Martyn Williams

Martyn Williams

This user hasn't shared any profile information

Home page: http://www.northkoreatech.org

Posts by Martyn Williams
vok-logo

Voice of Korea on the Sony hack

2

North Korea’s powerful National Defense Commission responded with its first statement on the Sony hack and accusations by the U.S. that it was responsible. The statement was read out on Voice of Korea, the country’s international shortwave radio service, and makes interesting listening.

It’s not exactly the same as the text statement that was carried on KCNA and appears to be a slightly different translation.

The most noticeable thing about the statement is how much the NDC appears to be picking up from cues in the U.S. media. Many of its arguments are similar to those being debated in public:

  • Killing a head of state, even in jest, is in bad taste
  • The accusation against North Korea is an assertion and isn’t based on solid technical facts
  • If a hacker used U.S. code, it couldn’t be concluded that it was carried out by the U.S.

 

 

The full, and very long, NDC statement as carried by KCNA is pasted in below. It was sent on December 21, a day before Voice of Korea broadcast this message.

U.S. Urged to Honestly Apologize to Mankind for Its Evil Doing before Groundlessly Pulling up Others

Pyongyang, December 21 (KCNA) — The Policy Department of the National Defence Commission of the DPRK issued the following statement Sunday:
Strange thing that happened in the heart of the U.S., the ill-famed cesspool of injustice, is now afloat in the world as shocking news.
The Sony Pictures Entertainment, the biggest movie producer in the U.S., which produced the undesirable reactionary film “The Interview” daring hurt the dignity of the supreme leadership of the DPRK and agitating even terrorism and had a plan to distribute it, was exposed to surprisingly sophisticated, destructive and threatening cyber warfare and has been thrown into a bottomless quagmire after suffering property losses worth hundreds of millions of dollars.
The public in the U.S. is now describing this case as “disgrace suffered by Sony Pictures Entertainment,” “very sorry thing caused by the U.S.,” “Sony Pictures Entertainment showing a white flag before hackers” and the “unprecedented disaster suffered by the U.S.”
Those who meted out a stern punishment of justice were reported to be cyber experts styling themselves “guardians of peace”.
Seized with terrible horror and threat in face of their merciless hacking attack in retaliation against unjust actions, many movie and drama distributors in North America including 41 states of the U.S. and Canada immediately canceled the screening of the reactionary movie. And it was reported that the Sony Pictures Entertainment which directly sponsored its production and distribution hastily issued a statement on Dec. 25 that it would suspend the screening of the undesirable movie which had been planned in 63 countries.
The NDC of the DPRK highly estimates the righteous action taken by the “guardians of peace,” though it is not aware of their residence.
It, at the same time, considers as fortunate the step taken by the Sony Pictures Entertainment to give up the overall distribution of the above-said movie due to the decision and strong pressure of the movie and drama distributors for stopping the screening of the reactionary movie, though belatedly.
This is an official stand of the army and the people of the DPRK on what happened in the heart of the U.S.
This stand is taken by the DPRK because the movie “The Interview” is an undesirable and reactionary one justifying and inciting terrorism which should not be allowed in any country and any region.
Another reason is that the movie is run through with a story agitating a vicious and dastardly method of assassinating a head of a legitimate sovereign state.
No wonder, even political and social circles of the U.S. commented that it is quite wrong to defame the head of the state for the mere reason that his politics is different from that of the U.S. and it is in the hostile relationship with the latter and, therefore, the Sony Pictures Entertainment got into a serious trouble and paid a due price.
For these reasons, the DPRK is more highly praising the “guardians of peace” for their righteous deed which prevented in advance the evil cycle of retaliation– terrorism sparks terrorism.
It is quite natural that the movie and drama producers should refrain from undesirable deeds contrary to the noble mission to lead morality and civilization.
But what matters is that the U.S. and its followers are groundlessly trumpeting that the recent cyber attack was made by the DPRK.
The FBI issued the results of the investigation into the hack at the Sony Pictures Entertainment on December 19.
According to them, it suffered tremendous losses.
One may say this is the due price incurred by wrong deed, the evil act of hurting others.
The U.S. released a statement asserting that this loss was caused by the DPRK.
No matter how big and disgraceful the loss may be, the U.S. should not pull up others for no reason.
The FBI presented a report on the results of technical analysis of hacking program used by the “guardians of peace” for this attack, citing it as the ground that the serious hacking was caused by the DPRK.
The report says the malignant code had access to north Korea’s IP already known several times and the hacking methods applied in the “March 20 hacking case” and during cyber warfare against media and various other computer networks in south Korea in recent years are similar to that applied against the Sony Pictures Entertainment this time, being another ground that “this was done by the north”.
