Talk:2014 Sony Pictures hack/Archive 1

Bureau 121
FYI, we now have a Bureau 121 article -- 67.70.35.44 (talk) 04:40, 19 December 2014 (UTC)

Removed information tagged as "original research"
"According to an article in Forbes, Sony had been warned of questionable cybersecurity issues in the past, having been told of employees using weak passwords as far back as 2006. The data released by hackers in 2014 showed that weak passwords were still in use in 2014."References This information was removed as violation of "no original research" rule. How can we improve this passage before re-adding it? --George Ho (talk) 22:16, 20 December 2014 (UTC)
 * We would need a secondary source to state that Sony could have avoided the current hacks, or should have had some better security, or soemthing like that, due to these previous hack attempts. It is original research for us to make that claim, even implicitly. --M ASEM (t) 22:27, 20 December 2014 (UTC)
 * It would be beneficial to have a section that describes how the hacker(s) gained access to the system. A security exploit or stolen credentials? We don't know. The problem is, it often takes weeks/months for experts to determine how the intruder moved across the system. The paragraph above does not offer clarity. Yes, it's certainly true that millions of people use easy to remember passwords, including Sony employees when checking their email, but there is no evidence that a system level administrator got careless. The two sources are combined in an unusual way and the suggestion is just left hanging there. Solid information will be forthcoming, I'm sure. We just have to wait for it. — TPX 23:00, 20 December 2014 (UTC)

Needs restructure
Because of investigation offerings, this article needs restructure. I can't tag it as "cleanup-reorganize" though. --George Ho (talk) 08:50, 21 December 2014 (UTC)

Information still missing?
The article is tagged for missing essential information. I think we already have it. Is there any other information still missing? Am I miscalculating? --George Ho (talk) 23:07, 18 December 2014 (UTC)
 * I agree, and so I have removed this tag. Everymorning   talk  00:01, 19 December 2014 (UTC)
 * There's plenty of essential information still missing from this article. The word "hack" is in the title because the article describes a critical incident, yet it is not broken down as such for a lay reader. I would consider the entire scope of the issue -- namely: prevention, mitigation, protection, readiness, response, recovery -- and at this point focus on response and recovery, and then get to the other facets as we learn more, and in-depth analysis starts cropping up in the news and elsewhere. In focusing on response, it would be useful to distill from the news those pieces of information for this article that would be related to incident command, liaisons among agencies, how public information was provided, how the response activities themselves had/have to be protected, and the contributions of people in charge of planning, response operations, logistics, finance and administration. Those of you with operational knowledge could fill in more blanks about how this happened step-by-step, who got pulled into the response, what did they know, when did they know it. As of this moment (December 19, 2014, 10:57 pm Pacific), we're definitely in recovery mode, but we're also still in response mode (and by response I mean fully putting out the fire, not figuring out what to say to North Korea). It would also be most interesting to note the sequence of recovery steps and the shifts in leadership and public opinion as everyone puzzles through what to do next. For example, a number of Hollywood celebrities are slamming Sony for "caving in." By contrast, attorneys for Cinemark argue that the theater owes nothing to the victims of the Aurora shooting because the Batman movie massacre there could not have been foreseen. That argument certainly would not hold up in this case, since the physical threats made against exhibiting The Interview were well-known. So, eventually, people may change their mind about egging on a big showdown at the potential expense of people relaxing in a dark movie theater. The chronicle of shifting attitudes and strategies about the Sony Pictures Entertainment hack could make this a valuable and oft-cited article. Cybersecurityczar (talk) 07:01, 20 December 2014 (UTC)
 * The lead mentions leaks of films but the body never mentions what films were leaked or the economic impact the leaks have had on the films box office.--TriiipleThreat (talk) 23:41, 23 December 2014 (UTC)
 * Fury, Mr. Turner, Annie, Still Alice, and To Write Love on Her Arms have been mentioned. Trying to dig up the original news sources, and avoid doing "original research" here. The financial loss associated with Expendables 3 is being used as a model for estimating the potential losses related to the unreleased titles. After the unauthorized release on the Internet of a screener copy, Expendables 3 earned $50 million less at the U.S. boxoffice than expected. There's also mention of a leaked script of the new Bond film, Spectre, but haven't seen discussion about potential losses as a result of the leak. Cybersecurityczar (talk) 05:46, 25 December 2014 (UTC)

