http://fusion.net/story/31469/sony-pictures-hack-was-a-long-time-coming-say-former-employees/
Posted from WordPress for Android
http://fusion.net/story/31469/sony-pictures-hack-was-a-long-time-coming-say-former-employees/
Posted from WordPress for Android
105 Comments
Tomi Engdahl says:
Sony’s Cowardice
http://controlgeek.net/blog/2014/12/18/sonys-cowardice
I would never have gone out to see a stupid comedy featuring two actors I find insufferable, but I was planning to go to see The Interview exactly because threats had been made against it. Now that’s not possible, because Sony, who brought this whole mess on themselves through their inept network security, has caved to some vague and (as far as I can tell) empty threats, and cancelled the release of the movie. Unless there is some credible, meaningful threat of which we have not yet been made aware, then I say to the executives at Sony and all the associated exhibitor chains: You are cowards.
Tomi Engdahl says:
Steven Sinofsky / Learning by Shipping:
Sony breach highlights need to move away from insecure legacy OS architecture to mobile apps and cloud services — Why Sony’s Breach Matters — This past year has seen more wide-spread, massive-scale, and damaging computer system breaches than any time in history.
Why Sony’s Breach Matters
http://blog.learningbyshipping.com/2014/12/21/why-sonys-breach-matters/
This past year has seen more wide-spread, massive-scale, and damaging computer system breaches than any time in history. The Sony breach is just the latest—not the first or most creative or even the most destructive computer system breach. It matters because it is a defining moment and turning point to significant and disruptive changes to enterprise and business computing.
The dramatic nature of today’s breaches impacts the enterprise computing infrastructure at both the endpoint and server infrastructure points. This is a good news and bad news situation.
The bad news is that we have likely reached the limits as to how much the existing infrastructure can be protected. One should not dismiss the Sony breach because of their simplistic security architecture (a file Personal passwords.xls with passwords in it is entertaining but not the real issue). The bad news continues with the reality of the FBI assertion of the role of a nation state in the attack or at the very least a level of sophistication that exceeded that of a multi-national corporation.
The good news is that several billion people are already actively using cloud services and mobile devices. With these new approaches to computing, we have new mechanisms for security and the next generation of enterprise computing. Unlike previous transitions, we already have the next generation handy and a cleaner start available. It is important to consider that no one was “training” on using a smartphone—no courses, no videos, no tutorials. People are just using phones and tablets to do work. That’s a strong foundation.
All of us today are familiar with the patchwork of a security architecture that we experience on a daily basis. From multiple passwords, firewalls, VPN, anti-virus software, admin permissions, inability to install software, and more we experience the speed-bumps put in place to thwart future attacks through some vector. To put things in context, it seemed worthwhile to talk about a couple of these speed-bumps. With this context we can then see why we’ve reached a defining moment.
Tomi Engdahl says:
Ernesto / TorrentFreak:
The Interview sees over 750K estimated torrent downloads in first 20 hours of availability; release of film exclusively in the US a possible driving factor — The Interview Is A Pirate Hit With 200k Downloads (Updated) — Facing a “terrorist” threat theaters all around the U.S. backed away from showing The Interview last week.
http://torrentfreak.com/the-interview-is-a-pirate-hit-with-200k-downloads-141225/
Tomi Engdahl says:
The Interview now available to rent for $5.99 or purchase for $14.99 through YouTube, Google Play, Xbox Video, and SeeTheInterview.com
http://www.businessinsider.com/sony-interview-online-release-2014-12?op=1
Tomi Engdahl says:
North Korea blames U.S. for Internet outages, calls Obama a ‘monkey’
http://www.reuters.com/article/2014/12/27/us-northkorea-cybersecurity-idUSKBN0K502920141227
North Korea called U.S. President Barack Obama a “monkey” and blamed Washington on Saturday for Internet outages that it has experienced during a confrontation with the United States over the hacking of the film studio Sony Pictures.
The National Defence Commission, the North’s ruling body, chaired by state leader Kim Jong Un, said Obama was responsible for Sony’s belated decision to release the action comedy “The Interview”, which depicts a plot to assassinate Kim.
Tomi Engdahl says:
Internet Crashes in North Korea as 3G Networks Fail
http://recode.net/2014/12/27/internet-crashes-in-north-korea-as-3g-networks-fail/
Three days after an apparent denial-of-service attack halted its Internet connections, North Korea suffered another Internet outage and the country’s only wireless phone network was reportedly down.