The report, in particular, adds that the malignant code and algorithm applied during the attack are similar to what was used during the hacking attack on south Korea, citing it as a proof.
Not satisfied with those groundless “evidence”, the FBI is letting loose ambiguous remarks that it is hard to fully prove due to the “protection of sensitive information sources.”
This means self-acknowledgement that the “assertion about the north’s deed” came from an intentional allegation rather than scientific evidence.
It is a common sense that the method of cyber warfare is almost similar worldwide. Different sorts of hacking programs and codes are used in cyberspace.
If somebody used U.S.-made hacking programs and codes and applied their instruction or encoding method, perhaps, the “wise” FBI, too, could not but admit that it would be hard to decisively assert that the attack was done by the U.S.
Moreover, the DPRK has never attempted nor made a “cyber-attack” on south Korea. The rumor about “cyber-attack” by the DPRK was a concoction made by the south Korean puppet regime and its plot.
After all, the grounds cited by the FBI in its announcement were all based on obscure sci-tech data and false story and, accordingly, the announcement itself is another fabrication. This is the DPRK’s stand on the U.S. gangster-like behavior against it.
What is grave is that U.S. President Obama is recklessly making the rumor about “DPRK’s cyber-attack on Sony Pictures” a fait accompli while crying out for symmetric counteraction, strict calculation and additionally retaliatory sanctions.
This is like beating air after being hit hard. A saying goes every sin brings its punishment with it. It is best for the guilty to repent of its evil doings and draw a lesson when forced to pay dearly for them.
The DPRK has clear evidence that the U.S. administration was deeply involved in the making of such dishonest reactionary movie.
It is said that the movie was conceived and produced according to the “guidelines” of the U.S. authorities who contended that such movies hurting the dignity of the DPRK supreme leadership and inciting terrorism against it would be used in an effective way as “propaganda against north Korea”.
The U.S. Department of State’s special human rights envoy went the lengths of urging the movie makers to keep all scenes insulting the dignity of the DPRK supreme leadership in the movie, saying it is needed to “vex the north Korean government”.
The facts glaringly show that the U.S. is the chief culprit of terrorism as it has loudly called for combating terrorism everywhere in the world but schemed behind the scene to produce and distribute movies inciting it in various countries of the world.
It is not exaggeration to say in the light of the prevailing situation that the U.S. administration and President Obama looking after the overall state affairs of the U.S. have been behind the case.
Can he really cover up the crimes he has committed by trying so hard to falsify the truth and turn white to black.
So we watched with unusual attention what had been done by the “guardians of peace” to avert terrorism and defend justice.
Yet, we do not know who or where they are but we can surely say that they are supporters and sympathizers with the DPRK.
The army and people of the DPRK who aspire after justice and truth and value conscience have hundreds of millions of supporters and sympathizers, known or unknown, who have turned out in the sacred war against terrorism and the U.S. imperialists, the chieftain of aggression, to accomplish the just cause.
Obama personally declared in public the “symmetric counteraction”, a disgraceful behavior.
There is no need to guess what kind of thing the “symmetric counteraction” is like but the army and people of the DPRK will never be browbeaten by such a thing.
The DPRK has already launched the toughest counteraction. Nothing is more serious miscalculation than guessing that just a single movie production company is the target of this counteraction. Our target is all the citadels of the U.S. imperialists who earned the bitterest grudge of all Koreans.
The army and people of the DPRK are fully ready to stand in confrontation with the U.S. in all war spaces including cyber warfare space to blow up those citadels.
Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the “symmetric counteraction” declared by Obama.
This is the invariable toughest stand of the army and people of the DPRK.
Fighters for justice including “guardians of peace” who turned out in the sacred drive for cooperation in the fight against the U.S. to defend human justice and conscience and to dismember the U.S. imperialists, the root cause of all sorts of evils and kingpin of injustice, are sharpening bayonets not only in the U.S. mainland but in all other parts of the world.
The just struggle to be waged by them across the world will bring achievements thousands of times greater than the hacking attack on the Sony Pictures Entertainment.
It is the truth and inevitability of the historical development that justice prevails over injustice.
Whoever challenges justice by toeing the line of the biggest criminal U.S. will never be able to escape merciless punishment as it is the target of the sacred drive for cooperation in the fight against the U.S.
The U.S. should reflect on its evil doings that put itself in such a trouble, apologize to the Koreans and other people of the world and should not dare pull up others. -0-

