Sony hacker language

« previous post | next post »

Everybody is in a tizzy over the hacking of Sony Pictures.  Most people assume that North Korea was behind the hacking, which caused Sony Pictures to withdraw "The Interview" shortly before it was supposed to open in theaters.

Some of the coverage: "U.S. Intelligence Connects North Korea to Sony Hack: Reports", Newsweek 12/17/14; "A Look At North Korea's Cyberwar Capabilities", Huffington Post 12/18/14; "Obama May Have Forced Sony To Release 'The Interview'", Business Insider12/20/14.


Kevin McCready surmises that the hacker threat was

…written by someone who has strong command of English but is pretending they don't. In particular it would be interesting to see if grammatical errors conform to those a Korean might make.

[VHM:  also consider lexical and other types of errors]

Here's the initial hacking message from Variety ("Sony Hackers Threaten 9/11 Attack on Movie Theaters That Screen ‘The Interview’", 12/16/14):

We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.
Soon all the world will see what an awful movie Sony Pictures Entertainment has made.
The world will be full of fear.
Remember the 11th of September 2001.
We recommend you to keep yourself distant from the places at that time.
(If your house is nearby, you’d better leave.)
Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.
All the world will denounce the SONY.

And here are some follow-up remarks by the hacker(s) after Sony backed down — "Sony Hackers Gloat over Studio Pulling Plug on ‘The Interview’: Report", 12/19/14:

The cyber-terrorists behind the attack on Sony Pictures Entertainment sent a message to studio execs late Thursday giving them kudos for the “very wise” decision to not release the “The Interview” in any format, according to a report.

“Now we want you never let the movie released, distributed or leaked in any form of, for instance, DVD or piracy,” the hackers said in a message sent to Sony brass, CNN reported Friday.

The missive, from the group calling itself “Guardians of Peace,” also implied that additional data leaks would stop now that Sony has dropped plans to distribute the film, originally slated for Dec. 25 theatrical debut. The hackers warned the studio in the email that “we still have your private and sensitive data” and said they will “ensure the security of your data unless you make additional trouble,” per CNN.

The hacker message is effectively a victory lap, telling the studio, "Now we want you never let the movie released, distributed or leaked in any form of, for instance, DVD or piracy."

The message also says, "And we want everything related to the movie, including its trailers, as well as its full version down from any website hosting them immediately."

It warns the studio executives that "we still have your private and sensitive data" and claims that they will "ensure the security of your data unless you make additional trouble."

The email was titled "Message from GOP." The anonymous hackers have called themselves "Guardians of Peace."

Taking up Kevin's suggestions, would those who are familiar with Korean look at the hacker's English and see if they detect any traces of Korean influence?  I would go one step further and request that all Language Log readers who are interested analyze the errors and infelicities of the hacker's language to see whether there is any evidence of influence from some other language or, indeed, whether the errors are intentional and  committed by a native speaker of English masquerading as a nonnative.



27 Comments

  1. foreign expert said,

    December 21, 2014 @ 9:55 am

    Soon all the world will see what an awful movie Sony Pictures Entertainment has made.
    This sentence could not have been written by the guy who wrote the first sentence,unless he was faking it in the first one.

  2. Yerushalmi said,

    December 21, 2014 @ 9:57 am

    The only contribution I can make is to verify that the grammatical errors are not those of a native Hebrew speaker.

  3. Shlomo Argamon said,

    December 21, 2014 @ 10:04 am

    My quick look: Although there are a few features that could be indicative of a native Korean speaker, such as the verb-final clause "….should be doomed to", the use of "called" for "called for", and inconsistent "the" use, there are many more instances of normal English SVO ordering, no cases of deleted copulas, correct spelling (without Cupertinos), and correct use of the indefinite article. The balance of evidence would thus indeed suggest someone with excellent English skills inserting some deliberate errors, though ones generally consistent with Korean, which suggests knowledge of the language.

    There are a couple of caveats for any such analysis, however. First, the amount of text here is quite small, so it's hard to see consistency for any patterns. Second, we would usually expect someone faking bad language skills to insert more errors, and also to put in spelling "mistakes".

