|
Post by Admin on Dec 27, 2014 22:47:01 GMT
Within days of the hack against Sony Pictures, the U.S. government came out and said, in no uncertain terms, the attacks originated from North Korea — and the nation-state of North Korea was involved. Well, both claims have raised eyebrows among private security researchers. Many just don't believe it. The FBI says the attack came from IP addresses — unique computer addresses — that trace back to North Korea. But Scott Petry, a network security analyst with the firm Authentic8 says, you can spoof an IP address from anywhere in the world. "The fact that data was relayed through IPs associated with North Korea is not a smoking gun," Petry says. "There are products today that will route traffic through IP addresses around the world." Meaning traffic that appears to come from Pyongyang could have originated in Moscow or Baltimore. The FBI also says the hackers used malicious software that North Korea has used in other cyberattacks. Petry counters that, in the world of cyberattacks, criminals constantly are recycling code. A well-known attack against banks called the Zeus Trojan went open source a few years ago — so when a financial institution gets hit, the same malware often shows up. Again, he says, it's no smoking gun: "It's like saying 'my god, this bank robbery was conducted using a Kalashnikov rifle — it must be the Russians who did it!'" He says that the FBI's evidence is circumstantial at best, and that its public handling of the case is inconsistent with proper procedure in prior investigations.
|
|
|
Post by Admin on Dec 28, 2014 22:50:24 GMT
North Korea on Saturday blamed the U.S. for its nine-and-a-half-hour Internet outage earlier in the week, and called President Barack Obama a "monkey" as part of a racist, vitriolic statement issued by the country's highest government body, the National Defense Commission (NDC). The statement by the NDC, which was carried by North Korea's state-run news agency, was the country's first official response to the severing of its Internet connection from the rest of the world on Monday. "The U.S., a big country, started disturbing the Internet operation of major media of the DPRK, not knowing shame like children playing a tag," the NDC statement read, using the Democratic People's Republic of Korea moniker for the nation. "We had already warned the U.S. not act like beating air after being hit hard by others," the unnamed NDC spokesman said. "Of course, we do not expect the gangsters to pay heed to our warnings." Just hours after the North's Central News Agency published the statement on its website -- one of a handful that are reachable to the outside world -- the isolated country again vanished from the Internet. According to Dyn Research and Akamai Technologies, the Dec. 27 outage lasted about five hours, and was preceded by intermittent connectivity issues. According to the Chinese government's Xinhua news agency, North Korea's mobile network, which serves far more people than the regime lets access the foreign Internet websites, was knocked offline at the same time. Elsewhere in the NDC's statement, North Korea criticized the decision by Sony Pictures to screen The Interview, a farce whose plot revolves around the assassination of Kim Jung-un, North Korea's dictator, and blamed Obama for pushing the studio into releasing the movie. "U.S. President Obama is the chief culprit who forced the Sony Pictures Entertainment to 'indiscriminately distribute' the movie and took the lead in appeasing and blackmailing cinema houses and theatres in the U.S. mainland to distribute the movie," the NDC contended. Although Sony had initially said it could not distribute the film because major U.S. theater chains had backed out amid threats, the company reversed course and showed the picture in some venues starting on Dec. 25. The Interview was also made available from several online streaming services, including Google's and Microsoft's. North Korea also lashed out at Obama with a racist reference. "Obama always goes reckless in words and deeds like a monkey in a tropical forest," said the agency, which is headed by Kim himself.