Comments
Surprised that this article didn't get started until December 15, 2014. Or were there other attempts that got deleted? An important theme of this article will be the actions taken by Sony to recover from the 2014 hack. Cybersecurityczar (talk) 21:57, 15 December 2014 (UTC)
 * And, guess what, the issue will probably be forgotten next year.--Jack Upland (talk) 07:54, 3 January 2015 (UTC)

SONY Hack - Inside Job?
Are recent news reports (December 29, 2014),  that the SONY hack may have been an "inside job", sufficiently worthy to be included in the article - or not? - in any case - Enjoy! :) Drbogdan (talk) 21:08, 30 December 2014 (UTC)


 * I would think the suggestion of it is worth including, considering how many cybersecurity experts are calling bullshit on the FBI's claim, but the wording needs to be changed. "Inside job", while it's being used by the media, isn't technically correct. It implies that Sony employees did it. This investigation is suggesting that former employees did it, and I think if this information is included, the fact that the people suspected no longer work for the company needs to be clear. Sock   ( tock talk)  21:17, 30 December 2014 (UTC)
 * - Thank you for your comments - yes, I *entirely* agree with you - no problem whatsoever - in any case - Enjoy! :) Drbogdan (talk) 21:36, 30 December 2014 (UTC)

The Intelligence Community isn't impressed. "After FBI agents were briefed yesterday, they concluded the security company offering the alternate theory did not have an accurate understanding of all the evidence." — TPX 00:06, 1 January 2015 (UTC)


 * So the FBI isn't impressed by people who criticise it??? So what??? Are all you Americans totally brainwashed???--Jack Upland (talk) 05:38, 1 January 2015 (UTC)

There is widespread confirmation that many security groups do not agree with the FBI and that the cyberattack was performed by North Korea. The article should reflect all views and let people make their own determination. The first paragraph could now be seen as bias towards the FBI POV> Thanks all for contributing Lipsquid (talk) 18:58, 1 January 2015 (UTC)
 * The FBI has information that these other groups don't have. Additionally, their accusation of NK has led to issues of global politics, whether the claim is right or wrong, so to ignore it in the lede is missing a major aspect of the situation. --M ASEM (t) 19:07, 1 January 2015 (UTC)
 * Well until the FBI releases their "secret" smoking gun information, we can't cite it can we? Until they do, we cite what is known and verified. 18:08, 2 January 2015 (UTC)    — Preceding unsigned comment added by Lipsquid (talk • contribs)
 * It definitely should not be ignored. What is needed is to balance the claims of the US government - which often turn out to be false - with the scepticism of many others.--Jack Upland (talk) 21:22, 1 January 2015 (UTC)
 * We have an entire subsection devoted to alternative viewpoints. Some of them rebutting imaginary things the FBI have not even said. — TPX 21:44, 1 January 2015 (UTC)
 * Well, the FBI hasn't said much worth responding to seriously.--Jack Upland (talk) 07:53, 3 January 2015 (UTC)
 * I have changed the article to reflect the consensus of the main stream media that the FBI is bullshitting things and that it is probably a disgruntled employee + some non-NK hackers that are responsible in the first part of the article, and that the majority of researchers thinsk the FBI is spewing bollocks. Of course, exceptional claims require exceptional sources so they are added. --09I500 (talk) 11:57, 4 January 2015 (UTC)

Modify from US govt perspective domination to a balanced, two major perspectives NPOV entry
Early on in this story most RS indicated the hack seemed to have come from North Korea. But by late December it had become clear from massive RS that there is a disagreement between the U.S. government and many cybersecurity experts regarding who did the hack. And the cybersecurity experts' perspective is not a marginal, minority perspective but given equal weight to the U.S. government perspective in every major RS, it seems. Wikipedia should present an entry reflect both major perspectives and not privilege one (the U.S. government perspective) over the other.
 * Not sure we should give experts on the sidelines equal weight to the key sources who have the greatest access to all the evidence, or who are in a position to deny or admit to responsibility. Everybody else is simply speculating in an area where everything is possible. As of today, we see that the U.S. is making a big geopolitical move based on its findings against North Korea, and North Korea has been denying responsibility and will have to react to the U.S. measures. Meanwhile, we've been learning more details from the victim, Sony, as summarized this week in the New York Times, and we have yet to hear a peep from the self-proclaimed perpetrators, the Guardians of Peace. I think we have a well-balanced article by sticking to these 4 stakeholder points-of-view. Cybersecurityczar (talk) 00:21, 3 January 2015 (UTC)
 * I have to agree, given that the FBI says it has data it cannot share with these other security experts that support their NK accusation, and they are in the position to state that, their view is a predominate one. The balance is right for the current state of the story. --M ASEM (t) 00:35, 3 January 2015 (UTC)
 * So the FBI position is supported by... the FBI??? This doesn't make sense. I don't think the article needs to change right away because it seems increasingly likely that someone other than North Korea, apparently Russian mafia working with an ex-employee will be found to be responsible. Your "victory" doesn't seem worth fighting for, or against.--Jack Upland (talk) 07:52, 3 January 2015 (UTC)
 * It doesn't matter what the FBI says, the consensus in the media is now that the FBI is wrong, and that the security community has reached a consensus that the hack was not done by North Korea. This has heavier weight than one security organization with very little insignificance and accomplishments, and one that did more harm than good. --09I500 (talk) 12:01, 4 January 2015 (UTC)

Out with the SPE acronym
Sony Pictures Entertainment is fine as an initial identifier, and should be repeated once in a while, but Sony or (occasionally) Sony Pictures should be the preferred way to identify the victim, because it is accurate and it is the way all the RS are doing it.Haberstr (talk) 08:37, 1 January 2015 (UTC)
 * I agree.--Jack Upland (talk) 21:17, 1 January 2015 (UTC)
 * Nobody uses/cares for SPE acronym anyways. Removed per WP:BOLD --09I500 (talk) 12:02, 4 January 2015 (UTC)

"Reaction" section
This section has a lot of opinions that may no longer be useful due to The Interview receiving limited release. I'm sure this is a publicity stunt or some kind of ploy to make FBI or Obama foolish to citizens. --George Ho (talk) 09:39, 24 December 2014 (UTC)
 * With more than 32 million articles appearing in Google News search results on this topic, I think the contributors have exercised considerable restraint in selecting notable reactions. Not sure what is meant by saying this is a publicity stunt or ploy. Neither the FBI or Obama come across as foolish here. And any publicist in Hollywood who would create a publicity stunt that changed a 3,000-theater release into a 300-theater release would never work in that town again. I believe that Sony's earlier cancellation was driven by the prospect of insurmountable liabilities if any theaters were actually attacked. This limited release, driven by statements from a wide range of thought leaders, will do little to make Sony whole on this movie. The production budget was $45 million. Figure maybe another $40 million on prints and advertising. This limited opening weekend will deliver some horrible boxoffice numbers for Sony come Monday morning -- giving us the first snapshot of the actual financial loss related to this movie that Sony will suffer. Cybersecurityczar (talk) 11:11, 24 December 2014 (UTC)
 * Wow. I just saw The Interview in its entirety on YouTube and feel the script is one for the history books. Jonathan Swift would have been mightily impressed. Expect the national conversation and peoples' reactions to flare up in new ways this weekend. Cybersecurityczar (talk) 23:15, 24 December 2014 (UTC)


 * My suggestion is that a week from now, assuming nothing else happens, we'll want to look back and trim down the section - it screams of RECENTISM to include all the interviews at the current time. --M ASEM (t) 02:19, 25 December 2014 (UTC)

Some of the reactions are banal the way they are presented but put into context they are relevant. For example who cares that Russia said it was "understandable" that North Korea is upset. But it's relevant in the context of current world order where Russia supports the enemies of thy enemy, putting the incident into a larger political movement and thus notable (IMO). It could take time for someone to develop this material into something meaningful, but it might never happen if the raw source material is deleted too soon. -- Green  C  16:26, 25 December 2014 (UTC)


 * With regard to American reactions, it is unclear why some American reactions are included in the Reaction section, and some elsewhere. I think reactions by Sony and the US government should not be included here because they are covered in the rest of the article. (North Korean statements would not belong here either, but there aren't any here at the moment.)--Jack Upland (talk) 18:52, 4 January 2015 (UTC)

Please be aware of the American Propaganda Machine
The American Propaganda Machine is at it again. I am not saying that journalists are lying, this is a rare event. But the journalists are leading themselves to quickly by the FBI, the American Government, and their spindoctor spokepersons again. Please be mindful again. Let's have a good article right from the start, instead of a ignorant one. Given the history of the United States government, please be mindful of its claims. It's claims should have very insignificant weight. Very skilled, professional men are crafting lies, that are copied by journalists without much thinking. These men are very skilled psychologists, knowing every trick in the book. The destruction of the Saddam Hussein statue, was not spontaneous but artfully constructed, this was admitted afterwards. Very good for public relations, very bad for wikipedians. The media is on the side of the skeptics, let's use this opportunity and combat the spin doctor psychologists of the United States.

This is how skilled they are. This is what makes everyone enraged. Please don't be enraged. Fight the propaganda, fight the spindoctors. https://www.youtube.com/watch?v=LmfVs3WaE9Y --09I500 (talk) 12:10, 4 January 2015 (UTC)


 * Previous intelligence failures and success stories are wholly irrelevant to this incident. — TPX 13:01, 4 January 2015 (UTC)
 * Wikipedia is a summary from verifiable and reliable sources. United States agencies that are not verifiable nor reliable. --09I500 (talk) 16:04, 4 January 2015 (UTC)
 * Sorry, we treat US gov't agencies that are in a position to review Internet traffic of this nature as verifiable and reliable, to the extent they have claims NK is behind it. Our article assigns the blame on NK directly to the US Gov't and not stated as a fact so we are avoiding any issues if they might be wrong. --M ASEM (t) 16:38, 4 January 2015 (UTC)
 * I don't agree that the track record of American intelligence is "wholly irrelevant". Surely, the concept of reliability is based on experience. American intelligence brought us the WMDs, the Gulf of Tonkin incident etc.--Jack Upland (talk) 18:32, 4 January 2015 (UTC)
 * That's not how WP works. Mind you, we will be careful to not be accusing NK in WP's voice but make it clear the accusation is made by the FBI and that there are those that doubt it, but for all purposes, the US Gov't is going to be treated as a reliable source. --M ASEM (t) 23:25, 4 January 2015 (UTC)
 * Is the North Korean government a reliable source?--Jack Upland (talk) 18:14, 5 January 2015 (UTC)