    And a disclaimer: I don't know Korean, and am working from grammar references.

  4. tpr said,

    December 21, 2014 @ 10:26 am

    @Shlomo Argamon

    we would usually expect someone faking bad language skills to insert more errors, and also to put in spelling "mistakes".

    Shouldn't we also expect people with a genuinely poor understanding of English grammar to have less than perfect spelling?

    It looks like an automated translation to me. The accuracy of the spelling and incidence of idioms and contractions like "you'd" are higher than what I'd expect of someone with apparently poor understanding of English grammar. Though it is possible that it was originally written in English, auto-translated to Korean and then back translated to English in the hope of creating a more authentically Korean set of errors. Incidentally, if an online translation tool like Google Translate was used, there may well be a digital trail leading back to the IP of the computer that requested the translation.

    The hack was apparently carried out from a hotel in Bangkok, so it might also be worth looking at whether the errors are typical of Thai to English translation (manual or automatic).

  5. Victor Mair said,

    December 21, 2014 @ 11:30 am

    @foreign expert

    I quite agree with you. That second sentence is too good to be true — in the context of all the other messed up sentences. It as though they forgot to tamper with it. In other words, the overall quality of the initial hack suggests that it was originally written in proper English, but then someone went through and changed things arbitrarily, crudely, and inconsistently, overlooking the second sentence, which remained perfect. If we accept this as their modus operandi, I doubt that we will be able to detect influence from any particular foreign language.

  6. Tom H. C. Anderson said,

    December 21, 2014 @ 12:30 pm

    Or maybe they just used Google Translate…

  7. Shlomo Argamon said,

    December 21, 2014 @ 1:05 pm

    Looks like the machine translation hypothesis has a lot to recommend it. Here are automatic translations from a (grammatically correct) Hebrew translation of the text – the quality is similar (at least Google's is, Bing's Hebrew is a bit spotty):

    Google:
    We show you clearly how anyone looking for a fun-terrorism should be condemned to a fate, exactly when and where you can see "The Interview", including supremacy.
    Soon the whole world will see what a terrible film made Sony Pictures Entertainment.
    The world will fear.
    Remember September 11, 2001.
    We encourage you to keep yourself away from these places at the same time.
    (If your home is nearby, it is better to leave it.)
    Whatever happens in the coming days is due to the greed of Sony Pictures Entertainment.
    The whole world denounce the SONY.

    Bing:
    We have very clearly how anyone looking for fun in terrorism should be condemned in Doom, exactly when and where you can see "The Interview", including chortha.
    Soon the whole world will see this movie really made Sony Pictures Entertainment.
    The world is filled with fear.
    Remembering September 11, 2001.
    We recommend that you keep yourself away from these places at the same time.
    (If your home is near, better leave it.)
    Whatever happens in the next few days is due to the avarice of Sony Pictures Entertainment.
    SONY iukia world.

    My Hebrew original:
    אנו נציג לכם בבירור איך מי שמחפש כיף בטרור צריך להיות נידונים בגורל מר, בדיוק בזמן ובמקומות שתוכלו לראות "The Interview", כולל בכורתה.
    בקרוב כל העולם יראה איזה סרט נורא עשה Sony Pictures Entertainment.
    העולם ימלא בפחד.
    זכור 11 ספטמבר 2001.
    אנו ממליצים לך לשמור על עצמך רחוק מהמקומות האלו באותו הזמן.
    (אם ביתך נמצא בקרבת מקום, מוטב שתעזוב אותה.)
    כל מה שיקרה בימים הקרובים הוא עקב תאוות הבצע של Sony Pictures Entertainment.
    כל העולם יוקיע את SONY.

  8. KWillets said,

    December 21, 2014 @ 1:35 pm

    Compared to this KCNA release the only grammatical error I can see in common is the use of "the SONY", but the above message also uses "Sony Pictures Entertainment" correctly in two places.

    I assume the hackers must have some English proficiency in order to read technical documents as well as their target's emails, etc.

