Mark Nunnikhoven, profile picture
Uploaded byMark Nunnikhoven
405 views

Whodunit, The Mechanics of Attack Attribution

The document is a comprehensive timeline detailing the events and responses surrounding the cyberattack on Sony Pictures in late 2014, attributed to North Korea. It includes legal disclaimers regarding the information presented, emphasizing that it should not be considered legal advice. Additionally, it discusses the broader context of cybercrime convictions in recent years, highlighting significant statistics and notable perpetrators.

Embed presentation

Download to read offline
Whodunit?The mechanics of a!ack a!ribution
DISCLAIMER
This talk contains general information about legal ma!ers. The information is not advice, and should not be treated as such. The legal information in this talk is provided “as is” without any representations or warranties, express or implied. Mark Nunnikhoven makes no representations or warranties in relation to the legal information in this talk. Without prejudice to the generality of the foregoing paragraph, Mark Nunnikhoven does not warrant that: the legal information in this talk will be constantly available, or available at all; or the legal information in this talk is complete, true, accurate, up-to-date, or non-misleading. You must not rely on the information in this talk as an alternative to legal advice from your a!orney or other professional legal services provider. If you have any specific questions about any legal ma!er you should consult your a!orney or other professional legal services provider. You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this talk. Nothing in this legal disclaimer will limit any of our liabilities in any way that is not permi!ed under applicable law, or exclude any of our liabilities that may not be excluded under applicable law.
IANAL(I am not a lawyer)
Mark Nunnikhoven Sr. Research Scientist @marknca
Date Event 21-Nov Sony CEO Michael Lynton warned in anonymous email to “behave wisely” 24-Nov Story of a hack at Sony Pictures Entertainment leaks 25-Nov 5 unreleased movies show up online (Fury, Annie, Mr. Turner, Still Alice and To Write Love On Her Arms) 01-Dec PII published, FBI starts investigation 02-Dec Passwords, security certificates, marketing materials leaked online 04-Dec Passwords, security certificates, marketing materials leaked online 07-Dec Kevin Mandia email to Sony, “This a!ack is unprecedented in nature" 08-Dec More leaked data, first direct mention of…
Date Event 08-Dec More leaked data, first direct mention of… 11-Dec Gawker breaks story mentioning previous a!ack in February, 2014 13-Dec More leaked data, promise of more as a “Christmas present” 14-Dec Sony’s legal team threatens various media outlets 16-Dec Class action suit filed against Sony by former employees 16-Dec GoP issues threat to movie theatres & goers 17-Dec Sony cancels release a"er theatres raise concerns 18-Dec US o#cials “confirm” North Korean involvement 19-Dec FBI issues formal statement assigning a!ribution to North Korea
http://www.dailymail.co.uk/news/article-2880880/FBI-conclusively-links-North-Korea-Sony-hack.html Watch the video online
Date Event 19-Dec FBI issues formal statement assigning a!ribution to North Korea 20-Dec North Korea denies involvement, o$ers “joint investigation”
http://www.theguardian.com/us-news/2014/dec/21/obama-us-north-korea-state-terror-list-sony-hack Watch the video online
Date Event 20-Dec North Korea denies involvement, o$ers “joint investigation” 21-Dec North Korea threatens “the White House, the Pentagon and the whole U.S. mainland" 22-Dec US government calls on North Korea to compensate Sony 22-Dec State Department says there is “no specific credible threat information that lends credence” to North Korea’s threat 22-Dec North Korea bows out of UN Security Council meeting on human rights record 23-Dec Sony recants and decides to release movie to theatres 24-Dec “The Interview” is released in digital channels. Earns $31 million by 06-Jan-2015
I, BARACK OBAMA, President of the United States of America, find that the provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014… *emphasis added
http://www.foxnews.com/politics/2015/01/07/fbi-director-reveals-new-evidence-linking-n-korea-to-sony-hack-answers-skeptics/ Watch the video online
Relevant Authentic Hearsay Acceptable as a copy Is it?
“An IP known to be associated with North Korean activity” Statement #1
“NSA activity verified the actions were taken by North Korea” Statement #2 “An IP known to be associated with North Korean activity” Statement #1
SECTION 31
Definitions 31. (1) In this section,
 “corporation”
 « personne morale »
 
 “corporation” means any bank, including the Bank of Canada and the Business Development Bank of Canada, any authorized foreign bank within the meaning of section 2 of the Bank Act and each of the following carrying on business in Canada, namely, every railway, express, telegraph and telephone company (except a street railway and tramway company), insurance company or society, trust company and loan company;
 
 “government”
 « gouvernement »
 
 “government” means the government of Canada or of any province and includes any department, commission, board or branch of any such government;
 
 “photographic film”
 « pellicule photographique »
 
 “photographic film” includes any photographic plate, microphotographic film and photostatic negative.
 