First off, yes, I believe it is, as long as we report it the same as other government statements: by clarifying that "the North Korean government said/released a statement/whatever". Second, I don't see how the reliability of the government sources, at least in this case, should affect our presentation of the information. The US government claims that North Korea hacked Sony. North Korea says they didn't. Cybersecurity experts doubt the government's claims. That's all that matters. If the FBI or the US government are wrong, we're still safe. We're just reporting on what they said, not stating it as fact. If it turns out that North Korea lied and they did hack Sony, we're also safe. I'm honestly lost as to what this argument is even about at this point, because the reliability of the governments involved should not matter on how we report. Sock  ( tock talk)  18:20, 5 January 2015 (UTC)
 * Exactly. As long as, in WP's voice, we don't state "The hack was done by the North Korean government", but instead properly attribute it to the claimer, "The hack was done by the North Korean government according to the US FBI.", we don't need to question if any of the US, NK, or independent analysts are reliable, it is reliably sourced in major newspapers that this is what they stated. Omitting any of the three would be a bias problem, but we aren't doing that at all. --M ASEM (t) 18:30, 5 January 2015 (UTC)
 * I think we need to maintain the tension. Otherwise this article will be dominated by a long series of "The FBI said...". It's quite obvious that some editors are itching to delete anything that doesn't fit with the official US position.--Jack Upland (talk) 20:26, 7 January 2015 (UTC)
 * We're avoiding fringe theories. The statements by the independent security assessment agents like from Norse are all good points to include - they are experts that recognize the attack as something else, so their view is fine. But we have to avoid random conspiracy theory type points (Which is what some on this talk page, stating that the FBI is trying to cover up for something or the like) we can't include. --M ASEM (t) 20:33, 7 January 2015 (UTC)
 * Well, I think the FBI investigation is troubling because they announced North Korea was guilty from the outset.--Jack Upland (talk) 23:28, 7 January 2015 (UTC)

Is Wikipedia Taking Up a Cause Here?
All this talk about the America Propaganda Machine, and doubting the FBI as a matter of course, and the assumption of unreliability, seems to be driving the kind of narrative in this article that Wikipedia does not want. The four most essential points of view -- Sony, the hackers themselves, the U.S. government, and the North Korean government -- are all we need to keep this article nice and tight and highly informative. On one hand, Sony and the U.S. government (including the FBI) are stating their side of the story more and more forcefully. On the other hand, very little is coming from the hackers or North Korea, whether to take responsibility or to support a denial. Everybody else is just on the sidelines with access to far less evidence than the 4 stakeholders involved. If some of these folks on the sidelines disagree with the FBI's findings, they have a right to do that but I don't see how they are affecting anything. Before we give the opinion makers a central voice in this article, shouldn't we evaluate their true power and influence? And just to be fair, shouldn't we be listing all the other experts that go along with the FBI's conclusions? I say let's wait for the hackers and North Korea to speak for themselves, and meanwhile we can make a passing reference to the fact that some experts on the sidelines are struggling to explain the Sony hack with limited access to facts. Cybersecurityczar (talk) 15:10, 8 January 2015 (UTC)
 * No, the article is fine. We've got the FBI claims which are of both technical and political interest. We have several statements from NK's gov't denying the claim as well as asserting that the US is trying to bully them, and we have the opinions of other security experts as well as political pundants that doubt the NK connection. Once we're past the details of the hack and information, the central story is the FBI's claims and how they are being responded to, so that is the proper centerpiece of the article from that point. It's not weighting to give the FBI's claim any validity - we're careful to state that this is all their claims and not yet proven - but simply due to the FBI's detailed assessment they've given that they have a bit more space. NK arguably has not given much actual analysis beyond calling back against the US for this. --M ASEM (t) 15:57, 8 January 2015 (UTC)
 * I respectfully disagree. The article is veering into advocacy. This is not allowed on Wikipedia. Speculator disagreements are not the proper centerpiece. What they say has no impact on key actions. Nobody is chanting in the streets for the sanctions to be lifted. The article doesn't even describe the sanctions. It's lopsided. To keep this article on track, it should be about crime and punishment, not self-doubt every step of the way. Cybersecurityczar (talk) 19:46, 8 January 2015 (UTC)
 * We mirror what the sources say, and the sources have focused on the areas that have been pointed out. We can't change that view. --M ASEM  (t) 19:56, 8 January 2015 (UTC)
 * I'm confused as to where your issue is. Masem addressed all of your points very well. This article is far from advocacy. Seeing as the FBI has actually asked for opinions from these "speculators", how are their opinions irrelevant? People with extensive experience in cybersecurity are saying that Sony is probably wrong, and we're reporting that they believe that, not that it's true. Verifiability, not truth, as the old saying goes. Their opinions are verifiable, North Korea committing the hack is not, so we state what IS verifiable: that the FBI claims they did it, and that experts disagree. Since several noteworthy companies and individuals have said it, we report it. It's noteworthy information in the event. And this should not be about crime and punishment, it should be about the hacking of Sony Pictures Entertainment, like the title suggests. All of this information is completely relevant to that subject and that title. We are simply reporting the information we have. If the FBI unleashes all of its evidence about NK, and the experts change their opinions, that'll go in too. Sock   ( tock talk)  19:58, 8 January 2015 (UTC)
 * Of course opinions are verifiable, but in this case they are nothing more. The experts' opinions have not amounted to anything (i.e., lifting the new sanctions). By contrast, when Obama and others expressed their opinion about the industry's apprehension, that brought about a change -- the movie was released. These computer experts' opinions brought about nothing. If and when they do, that will be worth including. But right now, it's "three experts, four opinions." Are we committing ourselves to preserving each and every speculation regardless of how things develop? Cybersecurityczar (talk) 06:07, 9 January 2015 (UTC)

