Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

So.. What about those Japanese IP addresses in the SONY Hack Anyway?

with 10 comments

00-top

Just a little note in the derpstorm (another post to follow on that after this one) that I wanted to drop on you all. See, I mentioned this in one of my first posts on the Sony Hack but it has gone little noticed. In the malware samples of Destover-C on Virus Total you can see in the strings a huge list of IP addresses that belong to someone in Japan… I reckoned that they were in fact Sony addresses because they track down to a location in Japan where Sony HQ is and I left it at that. I had made my comments on how Japan and Korea just don’t get along and that they have a long history of unhappy relations, and thus a keyboard map, if taken on face value, might have relevance in this way.

Well, later on someone who shall remain un-named contacted me and thanked me for my post and the information in it. The reason? They said that they worked for Sony and had been told NOTHING. My post actually gave them more information than the actual corporation that they worked for within their own security and networking space! Sadly, this seems to be the M. O. of Sony and I took that piece of info as truth because really this person had nothing to lie about here.

and life went on…

Destover-C connections looking for NetBIOS connections

  • 43.130.141.100:139
  • 43.130.141.100:445
  • 43.130.141.101:139
  • 43.130.141.101:445
  • 43.130.141.102:139
  • 43.130.141.102:445
  • 43.130.141.103:139
  • 43.130.141.103:445
  • 43.130.141.105:139
  • 43.130.141.105:445
  • 43.130.141.107:139
  • 43.130.141.107:445
  • 43.130.141.108:139
  • 43.130.141.108:445
  • 43.130.141.109:139
  • 43.130.141.109:445
  • 43.130.141.115:139
  • 43.130.141.115:445
  • 43.130.141.11:139
  • 43.130.141.11:445
  • 43.130.141.124:139
  • 43.130.141.124:445
  • 43.130.141.125:139
  • 43.130.141.125:445
  • 43.130.141.13:139
  • 43.130.141.13:445
  • 43.130.141.14:445
  • 43.130.141.20:139
  • 43.130.141.20:445
  • 43.130.141.21:139
  • 43.130.141.21:445
  • 43.130.141.22:139
  • 43.130.141.22:445
  • 43.130.141.23:139
  • 43.130.141.23:445
  • 43.130.141.24:139
  • 43.130.141.24:445
  • 43.130.141.28:139
  • 43.130.141.28:445
  • 43.130.141.30:445
  • 43.130.141.42:139
  • 43.130.141.42:445
  • 43.130.141.71:139
  • 43.130.141.71:445
  • 43.130.141.72:139
  • 43.130.141.72:445
  • 43.130.141.74:139
  • 43.130.141.74:445
  • 43.130.141.75:139
  • 43.130.141.75:445
  • 43.130.141.76:139
  • 43.130.141.76:445
  • 43.130.141.77:139
  • 43.130.141.77:445
  • 43.130.141.78:139
  • 43.130.141.78:445
  • 43.130.141.79:139
  • 43.130.141.79:445
  • 43.130.141.80:139
  • 43.130.141.80:445
  • 43.130.141.83:139
  • 43.130.141.83:445
  • 43.130.141.84:139
  • 43.130.141.84:445
  • 43.130.141.85:139
  • 43.130.141.85:445
  • 43.130.141.86:139
  • 43.130.141.86:445
  • 43.130.141.87:139
  • 43.130.141.87:445
  • 43.130.141.88:139
  • 43.130.141.88:445
  • 43.130.141.90:139
  • 43.130.141.90:445
  • 43.130.141.92:139
  • 43.130.141.92:445
  • 43.130.141.93:139
  • 43.130.141.93:445
  • 43.130.141.94:139
  • 43.130.141.94:445
  • 43.130.141.98:139
  • 43.130.141.98:445
  • 43.130.141.99:445

This morning, as I sit with coffee at 5am, awake because I looked at twitter and ERMEGERD DPRK DID IT is all over the place I just thought I would share. See, there is more going on here than Wolf Blitzer can… Well.. Blitz! All of this, all of the fallout that I will write about next just covers over the fact that much more has gone on and we have not heard anything about.

What happened in Japan?

Do we really think that just SPE was hit? I mean they are connected as a company to the parent which is in Japan right?

What about Germany?

What about all the subsidiaries? Won’t they too have to re-create their networks?

What great fuckery there is going on.

Wake the fuck up people.

K.

Written by Krypt3ia

2014/12/18 at 10:38

Posted in SONY

10 Responses

Subscribe to comments with RSS.

  1. I think attribution comes way down the list of priorities, given what’s already happened and the potential (still unknown) impact of this.

    Who are those addresses allocated to? What if… those addresses belonged to Sony, and were being used as pivot points, kind of like a compromised system within the company’s HQ being used to grab data from the subsidiaries?
    How many insiders would it take to completely and totally burn a corporation’s network, I wonder?

    Michael

    2014/12/18 at 16:48

  2. Exactly my point. Those addresses in the malware speak to larger issues.

    Krypt3ia

    2014/12/18 at 18:38

  3. […] on the network, they planted malware. Some security experts as well as documents obtained by Ars Technica say that that this was a form of "wiper" […]

  4. […] on the network, they planted malware. Some security experts as well as documents obtained by Ars Technica say that that this was a form of “wiper” […]

  5. […] on the network, they planted malware. Some security experts as well as documents obtained by Ars Technica say that that this was a form of […]

  6. […] on the network, they planted malware. Some security experts, and documents obtained by Ars Technica, say that this was a form of “wiper” […]

  7. […] on the network, they planted malware. Some security experts, and documents obtained by Ars Technica, say that this was a form of “wiper” malware. […]

  8. […] on the network, they planted malware. Some security experts as well as documents obtained by Ars Technica say that that this was a form of “wiper” […]

  9. Reblogged this on thuggery.

    memzie99

    2014/12/21 at 15:24

  10. […] on the network, they planted malware. Some security experts, and documents obtained by Ars Technica, say that this was a form of "wiper" malware. […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: