Modern field guide to security and privacy

After Comey's speech, critics still unconvinced by the FBI's Sony hack theories

Although FBI Director James Comey meant to clarify the agency's case against North Korea in the Sony hack this week, his comments did little to change the balance of a polarized, but largely skeptical, cybersecurity community.

|
Ben Margot/AP/FILE
FBI Director James Comey at a 2014 press conference in San Francisco.

Brian Honan still doesn't buy it.

Even after FBI Director James Comey spoke this week about the agency's evidence tying North Korea to the Sony hack, Mr. Honan, a security specialist, says the connections remain too weak.

At a cybersecurity conference at Fordham University on Wednesday, Mr. Comey announced the agency's newest piece of technical evidence: Internet protocol address. The hackers, he said, blundered while sending e-mails and failed to mask the true IP addresses that represent their devices on a network. Those addresses, he said, were "exclusively” used by North Korea.

But that wasn't exactly the smoking gun Honan and other skeptics in the security community needed to convince them that North Korea is the real culprit.

"IPs can be spoofed and computers at IPs can be compromised," says Honan, director of BH Consulting, an Irish security firm. “In my experience, no IPs are every guaranteed to be ‘exclusively’ used by anybody."

Honan wonders why these IP addresses had not been released to researchers for independent review or, at a minimum, to allow network administrators at risk of an attack from North Korea to block that traffic.

"The last time the FBI said IP addresses they found were controlled by North Korea was when the initial statement said they were hardcoded into the malware. Experts agreed they were wrong,” says Rob Graham of Errata Security, an Atlanta cybersecurity firm. "There is little reason to believe them this time."

He's referring to research conducted by Scot Terban, a security expert and popular blogger often known by his Twitter handle ‘Krypt3ia,’ and Sean Sullivan of F-Secure, a Helsinki-based provider of online security products.

According to Mr. Terban, the IPs pointed to an international list of widely used proxy servers and one compromised computer in New York.

While Mr. Sullivan is reserving his judgement on the e-mail IPs until his team can examine them, he still questions some of the vagaries in Comey’s talk this week.

"The FBI didn’t say why they thought the e-mails were actually from the hackers," says Sullivan. "It could just be a separate group of North Koreans saying ‘You guys suck.' "

According to Terban, Comey didn't produce enough evidence to back up his claims about the IP addresses. “If they have a log, produce the log. It’s not like North Korea doesn’t know.”

Meanwhile, analysts that already agreed with the government's North Korean attribution continue to support the FBI's theory.

"I was always certain. I’ve seen what they've seen," says Dmitri Alperovitch, cofounder of CrowdStrike, a California security firm. Soon after the initial FBI report linking the Sony hack to North Korea, CrowdStrike announced it had been tracking the same North Korean hackers for many years. 

Mr. Alperovitch says that FBI's announcement this week was more about sending a message to enemy states that the US is capable of quickly attributing cyberattacks and less about convincing loud and dissenting voices in the security community. 

"Establishing a precedent for response," said Alperovitch. "That's what they were thinking."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to After Comey's speech, critics still unconvinced by the FBI's Sony hack theories
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0109/After-Comey-s-speech-critics-still-unconvinced-by-the-FBI-s-Sony-hack-theories
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe