http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/
By Marc Rogers
12/18/2014
Everyone seems to be eager to pin the blame for the Sony hack on North
Korea. However, I think it’s unlikely. Here’s why:1. The broken English
looks deliberately bad and doesn’t exhibit any of the classic
comprehension mistakes you actually expect to see in “Konglish”. i.e it
reads to me like an English speaker pretending to be bad at writing
English.
2. The fact that the code was written on a PC with Korean locale &
language actually makes it less likely to be North Korea. Not least
because they don’t speak traditional “Korean” in North Korea, they speak
their own dialect and traditional Korean is forbidden. This is one of the
key things that has made communication with North Korean refugees
difficult. I would find the presence of Chinese far more plausible.See
here –
http://www.nytimes.com/2006/08/30/world/asia/30iht-dialect.2644361.html?_r=0
here –
http://www.nknews.org/2014/08/north-korean-dialect-as-a-soviet-russian-translation/
and here –
http://www.voanews.com/content/a-13-2009-03-16-voa49-68727402/409810.html
This change in language is also most pronounced when it comes to special
words, such as technical terms. That’s possibly because in South Korea,
many of these terms are “borrowed” from other languages, including
English. For example, the Korean word for “Hellicopter” is: 헬리콥터 or
hellikobteo. The North Koreans, on the other hand, use a literal
translation of “vehicle that goes straight up after takeoff”. This is
because such borrowed words are discouraged, if not outright forbidden, in
North Korea –
http://pinyin.info/news/2005/ban-loan-words-says-north-korea/
Lets not forget also that it is *trivial* to change the language/locale of
a computer before compiling code on it.
3. It’s clear from the hard-coded paths and passwords in the malware that
whoever wrote it had extensive knowledge of Sony’s internal architecture
and access to key passwords. While it’s plausible that an attacker could
have built up this knowledge over time and then used it to make the
malware, Occam’s razor suggests the simpler explanation of an insider. It
also fits with the pure revenge tact that this started out as.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
