Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search


(26,549 posts)
5. Not really.
Fri Jan 2, 2015, 03:45 PM
Jan 2015

So far, the evidence I've seen of it being an "insider" consists of
1) It was off-the-shelf malware
2) There were hard-coded paths in the malware.
3) The author thinks there would be a different flow of events. Such as immediately attacking about the Interview instead of attempting extortion first.

Those really aren't particularly compelling reasons to say it is any particular group.

For 1, if you're going to attack someone, you'd use off-the-shelf software if at all possible to avoid exposing your unique software.

For 2, The typical model of such an attack is recon first, and then vacuum up as much as you can. You'd get those hard-coded paths on your recon, put it in the off-the-shelf software, and let the off-the-shelf package be found as it uploads as much as possible.

For 3, North Korea's pretty famous for needing money. Also, I don't think we can say how the North Korean government would or would not behave based on how we'd behave.

The main reason why "insider" doesn't look right to me is why would an insider have to use the Internet? If it was someone who knew those hard-coded paths and what they lead to, they could also have copied the data onto a thumb drive while they were an insider. They'd also have access such that they did not have to steal an executive's credentials, or could have stolen the credentials much more covertly.

Latest Discussions»Latest Breaking News»President Obama Sanctions...»Reply #5