 Marginal note:
 When print admissible in evidence
 h!p://laws-lois.justice.gc.ca/eng/acts/c-5/
(a) contains computer programs or other data; and (b) pursuant to computer programs, performs logic and control, and may perform any other function. “data” « données » “data” means representations of information or of concepts, in any form. “electronic document” « document électronique » “electronic document” means data that is recorded or stored on any medium in or by a computer system or other similar device and that can be read or perceived by a person or a computer system or other similar device. It includes a display, printout or other output of that data. “electronic documents system” « système d’archivage électronique » “electronic documents system” includes a computer system or other similar device by or in which data is recorded or stored and any procedures related to the recording or storage of electronic documents. “secure electronic signature” « signature électronique sécurisée » “secure electronic signature” means a secure electronic signature as defined in subsection 31(1) of the Personal Information Protection and Electronic Documents Act. 2000, c. 5, s. 56. h!p://laws-lois.justice.gc.ca/eng/acts/c-5/
h!p://laws-lois.justice.gc.ca/eng/acts/c-5/ In plain-ish english: You have to prove the evidence is authentic(31.1) and that hasn’t been changed(31.2). That the system that generated it was running “properly” or at least it’s operation didn’t a$ect the integrity of the evidence(31.3). The evidence must have been stored as part of ordinary operations and not at the request of the parties introducing it.
?
Year 2010 2011 2012 2013 2014 Jail Time (years) 40 26 19.8 38 31.5 Name Sentence (Rank) Christopher Sco! 7 years (#8) Kenneth Lucas II 11 years (#5) Christopher Chaney 10 years (#6) Jeremy Hammond 10 years (#6) David Ray Camez 20 years (#1) Max Ray Vision|Butler 13 years (#4) Nichole Michelle Merzi 5 years (#10) Rasmuz Frisenholt 400 hours service (#30) Adrian-Tiberiu Oprea 15 years (#3) Nicholas Knight 90 days service (#29) Albert Gonzalez 20 years (#1) James Je$ery 2.5 years (#14) Iulian Dolan 7 years (#8) Go!frid Svartholm 3.5 years (#12) American Young O$ender 6 year probation (#23) Lewys Martin 2 years (#16) Cameron Lacroix 4 years (#11) Ryan Cleary 2 years, 8 months (#13) Ki! Willians 1 year service (#26) Sigurður Ingi Þórðarson 2 years (#16) Ryan Ackroyd 2.5 years (#14) Canadian Young O$ender 18 months probation (#27) Daniel Trenton Krueger 2 years (#16) Jake Davis 2 years (#16) Cody Kretsinger 1 year (#21) Freya Newman 2 year probation (#24) Mustafa Al-Bassam 20 months probation (#25) Ma!hew Weaver 1 year (#21) Christopher Weatherhead 1.5 years (#20) Ashley Rhodes 7 months (#28)
Notable Cybercrime Convictions (Global) 0 10 20 30 40 2010 2011 2012 2013 2014 Jail Time (Years) Convictions
Number of Cybercrime A!acks vs. Convictions (Global) 0 8 15 23 30 2010 2011 2012 2013 2014 Attacks (Billions) Convictions
Number of Cybercrime A!acks vs. Convictions (Global) 0 8 15 23 30 2010 2011 2012 2013 2014 Attacks (Billions) Convictions
Number of Cybercrime A!acks vs. Convictions (Global) 0 8 15 23 30 2010 2011 2012 2013 2014 Attacks (Billions) Convictions Gap of hopelessness
1 in 2.7 billion 2 5942921875 = billions of a!acks[9.2 + 12.3 + 16.4 + 21.9 + 29.2] / convictions[30] + billions of a!acks Rough odds of being convicted of a cybercrime[2010—2014]
DISCLAIMER
This talk contains general information about legal ma!ers. The information is not advice, and should not be treated as such. The legal information in this talk is provided “as is” without any representations or warranties, express or implied. Mark Nunnikhoven makes no representations or warranties in relation to the legal information in this talk. Without prejudice to the generality of the foregoing paragraph, Mark Nunnikhoven does not warrant that: the legal information in this talk will be constantly available, or available at all; or the legal information in this talk is complete, true, accurate, up-to-date, or non-misleading. You must not rely on the information in this talk as an alternative to legal advice from your a!orney or other professional legal services provider. If you have any specific questions about any legal ma!er you should consult your a!orney or other professional legal services provider. You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this talk. Nothing in this legal disclaimer will limit any of our liabilities in any way that is not permi!ed under applicable law, or exclude any of our liabilities that may not be excluded under applicable law.
IANAL(I am not a lawyer)
“CSI” DEPTH
by @misbehave
by @jdhancock
Random | Targeted | No hope Actor Type
THANK YOU @marknca

