Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

SONY: The Laughing Man Effect

with one comment

Laughing_Man_by_thooley

Preface:

In the past I have written about “The Ghost In The Shell” referring to current incidents online and the future of network warfare. I mostly wrote about the anime show’s prescience with regard to the fact that many of us in the business of computer security it seems gravitated to it because of those very scenarios in the first place and a certain cool factor to them. Of course all of that was science fiction and it could not happen in the real world could it?

Well, once upon a time the idea of a plane flying in the air or a submarine for that matter were pure SCIFI and now we take them for granted. So it is too with some of the ideas put forth by G.I.T.S. where online culture and warfare are concerned. If you are not familiar with the G.I.T.S. franchise I suggest you go to Amazon or Hulu and watch them all. If you are familiar with them, then you might have the same “Ah ha!” reaction that I did watching the evolving story of the Sony hack.

SONY HACK

So to catch you all up, Sony it seems got hacked. Not just hacked, but utterly hacked, penetrated, compromised, whatever adjective you would rather use all of them applies here. Suffice to say that Sony was taken down in such a way that absolutely nothing electronic should be trusted within its environment whether it be a router, switch, desktop, laptop, server down to USB sticks. The hackers had complete control over what seems to be all of their infrastructure and for an indeterminate amount of time.

The adversary, once gaining access began to plunder all of Sony’s secrets, ex-filtrating them out of their networks to the tune of one hundred and eleven terabytes of data. This is an astounding amount of data to take and one has to wonder just how they got it out of there. I mean, did they move it on TB drives? Did they FTP that out? What? You also have to wonder just how long that would take if they were being sneaky about it. It also begs the question of whether or not the attackers had to be sneaky at all because perhaps Sony had not learned it’s lessons from previous attacks and just was not watching traffic at all to see the immense amounts of data leaving their domain.

It gets worse though for Sony… If that were even conceivable to many. The adversary then inserted a special feature to the malware they were using to compromise systems with to destroy the MBR section of hard drives on systems that were infected. This poison pill was then activated when the attackers were done to perform the coup de grâce that would take Sony down hard. As it was described the malware changed the login screen for all the users and then the game was on. Sony knew something was up and then systems went BOOM. Or did they? I am not too sure on this fact because I have not seen much out of Sony as to what happened next.

The net effect here is that Sony cannot trust anything and anyone potentially within their walls and had to shut down their whole network. They handed people pens and pencils and continued working as best they could as they called in Mandiant to perform the incident response for them. Meanwhile, the adversary had made contact with Sony either with the screen change (see below) or other means to say that they had that 111tb of data and laid out terms of what they wanted to not let it out on the net. That was around Nov 24 and it’s now December 6th. Since then there has been two data drops by a group calling themselves the GOP (Guardians of Peace) One drop was small, around a gig and the next was 27 gig. Within those files were found great swaths of Sony data that included numerous SSN’s and personal data for people who worked with or for Sony. In short, it’s a nightmare for all involved really.

Then things got… Weird.

Suddenly Variety (the Hollywood trade rag) was reporting that Sony thought that their adversary was in fact the DPRK and Kim Jong Un. Why? Because Sony was going to release a film that KJU did not appreciate. That film is called “The Interview” and it’s a comedy whose premise is that two Hollywood types are invited to DPRK to interview KJU and are asked “humorously” to whack KJU by the CIA.

Eh.. It could be funny. I really don’t think it would have nor will be but that’s just me. I am not a big fan of the two major stars of the film and of late Hollywood has mostly been the suck anyway, but yeah I digress…

So yeah, Variety is reporting that DPRK hacked Sony and with Mandiant being signed on HOLY CHINA! We all in INFOSEC began popping the popcorn and waiting on Tao to start talking about where DPRK touched him. It was and is still, rather unreal. The modus operandi for some of the hacking does match what DPRK has done before with wiper malware, or shall I say “has been attributed to have done before” and attribution as you all know is hard. However, the data kinda looked like maybe it was possible but with the lens of time it seems less likely that it was a nation state actor especially if the reason for the attack was in fact over this movie.

Since the advent of the DPRK theory, this whole story has just become a media frenzy about “CYBER CYBER CYBER WAR PEARL HARBOR BE AFRAID!!” The reality though seems to be a bit different from the popular media fallderall in that the GOP has all along said that this attack was in response to Sony’s bad practices and they needed to be taken down for them.

The Laughing Man Effect

This is the juncture where the Ghost In The Shell comes in and a certain arc in the story line from the Standalone Complex. If you are a fan you might remember the series of episodes concerning “The Laughing Man” In these episodes we are introduced to a hacker who appears from nowhere and begins a campaign of attacks against corporations for their misdeeds. In particular one company that was colluding in surveillance and stock manipulation but I will leave all that to you to watch.

