The Federal Bureau of Investigation continues to believe that North Korea is responsible for the hacking of Sony Pictures, despite the criticism from the public, which doubts the FBI’s findings.
The FBI director pre-empted concerns of researchers that the involvement of North Korea was a smokescreen, saying they had evidence of the attackers’ IP addresses – the 12-digit string that identifies the location of a remote computer. Despite the fact that the attackers used proxy servers for most of the attack, they seem to have neglected the precaution in some occasions, thus revealing their own IP address, linking them to North Korea. In addition, the FBI reminds of its conclusion that patterns in the attack, including the language encoding and writing style, were similar to previous attacks attributed to North Korea.
Nevertheless, independent researchers remain very skeptical, because IP addresses are usually not hard to spoof, and even if they really point to North Korea, this evidence is not sufficient to blame the government of the attack. In addition, other assertions from the Federal Bureau of Investigation have also been criticized even before the agency made any claims. For example, the fact that the Korean language is used in some files connected with the attack cannot prove the involvement of North Korea, which uses a very different dialect of Korean from the South. Finally, the encoding language of a PC is easy to set manually with the purpose to confuse investigators.
Many independent security researchers point out that although it’s possible to identify the origins of cyber attacks (like it was with many of the Chinese attacks against American networks), it requires months of detailed analysis and investigation. This time period is useless at the moment of attack, when the company has to decide very quickly how its network should react and how its country is going to react. Perhaps, this stance can explain the relative disarray within the Obama administration over what to do about the suspected attacker (North Korea). Indeed, one should admit that the officials in the American government and various international institutions just don’t have the legal or conceptual framework to tackle such types of scenarios.
The FBI director pre-empted concerns of researchers that the involvement of North Korea was a smokescreen, saying they had evidence of the attackers’ IP addresses – the 12-digit string that identifies the location of a remote computer. Despite the fact that the attackers used proxy servers for most of the attack, they seem to have neglected the precaution in some occasions, thus revealing their own IP address, linking them to North Korea. In addition, the FBI reminds of its conclusion that patterns in the attack, including the language encoding and writing style, were similar to previous attacks attributed to North Korea.
Nevertheless, independent researchers remain very skeptical, because IP addresses are usually not hard to spoof, and even if they really point to North Korea, this evidence is not sufficient to blame the government of the attack. In addition, other assertions from the Federal Bureau of Investigation have also been criticized even before the agency made any claims. For example, the fact that the Korean language is used in some files connected with the attack cannot prove the involvement of North Korea, which uses a very different dialect of Korean from the South. Finally, the encoding language of a PC is easy to set manually with the purpose to confuse investigators.
Many independent security researchers point out that although it’s possible to identify the origins of cyber attacks (like it was with many of the Chinese attacks against American networks), it requires months of detailed analysis and investigation. This time period is useless at the moment of attack, when the company has to decide very quickly how its network should react and how its country is going to react. Perhaps, this stance can explain the relative disarray within the Obama administration over what to do about the suspected attacker (North Korea). Indeed, one should admit that the officials in the American government and various international institutions just don’t have the legal or conceptual framework to tackle such types of scenarios.
No comments:
Post a Comment