Saturday, 20 December 2014

The Interview

From the BBC

President Barack Obama has vowed a US response after North Korea's alleged cyber-attack on Sony Pictures.

The US leader also said the studio "made a mistake" in cancelling the Christmas release of The Interview, a satire depicting the assassination of North Korean leader Kim Jong-un.

...

Earlier on Friday, the US Federal Bureau of Investigation officially tied North Korea to the cyber-attack, linking the country to malware used in the incident.

Hackers had earlier issued a warning referring to the 11 September 2001 terror attacks, saying "the world will be full of fear" if the film was screened.

THIS WILL BE A LONG POST. YOU HAVE BEEN WARNED

Timeline
Let's try and get this story straight, going right back to the beginning. In fact, just before the beginning on 21st November, when an email was sent to various Sony executives demanding money. Nothing about North Korea, nothing about The Interview. Just money.

3 days later on the 24th November, across Sony screens, a message appears telling whoever is reading that "We've already warned you". Along with this, a number of files were released around the internet, mostly via bittorrent containing movies.

By the 28th, a new theory had arisen with "unknown sources" that this was the work of North Korea as one of the movies involved was The Interview, a comedy about two celebrity reporters who get an interview with Kim Jong-Un, but before they do, the CIA tries to rope them in for an assassination.

Various shocking revelations were leaked - film stars have egos, black actors bring in smaller audiences than white ones, actresses earn less than actors.

On the 16th December, a hacker group then release more files from Sony's servers, along with a threat regarding The Interview suggesting 9/11 level violence near cinemas showing it.

On 17th December, the majority of cinema chains pulled the film. At this point, Sony figured it was best to cancel the premiere and withdraw the film.

On the 19th December, the FBI announce that North Korea is responsible for the actions.

Analysing Motives
It may be that this is an attack by North Korea on Sony. But if it is, why did they start off talking about money? Yes, North Korea went to the UN to complain about The Interview back in May, but North Korea always go to the UN to complain about this sort of thing. They got pissed off about Team America: World Police, but did nothing about it.

There are various links being made in various places, such as the FBI referring to tools used in an attack on South Korean banks, which they declare as being caused by the North Koreans, despite that only being a suspicion because it was routed via Chinese IP addresses. The problem with things like routing is that if you can create an infected machine in China, the attack could have come from almost anywhere.

The focus on North Korea began after the media made it so. It's a better story to be talking about international cyber terrorism than to be talking about cyber blackmail. The media started the stoking, the hacker group then delivered on the threat.

The story was then that the theaters dropped the film. There was some puzzlement by authorities such as the Department of Homeland Security because there was "no credible threat". So, why did cinema chains cancel the film? Well, some people are going to get nervous anyway. And in a multiplex, they won't just get nervous if they're going to see The Interview, but also if they're going to see The Hunger Games: Catching Fire and the Interview is playing at the same multiplex. Bear in mind, this is not expected to be a huge film, and has some pretty lousy reviews. Are those multiplex companies going to risk losing Hunger Games and Hobbit money for the sake of a low income film.

Sony then cancelled the film. You don't want to run a huge marketing campaign for a few small theaters. They might even be thinking that they could release it another time, so let it all blow over.

The FBI then wanted in on it, writing an email about how they were certain it was North Korea, even though their links are very tenuous, and using that email to promote how they could help businesses, like an advertorial for their services.

Finally, Obama did his "standing up for rights" speech, blaming Sony for being chickens, promising to take action, but being completely non-specific about what he would do.

The whole thing is lies built on lies. In my opinion, it's a simple blackmail and shakedown job.

6 comments:

Budvar said...

Er..yeah, about those N.Korean hackers.. How long did it take to load the hacking software with that tape drive?...

Rich Tee said...

My understanding is that North Korean agents are believed to be involved in criminal activities. It is certainly known that they have kidnapped Japeanese women on Japanese territory. Perhaps they engage in criminal activity with knowledge of the leader, as a way of obtaining money and foreign consumer goods. Or perhaps it is just because they are just very corrupt, as the country does not recognise the authority of any international police force. But I wouldn't discount thate the regime would be involved in criminal, profit-making activity. It is a weird, weird place that does not foolow the normal rules of nation states.

Obama can't do nuffink. The USA has been involved in too many wars in the past 15 years. He would be very foolish to get involved in another one. So he will, then.

DBC Reed said...

The Stigler's take that this was
a shakedown/blackmail has totally changed my mind (not something that happens very often) and I appreciate his insight and specialist knowledge very much.
I would add that Obama is going to ramp up the Commie threat to deflect from his coming to an accommodation with Cuba .

Mark Wadsworth said...

Problem is we are all guessing.

Either the hackers were the usual hackers doing it for sport, or the hackers were really N Korean based/backed.

If we knew that, then we'd be a lot cleverer. Fuck yeah!

The Stigler said...

Budvar,
There's definitely some hacking going on from NK, but yes, the infrastructure is very poor.

Rich Tee,
But why then drop the threat of violence and reveal themselves, when they didn't at first? Why not just do criminal extortion if money is what you want?

DBC,
Thanks. I'm not much of an information security specialist, although as a web developer, I do work with information security specialists and a lot of the claims were strange. One was about how the compiled code was Korean encoded, but the thing is that I can change a compiler setting to Korean encoded. You can fake code.And the specialists in this field seem dubious about the FBI's claim.

Mark,
The most persuasive thing I've read is that this is an inside job by a disgruntled employee, by Marc Rogers: http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/..

The bit about it being convenient for Sony is quite true. It's clear from things like plain text passwords in files and security certificates with the same password as the filename (I can explain further if needs be) that Sony's information security was pretty amateurish. Better to give people the impression that you didn't stand a chance than to have people ask why you couldn't keep a few hackers away.

DBC Reed said...

Stigler is playing a blinder on this one.Enough holes in the original North Korean terrorist plot to make it highly implausible.