What happens though is that The Laughing Man takes on the corporation and through hacking exposes them for what they had done as well as effects their bottom line greatly financially as well as damaging their reputation. It was the spectacular nature of the hack though, on live TV in this future Japan that got others completely obsessed with the Laughing Man and what he had done. If you have not seen the series there is a box set of just the episodes that concern the Laughing Man you can watch.

The story line though sparked with me because it showed the great asymmetric power of this kind of warfare that could be carried out by one person. One person with the skill sets to do it, could affect the bottom line of a company at a distance as well as anonymously. This is a powerful thought and one that in today’s society is much more of a reality than ever before and it is precisely because of technology. This idea I personally now call “The Laughing Man Effect” and in tandem with meme’s could spell real trouble for the world today. We have seen this already taking place with Anonymous and their various wars against injustice or just for the lulz as we saw in LulzSec. In fact, I would claim that HB Gary would have been the first instance of the Laughing Man Effect and it just took the Sony incident for it to solidify in my head.

Memetics

Now consider the meme. Meme’s are ideas or images that catch fire with people and are passed on rather like cognitive malware. Anonymous was a meme as well as means of creating and delivering meme’s on the internet. Born of the 4chan boards where meme’s are born every second, some dying on the vine while others catching fire, Anonymous caught on once they went after Scientology. The reality is that Anonymous lit this fire and now GOP has taken up the notion ostensibly and acted upon their personal desires of retribution much like Anon’s did on Scientology.

If the GOP is in fact a real group or person with an agenda to destroy Sony then I believe that their idea has come from Anonymous(s) successes. I also think that if they do really exist as a group then they have learned from Anonymous successes and failures. So far GOP has been pretty cagey with their use of dead drop email accounts and the use of various servers around the globe to send email to reporters. Which, if they are not caught right away, will give them more power of the meme as the David who slew Goliath.

In the end, I believe this to be just the meme taking root in the collective unconscious spurred on by the likes of Anonymous, Snowden, Wikileaks, and the Occupy movements. We live in a time where the small can in fact easily take down the big with technologies that we all use and often times do not secure properly. In the case of Sony it seems that they neglected a lot and got burned badly by doing so. If that is the case then who’s to say when the next big corporation is taken down by another person or persons with an axe to grind or a valid grievance?

The meme is catching and the Laughing Man Effect may be a real concern for the governments and corporations of the world. The more flashy and catchy or perhaps just downright motivational the more chance that others will follow. This is the nature of the meme and it’s ability to propagate so quickly and effectively in our hyper connected world. If you just look at all the media coverage of the Sony incident and then look at all the armchair detection going on around it you can see how this one too has sparked the collective imagination and curiosity.

Future State Electronic Warfare

So here it is. What some have been fearing and perhaps not getting across well enough is coming to pass. In our connected world it is easy to take things down and burn them. I the case of Sony they will come back sure. If you look at their stock the last few days as revelations surfaced, their prices took a dive but then went back up. Perhaps the real world just doesn’t understand the ramifications of what has happened here. However, the fact remains that Sony was completely decimated on a technical level to start. This is an important point that should be thought about.

That Sony was likely hit by an insider is highly probable. Was that insider sent in or actively recruited? Are they someone who just did this because they felt abused? I guess time will tell on these questions but insider attacks have always been a problem and they won’t go away. How do you really protect against that without making life harder for end users? Much more, how do you protect against insider attacks without alienating workers as they are watched every second of the day as they work to insure they aren’t setting off an attack? It’s a vicious cycle really.

Alternatively, how can any company expect to defeat a determined attacker anyway? The dreaded APT’s have had it easy and still do to a large extent but even after we all have learned our lessons, it will still always be a surety that a determined attacker will get you in the end. With that knowledge then what do you do? Do you just accept that fact like something akin to the AA credo of “Grant me the serenity to accept the things I cannot change” or do you fight harder? It is a never ending battle.

What Sony can teach us though now is that the idea of this kind of warfare is out there. Ordinary people are feeling empowered to take on corporations and governments with the aid of the very technologies they use to carry on daily business. Technologies that are now commonplace and we cannot do without. This is a scary thing to many in power and it’s been made all the scarier when things like the Sony hack happens so utterly and completely well.

Welcome to the future of online/electronic asymmetric warfare kids.

K.

 

Written by Krypt3ia

2014/12/06 at 22:49

One Response

Subscribe to comments with RSS.

  1. […] wrote earlier this month about the “Laughing Man Effect” with regard to the SONY incident as it was unfolding. This attack mimicked the LulzSec […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: