Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?

  /     /     /  
Publicated : 22/11/2024   Category : security


Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?


After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?



ORIGINALLY RELEASED 6:24 p.m. Dec. 17. UPDATED 7:00 p.m. Dec. 17
: Unnamed American intelligence officials concluded Wednesday evening that the North Korean government was centrally involved in the attacks on Sony Pictures,
The New York Times reports
. According to the NYT, Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was still debating whether to publicly accuse North Korea of what amounts to a cyberterrorism campaign.
Also this evening, Sony Pictures Entertainment announced it was dropping its plans for a Dec. 25 release of
The Interview
-- Sonys upcoming comedy about assassinating North Korean leader Kim Jong-Un. Sony had already canceled the films New York premiere yesterday, in response to hackers thinly veiled threats of physical violence at the event. The films stars, James Franco and Seth Rogen, have canceled all public appearances, and movie theaters are beginning to declare they will not show the film at all.
Yet were the warnings of physical violence empty threats?
The Guardians of Peace (GOP), the hacking group that has accepted responsibility for the
massive cyberattacks
against Sony Pictures Entertainment,
told a reporter
weeks ago that they were
not
backed by any nation-state, were not based in North Korea, and were not explicitly motivated by protesting
The Interview
. North Korea denied any role, and some security experts stated that there was no technical evidence to the contrary. Yet rumors about North Korea continued anyway.
Are the cyberattackers simply being opportunistic -- using the rumors to create more mischief, draw more attention, and create more problems for Sony?
Probably, say some security experts.
Does the threat match the MO?
On Tuesday, the GOP issued a message that warned people about visiting cinemas showing the movie: Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, youd better leave).
Ominous. However, acts of physical terrorism dont fit the Sony hackers apparent MO.
These guys dont sound like terrorists, says Tom Chapman, director of the Cyber Operations Group at EdgeWave, who was a US Navy intelligence officer until he retired in September. They dont really match to the definition.
In interviews and statements, the GOP certainly has demonstrated a great understanding of American English. Chapman says the group is also very attuned to American culture. Some people have compared these attackers to
Dark Seoul
-- which went after South Korean private industry, posing as hacktivists, while really digging up national secrets -- but Chapman says the Dark Seoul attackers were less conspicuous than the Sony hackers.
The acts against Sony seemed personal to me, he says. The threats made yesterday were probably just another way for the attackers to cause Sony -- and law enforcement -- strife.
Some people just wanted to watch the whole thing burn
. Someones really enjoying this.
Rob Sadowski, director of technology solutions for RSA, says that a scenario of hacktivists proceeding to acts of physical terrorism is certainly inconsistent with the norm. However, he wont rule out the possibility.
Different types of cybercrime actors are motivated by different things, Sadowski says. For example, those looking for financial gain and those gathering international intelligence generally keep quiet about it, while hacktivists trying to draw attention to something will be quite vocal. Whats tricky is that were seeing blurring of those motivations and of those lines.
Nevertheless, he says, its unusual to see attackers execute a big cyberattack and then add on a physical attack for good measure. Usually, its the other way around -- the cyberattack will be to support or augment the primary attack.
Bill Barry and Terrence Gareau of Nexusguard are also skeptical of the notion that the hackers really meant the threats made Tuesday, but they wont rule it out entirely.
Yesterdays rock through the window is todays DDoS, says Barry, Nexusguards executive vice president, describing what drives hacktivists. However, the people with the motive and the people with the skills to carry out an attack are not necessarily the same.
We still dont know who these guys are, says Gareau, Nexusguards chief scientist, so this would be a very unusual case, but we cant know for sure. Maybe the intention was never to conduct physical attacks. Maybe the threats were made simply to cost money -- which they certainly will.
Though the folks who conduct cyberattacks are not usually the same folks who set off bombs, if cybercrime groups can have marketing departments (and some do), then theres no reason they cant have a bomb department or another department of havoc, Barry and Gareau say.
Was an insider involved?
In January, Sony Pictures laid off an undisclosed number of employees in its technology unit. Considering the nature of the attack -- destroyed machines, public disclosure of terabytes of company data, declarations denouncing Sonys social responsibility, a general glee about the entire thing -- and the extent of the knowledge the attackers had about
the companys IT infrastructure
, could one of the attackers be a disgruntled, laid-off Sony IT staffer?
Chapman thinks an ex-employee, but not a current one, was probably involved. I have a feeling if they were still employed by [Sony], the FBI would have them in custody by now.
Whether or not an insider was involved, Sadowski, Barry, and Gareau say that, though the attack was exceptionally well planned, it could certainly have been carried out without any insider help.
Sadowski says the attackers clearly gained a foothold in the organization that was equivalent to an insiders, but it could have been obtained through the standard phishing, compromise, and privilege escalation.
Chapman says he might begin a hunt for the attackers by searching for someone who bought a great deal of cloud storage, considering the huge amount of information that was stolen from Sony. Where do you put 100 TB of data?

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?