The five-hour Internet disruption was flagged by DYN Research, a research firm that tracks the performance of the Internet’s global infrastructure. Reuters reported the 3G wireless outage
Unlike Internet service, which estimates suggest reaches no more than 1,000 people in the nation, a wireless phone service outage would affect a much wider population segment.
Tomi Engdahl says:
PSN is still down for some as Sony gets service back online
http://venturebeat.com/2014/12/28/psn-is-still-down-for-some-as-sony-gets-service-back-online/
Sony says that its online service is back up and running, but many people are still having issues playing games.
Last night, PlayStation Network started booting back up for many people after an outage that lasted for several days kept gamers offline. PSN, which enables you to play with friends online, is now working for PlayStation 4, PlayStation 3, and PlayStation Vita. But Sony admits that some people may still run into problems as the PSN servers return to full operational status. PSN went down on Christmas Day as the result of an alleged cyberattack.
Tomi Engdahl says:
Sony Hack Reveals MPAA’s Big ‘$80 Million’ Settlement With Hotfile Was a Lie
http://yro.slashdot.org/story/14/12/28/2331219/sony-hack-reveals-mpaas-big-80-million-settlement-with-hotfile-was-a-lie
Sony Hack Reveals That MPAA’s Big ‘$80 Million’ Settlement With Hotfile Was A Lie
https://www.techdirt.com/articles/20141224/06321429517/sony-hack-reveals-that-mpaas-big-80-million-settlement-with-hotfile-was-lie.shtml
For years, we’ve pointed out that the giant “settlements” that the MPAA likes to announce with companies it declares illegal are little more than Hollywood-style fabrications. Cases are closed with big press releases throwing around huge settlement numbers, knowing full well that the sites in question don’t have anywhere near that kind of money available. At the end of 2013, it got two of these, with IsoHunt agreeing to ‘pay’ $110 million and Hotfile agreeing to ‘pay’ $80 million. In both cases, we noted that there was no chance that those sums would ever get paid. And now, thanks to the Sony hack, we at least know the details of the Hotfile settlement. TorrentFreak has been combing through the emails and found that the Hotfile settlement was really just for $4 million, and the $80 million was just a bogus number agreed to for the sake of a press release that the MPAA could use to intimidate others.
Tomi Engdahl says:
Steve Kovach / Business Insider:
Sony says ‘The Interview’ was rented or purchased more than 2M times, generated over $15M in online sales; Apple starts offering the movie on iTunes —
‘The Interview’ Generated Over $15 Million In Online Sales
http://www.businessinsider.com/the-interview-online-sales-2014-12?op=1
Sony announced Sunday night that “The Interview” was downloaded or rented online more than 2 million times, generating over $15 million in sales.
After initially pulling the movie from theaters, Sony decided to release it online instead. “The Interview” premiered December 24 on YouTube, Google Play, Xbox Video, and Sony’s own site, SeeTheInterview.com.
“vast majority” of rentals and downloads came from Google Play and YouTube.
The movie was also shown in a little over 300 independent movie theaters in the US. The major movie theater chains have refused to show it. It’s generated about $3 million in estimated sales at the box office so far.
Keep in mind this doesn’t mean “The Interview” is a success. It cost an estimated $100 million to make, including marketing costs.
Tomi Engdahl says:
Sony Accused of Pirating Music In “The Interview”
http://yro.slashdot.org/story/14/12/28/1429217/sony-accused-of-pirating-music-in-the-interview
Sony About to Get Sued For Pirating Music in The Interview
on December 27, 2014
Breaking
http://torrentfreak.com/sony-about-to-get-sued-for-pirating-music-in-the-interview-141227/
As the controversy surrounding the The Interview continues, a singer is claiming that after failing to reach terms with Sony, the company put her music in the movie anyway. After receiving not a penny from the movie giant, Yoon Mi Rae is now set to sue. Meanwhile, 1.5 million pirates have downloaded the comedy.
Tomi Engdahl says:
This is known about North Korea cyber army
North Korea cyber operations are lead by an intelligence officer RGB (under North Korea’s National Defense Committee control).
RGB has worked for many years the traditional espionage and secret operations involved. It has formed two cyber divisions: Unit 121 and Agency 91.
The Office 91 is reportedly the North Korean hacker headquarters operations, although most of the attacks happen unit 121, which acts as outside North Korea. Unit 121 has offices abroad, especially near the North Korean border, in Chinese cities.