I think 2 voices have undue weight in this area. The first is hacker Hector Xavier Monsegur who "explained to CBS News that exfiltrating one or one hundred terabytes of data would have taken months or years, not weeks, "without anyone noticing"." He seems to be arguing with himself in this sentence. The FBI are well aware that the hack comprised two stages. Systems were breached and data was copied before the hackers returned and uploaded wiper malware. His inclusion implies the FBI themselves have suggested the hack was short and quick affair, possibly lasting a few short days, which is simply not the case. So I wish either to see him removed entirely or alternatively we must expand our article to make it clear he is attacking a bogus argument of his own making. The second is Kurt Stammberger from security firm Norse, who prefers to believe a stranger who contacted him over the internet (anonymously) asserting the hack was an inside job. His claim is repeated by a large number of reliable sources, so we must accommodate him, but I think the FBI's rejection of his hypothesis should be afforded more weight than his wildly speculative claims. Stammberger gets a whole paragraph and space in the lede while the FBI's response is relegated to a few words tacked-on at the end. — TPX 11:25, 9 January 2015 (UTC)
 * Except that the FBI's version of events have several paragraphs (arguably appropriate, due to the fact they have all the evidence to evaluate before them, compared to others); the fact the FBI dismisses Stammberger in just a sentence is about how much the FBI's response to Stammberger in the press sources give - they make little comment beyond "No, we think our theory is right". The thing is, there are both politic and technical reasons people have thrown doubt at the FBI's claim, and thus expressing that doubt as reported by sources is just fine. There's really no weight problem at this present time. At some point, this will hopefully be a resolved situation, and we'll adjust the "right" answer appropriately, but for now, this is completely fine considering what has been reported on NK's involvement. --M ASEM  (t) 16:18, 9 January 2015 (UTC)

National Security Agency (NSA)
It is now confirmed that the NSA played a key role in the investigation to determine who hacked Sony Pictures. I'm leaving this news story here for reference. I intend to expand our article at a later point in time. — TPX 21:56, 9 January 2015 (UTC)
 * Added this (but with a better RS that has the same point about NSA's involvement). --M ASEM (t) 22:02, 9 January 2015 (UTC)

Money, Bitcoins
Any information about the hackers demanding money, including bitcoins?--Jack Upland (talk) 09:39, 30 December 2014 (UTC)
 * Obviously, that needs to be censored by the protocol drones who have taken over Wikipedia.--Jack Upland (talk) 09:09, 24 January 2015 (UTC)

Events in North Korea
Yesterday someone removed the following paragraph:
 * North Korea issued a statement on December 27 denouncing the US and Obama for the screening of the movie, and said that Obama "always goes reckless in words and deeds like a monkey in a tropical forest." This was after North Korea suffered a several lack of Internet service on December 22. The US declined to comment on whether it was involved. Another Internet outage occurred later on the 27th.

