Resignations Signal Generational Change at Apache Foundation
Why Gnome 2 Continues to Win the Desktop Popularity Contest
Where Open Hardware Is Today
Writing in Style With LibreOffice
Huawei and Other Mobile 'Tech Giants': You Should (Really) Break Free from Google/Android
December 22nd, 2014

Sony & North Korea: Dumb & Dumber

Hacking, hacking, everywhere hacking. And not the good kind either. We’re talking cracking hacking.

Take the Sony hack for instance. Bunches of movies set for Christmas release are now available online for free, for those willing to break the law and invoke the displeasure of the MPAA while firing up the ol’ BitTorrent. Worse than that: even more bunches of Sony employees have had their financial lives turned upside down, with all of their personal information leaked. Not so bad, however, is the news that “The Interview” won’t be making an appearance on a screen near you anytime soon.

Oddly, it’s that last tidbit that’s been getting the most press. That, and the ongoing argument on who’s to blame for the Sony crack hack.

At first, U.S. authorities said that the North Koreans didn’t do it. Then they said they did. The North Koreans countered with a “no-way-Jose” and offered to help in the hunt to find the real culprit, which elicited an adamant “no-way-back-atcha” from the U.S.

I was inclined to believe that the U.S. was right about the North Koreans until a few things were pointed out by some of my Facebook buddies, and now I’m not so sure. My friend Ray noted that the North Koreans are always willing to take responsibility and even brag about every nefarious action they take, even blowing up nuclear bombs and such, so why would we think they’d change their tactics now? He thought the idea that the deed was done by a disgruntled employee sounded about right.

So I briefly changed my mind and figured that Sony has become the new U.S. Postal Service, until that theory was shot to hell with one quick Google, which produced information from PCWorld that the North Koreans had, indeed, denied culpability on some other occasions — and had offered to help.

“It’s not the first time that North Korea has demanded a joint investigation into international allegations against it.

“Earlier this year, the country wanted such after it was accused by South Korea of being responsible for several drones that were found crashed near South Korea’s border with North Korea. And in 2010, when the South Korean naval vessel the Cheonan was torpedoed and sank with the loss of 46 lives, the country wanted to be part of a South Korean investigation. In both cases, North Korea was deemed ultimately responsible.”

Hmmm…

And actually, if you read their “no way” statement, it seems a little bit like the talk you might hear on a cop show, with the suspect saying, “You guys got nuttin’ on me.” That, with a veiled threat included.

“North Korea’s Ministry of Foreign Affairs, however, said in a statement Saturday that it needed to see ‘clear evidence’ and said comparisons with previous cyberattacks were irrelevant to the Sony case.

“’Reference to the past cyber-attacks quite irrelevant with the DPRK and a string of presumptive assertions such as ‘similarity’ and ‘repetition’ can convince no one,’ the Foreign Ministry said.…

“‘We will never pardon those undesirable elements keen on hurting the dignity of the supreme leadership of the DPRK,’ it said, using the acronym for the country’s office name, the Democratic People’s Republic of Korea. ‘In case we retaliate against them, we will target with legitimacy those responsible for the anti-DPRK acts and their bases, not engaging in terrorist attack aimed at the innocent audience in cinemas.'”

Well, maybe the threat wasn’t so veiled.

Another Facebook friend blamed the whole thing on Sony’s karma (yeah, I have friends like that) and cautioned me to remember the DRM scandal.

For those of you with short memories, back between 2005 and 2007, Sony didn’t want us playing their CDs on our computers, fearing we might rip-and-burn, so they surreptitiously used their CDs to install DRM software on our computers, which ended up making our machines vulnerable to all sorts of malicious attacks. Their solution to that brouhaha was to release an “uninstaller,” which didn’t uninstall anything and actually installed more exploitable software while collecting email addresses to send back to Sony’s home office.

Even if it wasn’t karma, maybe Sony does deserve some of the blame for trying to secure its network on the cheap.

Ya see, the virus or whatever it was that got into Sony’s system wasn’t the work of a genius, but something you can buy on the black market where the script kiddies shop for toys. Not only that, this piece-o’-code sat on their servers for months without being detected. I can only assume this is because Sony’s IT dudes and dudettes were too busy making sure that we weren’t making copies of Sony movies when streaming them over Netflix.

Bloomberg quotes Trend Micro and every other security company looking for some free publicity:

“‘They were probably in the system for months,’ Masayoshi Someya, whose title is security evangelist at Trend Micro, said in an interview in Tokyo this month. ‘One thing that’s very unique about the malware is that it had a payload with a particular time bomb-type capability.’

“While it’s unclear how the hackers got access to Sony’s network, the virus they used to destroy it is available on the black market and can be used without a high level of technical sophistication, according to Someya. It was customized for the company, embedding in the program account names and passwords and targeting the security software, he said.”

Okay, so the as yet to be identified culprit paid some coder to have the code modified. If the coder was doing it for the North Koreans, I hope s/he checked to make sure the money wasn’t counterfeit.

Oh, the article goes on to say that McAfee has “determined that its security products would prevent the malware from executing.” I guess that Sony’s IT folks didn’t get the memo about the need for AV protection.

Meanwhile, Sony stands to loose much more than the $45 million it cost them to make “The Interview.” By the time the lawsuit dust settles, they’re sure to be out hundreds of millions of U.S greenbacks, maybe much more, and Sony employees will be spending many sleepless nights worried about losing their life’s savings.

All over a tasteless and stupid movie that would’ve been forgotten by February — until it showed up on Netflix or Amazon Prime a few months down the road.

This is big news for Sony and the company’s investors. For the rest of us, this should be no more than an interesting distraction.

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

1 comment to Sony & North Korea: Dumb & Dumber

  • tracyanne

    quote::For the rest of us, this should be no more than an interesting distraction.::quote

    Yep, for about the time it takes to read it. Now back to something more important… Solitaire.