Post on 15-Apr-2017
Whodunit?The mechanics of a!ack a!ribution
DISCLAIMER
This talk contains general information about legal ma!ers. The information is not advice, and should not be treated as such.
The legal information in this talk is provided “as is” without any representations or warranties, express or implied. Mark Nunnikhoven makes no representations or warranties in relation to the legal information in this talk.
Without prejudice to the generality of the foregoing paragraph, Mark Nunnikhoven does not warrant that: the legal information in this talk will be constantly available, or available at all; or the legal information in this talk is complete, true, accurate, up-to-date, or non-misleading.
You must not rely on the information in this talk as an alternative to legal advice from your a!orney or other professional legal services provider.
If you have any specific questions about any legal ma!er you should consult your a!orney or other professional legal services provider.
You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this talk.
Nothing in this legal disclaimer will limit any of our liabilities in any way that is not permi!ed under applicable law, or exclude any of our liabilities that may not be excluded under applicable law.
IANAL(I am not a lawyer)
Mark Nunnikhoven Sr. Research Scientist @marknca
Date Event
21-Nov Sony CEO Michael Lynton warned in anonymous email to “behave wisely”
24-Nov Story of a hack at Sony Pictures Entertainment leaks
25-Nov 5 unreleased movies show up online (Fury, Annie, Mr. Turner, Still Alice and To Write Love On Her Arms)
01-Dec PII published, FBI starts investigation
02-Dec Passwords, security certificates, marketing materials leaked online
04-Dec Passwords, security certificates, marketing materials leaked online
07-Dec Kevin Mandia email to Sony, “This a!ack is unprecedented in nature"
08-Dec More leaked data, first direct mention of…
Date Event
08-Dec More leaked data, first direct mention of…
11-Dec Gawker breaks story mentioning previous a!ack in February, 2014
13-Dec More leaked data, promise of more as a “Christmas present”
14-Dec Sony’s legal team threatens various media outlets
16-Dec Class action suit filed against Sony by former employees
16-Dec GoP issues threat to movie theatres & goers
17-Dec Sony cancels release a"er theatres raise concerns
18-Dec US o#cials “confirm” North Korean involvement
19-Dec FBI issues formal statement assigning a!ribution to North Korea
http://www.dailymail.co.uk/news/article-2880880/FBI-conclusively-links-North-Korea-Sony-hack.html
Watch the video online
Date Event
19-Dec FBI issues formal statement assigning a!ribution to North Korea
20-Dec North Korea denies involvement, o$ers “joint investigation”
http://www.theguardian.com/us-news/2014/dec/21/obama-us-north-korea-state-terror-list-sony-hack
Watch the video online
Date Event
20-Dec North Korea denies involvement, o$ers “joint investigation”
21-DecNorth Korea threatens “the White House, the Pentagon and the whole U.S. mainland"
22-Dec US government calls on North Korea to compensate Sony
22-DecState Department says there is “no specific credible threat information that lends credence” to North Korea’s threat
22-Dec North Korea bows out of UN Security Council meeting on human rights record
23-Dec Sony recants and decides to release movie to theatres
24-Dec“The Interview” is released in digital channels. Earns $31 million by 06-Jan-2015
I, BARACK OBAMA, President of the United States of America, find that the provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014…
*emphasis added
http://www.foxnews.com/politics/2015/01/07/fbi-director-reveals-new-evidence-linking-n-korea-to-sony-hack-answers-skeptics/
Watch the video online
Relevant
Authentic
Hearsay
Acceptable as a copy
Is it?
“An IP known to be associated with North Korean activity”Statement #1
“NSA activity verified the actions were taken by North Korea”Statement #2
“An IP known to be associated with North Korean activity”Statement #1
SECTION 31
Definitions 31. (1) In this section,
“corporation” « personne morale »“corporation” means any bank, including the Bank of Canada and the Business Development Bank of Canada, any authorized foreign bank within the meaning of section 2 of the Bank Act and each of the following carrying on business in Canada, namely, every railway, express, telegraph and telephone company (except a street railway and tramway company), insurance company or society, trust company and loan company; “government”« gouvernement »“government” means the government of Canada or of any province and includes any department, commission, board or branch of any such government; “photographic film” « pellicule photographique »“photographic film” includes any photographic plate, microphotographic film and photostatic negative.
