http://www.wired.com/2015/01/fbi-director-says-north-korean-hackers-sometimes-failed-use-proxies-sony-hack/
BY ANDY GREENBERG
Threat Level
Wired.com
01.07.15
The Obama administration has been tightlipped about its controversial
naming of the North Korean government as the definitive source of the hack
that eviscerated Sony Pictures Entertainment late last year. But FBI
director James Comey is standing by the bureau’s conclusion, and has
offered up a few tiny breadcrumbs of the evidence that led to it. Those
crumbs include the claim that Sony hackers sometimes failed to use the
proxy servers that masked the origin of their attack, revealing IP
addresses that the FBI says were used exclusively by North Korea.
Speaking at a Fordham Law School cybersecurity conference Wednesday, Comey
said that he has “very high confidence” in the FBI’s attribution of the
attack to North Korea. And he named several of the sources of his
evidence, including a “behavioral analysis unit” of FBI experts trained to
psychologically analyze foes based on their writings and actions. He also
said that the FBI compared the Sony attack with their own “red team”
simulations to determine how the attack could have occurred. And perhaps
most importantly, Comey now says that the hackers in the attack failed on
multiple occasions to use the proxy servers that bounce their Internet
connection through an obfuscating computer somewhere else in the world,
revealing IP addresses that tied them to North Koreans.
“In nearly every case, [the Sony hackers known as the Guardians of Peace]
used proxy servers to disguise where they were coming from in sending
these emails and posting these statements. But several times they got
sloppy,” Comey said. “Several times, either because they forgot or because
of a technical problem, they connected directly and we could see that the
IPs they were using…were exclusively used by the North Koreans.”
“They shut it off very quickly once they saw the mistake,” he added. “But
not before we saw where it was coming from.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