  9. Jean-Michel said,

    December 21, 2014 @ 3:55 pm

    Another interesting linguistic note about the hack is that the readme accompanying the group's first data dump (which is in more-or-less flawless Engilsh, but there's only two sentences) reads as follows:

    These two files are the lists of secret data we have acquired from SPE.

    Anyone who needs the data, send an email titled ¡¶To the Guardians of Peace¡· to the following email addresses.

    Four characters appear as garbage text under most encodings, but display as follows using GBK (Simplified Chinese) or EUC-KR (Korean):

    Anyone who needs the data, send an email titled 《To the Guardians of Peace》 to the following email addresses.

    Simplified Chinese uses guillemets for the titles of books, movies and so forth—in fact in Chinese they're called 书名号 "book-title symbol"—but I'm not sure about the titles of emails. Googling suggests English-style quotes are used for this purpose. Guillemets are occasionally used for titles in South Korea, but other types of brackets seem to be more common, primarily single angle brackets. I don't know what they'd use for an email title, but guillemets seems very unlikely. North Korean uses guillemets and doesn't appear to use English-style quotation marks at all; this KCNA article, for example, uses guillemets for quotations. I don't know if they'd use guillemets for the title of an email, but North Koreans definitely seem to make more use of those symbols than either South Koreans or mainland Chinese.

    EUC-KR employs a South Korean standard (KS X) and this has led some commentators to claim this disproves a North Korean connection, as it's supposedly "banned" in the north. However, some cursory googling suggests that EUC-KR is also used in the north, and may in fact be more popular than their homegrown KPS character set. I certainly wouldn't expect North Korean hackers to use KPS if they were operating outside of North Korea, which is quite likely given what we know of the north's cyber-warfare apparatus.

    Of course it's easy to change the encoding of a document, and the guillemets may have been another attempt to throw us off the trail. One would also think someone proficient enough in English to write a sentence like "These two files are the lists of secret data we have acquired from SPE" would know that English doesn't use guillemets. But if they're faking it they seem to have done their research, at least where punctuation is concerned.

  10. Jongseong Park said,

    December 21, 2014 @ 6:33 pm

    I'm a native speaker of Korean, and I think the message looks a lot like it could have been produced by native Korean speakers. Case in point:

    "Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment."

    Here, "is called by" is a transparent calque of the construction -이/가 부른 것이다 i/ga bureun geot-ida in Korean, meaning "to be brought on by".

    Some people seem to be saying that "Soon all the world will see what an awful movie Sony Pictures Entertainment has made" seems to be too good to have been produced by the same writer of some of the other lines, but this sort of expression ("all the world will see") would not be out of place in Korean either.

  11. Jongseong Park said,

    December 21, 2014 @ 7:11 pm

    A word of caution to those not familiar with Korean: Because of basic word order differences between Korean (SOV) and English (SVO) and the agglutinative nature of Korean, translating sentences from Korean to English is never about simple word-to-word conversions. So catching errors produced in English by a native Korean speaker who has reached at least the minimal level of forming readable sentences in English will not be like catching the errors produced by a native speaker of a language with a similar word order to English, like French or German, who may get away largely with doing simple word substitutions. A French or German speaker who follows the native word order will occasionally produce errors in English when the word orders don't match up exactly. But any native Korean speaker who learns to put together English sentences knows that word order has to be changed in virtually all cases. There is simply no lazy recourse of falling back to Korean word order, because it's a completely different system (not just the SOV vs SVO, but consider also that the particles that make up Korean's agglutinative structure are effectively postpositions, vs prepositions in English). So for instance, it's entirely the wrong thing to expect to see SOV word order as a mistake made by a native Korean speaker who has at least a basic command of English.

    Taking any KCNA release in Korean and feeding it into your favourite machine translation website should put to rest any notion that machine translation may be involved. Current technology still isn't sophisticated enough to produce anything resembling readable translations from Korean to English. With North Korean text there is the additional difficulty of orthographical and lexical differences between the North and the South, as machine translation engines have probably been trained only on South Korean corpi.