Also Korean Workers’ Party, there are numerous cyber units: Unit 35 is responsible for cyber agent education and care for the internal cyber research and operations.
North Korea’s educational system emphasizes the importance of mathematics. Brightest students have access to computers, which they can practice their programming. The most talented can go to educational institutions, which have separate computer departments (Kim Il-sung University, Kim Chaekin University of Technology and the University Mirim). Students practice of general programming techniques and choose the specialization. After graduation, they may go abroad, where they can participate in hacker forums and develop malware. It is estimated that in North Korea in recent years has trained 2000-600 students, that form the cyber army.
North Korea attacking uses computers around the world. Their owners often do not have any idea that there is malicious software that is used to sabotage. Attacks are thought to begin foreign outpost, located in Russia, China and India. When an intrusion occurs, the author traces is often very difficult to reach. North Korea has in recent years been accused of several attacks.
Source: http://www.tivi.fi/kaikki_uutiset/tama+tiedetaan+pohjoiskorean+kybersotajoukoista/a1038616
Tomi Engdahl says:
Norse Security IDs 6, Including Ex-Employee, As Sony Hack Perpetrators
http://it.slashdot.org/story/14/12/29/0251211/norse-security-ids-6-including-ex-employee-as-sony-hack-perpetrators
Alternative theories of who is responsible for the hack of Sony Pictures Entertainment have come fast and furious in recent weeks — especially since the FBI pointed a finger at the government of North Korea last week. But Norse Security is taking the debate up a notch: saying that they have conclusive evidence pointing to group of disgruntled former employees as the source of the attack and data theft.
The Security Ledger quotes Norse Vice President Kurt Stammberger saying that Norse has identified a group of six individuals
New Clues In Sony Hack Point To Insiders, Away from DPRK
https://securityledger.com/2014/12/new-clues-in-sony-hack-point-to-insiders-away-from-dprk/
A strong counter-narrative to the official account of the hacking of Sony Pictures Entertainment has emerged in recent days, with the visage of the petulant North Korean dictator, Kim Jong Un, replaced by another, more familiar face: former Sony Pictures employees angry over their firing during a recent reorganization at the company.
Researchers from the security firm Norse allege that their investigation of the hack of Sony has uncovered evidence that leads, decisively, away from North Korea as the source of the attack. Instead, the company alleges that a group of six individuals is behind the hack, at least one a former Sony Pictures Entertainment employee who worked in a technical role and had extensive knowledge of the company’s network and operations.
If true, the allegations by Norse deal a serious blow to the government’s account of the incident, which placed the blame squarely on hackers affiliated with the government of the Democratic Peoples Republic of Korea, or DPRK.
Speaking to The Security Ledger, Kurt Stammberger, a Senior Vice President at Norse, said that his company identified six individuals with direct involvement in the hack, including two based in the U.S., one in Canada, one in Singapore and one in Thailand. The six include one former Sony employee, a ten-year veteran of the company who was laid off in May as part of a company-wide restructuring.
That HR data was the “golden nugget” in the investigation, revealing the details of a mass layoff at Sony in the Spring of 2014, including a spreadsheet identifying employees who were fired from Sony Pictures in the April-May time period.
After researching those individuals, Norse said it identified one former employee who he described as having a “very technical background.”
But the Norse account of the hack does answer some puzzling questions about the incident that are as yet unexplained, according to Mark Rasch, a former federal prosecutor and a principal at Rasch Technology and Cyberlaw. Among those questions: how hackers were able to obtain near-perfect knowledge of Sony Pictures’ network and, then, sneak terabytes of data off of the network without arousing notice.
“It has always been suspicious that it was North Korea,” Rasch said. “Not impossible – but doubtful…It made a lot more sense that it was insiders pretending to be North Korea.”
Rasch noted, as others have, that the attackers initially made no mention of the Sony Pictures film “The Interview” in communications with the company or the outside world.
Tomi Engdahl says:
Sony insider — not North Korea — likely involved in hack, experts say
December 30, 2014
http://www.latimes.com/entertainment/envelope/cotown/la-et-ct-sony-hack-inside-job-not-north-korea-20141231-story.html
Federal authorities insist that the North Korean government is behind the cyberattack on Sony Pictures Entertainment.
Cybersecurity experts? Many are not convinced.
From the time the hack became public Nov. 24, many of these experts have voiced their suspicions that a disgruntled Sony Pictures insider was involved.