More Related Content

PPTX
Can the law control Digital Leviathan?
byblogzilla
 
PDF
Scott Moulton scanning case RE: U.S.D.C. Georgia NMAP
byDavid Sweigert
 
PPT
Understanding the CGL Policy In California
byjohngreen
 
PDF
Edição nº 96 do Informativo o Serrano
byEcos Alcântaras
 
PDF
Paidéia (ribeirão preto) diálogos metodológicos sobre prática de pesquisa
byNaira Costa
 
PPT
SENARAI NAMA-NAMA CALON BN TERENGGANU
byHafiz Al-Din
 
PDF
2013 nkomazi 400 production vehicle class results
byKaren Wyk
 
PDF
12.03.16 relatório ref pet
byCiaPromo Comunicação Integrada
 
Can the law control Digital Leviathan?
byblogzilla
 
Scott Moulton scanning case RE: U.S.D.C. Georgia NMAP
byDavid Sweigert
 
Understanding the CGL Policy In California
byjohngreen
 
Edição nº 96 do Informativo o Serrano
byEcos Alcântaras
 
Paidéia (ribeirão preto) diálogos metodológicos sobre prática de pesquisa
byNaira Costa
 
SENARAI NAMA-NAMA CALON BN TERENGGANU
byHafiz Al-Din
 
2013 nkomazi 400 production vehicle class results
byKaren Wyk
 
12.03.16 relatório ref pet
byCiaPromo Comunicação Integrada
 

Viewers also liked

PPTX
Sustentar 2012 vinicius
byforumsustentar
 
PPT
Palestra sustentar 2012 nova economia - visão vale
byforumsustentar
 
PPT
Biblioteca
byLicurgo Oliveira
 
PPT
Unidad 1 presentacion Marketing y Finanzas
bySamira Saval
 
PDF
Primeira amostra de projetos realizados nas stes
byrubenspaz
 
PDF
Napoleon 2
bybuiduongduong
 
PDF
Niek Bakker
byNiek Bakker
 
PPTX
Presentation 1
byJoelwilliams24
 
DOCX
Ejercicio #1
byGaby Ajila
 
PDF
toefl_Hery Stevanus
byHery Stevanus
 
PPSX
25 photos insolites
byIoannis Papanikolaou
 
PDF
NHTD 2014
byRegina Randall
 
PPT
Web 2.0
byluigiaicardo
 
PDF
Manuel Faè: le non prenotazioni aumentano il revenue dell'hotel
byGiulia Zanin
 