141222-dprk-net

North Korea’s Internet back after probable attack

2

North Korea’s Internet connection with the world has returned to service after a nine and a half hour outage that followed hours of patchy performance.

The cause of the outage is unknown, although several experts think it was probably due to an external distributed denial of service (DDoS) attack. This involves flooding web servers and other Internet hardware with so much traffic that they become overloaded and cannot respond to legitimate traffic. It’s not an actual hack of the system and so the situation is normalized soon after the DDOS flow of traffic stops.

Dyn Research provided this graph of the attack that shows whether it was possible to reach North Korea’s Internet from the rest of the world. The North Korean Internet is divided into four subnetworks and the graph shows that problems began a little after 0200 UTC on Monday. Connectivity was patchy until around 1630 UTC when access to all sites was impossible for a prolonged period.

141222-dprk-net

Another company, Arbor Networks, which specializes in DDOS protection, has been observing a number of attacks on North Korean Internet infrastructure in the last few days, targeting web sites and DNS servers. The later are responsible for translating human readable addresses, like “www.kcna.kp” into a numeric equivalent that is used by computers in address traffic.

It said it had observed a peak attack of just under 6Gbps directed at North Korea. That’s a massive amount of traffic for a network that regularly carries so little. The same attack directed 1.7 million Internet packets of data per second at the country, easily overwhelming the equipment.

So what caused it?

“A long pattern of up-and-down connectivity, followed by a total outage, seems consistent with a fragile network under external attack,” said Jim Cowie of Dyn Research in a blog post. “But it’s also consistent with more common causes, such as power problems.”

Arbor preferred to answer the question ‘who didn’t do it.”

“I’m quite sure that this is not the work of the U.S. government,” said Dan Holden. “Much like a real world strike from the U.S., you probably wouldn’t know about it until it was too late. This is not the modus operandi of any government work.”

In fact, Arbor pointed to some posts online that seemed to hint at the involvement of cyber activists.

Here are three from “Lizard Squad,” which has claimed responsibility for several high-profile hacks in the past, such as those against Sony’s PlayStation Network and Microsoft’s Xbox Live.

https://twitter.com/LizardUnit/status/547128315484848128

https://twitter.com/LizardUnit/status/547129344871890945

https://twitter.com/LizardUnit/status/547130344584261632

Dyn puts the start of the longest attack at 1615 UTC, which means the tweets from Lizard Squad came about 4 hours after the outage began.

Twitter has also been seeing posts hashtagged #OpRIPNK, which means “Operation RIP North Korea.” That was first used in a tweet on December 18 by Twitter user “@TheAnonMessage,” an account which has since been suspended.

That corresponds to the first date that Arbor said it began seeing attacks.

A second account, called “@TheAnonMessage2″ continued the tweeting and today sent these:

It’s impossible to tell whether either group was responsible, neither or perhaps both, but it reminds me of March last year when hackers took down the North Korean Internet connection for similar long periods of time. That time “Anonymous” claimed responsibility.

There’s a good chance this could continue for a few days … stay tuned.

North Korea’s Internet link is flaky today

31

If you’ve been trying to connect to North Korean Internet sites in the last 24 hours, you might have been unsuccessful.

Connectivity between North Korea and the rest of the world has been spotty for much of the time, according to Dyn Research.

Look at the graph below. Each period of purple corresponds to an outage on North Korea’s Internet connection.

Is this related to all that’s been going on in the last few days? Possibly. North Korea’s Internet connection does suffer from periodic outages, so it could be something as mundane as network maintenance or a failing router.

On the other hand…

“I haven’t seen such a steady beat of routing instability and outages in KP before,” said Doug Madory, director of Internet analysis at Dyn Research. “Usually there are isolated blips, not continuous connectivity problems. I wouldn’t be surprised if they are absorbing some sort of attack presently.”

