Sony Hack and North Korea Plus More Bitcoins

[Editor’s note: One of Jerry’s readers started a discussion about the Sony hack and North Korea, which got the Chaos Manor Board of Advisors into a short discussion. Plus more thoughts about BitCoins.  We have also added a “Well Wishes” page for readers messages of support as Dr. Pournelle recovers from his stroke. The discussion is below, but first, a status note from Jerry.]

They think I may be able to go home at end of week but possibly not. I hope to stat a few more days because Roberta not really up to it and my balance is awful.I need more practice. .It is slow but I can do it. I am learning fast. I do tire easily.

The Sony Hack and North Korea Discussion

It’s amazing how quickly the FBI pointed the finger at North Korea.
How could they possibly search through proxy servers, spoofed MAC addresses, etc and finger North Korea in such a short time? One possibility is that someone said, “Here are my conclusions, now let’s find some data to support these conclusions”, much like they did in the run-up to the second Iraq debacle.

And, everyone had a pointless comment to make based on the increasingly suspect FBI claims:

No one should kid themselves. With the Sony collapse America has lost its first cyberwar. This is a very very dangerous precedent.

— Newt Gingrich (@newtgingrich) December 17, 2014
https://twitter.com/newtgingrich/status/545339074975109122

Suddenly, there’s a war on… Let’s forget that outburst — and others like it — for a moment and get back to the point:

US cybersecurity experts say they have solid evidence that a former employee helped hack Sony Pictures Entertainment’s computer system — and that it was not masterminded by North Korean cyberterrorists.

http://nypost.com/2014/12/30/new-evidence-sony-hack-was-inside-job-cyber-experts/

Oops. Yeah, major events like this tend to be inside jobs in one way or another. Consider the USS Maine and the fallout of that. We’ve had similar incidents throughout U.S. history. Thankfully, we live in an age where angry, ignorant, old men can’t speculate and lead the country to war over nothing as easily as they once did.
◊ ◊ ◊ ◊ ◊
Most Respectfully,

Joshua Jordan, KSC
Percussa Resurgo

I opposed the second Iraq invasion, but I would net put it that way. It is over simple. I do agree they were quick to assume North Korea had both the competence and the will.
Sony as a victim made a good bit on a very bad movie.

On ridiculing a head of state, does any remember Kaplan [Charlie Chaplin] and The Great DICTATOR? [See http://en.wikipedia.org/wiki/The_Great_Dictator – Editor] First I ever heard of Hitler, and established my opinion of him for [a long] time, and I am sure I was not alone in that.

From Chaos Manor Advisor Peter Glawkowsky:

Even if we say that the Sony hack was a “cyberwar,” it wasn’t the first of its kind, and we sure won at least one previous confrontation of that type– the Stuxnet case– plus maybe the disputed allegation that the U.S. was behind the 1982 Soviet pipeline explosion described as “the most monumental non-nuclear explosion and fire ever seen from space.”

http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage

So Newt is just being overly dramatic. As he has been on several occasions when talking about the EMP threat. Clearly he needs to be getting better science advice from Jerry.

Gingrich’s foreword for One Second After was particularly unfortunate. Gingrich appeared to be saying that an EMP attack would actually work as Forstchen described, but that simply isn’t true. It’s a fine novel, but not realistic. A novel can be both, as Lucifer’s Hammer proved (along with Dean Ing’s Pulling Through and various other good books). As a result, EMP concerns have diverted the attention and resources of many preppers away from much more serious threats.

Advisor Daniel Spisak said

I’ve been saying the Sony hack was most likely a) Not DPRK sponsored b) An inside job c) Inevitable d) The result of colossal mismanagement e) All of the above. Since day one. The FBI’s ability to deal with “cyber”-crime (by the way, I hate the word cyber as does a gross majority of the infosec industry. It feels like were stuck in an early 90’s cyberpunk novel) hasn’t impressed anyone I’ve known for some time. Now the Secret Service is a different animal in that regard, but not their jurisdiction alas.

This was a mass exfiltration of data from a movie company by disaffected employees, not a cyberwar.

If this was a cyberwar (ugh, I really hate that word) you would be seeing critical infrastructure being compromised and subverted, possibly shut down. Either you want control of a system because of the information it holds, or because it controls something you want to deny the enemy.

And Advisor Eric Pobirs describes how the environment at Sony is probably at fault:

I’ve had three contract jobs on the Sony Pictures Entertainment lot in Culver City, formerly the Columbia Pictures lot. The last was six years ago, so this is a bit dated but I doubt much major has changed. All three involved going to people’s offices and doing stuff to their email client and the Lotus Notes client. The first two were upgrades to their Blackberry fleet and the last was doing stuff to Office they couldn’t automate for some reason. SPE was a Notes shop but the client was usually Outlook.

Among the things I noted was that many of the executives relied on their assistants to remember their passwords and couldn’t log into the company network unaided. Since some of these execs have a reputation for going though multiple assistants annually, I doubt they were changing the passwords every time. Also, I had the software I needed to install on CD and flash drive. The opportunity to copy files to the flash drive were nearly unlimited, as I was left alone with the machine for up to an hour and often provided a copy of their login credentials in case they were needed, allowing them to wander off until the time came to verify the install.

It was a level of access I’ve rarely been given on similar jobs. Usually I’m given a temp admin login with rights limited to those needed and most actions logged.

If I was trying to break into the film industry by doing time working under someone legendarily nasty as Scott Rudin, copying his PST files might be the least of the ideas occurring to someone a bit technically savvy and angry. Nor would I be surprised if an exec’s login gave them access to stuff that in a rational business would be completely off limits. Such demands are an exercise in wielding power and often done just because they haven’t lately and the IT department happened to come to their fleeting attention.

On another subject, the Advisors continued with their thoughts on Bitcoin. Advisor Dan Spisak started with

Bitcoin is not an investment tool.

There are many who are trying to push this use case for Bitcoin, but the fact remains that Bitcoin lives and dies on exchanges. These have gotten more robust over time, but its still a bit of a pain in the ass to get Bitcoin or convert Bitcoin into a real fungible currency. Usually doing so involves dealing with some kind of monetary service that is atypical for the common user and its always felt somewhat risky to me. While Bitcoin itself might be “secure” the fact that you tend to have to link a bank account of some sort to one of these lesser known monetary exchanges frankly scares the heebee jeebees out of me and when I have done transactions in the past I pretty much completely disable any account linkages to my real accounts ASAP because I dont trust them as far as I can throw the bastards.

Advisor Peter Glowkowsky replied:

Bitcoin is not an investment tool.

There are many who are trying to push this use case for Bitcoin, but the fact remains that Bitcoin lives and dies on exchanges. These have gotten more robust over time, but its still a bit of a pain in the ass to get Bitcoin or convert Bitcoin into a real fungible currency. Usually doing so involves dealing with some kind of monetary service that is atypical for the common user and its always felt somewhat risky to me. While Bitcoin itself might be “secure” the fact that you tend to have to link a bank account of some sort to one of these lesser known monetary exchanges frankly scares the heebee jeebees out of me and when I have done transactions in the past I pretty much completely disable any account linkages to my real accounts ASAP because I dont trust them as far as I can throw the bastards.

{We suspect this will not be the end of thoughts on this subject. — Editor]

Bookmark the permalink.

Comments are closed.