PPT
7 geo01
byNaira Costa
 
PPTX
Escalas De La Vida 2
byAdriana Delgadillo
 
PPTX
Encontro com a família - EC 29 / 2012
byAna Silva
 
PDF
Brochura Mestrados Full Time - Português
byTelma Gonçalves
 
PPS
Arbol de amigos
byAndres Gaviria
 
PPT
Dengue Brenoeryan
byLicurgo Oliveira
 
Sustentar 2012 vinicius
byforumsustentar
 
Palestra sustentar 2012 nova economia - visão vale
byforumsustentar
 
Biblioteca
byLicurgo Oliveira
 
Unidad 1 presentacion Marketing y Finanzas
bySamira Saval
 
Primeira amostra de projetos realizados nas stes
byrubenspaz
 
Napoleon 2
bybuiduongduong
 
Niek Bakker
byNiek Bakker
 
Presentation 1
byJoelwilliams24
 
Ejercicio #1
byGaby Ajila
 
toefl_Hery Stevanus
byHery Stevanus
 
25 photos insolites
byIoannis Papanikolaou
 
NHTD 2014
byRegina Randall
 
Web 2.0
byluigiaicardo
 
Manuel Faè: le non prenotazioni aumentano il revenue dell'hotel
byGiulia Zanin
 
7 geo01
byNaira Costa
 
Escalas De La Vida 2
byAdriana Delgadillo
 
Encontro com a família - EC 29 / 2012
byAna Silva
 
Brochura Mestrados Full Time - Português
byTelma Gonçalves
 
Arbol de amigos
byAndres Gaviria
 
Dengue Brenoeryan
byLicurgo Oliveira
 

Similar to Whodunit, The Mechanics of Attack Attribution

PPT
Legal aspects of handling cyber frauds
bySagar Rahurkar
 
PPTX
Cyber crime legislation part 1
byMohsinMughal28
 
PDF
International Cybercrime (Part 1)
byGrittyCC
 
PPTX
Cyber crime
bySoreingam Ragui
 
DOC
It act 2000 & cyber crime 111111
byYogendra Wagh
 
PPTX
Cyber law comp
byNISHAGPARDESHI
 
PPTX
Module 3- Information Tech. Act 2000.ppt
bySoundarya Institute of Management & Science, Bengalore
 
PPTX
Module 1_ Introduction to Cyber Security.pptx
byFiroza10
 
PPTX
Cyber Crime
byshubham ghimire
 
PPTX
Historical genesis and evolution of cyber crimes new
byDr. Arun Verma
 
PDF
Cybersecurity and Legal lessons after Apple v FBI
byBenjamin Ang
 
PPTX
Eset cybersecurity awareness (laxman giri)
byलक्ष्मण गिरी
 
PDF
Unit 1.pdf cybers laws and security auditing
bysarthakchauhan2277
 
PPTX
Cyber crime
byShyamalPatra
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
PDF
security_threats.pdf and control mechanisms
byronoelias98
 
PPTX
Cyber crime
byShyamalPatra
 
PPTX
Technology & The Law
by34734
 
PPT
Ch01 Introduction to Security
byInformation Technology
 
PPT
Cybercrime
byVinil Patel
 
Legal aspects of handling cyber frauds
bySagar Rahurkar
 
Cyber crime legislation part 1
byMohsinMughal28
 
International Cybercrime (Part 1)
byGrittyCC
 
Cyber crime
bySoreingam Ragui
 
It act 2000 & cyber crime 111111
byYogendra Wagh
 
Cyber law comp
byNISHAGPARDESHI
 
Module 3- Information Tech. Act 2000.ppt
bySoundarya Institute of Management & Science, Bengalore
 
Module 1_ Introduction to Cyber Security.pptx
byFiroza10
 
Cyber Crime
byshubham ghimire
 
Historical genesis and evolution of cyber crimes new
byDr. Arun Verma
 
Cybersecurity and Legal lessons after Apple v FBI
byBenjamin Ang
 
Eset cybersecurity awareness (laxman giri)
byलक्ष्मण गिरी
 
Unit 1.pdf cybers laws and security auditing
bysarthakchauhan2277
 
Cyber crime
byShyamalPatra
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
bySam Bowne
 
security_threats.pdf and control mechanisms
byronoelias98
 
Cyber crime
byShyamalPatra
 
Technology & The Law
by34734
 
Ch01 Introduction to Security
byInformation Technology
 
Cybercrime
byVinil Patel
 

More from Mark Nunnikhoven

PDF
Advanced Security Automation Made Simple
byMark Nunnikhoven
 
PDF
AWS re:Invent 2017 re:View
byMark Nunnikhoven
 
PDF
Security Teams & Tech In A Cloud World
byMark Nunnikhoven
 
PDF
Defending your workloads with aws waf and deep security
byMark Nunnikhoven
 
PDF
AWS re:Invent 2015 re:Cap
byMark Nunnikhoven
 
PDF
Power Struggle: Balancing Relationships & Responsibility in the Cloud
byMark Nunnikhoven
 
