Slander versus Speculation

There is a lot wrong in this world, we cannot disagree with that. Soon we might see rental prices go down in London, because of Superman (the New Ecstasy), yay to those needing an apartment, being free of drugs was never so nicely rewarded! So is this speculation, or slander?

We could debate my sense in taste (many have for decades), yet in the firm juridical ground, when can speculation be regarded as slander?

That part is more and more a question when we consider the US sanctions against North Korea. Oh, and perhaps we forgot to mention that Sony Is a Japanese firm (even though the crime was on US soil), giving additional spotlights to the reasoning of certain actions. Consider the following sources. First let’s take the BBC (at http://www.bbc.com/news/world-us-canada-30661973). Here we see sanctions against organisations and individuals. First there is “Jang Song Chol: Named by the US Treasury as a Komid representative in Russia and a government official“, then there is “Kim Yong Chol: An official of the North Korean government, according to the US, and a Komid representative in Iran” and last there is “Ryu Jin and Kang Ryong: Komid officials and members of the North Korean government who are operating in Syria, according to the US“. Now the article ends with the most hilarious of all quotes “White House officials told reporters the move was in response to the Sony hack, but the targets of the sanctions were not directly involved“.

So the White House is within this part confessing to the breach where they are targeting innocent civilians (of that crime at least)? Can anyone explain to me how this is anything less than legalised slander? Consider that if (not when, but if) they ever figure out who exactly was responsible for the Sony hack (the actual individuals involved), how the US government could be held responsible in any court of law for this. Consider this part (source was the APA of all places, at http://www.apa.org/about/gr/issues/violence/hate-crimes-faq.pdf). “Current federal law defines hate crimes as any felony or crime of violence that manifests prejudice based on “race, colour, religion, or national origin” (18 U.S.C. §245). Hate crimes can be understood as criminal conduct motivated in whole or in part by a negative opinion or attitude toward a group of persons. Hate crimes involve a specific aspect of the victim’s identity (e.g., race)“. If we clinically look at the facts, then these acts are a hate crime against North Korea.

Now, let’s be fair as well. Most will not care, I reckon that the North Koreans might not even care, but this act does remain a legal transgression!

Let me show you why (because without reason, there is nothing), part one is found in yesterday’s news in the Guardian (at http://www.theguardian.com/technology/2015/jan/02/sony-hackers-may-still-access-computer-systems-the-interview).

Here we see the following parts:

  1. Sony Entertainment is unable to confirm that hackers have been eradicated from its computer systems more than a month after the film studio was hit by a debilitating cyber-attack, a report says

So not only has the hack occurred, it is very possible that the transgression and the damage is currently still ongoing, in addition, one of the most watched and scrutinised nations is still accessing Sony? Not one press agency is asking the questions that matter. For example, there was some visible Press Tour into North Korea (must have been around when Kim Jong-Un was elected big boss in 2011), when we saw some of the filmed events there, we saw North Korean officials in total disbelieve that a smartphone could take photographs and these people walked over Sony’s cyber security?

Now we get to the Chief Executive of Sony himself, his quote gets us the following:

  1. “It took me 24 or 36 hours to fully understand that this was not something we were going to be able to recover from in the next week or two,” Lynton told the Wall Street Journal

So this was not a mere grab for data, this is a system paralyses of sizeable renown, the hack was so complete, high paid executives could not get their minds around the events. So, are we still looking at North Korea? Basically this requires an evolved form of ‘stuxnet’, the hack was seemingly more complete then the stuxnet virus could achieve. We now have only three players left. Russia, China and whatever hacking organisation walks around within the US and its allied nations. How is North Korea anything else but a mere puppet for slander? Whilst some people are possibly hiding their lack of skills, and likely other people linked to all this are trying to cover up issues that have been ignored ever since the first hack of 2011 (the Sony PSN hack). By the way, I am using stuxnet as a comparison, I have zero knowledge how the transgressions was done, but we can all agree it was way beyond a normal level of sophistication.

Yes there is another scenario and I will get to that soon, North Korea is not off the hook yet!

You see we have been looking at the event, but not at the capital involvement that is two tiered at present.

  1. Sony’s network is expected to be fully operational within the next two months but hackers have so far released only a tiny fraction of the 100 terabytes of data they claim to have stolen“, so not only will it take months to repair security measures, the fact that the new fences are there are still no guarantee that the data remains safe.

When gets us to the first tier. Data! Someone streamed 100 Tb, which is more than just a number; it would require every PlayStation 3 on the planet to download up to 2Mb. The fact that this is not monitored, or that is got through to this extent, is a first view that this was no mere trifle event. And even though 100,000 Gigabytes seems small when compared to the PSN issues, it becomes interesting when we consider that the PSN had been hit more than once, but as those members did not all download, where did all this data get syphoned to?

Now we get to the one part that might be regarded as tier two. You see, it is not just the amount taken, which takes a good server park to store, it goes back to issues I discussed in regards to piracy and the parts I mentioned in my blog ‘For our spies only!‘ on September 26th 2014. There I stated “in the end this is NOT about copyright, this is about bandwidth“, the big players all knew it and they were all very concerned if such events would start to get measured and logged. Now someone casually walked away with 100,000 gigabytes of data?

