Sony hack puts spotlight on Pyongyang ISP
published : 20 Dec 2014 at 11:57
While the United States weighs its options for responding to the Sony Pictures computer hack that it blames on North Korea, investigators are still trying to shed light on the Thailand connection to the breach.
The hack, the first evidence of which was detected in Bangkok on Dec 2, led to the release of a trove of sensitive information and internal emails, some of them highly embarrassing, from the movie studio.
Sony Pictures this week scrapped the release of The Interview, a comedy about an attempted assassination of North Korea's leader, in response to the attack.
The leaks included emails from some Sony executives who said The Interview was a terrible movie and would flop overseas.
US President Barack Obama on Friday pledged that Washington would respond “in a place and manner and time that we choose" to the alleged North Korean action.
US investigators are still trying to establish the exact nature of the Thailand connection. The geolocation of the first leak of Sony data on Dec 2 at 12:25am was traced to the St Regis hotel on Rajdamri Road in Bangkok, Bloomberg News reported earlier this month.
Security experts say that one of the easiest ways to compromise the internet backbone of a country is to work for or be a vendor to the company that supplies the backbone. A unit of SET-listed Loxley Plc, one of Thailand's largest trading companies, is a partner in North Korea's sole internet service provider (ISP).
The ISP, Star Joint Venture Co, is a joint venture between Loxley Pacific and the Pyongyang government's Post and Telecommunications Corporation. Loxley Pacific is a joint venture between Loxley, Taiwanese-owned Charoong Thai Co and Teltech of Finland.
The FBI noted in an update this week that the tools used in the attack on Sony "have similarities" to those used in an attack in March last year against South Korean banks and media outlets.
The hack on South Korea was traced to an IP address located in a residential district of Pyongyang. The IP address was registered to Star JV.
The Sony hackers didn’t connect directly to Sony's network, but attacked it by hopping through "stepping stone" systems, including the St Regis Hotel. By connecting through one or more relay computers at various locations, they were able to hide their actual location.
An internal FBI investigative document obtained by The Associated Press identified the computers in the Sony hack as operating in New York, Thailand, Poland, Italy, Bolivia, Singapore and Cyprus. At least three were still functioning Friday, responding online to internet test signals transmitted by the AP.
The hackers previously published some of the stolen materials with a message that included five addresses using an anonymous email service in France.
Loxley Pacific has been involved in the telecoms business in North Korea since 2000, when it received a licence from the Pyongyang government to operate landline and cellular services in the Rajin Sonbong Free Economic Trade Zone.
The services are operated by Northeast Asia Telephone and Telecommunications (Neat&T), 70% owned by Loxley Pacific and 30% by state-owned Korean Post and Telecommunications.