[personZ]

Many well-known security professionals

...who are pandering to a crowd, and based upon essentially no information at all, but just the same sort of "I think" gut feeling notions that we see on HN. While there should always be questions about government honesty, it's rather incredible how far people will reach to find to clutch onto something that backs whatever their initial knee-jerk opinion was, seen throughout the comments here.

Quite a few comments are among the "they're making this up to go to war", which is simply incredible: Are people so far out of the loop on world players or current events? The US in no universe will launch a military action against a rogue, shells-pointed-at-Seoul, nuclear armed nation because they hacked Sony. That premise alone is simply absurd.

Is the US trying to isolate North Korea? They're already completely isolated. I mean...do people understand the situation North Korea is in, and the complete lack of tools to deal with this? The US gains literally nothing pointing the finger at North Korea.

[higherpurpose]

It wins a few more points in the "you need to give up more of your privacy so we can protect you" campaign when we could be talking about "nation-state cyber-war" rather than a "Target-like hack" by hackers nobody knows or cares about. North Korea is an "iconic enemy" people can rally against.

[myrryr]

They gain HEAPS pointing at North Korea. They can say that it shows the threat that the US has from other countries on a hacking front, and that they need more funding around a cyber defense initiative. IT can't be - oh anonymous (or some group like them) since no one will take it as seriously.

They want to point at a country that will say "damn straight we did it" even if they didn't (North Korea is perfect!)

[knorby]

No matter what you believe, some group just caused massive damage to Sony. If the US was looking to justify "cyber defense" spending, how would a rogue group not be a bigger threat? A rogue group better fits the terrorism narrative that has justified much of the last decade's military and intelligence spending. You're reaching.

[cmdkeen]

China is busy providing all that justification, which is why Cybersecurity is getting massive military investment already. Sony being hacked is nothing, in terms of national security, compared to what China is getting up to.

[personZ]

They can say that it shows the threat that the US has from other countries on a hacking front

There have been attacks on the US government IT infrastructure. Stolen designs and files from military contractors. Attacks on energy and distribution systems. Attacks on the banking system.

On the grand hierarchy of attacks, this is really, really low. I mean, given the severity and regularity of attacks against things that really, really matter, no the US certainly didn't need this to justify anything. The concern is very real, and significantly more important than some Sony Entertainment emails or movie leaks.

[lotsofmangos]

The US in no universe will launch a military action against a rogue, shells-pointed-at-Seoul, nuclear armed nation because they hacked Sony. That premise alone is simply absurd.

I agree that it is absurd, but Washington seems to be talking up that premise.

Obama Vows a Response To Cyberattack on Sony

WASHINGTON — President Obama said on Friday that the United States “will respond proportionally” against North Korea for its destructive cyberattacks on Sony Pictures, but he criticized the Hollywood studio for giving in to intimidation when it withdrew “The Interview,” the satirical movie that provoked the attacks, before it opened.

Deliberately avoiding specific discussion of what kind of steps he was planning against the reclusive nuclear-armed state, Mr. Obama said that the response would come “in a place and time and manner that we choose.” Speaking at a White House news conference before leaving for Hawaii for a two-week vacation, he said American officials “have been working up a range of options” that he said have not yet been presented to him.

http://www.nytimes.com/2014/12/20/world/fbi-accuses-north-ko...

One thing I would like to know, is if this whole thing was perpetrated by the North Korean state because of the potential offence to North Korea from showing their leader being killed, why has the scene of their leader being killed been leaked by the hackers and is now posted all over reddit? That really makes very little sense.

[cmdkeen]

Military action is not the only form of proportionate response. The US has been involved in sanctions based diplomacy against NK for years now around the nuclear programme. The State Department aren't idiots, any form of military action against the North runs the risk of full scale war breaking out.

[anfedorov]

The US gains literally nothing pointing the finger at North Korea.

It also loses nothing, which might be the case if Russia or China were behind the attacks.

[wahsd]

It conditions the population against North Korea. Not saying that that's what's happening right now, but it's kind of our MO. We target a specific place for ulterior motives, generate public animosity among our population of morons who couldn't find X country on a map if their lives depended on it, then we put on the squeeze in order to illicit a reaction, and then when a certain action happens we can manufacture into an excuse for military action, we take military action. And then we proclaim how innocent and unwillingly we were dragged into something we had been gunning for even before the last war we were engaged in was over.

[api]

What would the ulterior motive be for taking on the cost of a war against NK? They have little to no oil or other super-valuable commodities as far as I know, so there's little financial motive. They're a risk to their neighbors but are not a credible global threat, and they're less likely to attack the U.S. than more dangerous and ideologically fervent enemies like ISIS.

They're more of an annoyance than anything else. The strategy so far seems to have been to wait it out and hope their crazy cult-regime finally collapses. I don't see any reason anyone would want to expedite this unless they thought there was a clear and present danger of NK escalating in both belligerence and power in the near future. I can imagine the former, but not the latter.

