[Dailydave] What is happening?

Andre Gironda andreg at gmail.com
Thu Dec 18 09:23:53 EST 2014

On Dec 17, 2014 8:51 PM, "Dave Aitel" <dave at immunityinc.com> wrote:
> The Sony Hack is not just fun and games (if it was, The Interview would
have dropped as a .torrent long ago). It's not about a movie or even Sony,
at all. When you build a nuclear program, you have to explode at least one
warhead so that other countries see that you can do it. The same is true
with Cyber.

Agree. Game theory can explain why this must be nation-state involvement.

> Iran did this exact same near-mortal blow to Saudi Aramco, as a way of
demonstrating that they could and would. That's what just happened to Sony,
but they didn't see it in time, and didn't realize they were going to have
to fold. If you recognize the signature of this kind of nation-state
attack, it is not hard to see ahead of time what is going to happen, and we
at Immunity have gone on the record weeks ago saying that this was North
Korea, and Sony was going to have to pull the movie to survive.

Why can't it be both Iran and North Korea? There were multiple breaches so
why not multiple actors and/or cordination?

> Kim Zetter wrote a Wired article in which she called out our Business
Insider piece as fantasy. She's since edited us out of the article, but it
is ironic that she calls on the "Cutting Sword of Justice" as another
hacker group, when in fact they are, like #opisrael, directly Iranian
state-based efforts (to be specific, MOIS) - the very exact kind of
operation people are failing to see here.

Well I agree these are not sub-state actors or hacktivists.

> Clearly, not all hacking (even very impactful hacking) by random hacker
groups is war/terrorism, but when a nation state decides to take out a
business in another country, it's hard for our policy team to find another
word for it. You do not see the United States using cyber efforts to do
this to businesses in other countries, and when Iran or North Korea, or
even China, does it, that's stepping over the line. The United State's
initial message was that they'd rather have the FBI handle it than the USAF
or even JSOC...

How do you know there was no military involvement? Even if so, could be
that the FBI is supplyjng the CI collection for this mission because of a
unique position.

> I guess what I'm saying is, you can learn more about cyber war at the bar
at Infiltrate than in Wired so far. ;>

Did you read Zetter's book?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141218/7f2fc02b/attachment.html>

More information about the Dailydave mailing list