Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for December 18th, 2014

SONY HACK: Winners and Losers

with 7 comments

Sony-Hack

What a difference a few hours off Twitter can make… Since last night the US government has made it known that they feel they have enough “evidence” to say that DPRK and Kim Jong Un were behind the hack on Sony. So far, all that I have seen personally posted online and in the news that counts as “evidence” has been inferential and certainly not worth spit in a court of law, never mind even in a mock court taking place in a 5th grade classroom!

Instead we have Sony playing the “poor us” card, the IR service (Mandiant) saying nothing, and the internet and social media on fire with comments on how this is either just utter buffoonery at a nation state level or hue and cries for response against DPRK for this “Act of WAR!”

*hangs head*

ERMEGERD we are doomed aren’t we….

So I came up with this little list of the winners and losers for you all.

Winners:

  • Whoever hacked Sony (Interview not being shown and fear being sown)
  • Sony (Poor SONY it was advanced! We’re bleeding money! POTUS SAVE US!)
  • Armchair CYBER WAR experts (Holy fuck Dave Aitel selling CYBER WARRRRRR)
  • CYBER CHICKEN HAWKS (HOLY FUCK! DAVE AITEL SELLING CYBER WARRRRR!)
  • Anyone with an agenda against DPRK
  • Anyone looking to sell attribution services (Mandiant/FireEye/Crowdstrike)
  • APT Appliance manufacturers (Mandiant/FireEye/Crowdstrike)
  • Kevin Mandia (Apologist email of the CENTURY)
  • GOP (Whoever you are.. Well played)
  • Every person, entity, or group from here on who decides to do the same thing in similar ways (keep an eye on this one)
  • Fucksticks like Dave Aitel (ERMEGERD)
  • THE LAWYERS! GIGGITY MO MONEY MO MONEY MO MONEY!

Losers:

  • All of us who are sane (It’s knee jerk time people, put on your helmets)
  • Sanity (what little we had as a nation and a people post 9/11 and the torture reports)
  • Any of us who have a clue about hacking and the world of network security (I am sure we will all be drinking soon at Shmoo)
  • Our national reputation (Once again, post Torture report there wasn’t much left but now.. oy)
  • Serious discussion of actual network and information warfare (RidT/Robert M Lee etc) (poor bastards)
  • Freedom of expression due to fear of reprisals due to veiled threats of 9/11 *1000 attacks (Just mention 9/11 and shit happens!)
  • Insurance companies that offer cyber insurance (I sincerely hope you guys fight this one with Sony)
  • The concept of “sophistication” in hacking of targets (We already had a problem here.. Now it’s been completely abdicated as a notion seriously)

So yeah, the nation is now at CYBER WAR with DPRK over some company that pays a lot in lobbyist bribes… I mean fee’s… No.. Bribes… To the government because they have an agenda. (MPAA/SOPA/PIPA etc) A company that totally abdicated it’s responsibilities concerning the security of it’s data and that of everyone it works with mind you. That part of the story seems to be lost in all the sabre rattling of late though.

PAY NO ATTENTION TO THE NAKED MAN BEHIND THE CURTAIN!

Good god… This is a pile of fecal vomitus.

K.

Written by Krypt3ia

2014/12/18 at 11:18

Posted in SONY

So.. What about those Japanese IP addresses in the SONY Hack Anyway?

with 10 comments

00-top

Just a little note in the derpstorm (another post to follow on that after this one) that I wanted to drop on you all. See, I mentioned this in one of my first posts on the Sony Hack but it has gone little noticed. In the malware samples of Destover-C on Virus Total you can see in the strings a huge list of IP addresses that belong to someone in Japan… I reckoned that they were in fact Sony addresses because they track down to a location in Japan where Sony HQ is and I left it at that. I had made my comments on how Japan and Korea just don’t get along and that they have a long history of unhappy relations, and thus a keyboard map, if taken on face value, might have relevance in this way.

Well, later on someone who shall remain un-named contacted me and thanked me for my post and the information in it. The reason? They said that they worked for Sony and had been told NOTHING. My post actually gave them more information than the actual corporation that they worked for within their own security and networking space! Sadly, this seems to be the M. O. of Sony and I took that piece of info as truth because really this person had nothing to lie about here.

and life went on…

Destover-C connections looking for NetBIOS connections

  • 43.130.141.100:139
  • 43.130.141.100:445
  • 43.130.141.101:139
  • 43.130.141.101:445
  • 43.130.141.102:139
  • 43.130.141.102:445
  • 43.130.141.103:139
  • 43.130.141.103:445
  • 43.130.141.105:139
  • 43.130.141.105:445
  • 43.130.141.107:139
  • 43.130.141.107:445
  • 43.130.141.108:139
  • 43.130.141.108:445
  • 43.130.141.109:139
  • 43.130.141.109:445
  • 43.130.141.115:139
  • 43.130.141.115:445
  • 43.130.141.11:139
  • 43.130.141.11:445
  • 43.130.141.124:139
  • 43.130.141.124:445
  • 43.130.141.125:139
  • 43.130.141.125:445
  • 43.130.141.13:139
  • 43.130.141.13:445
  • 43.130.141.14:445
  • 43.130.141.20:139
  • 43.130.141.20:445
  • 43.130.141.21:139
  • 43.130.141.21:445
  • 43.130.141.22:139
  • 43.130.141.22:445
  • 43.130.141.23:139
  • 43.130.141.23:445
  • 43.130.141.24:139
  • 43.130.141.24:445
  • 43.130.141.28:139
  • 43.130.141.28:445
  • 43.130.141.30:445
  • 43.130.141.42:139
  • 43.130.141.42:445
  • 43.130.141.71:139
  • 43.130.141.71:445
  • 43.130.141.72:139
  • 43.130.141.72:445
  • 43.130.141.74:139
  • 43.130.141.74:445
  • 43.130.141.75:139
  • 43.130.141.75:445
  • 43.130.141.76:139
  • 43.130.141.76:445
  • 43.130.141.77:139
  • 43.130.141.77:445
  • 43.130.141.78:139
  • 43.130.141.78:445
  • 43.130.141.79:139
  • 43.130.141.79:445
  • 43.130.141.80:139
  • 43.130.141.80:445
  • 43.130.141.83:139
  • 43.130.141.83:445
  • 43.130.141.84:139
  • 43.130.141.84:445
  • 43.130.141.85:139
  • 43.130.141.85:445
  • 43.130.141.86:139
  • 43.130.141.86:445
  • 43.130.141.87:139
  • 43.130.141.87:445
  • 43.130.141.88:139
  • 43.130.141.88:445
  • 43.130.141.90:139
  • 43.130.141.90:445
  • 43.130.141.92:139
  • 43.130.141.92:445
  • 43.130.141.93:139
  • 43.130.141.93:445
  • 43.130.141.94:139
  • 43.130.141.94:445
  • 43.130.141.98:139
  • 43.130.141.98:445
  • 43.130.141.99:445

This morning, as I sit with coffee at 5am, awake because I looked at twitter and ERMEGERD DPRK DID IT is all over the place I just thought I would share. See, there is more going on here than Wolf Blitzer can… Well.. Blitz! All of this, all of the fallout that I will write about next just covers over the fact that much more has gone on and we have not heard anything about.

What happened in Japan?

Do we really think that just SPE was hit? I mean they are connected as a company to the parent which is in Japan right?

What about Germany?

What about all the subsidiaries? Won’t they too have to re-create their networks?

What great fuckery there is going on.

Wake the fuck up people.

K.

Written by Krypt3ia

2014/12/18 at 10:38

Posted in SONY