Respected voices in the online security and anti-hacking community say the evidence presented publicly by the FBI is not enough to draw firm conclusions.
They argue that the connections between the Sony hack and the North Korean government amount to circumstantial evidence. Further, they say the level of the breach indicates an intimate knowledge of Sony’s computer systems that could have come from someone on the inside.
“We can’t find any indication that North Korea either ordered, masterminded or funded this attack,” Kurt Stammberger, a senior vice president at Norse, said in an interview with The Times.
President Obama this month said North Korea was behind the Sony attack and pledged a “proportional” response. North Korea’s Internet suffered outages in the days following the announcement. The U.S. hasn’t taken responsibility for the outages, but North Korea has blamed Obama.
But analysts said attribution in cyberattacks is difficult, and hackers are skilled in obfuscation and misdirection to avoid getting caught. Also, software-wiping technology used by the so-called Guardians of Peace group against Sony is widely available to hackers and can be easily purchased. Many were surprised that the FBI made its announcement so quickly.
“You don’t want to jump to conclusions in a cyberattack,” said Rob Sloan, head of cybercontent and data at Dow Jones. “Attributing attacks is really a non-scientific art.”
Even skeptics who doubt the attack was state-sponsored said the FBI may have more convincing evidence that it has chosen to keep secret.
Tomi Engdahl says:
New York Times:
Interviews with Sony employees show that the company was slow to realize the gravity and impact of hacking — Sony Hacking Attack, First a Nuisance, Swiftly Grew Into a Firestorm
Sony Cyberattack, First a Nuisance, Swiftly Grew Into a Firestorm
http://www.nytimes.com/2014/12/31/business/media/sony-attack-first-a-nuisance-swiftly-grew-into-a-firestorm-.html?_r=0
It was three days before Thanksgiving, the beginning of a quiet week for Sony Pictures.
The studio’s chief financial officer, David C. Hendler, was calling to tell his boss that Sony’s computer system had been compromised in a hacking of unknown proportions. To prevent further damage, technicians were debating whether to take Sony Pictures entirely offline.
Shortly after Mr. Lynton reached his office in the stately Thalberg building at Sony headquarters in Culver City, Calif., it became clear that the situation was much more dire. Some of the studio’s 7,000 employees, arriving at work, turned on their computers to find macabre images
Sony shut down all computer systems shortly thereafter, including those in overseas offices, leaving the company in the digital dark ages: no voice mail, no corporate email, no production systems.
A handful of old BlackBerrys, located in a storage room in the Thalberg basement, were given to executives. Staff members began to trade text messages using hastily arranged phone trees. Sony’s already lean technical staff began working around the clock, with some people sleeping in company offices that became littered with stale pizza. Administrators hauled out old machines that allowed them to cut physical payroll checks in lieu of electronic direct deposit.
Still, for days the episode was viewed inside Sony as little more than a colossal annoyance.
In fact, less than three weeks later Sony would be the focal point of a global firestorm over a growing digital attack on its corporate identity and data; its movie “The Interview,” about the fictional assassination of the North Korean leader Kim Jong-un; and its own handling of the ensuing crisis.
Interviews with over two dozen people involved in the episode suggest that Sony — slow to realize the depths of its peril — let its troubles deepen by mounting a public defense only after enormous damage had been done. The initial decision to treat the attack as largely an internal matter reflected Hollywood habit
Rising Sense of Urgency
By Dec. 1, a week after Sony discovered the breach, a sense of urgency and horror had penetrated the studio. More than a dozen F.B.I. investigators were setting up shop on the Culver City lot and in a separate Sony facility near the Los Angeles airport called Corporate Pointe, helping Sony deal with one of the worst cyberattacks ever on an American company.
Mountains of documents had been stolen, internal data centers had been wiped clean, and 75 percent of the servers had been destroyed.
Everything and anything had been taken. Contracts. Salary lists. Film budgets. Medical records. Social Security numbers. Personal emails. Five entire movies, including the yet-to-be-released “Annie.”
Later, it would become apparent through files stolen by the hackers and published online that Mr. Lynton and Ms. Pascal had been given an oblique warning.
As the F.B.I. stepped up its inquiry, the hackers — who still had made no explicit mention of “The Interview” — dropped the first in a series of data bundles that were to prove a feast for websites like Gawker and mainstream services like Bloomberg News for weeks.
And so was set a pattern. Every few days, hackers would dump a vast new group of documents onto anonymous posting sites.