  12. maidhc said,

    December 22, 2014 @ 11:18 pm

    This article

    http://gawker.com/a-lot-of-smart-people-think-north-korea-didnt-hack-sony-1672899940

    says that an email from one of the hacker address contained "모든 영광스러운 김정은 우박", which appears to be a poor machine translation.

  13. Kevin McCready said,

    December 23, 2014 @ 2:58 am

    Thanks for link maidhc.

    One of the comments on the link said, in part, "The repeated pronouns ("we" and "you" and "us") doesn't seem like how a Korean person would phrase it, because Korean pronouns are freighted with t/v distinction and honorifics that English doesn't capture. For that reason, my students circumlocuted those words when they could because they felt imprecise."

  14. Wally Khan said,

    December 23, 2014 @ 3:42 am

    I agree with Mr. Jongseong Park, who writes like an English teacher with a lot of experience with Korean students.

    I worked with over 7,500 Japanese and Koreans on their English. I lived in Tokyo 16 years, speak fluent Japanese, and lived and taught in Korea 2 years (Incheon and Suwon). Korean and Japanese are extremely similiar, especially on the syntax level. Student mistakes are quite similar, esp. with verbs (SOV vs. SVO) and articles. The "flow" of their sentences reflect their native language in English.

    I believe Hashtag GOP was North Korea, and the people having a problem believing that, also have a problem coming up with experts with a solid track record in the region. I can buy an insider at Sony starting the ball rolling, but I don't buy that insider becoming an instant North Korea expert to this extent, able to fake "correctly" all those wonderful Korean and Japanese English mistakes the community of NE Asian English teachers knows so well. Mr. Park has flagged a lot of the tell tale signs.

    There are many more. "All the world will denounce the SONY." The Stalinist Class Struggle, World vs. "The Evil," titantic death matches, the WORLD will do this and that – that style SCREAMS north korea. Ask yourself, how does Occupy and Anonymous refer to their declared enemy? Does it sound like a Stalinist Opera with big bombastic drums? I encourage peopel to compare. Western Hackers would sound like Occupy, because that is the language they know for those situations. And if you think this style can be faked without being familiar with the regime, I encourage you to try. Careful – DOn't underestimage those foreign people. To get that North Korean Pompuos War Talk right you need to understand the native rythyms of Korean, which is quite apparent here.

    "the Sony"
    if I only had a nickle for every error like that i heard in Korea and Japan over 16 years… this problem with article usage is very particular to Japanese and Korean. Chinese English is quite different as Chinese is different. I had a whole lesson on THE, A and Plurals, I should get in touch with Hashtag and offer my services.

    I also think the author committed some simple student plagiarism that confuses some analysts –
    “Now we want you never let the movie released, distributed or leaked in any form of, for instance, DVD or piracy,”
    See how the sentence grammar is bad at the start, but suddenly becomes fluent? They obviously grabbed standard phrase from any TOS or copyright warning label. The big mistake is ED, ED or ED not linked right to the main verb. Tell Tale Sign. If I only had a nickel for every time I saw that mistake.

    I would buy a Japanese author of the text, but the pomposity of the style leans heavily towards North Korea. "written in a hotel in Thailand" is a big NK indicator. They use Thailand as a neutral third country for espionage activities, pretty standard stuff. North Korean agents probably spend more time shopping duty free, like Kim Jong Il's other son.

    Actually, I have been writing a comic character, Japanese young guy, who speaks just like Hastag GOP, so when I saw it, I actually laughed. I nailed it. I've been writing this character for a year. "Joey, why you go and do that? i want you never do that." "want you never" – yeah, this is Korean.

    Monoligual people are mesmerized by the possiblity of translation software, because they have not been in the position of needing (like me) and realizing it just pumps out a lot of unreadable nonsense. A machine can't fake a language user's habits that stem from their native language. That is why we have writers and poets (i.e. the experts)

    What I see is a huge consensus among Koreans and people with a long history in the region. The doubters are coming from the US, and tend not to know much about the region, language and the regime. Take a look at this thread for an example showing that clearly. I welcome any contrary examples. My theory? An insider got connected with NK agents somehow, and they took advantage of the situation without realizing the enormity of what they were doing. The insider might have just provided a password and a map of the Sony file infrastructure, and damage is done.

