The progression of the government’s case indicting North Korea for hacking Sony’s computer system – and revealing the petty ego-trips of Hollywood’s glitterrati – was succinctly summed up by computer security expert Jeffrey Carr in a pithy tweet:
“NK did it 100%
OK, NK did it w/ help
OK, NK outsourced it
OK, NK was told later and bought them drinks
God dammit, NK is guilty of something”
The idea that Kim Jong-un was so enraged by a “comedy” that dramatizes his assassination – and, in the process, underscores the juvenility of its creators – was never all that credible to begin with. And the case for pinning the hack on the Hermit Kingdom goes rapidly downhill when one examines the initial communications from the “Guardians of Peace,” as the hackers dubbed themselves, which never so much as mentioned “The Interview” and instead simply demanded money. It wasn’t until the media and the FBI itself suggested a North Korean connection that the hackers picked up on this diversion and ran with it.
Speaking of diversions: the FBI announced a few days after the hack that they had “conclusive” evidence of North Korea’s guilt. The malware, they said, was “similar” to the kind that had been used by suspected North Korean hackers in the past and was “in the Korean language.” This is laughable, since a) the malware was widely disseminated and easily obtainable, b) the “Korean language” spoken in the north is significantly different from the southern dialect, and c) anyone who wanted to cover their tracks would be very unlikely to leave these rather transparent “clues.”
What other “evidence” do the feds have? Well, it seems the malicious software unleashed on Sony’s systems tried to contact an IP address (or addresses) “in North Korea,” as the War Street Journal reported. Yet as cyber-security expert Jeffrey Carr points out: “There is a common misconception that North Korea’s ITC is a closed system [and] therefore anything in or out must be evidence of a government run campaign. In fact, the DPRK has contracts with foreign companies to supply and sustain its networks.” Carr goes on to point out that the company that does this for the North Koreans is Loxley Pacific, located in Thailand.
“One of the easiest ways to compromise the Internet backbone of a country is to work for or be a vendor to the company which supplies the backbone. For the DPRK, that’s Loxley, based in Bangkok. The geolocation of the first leak of the Sony data on December 2 at 12:25am was traced to the St. Regis hotel in Bangkok, an approximately 13 minute drive from Loxley offices.
“… If one or more of the hackers involved in this attack gained trusted access to Loxley Pacific’s network as an employee, a vendor, or simply compromised it as an attacker, they would have unfettered access to launch attacks from the DPRK’s network against any target that they wish. Every attack would, of course, point back to the hated Pyongyang government.”
In short, the technical “evidence” supporting the narrative woven by those geniuses in Washington is rubbish. Yet they are still sticking by it – because, after all, government officials can never admit they were wrong. Especially since the President of the United States went out on a very thin limb and vowed to retaliate against North Korea – a pledge apparently carried out a few days ago. Two cyber-attacks took down the Hermit Kingdom’s pitiably small Internet structure, which consists of about as many IP addresses as can be found in a single block in Brooklyn.
USA! USA!
There’s just one problem: a rising chorus of independent cyber-security professionals are virtually unanimous in the opinion that the Obama administration muffed it. The North Koreans, they say, didn’t hack Sony – and our “retaliation” is looking more and more like unprovoked aggression. As Carr writes:
“Under international law, ‘the fact that a cyber operation has been routed via the cyber infrastructure located in a State is not sufficient evidence for attributing the operation to that State’ (Rule 8, The Tallinn Manual). The White House must responsibly evaluate other options, such as this one, before taking action against another nation state. If it takes such action, and is proved wrong later, which it almost certainly will be, the reputation of the U.S. government and the intelligence agencies which serve it will be harmed.”
Eviscerated is more like it.
So, if it wasn’t the North Koreans, then who are the hackers – and what was their motive? Marc Rogers, principal security researcher at Cloudflare, gave us a clue early on:
“Hard-coded paths and passwords in the malware make it clear that whoever wrote the code had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s (just) plausible that a North Korean elite cyber unit could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of a pissed-off insider. Combine that with the details of several layoffs that Sony was planning and you don’t have to stretch the imagination too far to consider that a disgruntled Sony employee might be at the heart of it all.”