[tankenmate]

The value of NK isn't anything internally intrinsic; the main reason it has "survived" with its current and past leadership is that it is a buffer between the "West" and China. And previously it was seen as a buffer between Japan (and also the US) and Russia; Stalin was the one who authorised the Soviet invasion of Manchuria in the very last days of WWII. Russia's leadership at the time remembered Russia loss of face (and territory) to Japan in 1905; remind you of current day invasions and annexations with ruminations of nationalism?

The Korean War was in many ways similar to a "more power" version of Ukraine today.

[alexqgb]

NK may be a sideshow as far as a lot of interested parties are concerned. The benefit (if you can call it that) is that the presently-tapering security contractor gravy train gets a new shot in the arm, the Feds have a chance to set up "partnership" agreements with any number of tech firms that they just alienated during the NSA fiasco, and a much higher level of generalized network surveillance becomes a thing that plenty of companies start thinking they want.

I obviously don't know the story behind this. The point is, there are plenty of opportunistic and self-serving domestic interests who probably don't either but can nevertheless turn this hack into a very beneficial event, regardless of who did it. From their perspective, NK being the source is actually the best-case scenario.

[cma]

Punishing defiance can be an ulterior motive. When the mafia send someone in to break the shopkeepers fingers they often risk their guy getting arrested, etc. losing more than the shopkeeper is worth. They still go through with it because that shop isn't the only thing in the balance, it's about keeping all the other shops scared and maintaining "credibility." You can hear war mongering politicians talk about "credibility" and "credible threat of force" all the time.

[wahsd]

It would drain China's resources and focus, Russia's for that matter too. But, again, I said that I don't think that's what's happening with NK. NK is even too much of a pandora's box of crazy that I think will only be set off as a last ditch effort against, mainly, China. I see it as kind of a bomb that is surgically attached to China, which we can somewhat easily figure out how to set off if we so desire.

[sroerick]

Why was North Korea included in Bush's famous Axis of Evil speech?

[cmdkeen]

Drug running, counterfeit currency production, kidnapping foreign citizens, nuclear testing and producing nuclear capable missiles and testing them in provocative ways.

Plus their prison camp system, internal mass famines, brutal authoritarian dictatorship.

[mbreese]

I'm fairly certain it was for nuclear proliferation.

[sd8f9iu]

If they are wrong, then they take a hit to their credibility. The Republican Party would pounce on this and never let up. It would not look good in the public eye if the government's cybersecurity apparatus – which the president just spent the past year and a half defending – fingered the wrong country behind an attack.

[slipangel]

Not true. Can you imagine the economic impact if this stands as a case study on how lax security standards could be at large, trusted private institutions? That all it takes is one pissed-off employee with a cursory background in computer security to cause billions of dollars in damages and rampant fear?

It's much easier to address public fears with an easy scapegoat than to owe up to the overall frailty of network-driven industry. Could you imagine the cost of creating "the TSA of networks belonging to important private entities?"

[csdrane]

Part of me does wonder whether we're headed in that direction. See: Rainbow's End, by Vernor Vinge.

What is the equilibrium in a world where state funded actors can anonymously attack major companies / infrastructure components? I am not convinced that is possible for a Sony to secure itself to such a level that it will not be vulnerable to attacks by state actors.

[jeremyjh]

Not without actually - ya know - trying.

[kalleboo]

> Could you imagine the cost of creating "the TSA of networks belonging to important private entities?"

Sounds like a huge bounty for whoever gets the contract.

[alexqgb]

That's exactly the issue. There are lots of people who can imagine that. They can also imagine corporate boards having a much harder time saying no to them in an environment that the Feds have described as dangerous. If nothing else, not (literally) buying into the scare opens companies to even more expensive liability.

[Shivetya]

oh if it were Russia I am quite sure the current Administration would waste no time exposing them. The level of disrespect shown towards with both official and unofficial comments borders on undiplomatic by most counts.

It matters little because the big issue here is that a group of cyber terrorists have effectively shut down a major corporation and most western countries are just standing by. if that is not green lighting future copy catting nothing I don't know what is.

The President should screen the film at the White House and allow it to be distributed to the armed forces

[joe_the_user]

...who are pandering to a crowd, and based upon essentially no information at all

References?

What I remember is a well-argued article pointing to many parts of the hack that would seem to disqualify North Korea - for example the use of a (South) Korean language locale which North Koreans would in fact not normally be able or likely to use, broken English with little relation to how North Koreans would speak, etc.

Now, North Korean could be making a careful effort to impersonate Western hackers making a crude effort to impersonate North Koreans. But that's kind of reaching and there's a bit more than no evidence.

[personZ]

"What I remember is a well-argued article pointing to many parts of the hack that would seem to disqualify North Korea"

That article was a classic case of "assume the end result, and then make everything you've heard...including indirect, second-hand rumors, fit the mold you've set". You probably saw that "analysis" on here, and it was quite soundly destroyed as being largely ignorant.

https://news.ycombinator.com/item?id=8766411

But it went with them because it fits the case.