    The current regime is actually quite unstable and alienating China, which is very new for NK. It is very likely to so this kind of act. The recent purges in NK have been very brutal and show the regime is …. unstable. Watch how China floats to the US side of things. There are domestic reasons in NK for this attitude (Kim's regime put down the NK china orientated faction when they consolidated their power). I am sure that the Chinese got on the phone and said to the USA, "Yeah, that is them." That is a watershed in the region.

  15. Milan said,

    December 23, 2014 @ 6:04 am

    Machine translation has been mentioned a couple of times already, and if it is possible that the text is "fake" (i.e. produced by someone with a better command of English than they pretend to have), we should consider another possibility: their might have been an English original, translated into another language, possibly one for which machine translation is working quite well, and then translated back. This would definitely my approach to producing non-native seeming text in my native language. And as I understand the authors of the note are computer hackers, so the notion of using technology for that kind of task should be even less alien to them than to me.

  16. Nathan Myers said,

    December 23, 2014 @ 9:22 am

    I have not encountered this word "corpi" before. Is it in common use? I have seen "corpora" used in such contexts.

  17. KWillets said,

    December 23, 2014 @ 12:53 pm

    A long time ago I wrote the plural of corpus as corpi, and someone corrected me. I'm reassured to see another make the same mistake.

  18. Wentao said,

    December 23, 2014 @ 5:08 pm

    I have a feeling that linguistic analysis won't give us a definitive answer here, because any mistake (or lack thereof) can be explained either way. Maybe the hacker just happens to know how to say "what an awful movie" in good English, hence the perfect second sentence. It's likely because even the first sentence seems to be written by someone with more than beginning-level English. The same goes with the bombarding "style", because a western hacker can also do some research and imitate the pompous diction of NK broadcasters.

    @Nathan Myers
    Yes, the plural of corpus, corporis 3n. is corpora. These words are very deceptive – I once thought the plural of status was "stati"; it's actually statūs in Latin and statuses in English.

  19. maidhc said,

    December 23, 2014 @ 10:51 pm

    I think when questioning assumptions, one assumption that could be examined is that only a single group is responsible for all the activity. The early emails didn't mention North Korea or "The Interview" at all. It's possible that North Koreans joined in after another group started it off, for example. If you wanted to cause trouble for Sony, one approach would be to break in and then invite other hackers to join the party.

    Wally Khan: I don't know anything about Korean or Japanese, but I have dealt with a large number of Indians who speak English as a second language, and those exact same errors are very common with Indians. Also the bombastic language (just look at their films!).

    English is a rather peculiar language, and a lot of learners have difficulty with articles, verb tenses and so on, regardless of their native language.

  20. Jongseong Park said,

    December 24, 2014 @ 12:53 am

    Thanks, maidhc. "모든 영광스러운 김정은 우박", literally "all (adjective)" "glorious" "Kim Jong-un" "hail (as in meteorological phenomenon)", is precisely the kind of nonsense you get if you attempt machine translation on Korean (it looks like they fed in something like "All hail the glorious Kim Jong-un").

    I think it's likely that several groups or individuals are involved. It would be interesting to see a timeline for these language samples. The "모든 영광스러운 김정은 우박" seems to pre-date the "We will clearly show it to you" threat message that we've been discussing.

    And yes, "corpi" was a mental lapse on my part (now for all the world to see) as I was blanking on the plural for "corpus", which I knew had a commonly used plural that was not "corpuses".

    For the record, I'm not an English teacher and my first language is Korean. So I'm familiar with the struggles of a native speaker of Korean learning English more from the student's side rather than the teacher's.

  21. Wally Khan said,

    December 25, 2014 @ 3:14 am

    Good discussion! Here's what I think – The FSA and NSA and CIA need to fess up on at least some of what they know. The feel very powerful keeping it secret out of way too much caution, and now we have speculation from A to Z on the internet. I was in contact with a Korean friend in Seoul, about 35, and fairly ordinary. He was unsure about this because he has a huge mistrust of the media, and what the government tells us. I think this is what propells many in the USA. It's a very unhealthy situation, but it reflects the times and the majority.

