North Korea denies hacking Sony but calls the breach a ‘righteous deed’
TOKYO — North Korea has denied hacking Sony Pictures’ computer systems in retaliation for its movie “The Interview,” which revolves around a plot to assassinate North Korea’s leader, Kim Jong Un. But the secretive state has called the crippling cyberattack a “righteous deed” and has suggested that its “supporters and sympathizers” might be taking revenge on its behalf.
The statement, issued Sunday by the official Korean Central News Agency, comes as investigators home in on the source of the attack, which brought Sony, one of Hollywood’s biggest studios, to a near-standstill just before Thanksgiving.
“We do not know where in America the Sony Pictures is situated and for what wrongdoings it became the target of the attack nor [do] we feel the need to know about it,” the KCNA statement said.
“But what we clearly know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership of the DPRK by taking advantage of the hostile policy of the U.S. administration towards the DPRK,” it said, using the official acronym for North Korea.
Sony Pictures Entertainment is preparing to release “The Interview,” a comedy in which James Franco and Seth Rogen play journalists who land a rare interview with Kim and are recruited by the CIA to take him out. The movie is to be released in the United States on Dec. 25.
When news of the film emerged in June, North Korea vowed “merciless” counter-measures if it were released. The nation appeared to have made good on that promise, with a devastating Nov. 24 attack by hackers that knocked out the studio’s computer network.
At least five new movies from Sony Pictures, including the musical “Annie” and the Brad Pitt World War II movie “Fury,” were posted to copyright-infringing file-sharing hubs soon after the attack. But there was no proof that those postings were related to the hack.
In response to the allegations that it was responsible, North Korea “called upon the world to turn out in the just struggle to put an end to U.S. imperialism, the chieftain of aggression and the worst human rights abuser.”
The FBI is investigating the Sony hack and issued a flash warning last week to businesses about “destructive malware,” though it did not specifically link the alert to the Sony incident. Sony has hired security consultants to try to figure out who is responsible.
One theory is that hackers supportive of North Korea are behind the attack.
The United States should “know that there are a great number of supporters and sympathizers with the DPRK all over the world,” KCNA’s Sunday’s statement continued. “The righteous reaction will get stronger to smash the evil doings.”
Over the weekend, someone claiming to be the leader of a hacking group threatened Sony employees and their families in an e-mail message, according to the technology news site Re/code.
“What we have done so far is only a small part of our further plan,” reads the message, written in halting English and received by some Sony Pictures employees, Re/code reported. “Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger.”
A Sony representative issued a statement to Re/code saying: “We understand that some of our employees have received an email claiming to be from [the hackers]. We are aware of the situation and are working with law enforcement.”
IMAGES:
This photo released by North Korea’s official Korean Central News Agency shows North Korean leader Kim Jong Un inspecting the Chonji Lubricant Factory. Korean Central News Agency via AFP/Getty Images
North Korean leader Kim Jong Un watches a performance given by the State Merited Chorus. Korean Central News Agency via Reuters
For more on this story go to: http://www.washingtonpost.com/world/north-korea-denies-hacking-sony-but-calls-the-breach-a-righteous-deed/2014/12/07/508d6991-c242-419c-b71c-59a3d1173766_story.html
Related stories:
Sony breach may inspire slew of privacy, employment claims
By Allison Grande From Law360
Law360, New York (December 12, 2014, 8:06 PM ET) — Sony Corp. is likely to face not just claims over its security safeguards following a recent breach that compromised the personal data of thousands of employees and celebrities, but employment, breach of contract and health privacy allegations based on the leaked data.
For more on this story go to: http://www.law360.com/media/articles/604351?nl_pk=3dff67ed-0e27-47ea-8f8b-9a83ecddf692&utm_source=newsletter&utm_medium=email&utm_campaign=media
Sony’s breach stretched from Thai Hotel to Hollywood
By Jordan Robertson, Dune Lawrence and Chris Strohm From Bloomberg
“We are aware that users are having issues connecting to PSN. Thanks for your patience as we investigate,” Sony Computer Entertainment America’s Ask PlayStation Twitter account comments in Twitter post. Bloomberg’s Caroline Hyde reports on the attack on “The Pulse.” (Source: Bloomberg)
The computer hackers drilled into the network at the elegant St. Regis Bangkok that night and, with a keystroke, laid bare the secrets of Sony Pictures Entertainment.
What had begun with a secret incursion into the Hollywood studio’s computer system was reaching its climax in, of all places, a five-star hotel in the capital of Thailand.
It was 12:25 a.m. on Dec. 2 in Bangkok, the morning of Dec. 1 in California. Working through the high-speed network at the St. Regis — whether from a guest room, a public area like the lobby or a separate location is unknown — the hackers began leaking confidential Sony data to the Internet, according to a person familiar with investigations into the breach. This person spoke on the condition he not be named because the inquiries are confidential.