Further the whole "that bad English doesn't fit how I think bad English should look" is...well it's preposterous. The article also uses a ridiculous email exchange which could be anyone as proof -- again, fitting the mold.

There is literally nothing in that, beyond some person's subjective take on how a person might mangle English (this is one of those classic claims that assumes some grand conspiracy...but that the conspirators were too dumb to get the basic stuff right), that is based upon legitimate analysis.

[joe_the_user]

Your link is just someone saying "you're wrong" with no references, like you are.

[nether]

We're gradually seeing HN comments on world events veer into conspiro/4chan /pol/ territory. It's sad but I think inevitable with anonymous discussions.

[joe_the_user]

Really?

Most posters on hackers news, it seems, rejected the idea that the Sony hack was done by North Korea or any easily determined actor.

The US government now has an official conspiracy, that the attack was the work of the government of North Korea. Just because that is conspiracy theory doesn't make it wrong but I and many people still doubt it.

You are replying to an attack on the common dubiousness of many hn posters to the North Korea theory. The attack seems to involve the idea that doubting the US government conspiracy theory has to be, itself, some other kind of more dubious conspiracy theory, when it is actually the belief that there's no evidence in that direction and plenty of evidence away from that direction.

[uid]

> "they're making this up to go to war"

literally nobody has said that, all that most people have said is that if you're going to accuse another nation of an act of "cyberwar" at least provide proof. Is that too much to ask?

[personZ]

"Opportunities to get backing for war are rare, and so there is good reason to think that the government would try to capitalize on them."..."USS Maine, anyone?"..."Queue an invasion of North Korea."

Literally quite literally doesn't mean what you apparently think it means.

And the general conspiratorial narrative is that the US is trying to blame a blameless North Korea to achieve...something. Not sure what.

[jchrome]

"And the general conspiratorial narrative is that the US is trying to blame a blameless North Korea to achieve...something. Not sure what."

To assume the US Government's PR team won't use anything/everything to reinforce, reiterate or bolster it's own agenda is just idiocy. There are far too many examples throughout history where it has.

Whether or not that means that this investigation is a farce, is another question.

[Crito]

My hangup here is that the DPRK historically provides absolutely no shortage of excuses for the US to grandstand, but with the occasional exception of them shelling some South Korean island or kidnappings a tourist, they are usually (publically) ignored. Niche news websites about North Korea will talk about the crap they do or say weekly, but you usually only see US government officials and mainsteam US media piping up once or twice a year.

Its not like the US has to manufacturer an excuse to complain about them. There is an abundance of genuine North Korean antics to choose from if they want to.

[uid]

cite a single comment where somebody has said "they are making this up to go to war"

[RobertKerans]

The parent you replied to quoted three.

[mason240]

This thread is filled with them, but here is one:

https://news.ycombinator.com/item?id=8773230

[RexRollman]

I wouldn't say the US is wrong, but at the same time, I wouldn't blindly trust the accuracy of everything they claim.

[happyscrappy]

>Are people so far out of the loop on world players or current events?

The people who comment on HN about politics are hilariously confused.

[guelo]

Don't generalize, people have many diverse opinions on HN. For example, you are commenting on politics on HN.

[happyscrappy]

My comment is meta. Yes I should have said some people.

[tomp]

> The US gains literally nothing pointing the finger at North Korea.

The US gains quite a lot by pointing fingers at a bad guy. This bad guy happens to be North Korea. Anything just to keep the public distracted and the media happy to report something else but CIA torture.

[HackinOut]

"The US in no universe will launch a military action against a rogue, shells-pointed-at-Seoul, nuclear armed nation because they hacked Sony."

Is that your gut feeling? :p I understand it's backed by strong arguments but so were (some) security professionals opinion. They might give updates after the FBI's communiqué and are aware of the limitations of their argumentation. That being said I do share your opinion on the matter...

EDIT: elaborating... EDIT 2: Not sure why I'm getting downvoted. No matter how much I believe US won't go to war there is always a possibility I could be proven wrong. I don't think security professionals analysis was based on "no information at all" (think things we know about North Korea), no more than the analysis we have about US not going to war.

[barsonme]

(I guess to add on to yours and the previous posters' comments...)

Even if it wasn't North Korea, the U.S. still gains nothing from this except for maybe making NK look even worse.

And the U.S. might make some stupid political decisions, but there's a difference "ill advised" decision and a flat-out stupid decision. Going to war with NK would mean South Korea getting attacked by NK. Would the U.S. risk that?

I honestly do not think so, because it'd signal the end of the U.S.' diminishing credibility in the global sphere. Nobody wants to be friends with a country who'd willingly throw a friend under the bus simply because another country (which has very few friends) hacked into one of millions of corporations in said country.

If the U.S. and USSR could go years without nuking each other, I believe the U.S. has enough restraint to not launch (enough of) an attack on NK that would provoke a NK response towards their southern neighbors.