This is an important part of this story! Eric Kvaalen (talk) 09:51, 30 December 2014 (UTC)
 * Info has been added. Thank you, ! We'd added the info to the article for The Interview, but I guess it never got put here. Sock   ( tock talk)  12:40, 30 December 2014 (UTC)


 * It's not very important. North Korea says a lot of things. It also complained about the James Bond film, Die Another Day. You have a goldfish memory.--Jack Upland (talk) 05:40, 1 January 2015 (UTC)
 * That's like saying the opinion of the FBI is unimportant because they sent a letter to Martin Luther King that "he is a complete fraud, and a liability to all of us Negroes", trying to make King kill himself. --09I500 (talk) 11:43, 4 January 2015 (UTC)
 * Except that King was then assassinated. In this case, there is no evidence that the DPRK has been doing anything other than spitting out its usual defensive rhetoric.--Jack Upland (talk) 20:28, 7 January 2015 (UTC)
 * Arguably, the FBI has stated today that they have confirmed that the attacks came from IP addressed tied to NK, and because NK's internet is tightly controlled, it is unlikely a third party. They can be wrong, yes, but this is the FBI and with accusations towards a major power, they're likely going to have triple checked their findings before instigating what could be a major world problem. --M ASEM (t) 20:31, 7 January 2015 (UTC)
 * Just like the American securicracy tripled checked the WMD accusations before attacking Iraq. Just like the FBI triple checked the blackmail letters it sent to Martin Luther King. Just like George W Bush's re-election was triple checked by independent and intelligent scrutineers. Just like the everything else about the USA. Wikipedia is not some American newspaper. The rest of us don't take you and your government that seriously.--Jack Upland (talk) 09:20, 24 January 2015 (UTC)

Points to expand
There are some crucial points that need fleshing out in this article.

1.After the intruders had finished copying private information, they uploaded 'wiper' malware that left hundreds of internal computers inoperable (no small point).

2.The operatives responsible for the destruction are known to have employed near identical malware on South Korean financial institutions. They are also believed to be responsible for DDoS attacks against the White House and the Pentagon. 

3.The assessment of the US intelligence community is corroborated by other independent computer security analysts. For example, "CrowdStrike has been tracking the actor behind these attacks under the cryptonym of Silent Chollima and has deemed them responsible for intrusions dating back to 2006. The vast majority of these attacks have been conducted against South Korea, including intrusions into their government and military systems to steal sensitive information, as well as destructive attacks against their financial and media sectors. [...] This event however is the first time we have observed them launching a data destructive attack against a U.S.-based organization." We have an entire section devoted to 'doubts' but not a single word from security firms whose observations accord with the FBI. — TPX 22:06, 3 January 2015 (UTC)


 * Well, please add it in ASAP. The crumbling American Empire needs all the support it can get.--Jack Upland (talk) 06:41, 4 January 2015 (UTC)
 * To be honest, it seems that people are using this article to articulate some anti-US agenda. I'm going to insist that people maintain high standards and read the sources properly before adding them to the article. — TPX 16:42, 4 January 2015 (UTC)
 * That's such a warped perspective. Just because some foreigner (or American) disagrees with you doesn't prove an anti-US agenda. This is very much an American story. I certainly can't believe that North Korea cares much about Angelina Jolie.--Jack Upland (talk) 09:29, 24 January 2015 (UTC)