By the time it was over, the world would learn private details of 47,000 Sony employees, former employees and freelancers, as well as several Hollywood stars, in a hack that many experts say heralds a dangerous new era in cybersecurity. The entertainment division of Sony Corp. (6758) is still struggling to contain the damage from the revelations.
Who hacked Sony, and why, remains unclear. The attack appears to have been designed to embarrass Sony, rather than to enrich the perpetrators.
Photographer: Miquel Benitez/Getty Images
Seth Rogen during a photocall for his latest film ‘The Interview’ on June 18, 2014 in Barcelona, Spain.
As cybersecurity experts sift through clues, many say the episode bears the hallmarks of DarkSeoul, a hacking group with suspected links to North Korea that struck South Korean banks and media companies in 2013. North Korea, which has denied any involvement in the Sony episode, released a statement yesterday saying the hack “might be a righteous deed” of its supporters or sympathizers.
Alarming Shift
If North Korea is behind the attack, the development would mark an alarming shift in state-sponsored cybercrime, which has generally targeted military and infrastructure, said Michael Fey, president and chief operating officer of Blue Coat Systems Inc., a network security company in Sunnyvale, California.
“It’s a very high stakes game of poker that’s starting to escalate,” Fey said.
The Thai connection, which hasn’t been reported previously, provides a glimpse into how the Sony hack went down.
Cybersecurity investigators have traced the hackers’ digital footprints to the network at the St. Regis Bangkok, on Rajadmari Road in an area populated by international corporations and upscale boutiques such as Bulgari and Valentino.
Photographer: Jonathan Alcorn/Bloomberg
Signage is displayed outside of the Sony Pictures Entertainment Inc. Studios building… Read More
Evidence suggests the person or persons who distributed the Sony data may have been operating inside the hotel, although it’s also possible they were working from a remote location, according to the person familiar with the investigation.
University Connection
An Internet Protocol address the malware used to communicate with the hackers was also located at a university in Thailand, this person said. Hackers often take advantage of open university networks in initiating attacks. Katie Roberts, a spokeswoman for Starwood Hotels & Resorts Worldwide Inc. (HOT), which owns the St. Regis Bangkok, didn’t respond to emails seeking comment.
If the hackers were indeed at the St. Regis, they were essentially hiding in plain sight by using a busy wireless network available to hundreds of guests. The data disclosed included salaries and home addresses of people who left Sony as far back as 2000, as well as Social Security numbers and contracts. Celebrities whose details were revealed include actor Sylvester Stallone and producer Judd Apatow.
One theory is that the attack was North Korea’s revenge for a new Sony comedy, “The Interview” — an idea some cybersecurity experts have called far-fetched. The film stars Seth Rogen and James Franco and concerns an attempt on the life of North Korean leader Kim Jong Un.
North Korea
Yet all sides agree that North Korea appears to operate a large network of hackers, with estimates ranging as high as 5,900. Many of these people work outside North Korea because of that country’s limited Internet infrastructure.
One hacking unit is housed within the Korea Computer Center, or KCC, a government research and development agency, according to a report issued in August by the cybersecurity division of Hewlett-Packard Co. (HPQ) The KCC operates out of almost 20 offices in North Korea and branches in China, Germany, Syria and the United Arab Emirates, HP said.
The Reconnaissance General Bureau, the country’s primary intelligence agency, has two hacking units, No. 91 Office and Unit 121. Some members of Unit 121 have worked out of the Chilbosan Hotel in Shenyang, China, near the North Korean border, according to a 2009 research paper that cited a North Korean defector who claimed to have served in Unit 121.
That’s one reason a connection to a foreign hotel in the Sony hack — in this case, the St. Regis Bangkok — doesn’t surprise investigators linking the attack to North Korea.
Coding Clues
More clues lie in the computer code itself. Details released by the U.S. Federal Bureau of Investigation have enabled security companies to find and analyze the malware used against Sony. The first piece of code outlined by the FBI was customized for Sony, according to Daniel Clemens, a security researcher and founder of Packet Ninjas LLC, a cybersecurity firm in Hoover, Alabama. When the malware runs, it tries to connect to hosts within Sony’s network, indicating it was tailored to the company.
Other elements are similar to the DarkSeoul campaigns in South Korea. The group generally uses destructive “wiper” programs that erase hard drives or conducts distributed denial of service attacks that clog websites with fake traffic, according to Symantec Corp. (SYMC)
The Sony code shares techniques and component names with the code used in the earlier DarkSeoul attacks, according to an analysis by Mountain View, California-based Symantec.
Shared Techniques
At least one command and control server in Bolivia was used in both the South Korean campaigns and the Sony Pictures hack, suggesting that the same group was behind both, said Liam O Murchu, a security researcher for Symantec. Command and control servers, which are used to communicate with malware once it’s on a target’s systems, are typically hacked themselves, masking the attackers’ true origins.