The files seemed to fulfill every Hollywood gossip’s fantasy of what is said behind studio walls.
Sony technicians privately started fighting back by moving to disrupt access to the data dumps.
Shortly before 10 a.m. the next day, Dec. 16, the hackers made good on their promise of a “Christmas gift,” delivering thousands of Mr. Lynton’s emails to the posting sites.
“The world will be full of fear. Remember the 11th of September 2001.” The message specifically cited “The Interview” and its planned opening.
The studio would not cancel the film, but it would not quarrel with any theater that withdrew it because of security concerns.
“Sony basically punted,”
Sony dropped “The Interview” from its schedule
The reaction was swift and furious. Hollywood stars and free speech advocates sharply criticized the decision. On Friday, Dec. 19, President Obama used his final news briefing of the year to rebuke Sony for its handling of the North Korean threat: “We cannot have a dictator imposing censorship in the U.S.”
Sony’s Christmas Eve triumph in announcing an immediate online release of “The Interview” was more fragile than it looked.
In the end, the film may be seen by more viewers than if it had experienced an unimpeded, conventional release, particularly if, as studio executives suspect, those who paid for the film online were joined by friends and family. Sony said “The Interview” generated roughly $15 million in online sales and rentals during its first four days of availability.
Tomi Engdahl says:
Tal Kopan / Politico:
FBI says report that Sony hack was perpetrated by a disgruntled Sony employee and piracy group hackers is “inaccurate” and based on “narrow view”
U.S.: No alternate leads in Sony hack
http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory-113866.html
A briefing for FBI agents investigating the Sony Pictures hack by a security firm that says its research points to laid-off Sony staff, not North Korea, as the perpetrator provided no usable new evidence, an official said Tuesday.
Tomi Engdahl says:
Jana Winter / The Intercept:
FBI bulletin says hackers who attacked Sony have threatened an unnamed news organization
Sony Hackers Threaten U.S. News Media Organization
https://firstlook.org/theintercept/2014/12/31/sony-hackers-threaten-u-s-news-media-organization/
The hackers who infiltrated Sony Pictures Entertainment’s computer servers have threatened to attack an American news media organization, according to an FBI bulletin obtained by The Intercept.
The threat against the unnamed news organization by the Guardians of Peace, the hacker group that has claimed credit for the Sony attack, “may extend to other such organizations in the near future,” according to a Joint Intelligence Bulletin of the FBI and the Department of Homeland Security obtained by The Intercept.
Tomi Engdahl says:
You should have a very hard time believing that Anonymous hacked North Korea
http://www.vox.com/2014/12/23/7440493/north-korea-anonymous-hack
Members of Anonymous, the informal hacking collective known for striking targets from MasterCard to the Vatican, are claiming or suggesting that they are responsible for taking down North Korea’s internet. They’re calling the attack #OpRIPNK, in keeping with Anonymous’ naming convention for large-scale attacks.
Bullshit. There is no way that Anonymous pulled off this scale of an attack on North Korea.
First of all, US officials are strongly hinting that they had something to do with the cyberattack, which came just days after President Obama promised a “proportional response” to the Sony hack. “I guess accidents can happen,” one official told the New York Times.
Second, and more importantly, Anonymous has tried twice previously to hack North Korea. Both times were spectacular failures. That should make you very skeptical about the group’s claim to have suddenly and quietly accomplished what it could not even begin to do before.
Anybody can take North Korea offline
http://blog.erratasec.com/2015/01/anybody-can-take-north-korea-offline.html#.VKaCtXt3B-u
A couple days after the FBI blamed the Sony hack on North Korea, that country went offline. Many suspected the U.S. government, but the reality is that anybody can do it — even you
That’s laughably wrong, overestimating the scale of North Korea’s Internet connection, and underestimating the scale of Anonymous’s capabilities.
North Korea has a roughly ~10-gbps link to the Internet for it’s IP addresses. That’s only about ten times what Google fiber provides. In other words, 10 American households can have as much bandwidth as the entire country. Anonymous’s capabilities exceed this, scaling past 1-terabit/second, or a hundred times more than needed to take down North Korea.
Attacks are made easier due to amplifiers on the Internet, which can increase the level of traffic by about 100 times. Thus, in order to overload a 10-gbps link of your target, you only need a 100-mbps link yourself. This is well within the capabilities of a single person.
Such attacks are difficult to do from your home, because your network connection is asymmetric.