It looks like Rogers was right on the money. An independent investigation carried out by Norse Security, a respected Silicon Valley company, came up with what they regard as conclusive evidence as to the identity of at least one of the hackers – a ten-year Sony employee with major technical skills who was recently laid off, a woman called “Lena” in news accounts. According to Norse Vice President Kurt Stammberger, the group consists of six people residing in Thailand, Canada, Singapore, and the US. How did Norse arrive at this conclusion? As a writer for Slashdot put it: ”
“Rather than starting from the premise that the Sony hack was a state sponsored attack, Norse researchers worked their investigation like any other criminal matter: starting by looking for individuals with the ‘means and motive’ to do the attack.”
The hackers, it seems, outed themselves when they released that massive data dump, which included files from Sony’s human resources department. Last spring Sony fired an awful lot of people – and the Norse team traced their virtual footprints. The culprits had an intimate knowledge of the structure of Sony’s computer system, and this was therefore the logical place to look. Norse uncovered posts on social media where ex-employees vented their anger at being let go, and uncovered Internet Relay Chat forums where these disgruntled types got in touch with known hackers – including one person linked to a server on which the original version of the malware had been constructed in the summer of this year.
The Norse team has met with the FBI and presented their findings, but the feds don’t seem too interested. They are sticking by their totally debunked story, at least so far. Just like the neocons who maintain to this day that Saddam Hussein really did have those “weapons of mass destruction” – and that we were right to invade Iraq and murder more than half a million Iraqis in cold blood.
Indeed, the Obama administration’s absurd “investigation” seems to have been modeled on the Bush administration’s propaganda campaign in the run up to the Iraq war, in which every possible bit of pseudo-“evidence” was twisted to conclude that Saddam Hussein was building “weapons of mass destruction.” Starting with a preordained conclusion, they proceeded to construct a case based on factoids that seemed to confirm it.
Like the neocons who were desperate for a pretext to invade Iraq, the Obamaites have an agenda of their own: targeting North Korea and citing the alleged threat of a “cybernetic Pearl Harbor” in order to gin up public support for “cyber-security” legislation that would give the government greater power to regulate the Internet as a “public utility.” They’ve been agitating for this for quite a while and clearly see the Sony hack as their doorway to success.
Can the Obama administration “stay the course,” as the Bushies used to say, and ignore the rising tide of skepticism? We’ll see. I somehow don’t think they’ll be backing down and offering that apology demanded by Kim Jong-un.
In any case, the lessons of the Sony hack harken back to basic libertarian principles:
1) Never take the government’s word for anything – they always have an agenda and will make up “facts” to fit the occasion.
2) The private sector is invariably more efficient than the public sector – the government’s phony investigation was and is bullshit, while it took independent Internet entrepreneurs to uncover the truth.
3) Government-connected companies are just as bad as the government itself – as Jeffrey Carr puts it:
“Federal agencies’ demand for cyber threat intelligence is voracious and they pay well. That demand is frequently met by companies like Mandiant, now part of FireEye – the company handling Sony’s incident response. The problem is that these companies have no oversight and no standardized vetting of sources.”
I wrote about Mandiant and the great “cyber-war” scam here, but there’s another angle not mentioned by Carr: the enormous amount of government money that goes into “cyber-security” is incentive for these companies to tell the feds only what they want to hear. The result is an echo chamber effect that blinds both parties to reality.
Which brings us back to the Iraq model and the causes of the “intelligence failure” that enabled the neocons to lie us into war. The simple fact of the matter is that our rulers aren’t interested in the truth because they believe they can create their own reality. As one top Bush administration official told journalist Ron Suskind during the run-up to the war:
“The aide said that guys like me were ‘in what we call the reality-based community,’ which he defined as people who ‘believe that solutions emerge from your judicious study of discernible reality.’ … ‘That’s not the way the world really works anymore,’ he continued. ‘We’re an empire now, and when we act, we create our own reality. And while you’re studying that reality – judiciously, as you will – we’ll act again, creating other new realities, which you can study too, and that’s how things will sort out. We’re history’s actors…and you, all of you, will be left to just study what we do.’”
This is precisely what the “mainstream” media has been doing all throughout this episode: studying the pronouncements of government officials and relaying this new “reality” to the American people with the kind of shameful subservience once only found in totalitarian countries. The result is that even if the government’s narrative is definitively debunked, the average person – who isn’t following this story as closely as the computer experts – will continue to believe Sony was hacked by those evil North Koreans, and that we have to take “defensive” measures like bringing down Pyongyang’s Internet and empowering the government to regulate the online world. As George W. Bush once put it: Mission accomplished!
A scheduling note: This will be my last column of the year: I’ll be back on Monday, January 5th. So happy New Year to all and to all a good night!
NOTES IN THE MARGIN