be failing to make information widely available to obviously concerned parties. This should have been a public document flagged for wide release with plenty of promotional advertising.
Industry best practices for many years would have covered much of what the FBI report suggested. It does not require a government advisory to know that a large corporation is at risk of theft/destruction of data. As is commonplace, either the technical people were not sufficiently security conscious or senior management were unwilling to bear the costs (dollars and inconvenience,) of adequate protection measures.
In respect of this night…
On this holy night, given the reality of Revelations, and the current trajectory of the United States, I can only pray that sanity will prevail for a while longer so my grandchildren will learn to understand the grace of God. I wish a Merry Christmas and a happier New Year to you all. Especially Benito.
The previous events listed in the report were data destruction attacks. Publishing of the data on the internet is a different approach, and potentially far more damaging than simply destroying data which can be restored from backup tapes. The published data can embarrass and alienate clients, business partners and others who deal with Sony, expose rifts within management and reveal confidential projects and business plans.
Would North Korea have been clever enough to understand and implement this new type of attack? It seems more likely that Sony was resisting pressure from the US government and so has been taught a lesson, with North Korea as the scapegoat. If so, then implementing the US plan for protecting data might have been futile in any case.
Something to ponder given the US rejection of N.Korea’s offer for a joint investigation. We can always use a spare enemy, or two. In this case it looks like Kim Jong Un is in the bull pen, warming up.
Where did you get “The Report”?
Irrespective of Sony being the victim/protagonist at this time (a corporate giant which is now trying to censor the world re: the stolen information) this report is just another indication of the government not being transparent enough with non-sensitive information that is obviously in the public’s interest to know.
The case has already been convincingly been made here and elsewhere that over-classification/senseless compartmentalization/secret operations have done more harm to the public’s interests than all terrorist attacks combined – in the acts themselves, in the cost to innocent lives around the world, and in the trillions of dollars spent repeatedly overreacting to threats, most of which made the worlds corporations richer rather than the worlds population safer.
Ignorance (lack of information in this case) as well as opacity runs rampant throughout our government still, infecting and limiting both the effectiveness of our government to do their jobs on our behalf, as well as for the public to effectively manage our government. The irony of Orwell’s writing still stands:
“War is peace. Freedom is slavery. Ignorance is strength.” George Orwell, 1984
For God ‘s sake! (It IS “Christmas”!)….
If anyone would like to write a new screenplay and finance the production then have at it!
Here is a novel idea:
A lovely intrepid reporter (female!) decides she wants to do an expose in North Korea. Let’s say she is Katy Perry hot.
Magically she gets an interview with Kim Jung un. She goes there and magically shames him into showing her some of the worst of their society. Then she shows him some of the worst of ours.
They have some cocktails, dance the night away, he gives her a cute puppy and they part friends vowing to heal their countries.
Seriously. As Alfred Hitchcock once said after the first take of a bad train wreck in one of his films that went very wrong, “It’s only a movie…we’ll do it again….”.
It is only a movie…..
We can make others.
And so we should.
Maybe some manager at Sony WAS briefed on the report, but said, “OK, you’ve covered your ass now.”