You’ll probably need to use web host services that sell high upload speed. You can cheaply get a 100-mbps or even 1-gbps upload connection for about $30 per month in bitcoin.
You need some familiarity with command-line tools. In this age of iPads, the command-line seems like Dark Magic to some people, but it’s something all computer geeks use regularly.
For this attack to work, you’ll need a list of amplifiers. You can find these lists in hacker forums, or you can just find the amplifiers yourself using masscan (after all, that’s what port scanners are supposed to do).
What’s actually astonishing is that since millions of people can so easily DDoS North Korea why it doesn’t happen more often.
Tomi Engdahl says:
The GoP pastebin hoax
http://blog.erratasec.com/2015/01/the-gop-pastebin-hoax.html#.VKaEIXt3B-s
Neither the FBI nor the press is terribly honest or competent when discussing “hackers”. That’s demonstrated by yesterday’s “terrorists threaten CNN” story.
Of course, this admission of a hoax could itself be a hoax, but it’s more convincing than the original Pastebin. It demonstrates we have no reason to believe the original pastebin.
In the hacker underground, including pastebin, words get thrown around a lot. There was nothing in the pastebin that deserved the FBI’s attention, not even the extremely lukewarm warning it gave.
Tomi Engdahl says:
Dear Leader’s Lesson in Confirmation Bias
http://blog.erratasec.com/2014/12/dear-leaders-lesson-in-confirmation-bias.html#.VKaFbnt3B-s
Brian Krebs has a blogpost citing those who claim evidence of North Korea involvement in the massive Sony hack. He uses as an example the similarities between the Sony defacement and a South Korean defacement that was attributed to the North Koreans.
There are certainly some similarities, such as the “we have all your data” message. But that’s easily explained by the fact that the South Korean hack was widely popularized in the media, so it’s easy to see how they would take this as inspiration. Or, it’s just simply that if the goal of your hack is to steal data and extort the victim, this is pretty much always going to be how your phrase it.
At the same time, there are many dissimilar items.
This is an example of something called confirmation bias, a well known logical fallacy. Once you’ve decide on the conclusion (“North Korea hackers”), your perception of the evidence changes. Everything you see starts to confirm your conclusion. This is especially true when you are ignorant of the larger perspective. To those of us with perspective, we don’t see the evidence that you believe in.
Tomi Engdahl says:
The FBI’s North Korea evidence is nonsense
http://blog.erratasec.com/2014/12/the-fbis-north-korea-evidence-is.html#.VKaGInt3B-s
The FBI has posted a press release describing why they think it’s North Korea. While there may be more things we don’t know, on its face it’s complete nonsense. It sounds like they’ve decided on a conclusion and are trying to make the evidence fit. They don’t use straight forward language, but confusing weasel words, like saying “North Korea actors” instead of simply “North Korea”. They don’t give details.
The reason it’s nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it’s own malware from scratch.
Update on Sony Investigation
http://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation
Tomi Engdahl says:
Josh Lederman / Associated Press:
US sanctions North Korean intelligence agency, an arms dealer, and 10 individuals working for the government over Sony cyberattacks
US sanctions North Korea over Sony cyberattack
http://hosted.ap.org/dynamic/stories/U/US_UNITED_STATES_NKOREA_?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2015-01-02-14-00-58
The U.S. is imposing sanctions on North Korea in retaliation for the cyberattack against Sony Pictures Entertainment.
President Barack Obama signed an executive order on Friday authorizing the sanctions.
Tomi Engdahl says:
Kashmir Hill / Fusion:
FBI talks with Tennessee man who copied style of Sony hackers’ Pastebin posts and then mocked CNN
The FBI thought this Tennessee prankster was a Sony Pictures hacker
http://fusion.net/story/36532/the-fbi-thought-this-tennessee-prankster-was-a-sony-pictures-hacker/
After an ill-advised prank, David Garrett Jr. spent an hour on New Year’s Day at an FBI bureau in Tennessee explaining that he was not a North Korea sympathizer and was not involved in any way in hacking Sony Pictures.
A week earlier, the 30-year-old Knoxville, Tennessee man had authored a post on Pastebin that claimed to be a message from the GOP, the group that hacked Sony Pictures; in it, he mocked CNN’s reporting on the hack and demanded the network hand over “the Wolf,” a.k.a. anchor Wolf Blitzer. He thought the message was obviously satirical, an almost word-for-word copy of a message posted earlier that day mocking the FBI, that CNN had reported as coming from the Sony Pictures hackers.