“This is the same group that was working in Korea a year ago,” O Murchu says. “There are so many similarities — this must be the same people.”
Kurt Baumgartner, principal security researcher at Kaspersky Lab in Denver, Colorado, also found similarities. As in South Korea, the destructive programs were compiled less than 48 hours before the attack, he said. In both instances, the hackers also defaced websites with skeleton images and vaguely political messages.
Shamoon Attacks
The malware used against Sony also has overlaps with Shamoon, perhaps the most high-profile deployment of wiper software to date, which destroyed information on thousands of computers in Saudi Arabia in 2012. Both used the same kind of commercially available drivers from the RawDisk library made by EldoS Corp., Baumgartner said. Shamoon was also compiled very shortly before it detonated.
After the attacks in 2013, researchers at Intel Corp.’s (INTC) McAfee unit traced the code back to a family of malware used against South Korean and U.S. targets, starting in 2009 with denial of service attacks against South Korean and U.S. military targets. McAfee called the attack “Operation Troy.”
CrowdStrike Inc., [https://www.crowdstrike.com/services/proactive-services/]another security technology company, has another name for the DarkSeoul group — Silent Chollima, a reference to the mythical winged horse that is an important symbol in North Korea. CrowdStrike has been tracking the group since 2006 and has linked it to the North Korean government.
“Destructive attacks are actually very, very rare — North Korea is one of the few that has launched them repeatedly,” says Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike, which is based in Irvine, California. “They always seem to be pushing the boundaries of what they can do.”
‘Guardians of Peace’
In the Sony case, a previously unknown group calling itself GOP, or “Guardians of Peace,” claimed responsibility. In earlier attacks attributed to North Korea, the hackers have also posed as hacktivist groups, according to John Hultquist, senior manager of cyber-espionage threat intelligence at iSight Partners Inc., a cybersecurity company based in Dallas.
Hultquist said the hackers may be hired contractors or are creating a hacktivist profile to hide their identity, especially since the group doesn’t have a history of similar acts. It’s an increasingly common tactic of nation states trying to cover their trails, he said.
“By definition, a hacktivist group has a history, they’ve been out defacing websites, doing stuff,” Hultquist said. “Given the lack of a background behind the hacktivist organization claiming responsibility, I think we’re looking at North Korea sponsoring it or someone sympathetic to North Korea sponsoring it.”
For more on this story go to: http://www.bloomberg.com/news/2014-12-07/sony-s-darkseoul-breach-stretched-from-thai-hotel-to-hollywood.html
Sharpton refuses to accept Sony Exec’s apology after emails about race
Civil rights leader Reverend Al Sharpton will meet next week with Sony Pictures Entertainment Co-Chairman Amy Pascal and decide whether her emails about President Barack Obama’s race warrant calling for her resignation.
Pascal is under pressure after her private emails were exposed by hackers who attacked the computer network of the Hollywood movie studio, a unit of Sony Corp.
In exchanges with producer Scott Rudin, Pascal guesses that Obama might be a fan of “Django Unchained” or other films with black actors or themes. The emails were published by Buzzfeed and Reuters has not confirmed them.
In a statement on Thursday, Sharpton said Pascal’s statements reflected a “lack of diversity” in Hollywood. He said Sony needed to take steps “to respect the African American community and reflect that respect in their hiring and business practices.”
Special: Climatologist Warns of 30-Year Freeze, Economic Disaster
Pascal and Sharpton had a “candid conversation” when she phoned him to apologize on Thursday, said Sharpton’s spokeswoman Jacky Johnson. But Sharpton “made clear he has not accepted her apology,” she said.
Sharpton is “inclined” to call for Pascal’s resignation, “but has agreed to hear her out in person” in New York before making a decision, Johnson said.
A Sony spokeswoman had no comment.
Pascal, in a statement on Thursday, apologized and said her emails were “insensitive and inappropriate.” She told the Hollywood Reporter she reached out to Sharpton and Reverend Jesse Jackson and wanted to start “a healing process.”
“I’m being proactive,” she said. “And I want to accept responsibility for these stupid, callous remarks.”
White House spokesman Josh Earnest, at his daily news briefing on Friday, said “the decision that Ms. Pascal made to apologize was the appropriate one.”
Special: Colon Cancer Warning Signs: If You Have Any of These . . .
Aaron Sorkin, who wrote Sony hit “The Social Network,” defended Pascal on Friday.
“Amy knows more than a lot of people what it’s like to battle stereotypes,” Sorkin told The Hollywood Reporter. “She’s a woman at a large corporation who worked her way from assistant to the chairman’s office. No one in the world feels worse than she does right now.”
For more on this story go to: http://www.Newsmax.com/Headline/Sharpton-email-race-apology/2014/12/12/id/612787/#ixzz3LmfH4fM0
IMAGE: Al Sharpton en.wikipedia.org