    Watch China. They must be miffed at North Korea's new anti-China faction (led by Kim Jong Un), but they won't take action just because the USA wants to help out Sony without sharing intelligence. But if NK did have a hand in it, its a sweet opportunity for China to assert its dominance. I don't think the recent internet outage in NK was accidental – that is way too convenient. I don't think there was a fancy US cyber attack. US officials visited China several ago, NK internet runs through China.

    Also keep in mind we have a document from a defector that states that North Korea does have a secret cyber hacing department, with about 100 agents. This hack was within their capabilities
    if
    (1) they had an insider to help
    or
    (2) Sony had exceptionally poor security (they did).
    and
    (3) ask yourself – what alerted NK to Sony? I think the timeline check is a good idea. Check the messages over time. NK could have come into the show later.

    Pulled out of my ass theory – the (possible) insider had someone in their private life with a connection to NK, or knowledge of how to bring it to their attention, for $$$$$$$$$$$. If it is a NK spy affair, it almost always starts and ends there. NK agents are very unable to manage foreign country's well, due to NK isolation. That is why so many Korea experts were quick to Poo Poo the notion of theater bombs. They don't have that operational capability. Most times the regime is probably afraid if they send out spies they will defect (very common).

    I am completely unconvinced (reading other comments) that someone who was probably an accountant at Sony (or US hacker group) could fake the language and pompous tone this well. Maybe the tone, but not the grammar "style."I am a writer and artist (comics) and let me tell you, present company excluded, everyone thinks they could be a brilliant writer (and artist). It's easy, anyone can draw like Jack Kirby or Osamu, right? That's …. a very common perception. I have seen English teachers in Korea and Japan struggle for TWO years before beginning to fully understand how their students construct English.

    Think about this – how many times have seen hollywood films where the presentation of a foreign language sounds like a white monolingual guy wrote it? That's writing that costs millions, yet it still sounds fake most of the time. The only time they get it right is when they hire a language specialist of that region, which is only in the last ten years. And HIndi might be like Korean, so Hindi will laugh at my attempt to sound Hindi.

    Here is my attempt, deliberately trying to fake NK – (off the cuff)
    "Sony make trouble for people of world, we unite and crush you completely. You must do our instruction or we say secret to all the community about your many crime. We rise people to fight your pernicious power that oppresses all manner of individuals and shall be judged as war crimes before many countries, and that not plagerman english." (that is me, not NK)

    Now that is pretty good, or not good at all (you decide).
    QUESTION – What is the chance that someone with the requisite hacker skills also had the ability to fake the messages as well as me with 20 years in my ears to help me do it? This is what I do not find credible, but I am open to … I dunno, former korean english teacher is an accountant at Sony? Could happen, but doubtful.

    End of the day, Occums Razor,and FBI and NSA need to open up or they will just breed more suspicion.

  22. John Cronan said,

    December 25, 2014 @ 3:37 am

    The email containing "모든 영광스러운 김정은 우박" was sent from a spambog.com email address, which means that literally anyone can log into the account, without a password, and send an email. These are intended as throwaway email addresses.

  23. Victor Mair said,

    December 25, 2014 @ 9:24 am

    The Interview Becomes Top Rated Movie on Chinese Site Douban

    http://www.chinasmack.com/2014/stories/the-interview-becomes-highest-rated-movie-on-chinese-site-douban.html#disqus_thread

    The Korean writing on the nuclear missiles in the background of the poster says: "War will begin" (jeonjaengeun sijaktoel keot ida).

