2014-12-19

North Korea, Sony Cyber Attack, Sanctions?

What is to be done about North Korea?

FBI — Update on Sony Investigation: "... the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:
"Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks. The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack. Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea...."
So far North Korea is the winner. Sony Pictures Entertainment has been bullied into pulling its "offending" movie--completely caving to state sponsored cyber terrorism--so much for free speech and internet freedom.

One thing we know about a bad actor, a bully, a rogue state, is that they are only encouraged by this type of response. Next victim? Another company, an electric utility grid, a nation state that happens to displease the Great Leader, or the internet or DNS itself? ICANN itself was reportedly the subject of a recent cyber attack. So far, the response of the global internet governance community has been less than satisfactory.

-- John Poole, Editor, Domain Mondo



Domain Mondo archive