North Korean Internet connectivity on December 22, 2014 (Image: Dyn Research)

North Korean Internet connectivity on December 21st and 22nd, 2014 (Image: Dyn Research)

141207-sony-hq-1

Where do we stand on the Sony hack?

2

It’s been a busy few days for North Korea watchers. After a couple of weeks of no solid news on the Sony hack, the FBI has finally released a few details from its preliminary investigation

That’s great news because there has been a lot of confused reporting on the case. The leaks from the FBI have generally come through national security reporters, not computer security reporters, so we’ve seen a number of differing claims:

There was general confusion about the common hacker practice of routing traffic through compromised machines in other countries. Here are some headlines from last week:

  • Evidence in Sony hack attack suggests possible involvement by Iran, China or Russia, intel source says – Fox News
  • U.S. officials now believe Sony hack attack was launched inside North Korea & routed through servers in Taiwan – NBC News
  • Sony cyberattack originated from five-star Bangkok hotel – Daily Mail

Some media outlets reported that portions of the malware code were in Korean while others said the malware was compiled on a computer that had its language environment set to Korean.

Not only is that an important difference, but it also doesn’t differentiate between the Korean language used in the South and that used in the North. There are subtle differences, just as there are in variations of English, and some operating systems take that into account.

So, it was good news when the FBI made its first public statement. The highlights, straight from the FBI news release:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

Those conclusions led the FBI to assert that “the FBI now has enough information to conclude that the North Korean government is responsible for these actions.”

That’s quite a claim.

Computer security experts will tell you that absolute attribution in cyber attacks is really difficult. Unless you happen to catch an attacker in the act, get their computer or have them admit it, the best you can usually do is strongly suspect someone.

That’s exactly what security companies have done in the past when it’s come to attacks blamed on North Korea.

Earlier this year, McAfee published a detailed report on what it called “Operation Troy,” which was a cyber espionage campaign against South Korea. The company was able to present compelling evidence that a string of cyber attacks were in fact linked and carried out by different parts of the same group.

It found, for example, that portions of source code used in each attack matched, that similar keywords and terms were found in different variants of the malware, that attacks used the same methods to avoid detection and, perhaps most convincing, that they all used the same password to compress stolen data.

McAfee found a common password used to compress data in a string of cyber attacks.

McAfee found a common password used to compress data in a string of cyber attacks. (Image: McAfee)

But McAfee stopped short of blaming anyone — precisely because it’s so difficult.

And Crowd Strike, which has also been looking at the attack and has closely followed the same hacker group, blogged about the FBI announcement but carefully avoided referring to the culprit of the Sony hack as North Korea.

So sure, North Korea might be the most obvious culprit — and many would say probably is responsible — but there’s still no conclusive evidence. It’s a bit like scientists trying to prove complex theories. Everything might point to one answer, but they’re hesitant to say so unless they can prove it without a doubt.

So, back to the FBI’s assertion on North Korea’s guilt.

Based on what’s been made public, there doesn’t appear to be enough to convict North Korea without a shadow of doubt. Of course, the FBI likely has a lot more information that it hasn’t made public, but we haven’t see that.

The waters are particularly muddy in this case because so much of the incident, from the emails to reporters to the leaking of data and taunting of investigators, is so different from previous attacks.

Assuming the FBI data is solid, it’s certainly an indicator of possible North Korean involvement, but we’re still a long way from understanding the entire incident.

Hopefully this week, some of the computer security companies that took a role in investigating the hack will begin speaking and offering their technical interpretation of the hack and how it operated.

I see several possibilities, the correct one of which we’ll likely never prove:

  • The hack was carried out by North Korea
  • The hack was carried out by a third-party on behalf of North Korea, with access to the country’s hacking infrastructure
  • The hack was carried out by a third-party for other reasons and they latched onto the movie because it was in the headlines so much

With Sony saying they are now exploring release of the movie through video-on-demand services, the activities of the hackers might not be done. It should be an interesting few days ahead.

