FBI officially confirms North Korea hacked Sony Pictures

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

[li]Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.[/li]> [li]The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.[/li]> [li]Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.[/li]> [/ul]

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.

We have that thread in the movie area, but I think this discussion needs to be in P&R now with this statement.

The obvious question now is: how do we choose to retaliate? NK isn’t exactly a target rich environment for a payback hack.

We should take away their computer.

It’s really disgraceful how the movie industry just totally caved to terrorist demands. Clooney actually made a statement, which was possibly one of the first things he’s said that didn’t make me think he was a jackass, about how poorly Hollywood has dealt with this.

Even if the theaters weren’t gonna play the movie (which, really, they would have… since if it was only playing in certain theaters, the hype from it being the target of terrorist threats would have spiked its audience WAY over normal levels), Sony should have said, “You know what? Fine. We won’t sell this movie… WE WILL SHOW IT FOR FREE ON THE INTERNET.” And just put it up for anyone who wanted it.

This has set a terrible precedent.

I agree. Sony made a really bad call on the tail of the theatre chains making really bad calls.

It makes them look craven and foolish. It was the absolute worst possible decision they could have made.

There is still time for them to reverse and give NK the big middle finger though, and that is absolutely what they should do.

I think this is just Sony buying themselves some time while they figure out how—or if—they can deal with whatever will be coming to light next.

I’m absolutely serious about my suggestion that they just put the movie up for download on bit torrent or something… or sell it to Netflix as a netflix exclusive, or whatever.

If they’re gonna just accept getting no money for it, then just maximize the audience as much as possible.

The way you deal with bullies is by punching them in the face, not giving them you lunch money. If you give them your lunch money, they’re gonna keep making demands. As soon as you do something that makes them fail to achieve their goals, then they change tactics.

This was mentioned in the other thread, but I’d be very curious to know how the financials of this whole thing worked out. It’s entirely possible that Sony has some kind of insurance policy or other legal reason that it makes more sense for them to never release the film vs. releasing it on the internet or straight to DVD / VOD / Streaming.

Now, the whole thing with Paramount and Team America showing rights? That makes no sense to me at all, and that seems like pure cowardice.

The BitTorrent thing, I get why that wouldn’t happen because companies don’t really have a plan or distribution channel for that. I mean, in theory one guy in IT could do it by himself, and sure, it could be “leaked” that way. But as an official “free to everybody” release plan, well, I can see why that isn’t really feasible.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there.

To be fair, Sony has shown to have pretty shitty security.

This is why you need countries and not corporations defending freedom. Corporations will more or less happily tow the party line in order to trade, make money, and protect the money they’ve made. This is why China is booming despite many gross political violations of human rights.

Yeah, the only way that completely pulling it makes ANY sense is this and/or there’s some really, really, incredibly damning information that they’re being threatened with.

Obama just said that he wishes that Sony had spoken to him first. He thinks they were wrong to pull the movie.

Obama: Sony Made a Mistake

Yay for Obama. He’s two for two this week (Cuba being the other win). He also said something to the effect of “the US will respond.”

I seems like we need to do something like just turn 4Chan loose on North Korea.

There’s not much we could really do to NK, since they have nothing… but we could do something like, hold a contest to make the most offensive photo-shopped pictures of Kim Jong Un possible.

Just, like, millions and millions of pictures making fun of him.

Usually I’m not in favor of descending to infantile insults and childish tantrums, but in this case I’m all for it. Glorious Leader needs to have his underwear hanging from the digital flagpole, if you catch my drift.

I would find it hilarious to see various less-than-upstanding groups troll the ever living daylights out of NK’s government, and I’d be all for celebrating such a thing as the ultimate in internet justice.

While I agree with the sentiment, what I think might have happened here was that the DPRK may have been in contact with Sony and said something along the lines of “hey, we haven’t released hacked emails A, G, and X yet, and we will unless you pull the movie in its entirely.”

If so, then maybe Sony’s actions are more understandable… though still craven, since you’re pretty much setting yourself up to be blackmailed for the foreseeable future.

It’ll be like the end of “Hackers”.

I agree. But for the past 13 years, our approach has been “an abundance of caution” whenever the slightest danger to civilians might be involved.

It’s embarrassing.