“I don’t think it’s a good idea to point the finger at a crazy ass country without firm proof,” said Garrett.
Garrett says he feels he “made his point” with the Pastebin post and that it was “stupid” if the government took it seriously enough to include it in the bulletin. Garrett said the agents had pulled digital records related to the post and knew the name he had on the Windows machine from which he’d done the posting. “I wasn’t trying to hide anything. I was just joking,” he said. “I always assume the government knows everything you do on the computer.”
He says the FBI didn’t seem interested in pursuing any charges against him. He’s lucky
Tomi Engdahl says:
US places sanctions on North Korea for hacking Sony
The ‘first aspect’ of US government’s response was carried out today
January 2, 2015
http://www.theverge.com/2015/1/2/7482105/us-hits-north-korea-with-sanctions-over-sony-pictures-hack
In what’s described as the “first” response to the cyberattack against Sony Pictures Entertainment, the Obama administration today announced new sanctions against North Korea. These sanctions are separate from those already imposed against Pyongyang over the country’s nuclear program and come in response to “recent provocations,” the US Treasury Department said in a press release. President Obama signed an executive order authorizing the sanctions earlier today.
“This step reflects the ongoing commitment of the United States to hold North Korea accountable for its destabilizing, destructive and repressive actions, particularly its efforts to undermine US cyber-security and intimidate US businesses and artists exercising their right of freedom of speech,” the Treasury said.
The sanctions target three North Korean entities, including the government’s primary intelligence agency and a local arms dealer.
“Today’s actions are driven by our commitment to hold North Korea accountable for its destructive and destabilizing conduct,”
Tomi Engdahl says:
Brian Stelter / CNNMoney.com:
The Interview ranks as Sony’s top online film after streaming revenues reach $31M
‘The Interview’ rakes in $31 million
http://money.cnn.com/2015/01/06/media/sony-the-interview/
Weeks after canceling and then un-canceling “The Interview,” Sony Pictures is taking a victory lap.
The controversial Seth Rogen comedy has been rented or purchased a total of 4.3 million times since its online release on Christmas Eve, Sony (SNE) said Tuesday.
“The Interview is Sony Pictures’ #1 online film of all time,” the studio said in a press release.
To date, the movie has earned about $5 million offline in a relatively limited release at independently owned movie theaters across the country.
Big theater chains like AMC and Regal gave the movie the cold shoulder after Sony — defying threats from hackers — decided to mount a unique simultaneous release of the movie on the Internet and in theaters.
“The Interview” was initially available through YouTube, Googl (GOOG)Play, Microsoft’ X (MSFT, Tech30)box video store and a dedicated web site. Last week it expanded to a number of other outlets, including cable video on demand systems, Amazo In (AMZN, Tech30)stant Video, and the PlayStation Network.
Tomi Engdahl says:
Andy Greenberg / Wired:
FBI Director: Sony’s ‘Sloppy’ North Korean Hackers Revealed Their IP Addresses
http://www.wired.com/2015/01/fbi-director-says-north-korean-hackers-sometimes-failed-use-proxies-sony-hack/
Speaking at a Fordham Law School cybersecurity conference Wednesday, Comey said that he has “very high confidence” in the FBI’s attribution of the attack to North Korea. And he named several of the sources of his evidence, including a “behavioral analysis unit” of FBI experts trained to psychologically analyze foes based on their writings and actions. He also said that the FBI compared the Sony attack with their own “red team” simulations to determine how the attack could have occurred. And perhaps most importantly, Comey now says that the hackers in the attack failed on multiple occasions to use the proxy servers that bounce their Internet connection through an obfuscating computer somewhere else in the world, revealing IP addresses that tied them to North Koreans.
Tomi Engdahl says:
How the FBI traced ‘sloppy’ Sony hackers
http://www.wired.co.uk/news/archive/2015-01/08/fbi-director-north-korean-hackers
The Obama administration has been tightlipped about its controversial naming of the North Korean government as the definitive source of the hack that eviscerated Sony Pictures Entertainment late last year. But FBI director James Comey is standing by the bureau’s conclusion, and has offered up a few tiny breadcrumbs of the evidence that led to it. Those crumbs include the claim that Sony hackers sometimes failed to use the proxy servers that masked the origin of their attack, revealing IP addresses that the FBI says were used exclusively by North Korea.
“In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy,” Comey said. “Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using…were exclusively used by the North Koreans.”