    전쟁은 시작될 것이다

    Alternative romanizations:

    jeon-jaeng-eun si-jak-doel geon-ni-da (RR)
    chŏn-jaeng-ŭn shi-jak-toel gŏn-ni-da (MR)

  24. Franz Joseph said,

    December 25, 2014 @ 11:44 pm

    I'm a native German speaker – the GOP stuff is ~95% word by word translation of native or high skilled German, the grammar, phrases and sayings, just everything fits perfekty – if you translate it back to German just word by word with little corrections of adverb placing, it sounds like teacher or professional writer level (with minor english knowledge – very typical for central Europe)! But that doesn't nessecarily mean it's of German, Switzerland, Austrian, or other central, northern and eastern european language of the same cultural heritage and structure (if I was mean, I would suggest european-jewish heritage fit's best). I found some of the 'strange phrases' (weird English, but word by word German translation) with Google (the phrase fragment in "quotes", option -sony, and search time adjustment before 6/2014) i.e. in an Estonian Ph. D. thesis, in the book Hacker Odyssee, and also here (Item 14) http://www.exampleessays.com/papers/Unemployment/World_Trade_Center/New_York.html … which makes it clear, it can be of any origin, just copy & paste of text fragments that looked attractive from the headline (sic)!

  25. Wally Khan said,

    December 26, 2014 @ 4:14 am

    I have heard of German compared to Japanese and Korean. Japanese is of the "Altaic" family, but a lot of those ancient roots are under debate.

    Here is my problem. Let's say the hacker is a German, or some other group not related to North Korea. They create a fake ID, to fool people and hide their true identity, and not get caught. They go to great lengths to create their North Korean "mask," language and all. That is essentially the "not NK" theory.

    My problem – fake ID and hiding your identity is meant to draw away heat, not attract it. Hackers are either apolitical mercenaries criminals (extortion, theft) (or) Politicals, like Anonymous. Both of these types want to avoid heat. Anonymous will do (steal) then (release), but not so much extortion. Criminals don't want the spotlight, but Anoymous does. Neither wants to get busted.

    When the Hacker targeted "The Interview" and demanded it be pulled or else theater bombs, etc. to protect Supreme Leader Kim, they ramped the attention and heat WAY WAY WAY up. More importanly, they were effectively moving to extend play (new demands). as they get their most heat.

    Now we got NSA, FBI, maybe even CIA on the case, all because of Supreme Leader? Why not just STFU if just thieves? A political hacker group will always find a way to declare their true aims, then vanish quickly.

    My completely subjective feeling, is that the Hacker is sitting in a big castle with a big moat, with extremely low fear of actual consequence. And there's your German. IF anyone wants to pick that apart with an axe handle, be my guest. i like reading comments. FBI RELEASE NOW!!!!!

  26. Shlomo Argamon said,

    December 27, 2014 @ 9:22 pm

    Our preliminary analysis of the texts, comparing with characteristics of Korean, Russian, German, and Mandarin shows that among those candidates, and assuming all the messages were written by people with the same native language, that they were most likely written by native Russian speakers, though Korean is still possible.

    The report is available here: http://taia.global/2014/12/taia-global-linguists-establish-nationality-of-sony-hackers-as-russian-not-korean/

    We'd welcome any comments on it, of course – we plan to do a more extensive analysis in January, and are actively seeking native-level speakers of relevant languages with linguistic training to help out.

  27. Wally Khan said,

    December 30, 2014 @ 10:23 pm

    I believe Russian Theory was covered in this article, which I thought was really interesting and fair to both sides. It's the current state of the investigation, reporting on FBI meeting with private security firm about alternative theories.

    http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory-113866.html
    From the article (FBI side of the story)
    “The FBI has concluded the government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

    The key phrase the FBI used about the alternative theories was, "there is no new knowledge here about this case."

    as members of the public we have no access to – FBI intel on an ongoing criminal investigation, other nations shared intel (China, of course, meaning their cyber, millitary, and spy services, also EU nations), NSA and CIA top spy tech all top secret, and private conversations with quiet private sector firms. We don't know anthing. But they do.

    Sometimes people, especially people in the tech industry, have a tendency to overestimate the powers of something before they greatly underestimate it. Too convenient. The NSA can find anyone in two minutes, but any hacker can be invisible to the NSA? And we just do not have access to over 98% of the evidence of this case.

RSS feed for comments on this post