Rather than attacking him, you are free to discuss on how it would be hard to attribute or reach to a source.
Just because you might not know what techniques the researchers here used to reach to that conclusion, doesn't mean they would have used dubious methods.
The United States reserves the right to react to cyber attacks with force [0]. Instead of asking people to be nice on the internet you should hold those accountable that are in a position to manufacture a narrative. The linked report in the sibling comment here has no valid proof of North Korean involvement but the headline is chosen in a way to paint a picture of an impoverished nation as an aggressor. If you just accept that Google can make up facts to pave the way for physical warfare you are complicit in the eventual deaths of thousands of innocent people.
To be precise. After the CIA made up reports of WMDs in Irak people should ask for receipts earlier.
> Instead of asking people to be nice on the internet you should hold those accountable that are in a position to manufacture a narrative.
Nope, Hacker News is the place where you be nice to each other on the internet rather than assuming they’re trying to manufacture consent. This is quite literally spelled out in the site guidelines.
I'd note that things like shared encryption keys and shared TLS passive tables are very indicative of shared resources.
The use of North Korean IP addresses is indicative, but never enough on its own. However, the use of domains controlled by North Korean IP addresses is interesting as well.
Combine that with passwords largely shared with another North Korean attack, devices signed into from NK IP addresses under multiple accounts setup from N Korean IP addresses you start seeing a pattern of behaviour.
And then you find that the person who controlled accounts used by these attacks was a North Korean national (pg 134) who worked for a well known North Korean front company (paragraph 269, pg 136) and the evidence becomes pretty good.
APT38/Lazarus has been around for years and has been investigated by many professional groups across the world (Kaspersky, McAfee, Mandiant, etc), many not connected to the US government. Are you alleging that they're all wrong and this is all some vast conspiracy to frame an innocent North Korea and protect... who, exactly?
Think of all the big, serious and sensible news organisations that independently reported WMD in Iraq while not being connected to the US government. Are you alleging they're all wrong and this is some vast conspiracy to frame an innocent Iraq and protect.. who, exactly?
Evidence is evidence. After WMD (which totally took me in, btw, you too?) Claims that evidence is "just over there" and "here are multiple different people reporting they've spoken to someone who saw it." Count for zero. Maybe they always should have but there's not doubt this stuff happens anymore. We watched it. (Hopefully) in horror as it unfolded without us objecting.
I thought the WMD "evidence" was BS, and actually there was only one piece that was presented publicly (the UN presentation by Colin Powell), and that was based on CIA secret intelligence. And the UN Weapon Inspectors were saying the opposite.
OTOH, the evidence linking APT38 to North Korea is pretty compelling. For example, there is a bunch of evidence collected independently identifying individuals associated with APT38, and these people worked for the North Korean company Chosun Expo.
There's a huge difference between news organizations reporting on US govt claims, and investigators on the ground actually digging into the evidence on their own. Your assertion is basically the same as claiming that Iraq did have WMDs, but UNMOVIC etc were covering up and hiding the evidence.
For what it's worth, quite a few people were skeptical about the WMD "evidence" at the time, and even more cynics like myself figured that true or false, it was mostly an excuse for George W to Do Something(tm) after 9/11 and at the same time finish off the war his dad started.