PDF
Security OF The Cloud
byMark Nunnikhoven
 
PDF
Shared Responsibility In Action
byMark Nunnikhoven
 
PDF
Infrastructure as (Secure) Code
byMark Nunnikhoven
 
PDF
Updating Security Operations For The Cloud
byMark Nunnikhoven
 
PDF
Shared Responsibility In Action
byMark Nunnikhoven
 
PDF
The Most Common Failure With Today's Defences
byMark Nunnikhoven
 
PDF
Is That Normal? Behaviour Modelling On The Cheap
byMark Nunnikhoven
 
Advanced Security Automation Made Simple
byMark Nunnikhoven
 
AWS re:Invent 2017 re:View
byMark Nunnikhoven
 
Security Teams & Tech In A Cloud World
byMark Nunnikhoven
 
Defending your workloads with aws waf and deep security
byMark Nunnikhoven
 
AWS re:Invent 2015 re:Cap
byMark Nunnikhoven
 
Power Struggle: Balancing Relationships & Responsibility in the Cloud
byMark Nunnikhoven
 
Security OF The Cloud
byMark Nunnikhoven
 
Shared Responsibility In Action
byMark Nunnikhoven
 
Infrastructure as (Secure) Code
byMark Nunnikhoven
 
Updating Security Operations For The Cloud
byMark Nunnikhoven
 
Shared Responsibility In Action
byMark Nunnikhoven
 
The Most Common Failure With Today's Defences
byMark Nunnikhoven
 
Is That Normal? Behaviour Modelling On The Cheap
byMark Nunnikhoven
 

Recently uploaded

PPTX
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
PDF
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
PPTX
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
PPTX
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
PDF
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
DOCX
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
PPTX
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
PPTX
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
PDF
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PDF
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
PPTX
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
PPTX
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
PDF
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
PPTX
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 
Overview-of-Anti-DDoS-Solutions-On-Premise-vs-On-Cloud.pptx
bybunhongkruy
 
Beacon Kit slides tech framework for world game (s) pdf
bySteven McGee
 
Number_Guessing_Game_Dsbsbssbzboc[1].pptx
byfbinsta3426
 
tacacstrianingforwirelessnetworkengineers
byRaviTejaTammineni
 
Novi.LMS.Veseli.Cetvrtak.001 (1).pdfjjjj
byzoran radovic
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
Dalhousie University Diploma
by文凭办理维多利亚大学购买毕业证学位认证知乎【Q微:1954292140】
 
Artificial Intelligence (AI) Technology Project Proposal _ by Slidesgo.pptx
byadhyaadi804
 
Greetings All Students Update 3 by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
Key Duties and Roles of an Ecommerce Developer Singapore
byHachi Web Solution
 
Lesson 3 - Methodology of Green Computing - part2 - dela cruz.pptx
byOmar Fernandez
 
Lesson 5 - Cyber attack Pt 3 - Matsuhashi.pptx
byOmar Fernandez
 
LMS.Golconda.Vanredni.Broj.001.pdfjjjjjjj
byzoran radovic
 
Why-Enterprises-Should-Build-Their-Own-Core-Network-and-Own-Their-ASN-and-Pub...
bybunhongkruy
 