Marginal note: When print admissible in evidence (2) A print, whether enlarged or not, from any photographic film of
h!p://laws-lois.justice.gc.ca/eng/acts/c-5/
which, (a) contains computer programs or other data; and (b) pursuant to computer programs, performs logic and control, and may perform any other function. “data” « données » “data” means representations of information or of concepts, in any form. “electronic document” « document électronique » “electronic document” means data that is recorded or stored on any medium in or by a computer system or other similar device and that can be read or perceived by a person or a computer system or other similar device. It includes a display, printout or other output of that data. “electronic documents system” « système d’archivage électronique » “electronic documents system” includes a computer system or other similar device by or in which data is recorded or stored and any procedures related to the recording or storage of electronic documents. “secure electronic signature” « signature électronique sécurisée » “secure electronic signature” means a secure electronic signature as defined in subsection 31(1) of the Personal Information Protection and Electronic Documents Act. 2000, c. 5, s. 56.
h!p://laws-lois.justice.gc.ca/eng/acts/c-5/
h!p://laws-lois.justice.gc.ca/eng/acts/c-5/
In plain-ish english:
You have to prove the evidence is authentic(31.1) and that
hasn’t been changed(31.2). That the system that generated it
was running “properly” or at least it’s operation didn’t a$ect
the integrity of the evidence(31.3). The evidence must have
been stored as part of ordinary operations and not at the
request of the parties introducing it.
?
Year 2010 2011 2012 2013 2014Jail Time (years) 40 26 19.8 38 31.5
Name Sentence (Rank)
Christopher Sco! 7 years (#8)
Kenneth Lucas II 11 years (#5)
Christopher Chaney 10 years (#6)
Jeremy Hammond 10 years (#6)
David Ray Camez 20 years (#1)
Max Ray Vision|Butler 13 years (#4)
Nichole Michelle Merzi 5 years (#10)
Rasmuz Frisenholt 400 hours service (#30)
Adrian-Tiberiu Oprea 15 years (#3)
Nicholas Knight 90 days service (#29)
Albert Gonzalez 20 years (#1)
James Je$ery 2.5 years (#14)
Iulian Dolan 7 years (#8)
Go!frid Svartholm 3.5 years (#12)
American Young O$ender 6 year probation (#23)
Lewys Martin 2 years (#16)
Cameron Lacroix 4 years (#11)
Ryan Cleary 2 years, 8 months (#13)
Ki! Willians 1 year service (#26)
Sigurður Ingi Þórðarson 2 years (#16)
Ryan Ackroyd 2.5 years (#14)
Canadian Young O$ender 18 months probation (#27)
Daniel Trenton Krueger 2 years (#16)
Jake Davis 2 years (#16)
Cody Kretsinger 1 year (#21)
Freya Newman 2 year probation (#24)
Mustafa Al-Bassam 20 months probation (#25)
Ma!hew Weaver 1 year (#21)
Christopher Weatherhead 1.5 years (#20)
Ashley Rhodes 7 months (#28)
Notable Cybercrime Convictions (Global)
0
10
20
30
40
2010 2011 2012 2013 2014
Jail Time (Years) Convictions
Number of Cybercrime A!acks vs. Convictions (Global)
0
8
15
23
30
2010 2011 2012 2013 2014
Attacks (Billions) Convictions
Number of Cybercrime A!acks vs. Convictions (Global)
0
8
15
23
30
2010 2011 2012 2013 2014
Attacks (Billions) Convictions
Number of Cybercrime A!acks vs. Convictions (Global)
0
8
15
23
30
2010 2011 2012 2013 2014
Attacks (Billions) Convictions
Gap of hopelessness
1 in 2.7 billion
2
5942921875= billions of a!acks[9.2 + 12.3 + 16.4 + 21.9 + 29.2] / convictions[30] + billions of a!acks
Rough odds of being convicted of a cybercrime[2010—2014]
DISCLAIMER
This talk contains general information about legal ma!ers. The information is not advice, and should not be treated as such.
The legal information in this talk is provided “as is” without any representations or warranties, express or implied. Mark Nunnikhoven makes no representations or warranties in relation to the legal information in this talk.
Without prejudice to the generality of the foregoing paragraph, Mark Nunnikhoven does not warrant that: the legal information in this talk will be constantly available, or available at all; or the legal information in this talk is complete, true, accurate, up-to-date, or non-misleading.
You must not rely on the information in this talk as an alternative to legal advice from your a!orney or other professional legal services provider.
If you have any specific questions about any legal ma!er you should consult your a!orney or other professional legal services provider.
You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this talk.
Nothing in this legal disclaimer will limit any of our liabilities in any way that is not permi!ed under applicable law, or exclude any of our liabilities that may not be excluded under applicable law.
IANAL(I am not a lawyer)
“CSI” DEPTH
by @misbehave
by @jdhancock
Random | Targeted | No hopeActor Type
THANK YOU@marknca