You Say You Want an Attribution

By @alexcpsec, @bfist, @hrbrmstr

Tue 06 January 2015 | tags: blog, veris, vcdb, humor, -- (permalink)

Need an opinon about the Sony hack?

There are a lot of opinions out there attributing the recent breach of Sony Pictures Entertainment to a variety of sources. Let’s face it, you probably don’t know who hacked Sony. Unfortunately in the world of information security it is pretty much expected that you will have a strong opinion about who did it regardless of what you actually know or do not know.

We know what you’re going through right now. You’re probably avoiding the discussion because you’re ashamed to admit that you don’t know what happened and you don’t want to look amateurish in the eyes of your peers. You probably spent the holidays hoping that your family wouldn’t bring up the subject and force you to take a position on the attribution.

Well you don’t need to hide any longer. Today we are proud to unveil the Sony Hack Attribution generator!

What’s this all aboot?

Every time you visit the Sony Hack Attribution generator you’ll get a new explanation of the attack with randomly selected threat actor and a randomly selected country of origin. The actors and countries are weighted using the frequencies in the Data Breach Investigations Report and the VERIS Community Database so you’ll know that your story is at least kind of plausible too!

At the very least, it will be based on data that has been collected from breaches in over 95 countries, with 50 different organizations which are arguably the same size or bigger then SPE. That is more evidence than what has been actually shared so far.

Is any of this true?

Noooo, but CNN doesn’t need to know that. The most important thing is having a strong opinion and getting it out there quickly so you can get recognition and twitter followers. After the whole story is told you’ll be remembered as one of the people who helped shape our understanding of international cyber security incidents and the appropriate foreign policy response.

Most of the report details, quotes and IOCs are purely made up for flavor. If we have quoted you as a real person, we probably like you and think you made good arguments against the original attribution.

I wish it had more countries to blame

Come on over to the github repository! As @bfist likes to say, we welcome your pull request. The whole app was written in ruby just to irritate @hrbrmstr, but that has the side benefit of making the code easy to understand and customize.

Also, @alexcpsec did not write a single line of code to contribute to this, but he will always claim that he had the original idea and inspired the DDSec team to make this happen. A true thought leader!

Brought to you by @bfist, @hrbrmstr, and @alexcpsec.