Whodunit, The Mechanics of Attack Attribution

  • 1.
    Whodunit?The mechanics ofa!ack a!ribution
  • 2.
  • 3.
    This talk containsgeneral information about legal ma!ers. The information is not advice, and should not be treated as such. The legal information in this talk is provided “as is” without any representations or warranties, express or implied. Mark Nunnikhoven makes no representations or warranties in relation to the legal information in this talk. Without prejudice to the generality of the foregoing paragraph, Mark Nunnikhoven does not warrant that: the legal information in this talk will be constantly available, or available at all; or the legal information in this talk is complete, true, accurate, up-to-date, or non-misleading. You must not rely on the information in this talk as an alternative to legal advice from your a!orney or other professional legal services provider. If you have any specific questions about any legal ma!er you should consult your a!orney or other professional legal services provider. You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this talk. Nothing in this legal disclaimer will limit any of our liabilities in any way that is not permi!ed under applicable law, or exclude any of our liabilities that may not be excluded under applicable law.
  • 4.
    IANAL(I am nota lawyer)
  • 5.
  • 7.
    Date Event 21-Nov SonyCEO Michael Lynton warned in anonymous email to “behave wisely” 24-Nov Story of a hack at Sony Pictures Entertainment leaks 25-Nov 5 unreleased movies show up online (Fury, Annie, Mr. Turner, Still Alice and To Write Love On Her Arms) 01-Dec PII published, FBI starts investigation 02-Dec Passwords, security certificates, marketing materials leaked online 04-Dec Passwords, security certificates, marketing materials leaked online 07-Dec Kevin Mandia email to Sony, “This a!ack is unprecedented in nature" 08-Dec More leaked data, first direct mention of…
  • 10.
    Date Event 08-Dec Moreleaked data, first direct mention of… 11-Dec Gawker breaks story mentioning previous a!ack in February, 2014 13-Dec More leaked data, promise of more as a “Christmas present” 14-Dec Sony’s legal team threatens various media outlets 16-Dec Class action suit filed against Sony by former employees 16-Dec GoP issues threat to movie theatres & goers 17-Dec Sony cancels release a"er theatres raise concerns 18-Dec US o#cials “confirm” North Korean involvement 19-Dec FBI issues formal statement assigning a!ribution to North Korea
  • 12.
  • 13.
    Date Event 19-Dec FBIissues formal statement assigning a!ribution to North Korea 20-Dec North Korea denies involvement, o$ers “joint investigation”
  • 14.
  • 15.
    Date Event 20-Dec NorthKorea denies involvement, o$ers “joint investigation” 21-Dec North Korea threatens “the White House, the Pentagon and the whole U.S. mainland" 22-Dec US government calls on North Korea to compensate Sony 22-Dec State Department says there is “no specific credible threat information that lends credence” to North Korea’s threat 22-Dec North Korea bows out of UN Security Council meeting on human rights record 23-Dec Sony recants and decides to release movie to theatres 24-Dec “The Interview” is released in digital channels. Earns $31 million by 06-Jan-2015
  • 17.
    I, BARACK OBAMA,President of the United States of America, find that the provocative, destabilizing, and repressive actions and policies of the Government of North Korea, including its destructive, coercive cyber-related actions during November and December 2014… *emphasis added
  • 18.
  • 21.
  • 22.
    “An IP knownto be associated with North Korean activity” Statement #1
  • 23.
    “NSA activity verifiedthe actions were taken by North Korea” Statement #2 “An IP known to be associated with North Korean activity” Statement #1
  • 24.
  • 25.
    Definitions 31. (1) Inthis section,
 “corporation”
 « personne morale »
 
 “corporation” means any bank, including the Bank of Canada and the Business Development Bank of Canada, any authorized foreign bank within the meaning of section 2 of the Bank Act and each of the following carrying on business in Canada, namely, every railway, express, telegraph and telephone company (except a street railway and tramway company), insurance company or society, trust company and loan company;
 
 “government”
 « gouvernement »
 
 “government” means the government of Canada or of any province and includes any department, commission, board or branch of any such government;
 
 “photographic film”
 « pellicule photographique »
 
 “photographic film” includes any photographic plate, microphotographic film and photostatic negative.
 