Shenyang IPs
The fact that the hacker IPs geolocate to North Korean businesses in China seems like big news, but it's buried in paragraph 32 of the New York Times story. After all the stories in recent years claiming that China is dissociating itself from North Korea, it turns out that Beijing still pulls the strings of the puppet state. This was never about some idiotic Rogen-Franco comedy. This was about retaliating for the indictments unsealed in May. NotUnusual (talk) 22:57, 19 January 2015 (UTC)
 * The NYTimes piece does not imply China with any involvement - it states the NK businesses there are the source of the IP addresses. It would be OR to make that assertion that China is involved at all. --M ASEM (t) 23:05, 19 January 2015 (UTC)
 * I'm sure Beijing was as surprised as anyone. I expect they'll be cleaning out the rat's nest in Shenyang and sending the North Koreans packing anytime now. NotUnusual (talk) 23:19, 19 January 2015 (UTC)
 * I'm not sure that the IPs are so meaningful. Competent hackers can cover their trails. There's way too much speculation on this and very few hard facts.--Jack Upland (talk) 00:34, 20 January 2015 (UTC)
 * I am sure that if there is concern that using geo-based IP addresses is not fully revealing, we'll have some security experts be able to discuss that. --M ASEM (t) 02:50, 20 January 2015 (UTC)
 * Except that this "fact" was described as "buried". I don't think Wikipedia should break "big news".--Jack Upland (talk) 09:31, 24 January 2015 (UTC)
 * It's buried in this article as well. NotUnusual (talk) 11:59, 24 January 2015 (UTC)

NSA hacked and monitoring North Korea and China system since 2010
REVEALED: White House was certain North Korea was behind Sony attack because NSA had been hacking and monitoring the country's networks since 2010 Read more: http://www.dailymail.co.uk/news/article-2916234/White-House-certain-North-Korea-Sony-attack-NSA-hacking-monitoring-country-s-networks-2010-didn-t-prevent-it.html#ixzz3RjNSf7vm

NSA admitted they have been hacking chinese netwroks since 2010 and monitor and spread malware to north korea's computers also with the same logic, wouldn't it be entirely feasible for the US to have used North Korea's computers to launch the attack? Since 2010 USA has accused china and north korea hacking computers networks worldwide..it turns out, the NSA has been using the computers in china and north korea to launch an attack against anyone around the world! — Preceding unsigned comment added by 118.136.5.4 (talk) 14:57, 14 February 2015 (UTC)
 * We do have a statement in there already about how NSA had done such hacking prior and how that allowed them to figure out where the attacks were coming from, but we cannot make the supposition that the NSA or other entities launched the attack from that false front. --M ASEM (t) 15:09, 14 February 2015 (UTC)


 * More assertions from dubious US sources. By definition, the NSA is a deceptive agency. Of course, the article is no place to spin conspiracy theories. It should just include what is widely reported, without taking sides.--Jack Upland (talk) 03:10, 15 February 2015 (UTC)

Sony Emails ordering edits to Wikipedia
Do not include this, at least not yet. So far there is exactly ONE minor source covering this. It is frowned upon to drag Wikipedia into the article without clear due weight justification.
 * In April 2015 e-mails were exposed showing Sony directing edits to Wikipedia articles about Sony and Sony executives, without disclosing their conflict of interest.
 * We actually caught this story first and have much more details in this Wikipedia Signpost special report. Signpost is not a usable source, I'm only linking it for background info. One of the emails mentions it's not an easy task because several times our changes are instantly changed back by the Wikipedia editors. Chuckle. Alsee (talk) 04:04, 6 May 2015 (UTC)
 * I wouldn't include it here, but it would possibly be over at Wikipedia in culture if there was a better source. We don't want include Wikipedia navel gazing in any topic unless it is important to establish that. --M ASEM (t) 05:16, 6 May 2015 (UTC)