The Sony hacking must have involved an insider with access to company computers
North Korea’s Internet links were restored Tuesday morning, Dec. 23, after being darkened for nearly10 hours in the latest round of the cyber row between the United States and North Korea.
Most of Pyongyang’s Internet traffic passes through China to the north and a small part through Russia. If the US was indeed responsible for the cutoff, its operation must have intruded on Chinese soil.
But Tuesday, Beijing categorically rejected any speculation that it might have been a party to punishing North Korea as “irresponsible, nonprofessional, and misleading,” and said there was no proof that North Korea was behind the massive cyber attack on Sony Pictures Entertainment.
FBI researchers on behalf of the US administration have been gathering logs and records from Sony’s data security systems and mail servers in an effort to reconstruct the hacking attack. President Barack Obama, who appeared to be dragged into a row with unpredictable consequences, pledged Sunday a “proportional” US response to the attack, which forced Sony to pull a film depicting a fictional assassination of the North Korean leader. US intelligence, led by the National Security Agency held North Korea responsible.
According to our cyber experts, the Sony hack took place simultaneously at two levels:
On one, its Internet servers were struck from afar by computers “known” to the company’s firewalls as friendly and located geographically in different places.
This remote assault, known as DDOS (Distributed Denial of Service), came from Europe (Poland, Italy and Cyprus) and Asia (Thailand and Singapore), and consisted of a blitz by hundreds of thousands of “interactions” to crash Sony’s computers.
At the second level, hostile software was planted in Sony’s mail servers, allowing the invaders to take control of the system. This attack provided back-up for the remote assault.
A post mortem of this attack conducted by debkafile’s cyber intelligence sources point to a Sony insider. The perpetrator had to have been a staff member with high security cover and direct access to the company’s computers.
If US intelligence investigators can identity this culprit and establish his (or her) ties to North Korean intelligence, President Obama will have evidence of Pyongyang’s culpability for the cyber attack on Sony.
But the US is rightly walking on eggs in its bout with North Korea, lest the damage caused by a frontal collision outweigh the benefits.
Pyongyang is known to employ an army of “cyber warriors” in the region of tens of thousands. They are capable of inflicting untold damage on America’s national infrastructure, in both the security and economic fields. All US systems, public and commercial, subsist on computers and Internet links.
Pyongyang is a lot less dependent on Internet, access to which is in fact barred to most citizens. North Korea’s under-development in this field therefore makes it less vulnerable to attack and becomes a strategic asset.
None of these considerations detracts in any way from the ill effects of Sony Picture’s unprecedented surrender to threats of a “9/11 scale” attack from unidentified sources and its withdrawal of “The Interview” – the story of a fictional assassination of the North Korean ruler.
This was a disturbing demonstration of how a lone-wolf computer terrorist – or a group of mad hackers – with no weapons other than applicable access to the Internet – can cause havoc far and wide across the world web.
It was hoped that the United States with all the resources at its fingertips would have had the nerve and vision to plug this threat.
America’s intelligence services skilled in the cyber arts have the means to hunt down malefactors. In this case, tracking devices could have been set up for the screening of The Interview at a single cinema and so nailed the hackers at source.