|
|
|
Post by Admin on Dec 30, 2014 22:38:30 GMT
US cybersecurity experts say they have solid evidence that a former employee helped hack Sony Pictures Entertainment’s computer system — and that it was not masterminded by North Korean cyberterrorists. One leading cybersecurity firm, Norse Corp., said Monday it has narrowed its list of suspects to a group of six people — including at least one Sony veteran with the necessary technical background to carry out the attack, according to reports. The investigation of the Sony hacking by the private companies stands in stark contrast to the finding of the FBI, which said Dec. 19 its probe traced the hacking — which ended up foiling the planned wide release of the Hollywood studio’s “The Interview” — to North Korea. Kurt Stammberger, senior vice president at Norse, said he used Sony’s leaked human-resources documents and cross-referenced the data with communications on hacker chat rooms and its own network of Web sensors to determine it was not North Korea behind the hack. “When the FBI made this announcement, just a few days after the attack was made public, it raised eyebrows in the community because it’s hard to do that kind of an attribution that quickly — it’s almost unheard of,” Stammberger told Bloomberg News in a telephone interview from San Francisco. “All the leads that we did turn up that had a Korean connection turned out to be dead ends,” he said. The information found by Norse points to collaboration between an employee or employees terminated in a May restructuring and hackers involved in distributing pirated movies online that have been pursued by Sony, Stammberger told Bloomberg. The initial demands by the group calling itself Guardians of Peace were extortion, rather than pulling the movie from release, he said. The FBI said Monday it is standing behind its assessment, adding that evidence doesn’t support any other explanations. “The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement, according to Politico. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”
|
|
|
Post by Admin on Dec 31, 2014 22:59:14 GMT
Kurt Stammberger is a senior vice president at Norse, a firm that provides intelligence and protection strategies for clients with vulnerable computer networks. He and his team spend their time both watching internet attacks as they happen, and sifting through stores of data collected in the wake of a breach. Stammberger knows what a digital intrusion looks like, and doesn't buy the feds' North Korean angle: "Are there NK fingerprints? Sure," he told me over the phone earlier this week. "But when we run any of those leads to ground, they end up being dead ends." Instead, Stammberger's team has been going through the many gigabytes of leaked Sony data in search of another possibility: that Sony wasn't attack from the other side of the world, but was raided by someone on the inside. Or, formerly on the inside: Stammberger says his team thinks they've identified the as-of-yet-unidentified Guardians of Peace: "a relatively ad-hoc, small group of individuals that is probably comprised of some ex-employees of Sony and some other people that did not work at Sony." Stammberger and his team shared their raw data with the FBI yesterday, and agreed to not show his evidence elsewhere, so the theory as he described it to me is still sketchy. But it hinges on an ex-Sony employee that Stammberger calls "Lena." "Lena" was an employee of ten years at Sony in Los Angeles, working in a "key technical" position at the company, and axed during the company's brutal layoffs this past May. Even if she'd departed the company months before the attack, she would have remained "very well placed to know which servers to target," and "where all the sensitive information in Sony was stored." (A preliminary search of my own through leaked Sony data reveals no one by the name of Lena, though Stammberger says it could've been an alias—he also could not tell me how he arrived at that name, or the names of any other suspected hackers.) What drew this group together, Stammberger says, is a mutual hatred of Sony: "These were individuals that were connected with torrenting Sony movies and content online, were targeted by legal and law enforcement arms, and were irritated that basically they were caught." A disgruntled Sony employee—or employees—who joined forces with contacts in the hacker community that were equally pissed for getting caught bootlegging movies. This sounds much more plausible to me than a crack North Korean cyber-commando squad, or whichever Tom Clancy wet dream has been floating between the White House and the New York Times. But if the Norse report isn't as far-fetched as the FBI's version, it's not a whole lot more substantiated, either. By the company's own admission, their counter-theory isn't a slam dunk: "We have indicators that connect [these suspects] to this attack," Stammberger told me, but "It's a long way from proof," and "a long way from something I think you could prosecute someone with." The FBI, for its part, still publicly insists that North Korea was involved in the attack in some capacity. A New York Times report today cites Sony executives who say the agency believes hackers "used digital techniques to steal the credentials and passwords from a systems administrator who had maximum access to Sony's computer systems": Once in control of the gateways those items opened, theft of information was relatively easy. Government investigators and Sony's private security experts traced the hacking through a network of foreign servers and identified malicious software bearing the familiar hallmarks of a hacking gang known as Dark Seoul. Prodded for inside information at a social gathering — long before the F.B.I. announced any conclusions — Doug Belgrad, president of Sony's motion picture group, responded, "It's the Koreans."
|
|
|
Post by Admin on Jan 1, 2015 22:53:39 GMT
On Wednesday, several news outlets — including this one — reported the news that the same hackers who targeting Sony Pictures had turned their attention to CNN, and specifically Wolf Blitzer. Now, a man named David Garrett, Jr. who has contributed Homeland Security-related articles to the Knoxville, Tennessee version of Examiner.com is taking credit for the whole thing, claiming it was just one big joke. The initial report originated on The Intercept where Jana Winter posted details of an FBI bulletin that cited threats against an unnamed media organization. It was The Desk’s Matthew Keys who linked that bulletin to an anonymous Pastebin post that threatened CNN and claimed to be from the same Guardians of Peace group that hacked Sony. The text of that message read: After the news started to spread, Garrett took to Twitter and Facebook where he quickly tried to prove that he was behind the message: He then posted a screenshot from a since-deleted December 20 post on his apparently fake Facebook account, in which he revealed what he had just posted on the anonymous site:
|
|