At a minimum, the latest theory suggest that official accounts of the hack from U.S. government sources are now just one among many competing theories about the source of motivation behind the attack that are circulating within security circles and in the mainstream media. This, ten days after the Obama Administration pinned the blame for the destructive attack squarely on hackers affiliated with the reclusive government of the Democratic Peoples Republic of Korea (DPRK). The sheer amount of information leaked by the hackers has provided plenty of ammunition to fuel alternative narratives about what happened. Initial reports noted that the malware used in the attacks on Sony was created on systems that used Korean language software libraries, and shared similarities with malicious software used in destructive attacks on the Saudi oil firm Saudi Aramco. But for every clue that seems to point to the involvement of the DPRK, there are others that point in other directions, as well. For example, recent analysis has focused on date and time stamps attached to the leaked Sony data. Researchers have used those time stamps to infer the speed with which the data was transferred off Sony’s network. Reports have suggested that the timestamp data points to a data leak within Sony’s enterprise network, for example: to a USB device or external hard drive. Other analysis studied clues buried in statements made by the shadowy hacking crew, the Guardians of Peace or GOP, who claimed responsibility for the attacks. Email addresses and other ephemera from the GOP communications with Sony and the outside world have been read to reveal links to everything from Japanese anime and the Mighty Morphin Power Rangers television show to U.S. domestic disputes over politics and gender equality. Further, linguistic analysis of GOP’s online communications suggests they were penned by someone who is a native Russian speaker, not a native Korean (or English) speaker. But the Norse account of the hack does answer some puzzling questions about the incident that are as yet unexplained, according to Mark Rasch, a former federal prosecutor and a principal at Rasch Technology and Cyberlaw. Among those questions: how hackers were able to obtain near-perfect knowledge of Sony Pictures’ network and, then, sneak terabytes of data off of the network without arousing notice. “It has always been suspicious that it was North Korea,” Rasch said. “Not impossible – but doubtful…It made a lot more sense that it was insiders pretending to be North Korea.” Rasch noted, as others have, that the attackers initially made no mention of the Sony Pictures film “The Interview” in communications with the company or the outside world. Rasch notes that the hackers also exhibited a somewhat sophisticated knowledge of how Hollywood works – leaking data that was deeply personal and particularly embarrassing to Sony executives. Stammberger notes the involvement of an insider would explain how the attackers obtained critical information about Sony’s network, including the IP addresses of critical servers and valid credentials to log into them. Even in sophisticated attacks, remote actors might spend days, weeks or months probing a network to which they have gained access to obtain that information: using compromised employee accounts to explore and find sensitive data before stealing it or causing other damage. It is during that “lateral movement,” malicious actors are often spotted, Stammberger said. In the case of the Sony hack, however, the malware was compiled knowing exactly what assets to attack.
Posted on: Tue, 30 Dec 2014 18:46:58 +0000
Trending Topics
Recently Viewed Topics
© 2015