 Marginal note:
 When print admissible in evidence
 h!p://laws-lois.justice.gc.ca/eng/acts/c-5/
  • 26.
    (a) contains computerprograms or other data; and (b) pursuant to computer programs, performs logic and control, and may perform any other function. “data” « données » “data” means representations of information or of concepts, in any form. “electronic document” « document électronique » “electronic document” means data that is recorded or stored on any medium in or by a computer system or other similar device and that can be read or perceived by a person or a computer system or other similar device. It includes a display, printout or other output of that data. “electronic documents system” « système d’archivage électronique » “electronic documents system” includes a computer system or other similar device by or in which data is recorded or stored and any procedures related to the recording or storage of electronic documents. “secure electronic signature” « signature électronique sécurisée » “secure electronic signature” means a secure electronic signature as defined in subsection 31(1) of the Personal Information Protection and Electronic Documents Act. 2000, c. 5, s. 56. h!p://laws-lois.justice.gc.ca/eng/acts/c-5/
  • 27.
    h!p://laws-lois.justice.gc.ca/eng/acts/c-5/ In plain-ish english: Youhave to prove the evidence is authentic(31.1) and that hasn’t been changed(31.2). That the system that generated it was running “properly” or at least it’s operation didn’t a$ect the integrity of the evidence(31.3). The evidence must have been stored as part of ordinary operations and not at the request of the parties introducing it.
  • 52.
  • 58.
    Year 2010 20112012 2013 2014 Jail Time (years) 40 26 19.8 38 31.5 Name Sentence (Rank) Christopher Sco! 7 years (#8) Kenneth Lucas II 11 years (#5) Christopher Chaney 10 years (#6) Jeremy Hammond 10 years (#6) David Ray Camez 20 years (#1) Max Ray Vision|Butler 13 years (#4) Nichole Michelle Merzi 5 years (#10) Rasmuz Frisenholt 400 hours service (#30) Adrian-Tiberiu Oprea 15 years (#3) Nicholas Knight 90 days service (#29) Albert Gonzalez 20 years (#1) James Je$ery 2.5 years (#14) Iulian Dolan 7 years (#8) Go!frid Svartholm 3.5 years (#12) American Young O$ender 6 year probation (#23) Lewys Martin 2 years (#16) Cameron Lacroix 4 years (#11) Ryan Cleary 2 years, 8 months (#13) Ki! Willians 1 year service (#26) Sigurður Ingi Þórðarson 2 years (#16) Ryan Ackroyd 2.5 years (#14) Canadian Young O$ender 18 months probation (#27) Daniel Trenton Krueger 2 years (#16) Jake Davis 2 years (#16) Cody Kretsinger 1 year (#21) Freya Newman 2 year probation (#24) Mustafa Al-Bassam 20 months probation (#25) Ma!hew Weaver 1 year (#21) Christopher Weatherhead 1.5 years (#20) Ashley Rhodes 7 months (#28)
  • 59.
    Notable Cybercrime Convictions(Global) 0 10 20 30 40 2010 2011 2012 2013 2014 Jail Time (Years) Convictions
  • 60.
    Number of CybercrimeA!acks vs. Convictions (Global) 0 8 15 23 30 2010 2011 2012 2013 2014 Attacks (Billions) Convictions
  • 61.
    Number of CybercrimeA!acks vs. Convictions (Global) 0 8 15 23 30 2010 2011 2012 2013 2014 Attacks (Billions) Convictions
  • 62.
    Number of CybercrimeA!acks vs. Convictions (Global) 0 8 15 23 30 2010 2011 2012 2013 2014 Attacks (Billions) Convictions Gap of hopelessness
  • 63.
    1 in 2.7billion 2 5942921875 = billions of a!acks[9.2 + 12.3 + 16.4 + 21.9 + 29.2] / convictions[30] + billions of a!acks Rough odds of being convicted of a cybercrime[2010—2014]
  • 65.
  • 66.
    This talk containsgeneral information about legal ma!ers. The information is not advice, and should not be treated as such. The legal information in this talk is provided “as is” without any representations or warranties, express or implied. Mark Nunnikhoven makes no representations or warranties in relation to the legal information in this talk. Without prejudice to the generality of the foregoing paragraph, Mark Nunnikhoven does not warrant that: the legal information in this talk will be constantly available, or available at all; or the legal information in this talk is complete, true, accurate, up-to-date, or non-misleading. You must not rely on the information in this talk as an alternative to legal advice from your a!orney or other professional legal services provider. If you have any specific questions about any legal ma!er you should consult your a!orney or other professional legal services provider. You should never delay seeking legal advice, disregard legal advice, or commence or discontinue any legal action because of information in this talk. Nothing in this legal disclaimer will limit any of our liabilities in any way that is not permi!ed under applicable law, or exclude any of our liabilities that may not be excluded under applicable law.
  • 67.
    IANAL(I am nota lawyer)
  • 68.
  • 70.
  • 71.
  • 72.
    Random | Targeted| No hope Actor Type
  • 73.