The close shot of Kim Jong Un's 2014 new year address. (KCTV screengrab)

Kim Jong Un probably doesn’t want you to see these either

1

Whether North Korea is behind the hacking of Sony or not, it’s certainly not too pleased with the movie and doesn’t want it shown. Sony pulled the movie from theaters and said Sunday it’s figuring out a video-on-demand related. In the meantime, here are a few move videos that Pyongyang probably doesn’t like too much:
This report, from the CBS show “60 Minutes,” interviews Shin Dong-hyuk. He was born in “Camp 14,” a North Korean labor camp, and managed to escape to tell the tale of the horrors of North Korea’s gulags.

http://www.youtube.com/watch?v=p2KMKqyhGeE

Sky News goes to South Korea to talk to North Korean defectors, to find out about the challenges of the new lives they have in Seoul and the stories of their lives in North Korea and their escape.

Amazing undercover footage shot inside North Korea shows the reality of life for millions of North Koreans that don’t live in the showcase cities. The Asiapress correspondents meet a starving 23-year old who was later found dead and witness a conflict between a citizen and policeman asking for a bribe.

Channel 4 News goes to Pyongyang to find out about live in North Korea and speaks to defectors in South Korea about what they previously endured.

This documentary looks at Kim Jong Un’s father, Kim Jong Il, and how he took over the role of leader of North Korea. From his beginnings through the 1990s, when several million North Korean died of starvation, to his latter years, economic mismanagement and conflicts with the U.S.

141219-state

State Dept. remarks on Sony hack

1

Just as President Obama’s news conference was wrapping up, the State Department news conference was beginning.

The questions were a little more detailed, as you’d expect from reporters who understand the ins and outs of U.S. foreign relations so well. They centered around the option of putting North Korea back on the list of state sponsors of terror and what effect that might have. And they also came back to the issue of whether State Dept. officials saw the movie before and signed off on the scenes.

The reporters reference a letter sent by Senator Robert Menendez, Chairman of the Senate Foreign Relations Committee, to Secretary of State John Kerry urging him to consider re-designating North Korea as a state sponsor of terrorism. The letter can be found here.

The State Dept. spokeswoman, Jen Psaki, said she had no immediate response. Asked if Secretary Kerry agrees with President Obama’s view that Sony was wrong to pull the movie, she said:

“He does. Certainly, he believes that freedom of speech and expression is something that we should support broadly, and certainly, he agrees with the President’s assessment.”

She continued:

“Well, I think the way we view it is that the United States Government will continue to make every effort to set the example that we’re not going to be in the crouch or the fear position when it comes to threats from North Korea.  We believe that freedom of speech and expression should be uphold across the board.  Obviously, individual companies make their own decisions, but we believe that those values should be respected and we’ll continue to set that precedent.”

U.S. President Barack Obama speaks at a news conference on December 19, 2014.

Obama on hack: dictators can’t impose censorship in the U.S.

5

Hours after the FBI fingered North Korea as responsible for the cyber attack on Sony, President Obama spoke at his year-end news conference. The first question asked was regarding the Sony hack and his response to the news of North Korea’s involvement. The president spoke forcefully and strongly about Sony’s decision to pull the movie, what it means for freedom and speech and then onto broader cyberspace themes.

I’ve reproduced some of the key quotes below, and here’s the full video:

“Sony is a corporation, it suffered significant damage, there were threats against its employees. I am sympathetic to the concerns that they faced. Having said all that, yes, I think they made a mistake.”

“In this inter-connected digital world, there are going to be opportunities for hackers to engage in cyber assaults both in the private sector and in the public sector. Now, our first order of business is making sure we do everything to harden sites and prevent those kinds of attacks from taking place.”

On the impact of Sony’s decision:

“We cannot have a society in which some dictator someplace can start imposing censorship here in the United States. Because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary they don’t like or news reports that they don’t like. Or even worse, imagine if producers and distributors start engaging in self-censorship because they don’t want to offend the sensibilities of somebody whose sensibilities probably need to be offended.”

And on the need for international discussions and rules on cyberspace:

“More broadly, this points to the need for us to work with the international community to start setting up some very clear rules of the road in terms of how the Internet and cyber operates. Right now it’s sort of a wild west.”

“If we don’t put in place the kind of architecture that can prevent this type of attack from taking place, this is not just going to be affecting movies, this is going to be affecting our entire economy in ways that are extraordinary significant.”

141207-sony-hq-1

FBI blames North Korea for Sony hack

1

The FBI has blamed North Korea for the massive cyber attack on Sony.

Here’s the agency’s statement in full:

Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.

Martyn Williams's RSS Feed
Go to Top