Article: Goosebumps: A Scary Sony Story

We've obtained all your Internal data, Including your secrets and top secret [clip]

If you don't obey us, we'll release data shown below to the world.

Determine what will you do till November the 24th, 11:00 PM (GMT).

At this point, the hackers have changed their name from God'sApstls to Guardians of Peace (GOP). They've also pasted their message over a graphic that's the cover art of a children's book by the very popular American author, R. L. Stine, who's known as the "Stephen King of children's literature," and whose best known series is called "Goosebumps."[5] Still, not a word about The Interview or North Korea.

They continue to refer to unmet demands that have never been specified, but they have already started to post sensitive Sony information. They seem to be moving very quickly into full sabotage mode against Sony, and in the next few weeks they make no serious attempt to arrange a monetary ransom. If they were playing for money, they had the goods, and could have worked, and made out like, the Nokia cyber bandits. Now, however, "Lena," a self-identified spokesperson for the GOP, contacted the tech press, saying: "I'll tell you this. We don't want money. We want equality. Sony left their doors unlocked, and it bit them. They don't do physical security anymore."

So, they are now the GOP, focusing on "equality," and indicating they "had physical access to the network in order to accomplish their aims"--as many tech experts suspect.[6]

With all the shifting discourse, still no Interview or North Korea.

At this point, as they rolled out more and more embarrassing Sony documents, the GOP was still in the realm of cyber-extortion/sabotage against a private company. As the plot thickened, of course, they did change the target to The Interview.

As security expert Marc Rogers points out (echoing the observations of Kim Zetter in Wired, among others)[7]:

The attackers only latched onto "The Interview" after the media did -- the film was never mentioned by GOP right at the start of their campaign. It was only after a few people started speculating in the media that this and the communication from DPRK [North Korea] "might be linked" that suddenly it became linked.

That much is indisputable. Rogers goes on to speculate:

I think the attackers both saw this as an opportunity for "lulz" and as a way to misdirect everyone into thinking it was a nation state. After all, if everyone believes it's a nation state, then the criminal investigation will likely die.

In fact, someone claiming to represent the GOP contacted Salted Hash, another cyber-security organization, to insist that the GOP is "an international organization "not under direction of any state," and that:

Our aim is not at the film The Interview as Sony Pictures suggests. But it is widely reported as if our activity is related to The Interview. This shows how dangerous film The Interview is. The Interview is very dangerous enough to cause a massive hack attack. Sony Pictures produced the film harming the regional peace and security and violating human rights for money.[8]

So The Interview is not the target, it just represents everything that's wrong ("harming the regional peace and security"for money") with the target (Sony Pictures), or something like that.

It's not as if any purported statement or representative of the GOP can be taken at face value. There's a lot of confusion, or perhaps misdirection, here, and certainly no concern for the hobgoblin of consistency. Because then the GOP, or someone claiming to be the GOP, directly targeted The Interview, making ominous-sounding threats about the "bitter fate" awaiting everyone who sees the movie:

We will clearly show it to you"how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you'd better leave.) [9]

Kind of cagy, this discourse. Can they really not write in coherent English? Is the "bitter fate" for those "who seek fun in terror" (not the GOP) to "see what an awful movie Sony Pictures Entertainment has made," a movie that will fill the world with fear? Or is the reminder of 9/11, and the warning to keep one's distance, really an implied threat to blow up theaters? If it's a joke, it's a bad one. It would be hard for theater owners to ignore the implied, murderous, threat.

Whoever they are, whatever their intentions, and however shrewd their discourse, with this intervention the hackers did, indeed, move from sabotaging a private media company to sabotaging the public realm of cultural expression. No matter how stupid and objectionable a movie may be, no one should be threatened with physical harm for seeing it. Not funny, not cool, not "lulz."

What they have also done, however, is to move the game out of the realm of cyberjinx. The hack is a cyber-event; the bomb threat isn't. This threat has nothing to do with "cyber-warfare" or cyber-anything. It is just a plain old bomb threat. Unlike the data dump, it signifies nothing particularly dangerous about computers or cyberspace or the internet or email. Emailing Sony this message, or posting it on the internet, is no different from calling Sony on the phone and reading the message. It poses exactly the same problem. Anybody--via telephone, text, email, or skywriting--can make a bomb threat.