Before I restate, it was not North Korea, let us take a look at another article by the Guardian in that regard. The title is ‘North Korea may have hired outside hackers for Sony attack, says US‘ (at http://www.theguardian.com/world/2014/dec/30/north-korea-hackers-sony-pictures-cyber-attack) and it was written on December 30th. Now we must consider the following: “US investigators believe that North Korea most likely hired hackers from outside the country to help with last month’s cyber-attack against Sony Pictures, an official close to the investigation has said“. The operative word is ‘believe‘, they just do not know. As a speculation that would be my guess as North Korea does not have the skill needed for this, not even close. By the way, those hackers might want to get paid, how will North Korea do that, or perhaps that is beyond US oversight too, because it would be a sizeable amount for something this complete.

The next part is the part that opens the discussion ““The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” it said in a statement“. The first question: What evidence?  As stated before, North Korea is lacking in many ways, the fact that they hacked past Sony to this extent, whilst at present no guarantee can be given that the systems are secure at all, whilst North Korea has been watched 24:7 for a long time now gives rise to the demand of evidence showing the guilt of North Korea. So, they are seemingly better than the cyber divisions of both Russia and China? I am not buying it, in addition, the fact that the article implies that outside help was engaged for a hack this thorough leaves us with two thoughts.

  1. If true, where is the real balance of power in cyberspace, because this now implies that North Korea is a real player, even though no one (including people a lot more intelligent than me) have concurred that North Korea does not count when it comes to the internet and cyberspace.
  2. If false, what incompetence is the US hiding from us all and is that not the true crime?

Consider this quote (from the Guardian article too): “Some private security experts have begun to question whether Pyongyang was behind the Sony cyber-attack at all. The consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggested they were more likely to come from Russia than North Korea. The cyber security firm Norse said it suspected a Sony insider might have helped launch the attack

I cannot disagree with Taia Global, as this could be Russia hitting back at US sanctions, but that would be speculation on my side, I also very much agree with Norse. Consider that if someone walks into a bank vault and it is empty. There was no sign of break in, the doors were not forced. At this point the police and the FBI will initially look at ‘the insider’ plot. It makes perfect sense. To get past the Sony server parks to this degree someone was giving aid in some way. Initial passwords, the network structure, because if that was not the case there would be a lot more logging evidence to giver clear view whether North Korea was guilty (or not involved).

Mark Rasch hits the nail on the head with this quote ““I think the government acted prematurely in announcing unequivocally that it was North Korea before the investigation was complete,” said Mark Rasch, a former federal cybercrime prosecutor. “There are many theories about who did it and how they did it. The government has to be pursuing all of them.”” there is the crux, the mention of theries on who did it. Even if it is outside help, Russia would still make more sense, the Russian Mafia could be the front for cashing in on selling the data, they pay commission to the people ‘hurt’ through US sanctions, they are looking at the least likely suspect because of a comedy, one that I (and many others) had not even heard of before these events.

It is the last quote that is food for thought from Kevin Mandia of Mandiant “Mandia, who has supervised investigations into some of the world’s biggest cyber-attacks, said the Sony case was unprecedented. “Nobody expected when somebody breaks in to absolutely destroy all your data, or try to anyway, and that’s just something that no one else has seen,” he said

That part is not entirely true, I remember the DBase virus of 1988, I remember some people who had fallen victim to them, a garble parser that does not show until the virus is removed, it leaves your data garbled from that point forward. There was also a data virus in the 80’s. I forgot the specifics, but whilst most viruses would attack ‘.com’ and ‘.exe’ files, this one would attack data files, until that day a truly scary moment. So, it is not entirely unprecedented. Consider, if you copy someone’s data, the best sale is to sell it to the competitors, yet, what happens if the owner no longer has that data, does that not drive up the price? Yet, it is bad tactics, to copy in secret and resell it all makes perfect sense, the fact that these events happened, whilst Sony IT, the Cyber divisions of the FBI and others are not able to track the events is something very novel. It is a first to this degree, do you now understand why it makes no sense to accuse the one nation where we see this as their highlight: “Aug 6, 2013 – North Koreans hungry for tech skills are buying up used desktops on the black market, these desktops smuggled in from China have become a much sought-after item in North Korea“, this is the nation that thwarted one of the biggest cyber power players?

People please wake up. The question becomes what was real? I call my version insightful speculation. I have been involved in IT since the 80’s, this level of hacking requires serious system skills with in depth knowledge of all layer one components (hardware layer), if we ignore the inside job part, this takes North Korea out of the loop, it also removes a massive amount of hackers of the table too. It requires the skills we would require to see from people at the NSA and other high tiered cyber firms. From these facts I come to three options:

  1. The hackers are a new level of hacker with the ability to get past the security of nearly any large firm and government data system.
  2. Sony has been criminally negligent and the US is willing to ‘aid’ this Japanese firm for a price.
  3. A simple inside job (possibly even a disgruntled employee) with links to organised crime.

Please feel free to give me a valid fourth alternative.

 

Advertisements

1 Comment

Filed under Finance, IT, Law, Media, Military, Politics

One response to “Slander versus Speculation

  1. Pingback: Targeting the FBI | Lawrence van Rijn - Law Lord to be

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s