After Comey's speech, critics still unconvinced by the FBI's Sony hack theories
Although FBI Director James Comey meant to clarify the agency's case against North Korea in the Sony hack this week, his comments did little to change the balance of a polarized, but largely skeptical, cybersecurity community.
Although FBI Director James Comey meant to clarify the agency's case against North Korea in the Sony hack this week, his comments did little to change the balance of a polarized, but largely skeptical, cybersecurity community.
Brian Honan still doesn't buy it.
Even after FBI Director James Comey spoke this week about the agency's evidence tying North Korea to the Sony hack, Mr. Honan, a security specialist, says the connections remain too weak.
At a cybersecurity conference at Fordham University on Wednesday,听Mr. Comey announced the agency's newest piece of technical evidence: Internet protocol address. The hackers, he said,听blundered while sending e-mails and failed to mask the true IP addresses that represent their devices on a network. Those addresses, he said, were "exclusively鈥 used by North Korea.
But that wasn't exactly the听smoking gun Honan and other skeptics in the security community needed to convince them that North Korea is the real culprit.
"IPs can be spoofed and computers at IPs can be compromised," says Honan,听director of BH Consulting, an Irish security firm. 鈥淚n my experience, no IPs are every guaranteed to be 鈥榚xclusively鈥 used by anybody."
Honan wonders why these IP addresses had not been released to researchers for independent review or, at a minimum, to allow network administrators at risk of an attack from North Korea to block that traffic.
"The last time the FBI said IP addresses they found were controlled by North Korea was when the initial statement said they were hardcoded into the malware. Experts agreed they were wrong,鈥听says Rob Graham of Errata Security, an Atlanta cybersecurity firm.听"There is little reason to believe them this time."
He's听referring to research conducted by Scot Terban, a security expert and popular blogger often known by his Twitter handle 鈥楰rypt3ia,鈥 and Sean Sullivan of F-Secure, a Helsinki-based provider of online security products.
According to Mr. Terban, the IPs pointed to an international list of widely used proxy servers and one compromised computer in New York.
While Mr. Sullivan is reserving his judgement on the e-mail IPs until his team can examine them, he still questions some of the vagaries in Comey鈥檚 talk this week.
"The FBI didn鈥檛 say why they thought the e-mails were actually from the hackers," says Sullivan. "It could just be a separate group of North Koreans saying 鈥榊ou guys suck.' "
According to Terban, Comey didn't produce enough evidence to back up his claims about the IP addresses.听鈥淚f they have a log, produce the log. It鈥檚 not like North Korea doesn鈥檛 know.鈥
Meanwhile, analysts that already agreed with the government's North Korean attribution continue to support the FBI's theory.
"I was always certain. I鈥檝e seen what they've seen," says听Dmitri Alperovitch, cofounder of CrowdStrike, a California security firm. Soon after the initial FBI report linking the Sony hack to North Korea, CrowdStrike announced it had been tracking听the same North Korean hackers for many years.听
Mr. Alperovitch says that FBI's announcement this week was more about sending a message to enemy states that the US is capable of quickly attributing cyberattacks and less about convincing loud and dissenting voices in the security community.听
"Establishing a precedent for response," said听Alperovitch. "That's what they were thinking."