If it was a bunch of hacktivists who did this, even hacktivists with a grudge against Sony, they should recognize that they abandoned anything having to do with cyber talent when they essentially called up the school the morning of the test with a bomb threat. For the rest of us, let's, please, not imagine that making a threat via email means there's some kind of "unprecedented" evil cyber-danger lurking everywhere that requires a whole new apparatus of policing--i.e., government surveillance and control of the internet. Nobody's going to blow up the movie theater with a "cyber-bomb." This has to be evaluated and investigated like any other bomb threat.

Starting with questions like, you know: Is there anyone who poses a serious threat to bomb the school this morning? Or, Are there 18,000 North Korean sleeper cells ready to blow up every movie theater in the US? Is there some reason to place the whole damn country, and everyone's mind, on a war footing?

The GOP has demonstrated its ability to steal documents from computers; they have demonstrated no talent for building or placing bombs. Someone who had planted a stink bomb in one movie theater, or ten, or 18,000, and then called or emailed Sony threatening to really blow them all up next week would have a lot more credibility in that regard than the GOP has by dumping Amy Pascal's email. And there would be nothing "cyber" about it.

[UPDATE: As if to emphasize their own flakiness, the GOP has now given Sony permission to release the film--with their specified edits!][10]

We don't know who did it.

Of course, there's always a reason to place the whole damn country, and everyone's mind, on a war footing. In fact, placing the whole damn country on a war footing is the reason, in large part, for the media's existence.

Thus, North Korea did it.

Do not get me wrong. The horrors of the Korean war and American policies therein and thereafter notwithstanding, the North Korean regime is terrible, and Kim Jong-un is probably a narcissistic lunatic. After all, it's a regime that keeps its population of a constant war footing, invented torture tactics (that other countries have recently come to use), is always threatening to attack other countries, and may someday actually do so (as other countries often do). North Korea's reputed cyber operations unit, Bureau 21, may be responsible for this hack. I don't put anything past them.

Then again, I don't put anything past anybody. I do not take the word of the North Korean government, and I do not take the word of the United States government. After the Gulf of Tonkin, Iraqi WMDs, Syrian chemical weapons, Russian BUKs shooting down a Malaysian airplane (to name only the most recent packs of lies), anyone who simply accepts the US government's assertion that something is true is a stubborn sucker. Unfortunately, the American press and media, across the mainstream spectrum, fall in that category. It is truly amazing how the American regime's patently mendacious narratives about Syria and Ukraine, for example, are accepted as unquestionable truth, become fixed assumptions, as will, I expect, the now-official story that North Korea is to blame for the Sony hack.

Let's see: The North Koreans suggest investigating this attack jointly with the United States, and the US government responds that North Korea must first admit its guilt. Verdict first, trial afterwards. And nobody at the media tea party notices.

But, but, the FBI says" The FBI? You mean the organization that absolutely positively identified the anthrax killer -- twice, getting it wrong both times? That hasn't been able to solve that crime after 13 years? The FBI that, by its own admission, has "mishandled, mislabeled, and lost"nearly half the pieces of evidence it reviewed" in "every region of the country"? That FBI?[11] Should I accept that, after a few weeks, this FBI solved the extremely difficult problem of definitively identifying the source of a computer attack designed by very clever hackers using source code that can be bought on the Internet? Until the FBI has revealed its evidence, and I see analyses by independent computer security specialists, I will not.

Understand that the FBI has not convinced the tech world. (See the links below for details.) Here's Marc Rogers again, after carefully analyzing the FBI's statements:

There is NOTHING here that directly implicates the North Koreans [emphasis in original]".
We don't have any solid evidence that implicates North Korea, while at the same time we don't have enough evidence to rule North Korea out. However, when you take into consideration the fact that the attackers, GOP, have now released a message saying that Sony can show "the Interview" after all, I find myself returning to my earlier instincts -- this is the work of someone or someones with a grudge against Sony and the whole "Interview" angle was just a mixture of opportunity and "lulz"".

Next Page 1 | 2 | 3

(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).