I guess I am a “SONY Truther” are you?
Hoodie can be made on http://www.zazzle.com if so inclined.
The Evidence is Where?
Right, well James Comey (FBI) came out yesterday at a conference in NYC with what he might think is definitive proof that North Korea attacked and destroyed Sony digitally. Of course the reality is when you really look at what he said once again you are left saying “Uhh what?” In an article on the Daily Beast which I have captioned below Comey says that the proof that DPRK did it was in the form of IP addresses only DPRK has access to and uses. Sure, fine, I will buy that. So show me the logs and the IP addresses please?
In a speech to a cybersecurity conference in New York, Comey took the unusual step of revealing previously classified intelligence that he says shows North Korea is to blame.
The new information consisited of Internet protocol addresses that Comey said are “exclusively used” by North Korea. Comey did not specify what those addresses are. The FBI’s case to date has hinged partly on Internet addresses it says were used in previous attacks by North Korea, and numerous experts have pointed out that hackers routinely use different addresses to mask their true location.
Comey’s new evidence struck some experts as inconclusive. “Short of the government disclosing the actual IP addresses, and those being in the netblock range of those known to be associated with North Korea or used by North Korea-backed actors, I simply can’t jump on the North Korea bandwagon,” Stuart McClure, the president and founder of cybersecurity company Cylance, told The Daily Beast. “We need more evidence.”
It gets better though, in Comey’s diatribe on this he goes on to talk about spear phishing emails that went to the CEO of SPE previously in September of last year that “may” have been pre-cursors to the attack that finally played out. This is of course very likely as a start of an attack and I can buy into that as I have seen the Chinese and others do the same thing. Hell, I have done the same thing on penetration tests!
FBI Director James Comey said on Wednesday that investigators have found spear-phishing emails that were sent to Sony employees as late as September. Such emails were the “likely vector” that the hackers used to get inside the company’s network, Comey said, from which they stole and deleted large amounts of data, including business emails and employee salaries.
So yes there are emails and they are spear phishing, which are likely to be in the dump that GOP put out when they dumped Lynton’s email spools (go check kids!) that we can look at the headers of. Perhaps that is what Comey want’s us all to do? I am not sure, in fact I really don’t care for Comey all that much as all I have seen out of him is dire hyperbole. Anyway he goes on from there to talk about the IP addresses that the government allegedly has;
In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy. Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using… were exclusively used by the North Koreans.
They shut it off very quickly once they saw the mistake. But not before we saw where it was coming from.
Wait, he is basing this all off of the emails and pastes? I have the emails and I saw no DPRK addresses in those headers from Yopmail and the servers in the EU. So where are these headers you are speaking of James? Do you have emails that we are not aware of? If so just please say so. Alternatively, does the government in fact have the logs from Pastebin on these posts where the alleged IP’s show up? If so, once again, show them. Show me the subpoena’s and show me the logs. Why not? I mean you guys aren’t prosecuting this in a court anywhere are you? You should be able to drop those dox on us all to prove your case right? If not why not? Please explain a bit more would you?
Like I have said many times already I can believe it was the work of DPRK or actors paid by them but really, give me a little substantiating information to go with it or just tell me everything is classified and HUMINT where I will have nowhere to go. Instead you keep offering hollow statements of facts that just don’t really add up. It should not be this hard really. You are reacting as a nation against another nation with evidence that is what exactly? This is my big problem here with the cyberwars, we go to war footing on what? Supposition much? If the GOP fucked up and used their straight IP’s to do things and you are telling us that then show us the data. Give us an IP address within the two /24’s that they have and be done with it.
Truthers and Discrediting Language
As if the whole debacle wasn’t bad enough with a coy government we now have self serving talking heads like Tao (Bejtlich) now labelling anyone who wants to at least have a modicum of proof to be presented to the American people as “Truthers” See quote below from Mr. Bait-Lick
“I don’t expect anything the FBI says will persuade Sony truthers,” Richard Bejtlich, the chief security strategist for cyber security company FireEye, told The Daily Beast. “The issue has more to do with truthers’ lack of trust in government, law enforcement, and the intelligence community. Whatever the FBI says, the truthers will create alternative hypotheses that try to challenge the ‘official story.’ Resistance to authority is embedded in the culture of much of the ‘hacker community,’ and reaction to the government’s stance on Sony attribution is just the latest example.”
Firstly, FUCK YOU Richard.
Secondly, FUCK YOU Richard.
Thirdly, What the hell? Does questioning things for actual data to be presented cut into your business model? Oh yeah, right, it does Mr. Mandiant rah rah. How many times have I heard that you and yours have turned out shitty reports with bad attribution in the past as well? I am sorry if I don’t want to just believe you Richard, or your company, or for that matter the government when they fail to provide any data that is of merit. Maybe that’s just me but now you want to make myself and anyone who might question your findings as nutbags with a common colloquial today for an Alex Jones Tinfoil Hatter?
If asking for evidence is so crazy in this time of extra judicial searches and over prosecution of crimes that involve hacking is so crazy then why do we even bother with the law in the first place Richard? All of us asking the questions have legitimate rights to beg the questions as well as the ability to be experts in the field. See, it’s not just you Dick that can look at logs and perform incident response. Some of us also do it for a living daily, we aren’t just titular heads of large IR firms.
Reasonable doubt is that thing we use in the law to say that you have to prove beyond one that someone is guilty. Of course this isn’t a case where we will be taking DPRK to court unless Sony wants to. Nope, this is statecraft and warfare. Unfortunately we have many cyber chicken hawks out there as well as corporate bodies that will make OODLES of money as well as consolidate power if this all goes hot cyber right? All we have seen lately is how this was the first shot in the cyber war and that we need to respond. Well, as a citizen I would like to see some proof before we go starting cyber wars. Of course that is a little cart before the horse now since Stuxnet right?
With a populace that has been shown to have been lied to by the government, where excesses have happened infringing on rights and doing things in our name that perhaps we don’t want them to, I think it is important that we are at least get some evidence. Assurances are just not enough in my book as they move forward in prosecuting statecraft and perhaps even military action albeit cyber actions when the result is political upheaval and reprisals.
That’s all I am saying.. Logs or GTFO.