[Cryptography] North Korea and Sony

Phillip Hallam-Baker phill at hallambaker.com
Tue Dec 9 08:40:04 EST 2014

On Tue, Dec 9, 2014 at 1:39 AM, David Nix <davidthomasnix at gmail.com> wrote:

> Well, they have already released close to 100 gigs of very sensitive
> data, so I'd say they are well past threatening. Tho it's still
> debatable if it's a state actor or not; the info leaked is not
> superficial stuff, it's business models, projections, research,
> accounts receivable, server keys,  salary and HR info on everyone ever
> employed by Sony Pictures and their insurance & retirement info.
> Smells strongly of major insider collusion...

What worries me is that past performance is no guide to the future where
security risks are concerned.

Back in the 90s people got really comfortable with the idea that hackers
were just fluffy bunnies who were overly curious and would never try to do
something like steal money. The threat of organized cyber-crime was
poo-poohed as self interested panic mongering.

Today the threat of espionage against commercial targets is mitigated by
the fact that the people who steal the information have an interest in
preserving its value. China does not want to help its competitors with
secrets they have stolen fair and square.

Whether this is one disgruntled insider or a nation state, or both does not
matter unless you are in the shutting stable doors business. We know North
Korea has the expertise to pull of big jobs. And even if they weren't
behind it, their cyber spymaster will be tracking the Western press and
telling the dear serial killer, 'we didn't do this but we should start'.

It really would not cost a lot to perform a broad attack against commercial
targets. Pick the tope five in each sector. Dump data on one of those five
to drive them out of business. Then move on to the next. And fund the whole
exercise with side bets on the stock market, the ultimate pump 'n dump.

This is the real threat to the US economy. Hayden and Alexander built a
machine whose sole purpose is attack. Hayden has no comprehension of the
value of defense and his understanding of the importance of civilian
infrastructure is strictly tactical. He knows what he would attack, power,
water, etc.

The Snowden files show an organization that is entirely devoted to attack.
Even their defense efforts have to be presented as attack because thats all
the senior brass respect and its an up-or-out hunger games environment.

Since we have reportedly caused $140 billion worth of damage to Russia's
economy, it is no stretch of the imagination to expect that Putin might
expect to do the same back.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141209/9e457048/attachment.html>

More information about the cryptography mailing list