“They shut it off very quickly once they saw the mistake,” he added. “But not before we saw where it was coming from.”
Comey’s brief and cryptic remarks — with no opportunity for followup questions from reporters — respond to skepticism and calls for more evidence from cyber-security experts unsatisfied with the FBI’s vague statements tying the hack to North Korean government.
Following those elliptical statements, the cyber-security community demanded more information be released to prove North Korea’s involvement.
Comey also hinted that the intelligence community, seemingly including the NSA, agreed with the FBI’s analysis. “There is not much in this life that I have high confidence about,” he said. “I have very high confidence in this attribution, as does the entire intelligence community.”
That pseudo-explanation will likely do little to quell the security community’s doubts.
Tomi Engdahl says:
North Korea won big in Sony hack, says researcher
http://www.wired.co.uk/news/archive/2014-12/23/north-korea-and-cyberterrorists-sony-hack
It looks like the great cyber-war with North Korea has begun, at least by proxy. The entirety of North Korea was knocked off-line today by a distributed denial of service attack — not a difficult feat, considering that all of North Korea is connected to the global Internet by a single connection. And while Americans are undoubtedly carrying out the attacks, it’s doubtful that they are taking direction from the government at this point (unless you think Anonymous and Lizard Squad are directed by the National Security Agency).
It’s an interesting dichotomy, because the evidence presented thus far by the US government that North Korea is indeed responsible for the attack is extremely weak. None of the Internet Protocol addresses embedded in the malware used in the attack were in North Korea, and most of them were exploited systems that could have been (and probably were) used by any number of cyber-criminals and black hat hackers. All of the IP addresses were clearly acting as proxy servers, and some were used for spam and malware distribution.
Only the similarity to other attacks that were apparently launched by North Korea, the apparent motive, and Occam’s Razor suggest that the Guardians of Peace were in the employ of the Democratic People’s Republic of Korea, rather than some random group of laid-off employees or supporters of Kim Dotcom. But if what was done to Sony Pictures Entertainment was in fact North Korean directed cyber-terrorism, it was extremely effective.
“By doing this, they’ve already won,” said Steve Sin, senior researcher at the National Consortium for the Study of Terrorism and Responses to Terrorism (START), a research centre based at the University of Maryland, in an interview with Ars. “By a terrorist doing something, and us responding to it, the terrorist has already won.”
Tomi Engdahl says:
Matthew Zeitlin / BuzzFeed:
In October, bankers proposed spinning out Sony Pictures for a merger with AMC Networks, hacked emails show
http://mediagazer.com/#a150111p1
Tomi Engdahl says:
The Importance of Deleting Old Stuff
http://it.slashdot.org/story/15/01/13/0548233/the-importance-of-deleting-old-stuff
Bruce Schneier has codified another lesson from the Sony Pictures hack: companies should know what data they can safely delete. He says, “One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. … Everything is now digital, and storage is cheap — why not save it all?
Sony illustrates the reason why not. The hackers published old e-mails from company executives that caused enormous public embarrassment to the company.
Schneier recommends organizations immediately prepare a retention/deletion policy so in the likely event their security is breached, they can at least reduce the amount of harm done.
http://arstechnica.com/security/2015/01/the-importance-of-deleting-old-stuff-another-lesson-from-the-sony-attack/
Tomi Engdahl says:
Hollywood vs hackers: Vulture cracks Tinseltown keyboard cornballs
Cracking code was never like Blackhat in my day
http://www.theregister.co.uk/2015/01/15/hollywoods_vs_the_hacker_keyboard_crack_cornballs_fresh_from_tinseltown/
A lot of exciting things are happening online right now. Eye-boggling blocks of code are presently being distilled into art, pornography and weapons of war, and making that distillation look exciting on film would be a challenge for film-makers who thoroughly understood the world of IT.
And, if we’ve learned anything from the recent Sony Studios debacle, and a dozen other Hollywood data haemorrhages, it’s that movie people are as blithely, blissfully uninformed about computers as government ministers, captains of industry, and your nan.
This is probably why most films that feature “hackers” involve an awful lot of very loud, very fast, typing.
Tomi Engdahl says:
New York Times:
N.S.A. Tapped Into North Korean Networks Before Sony Attack, Officials Say — WASHINGTON — The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled …
N.S.A. Tapped Into North Korean Networks Before Sony Attack, Officials Say
http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html
The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth.
Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.
A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people.
The evidence gathered by the “early warning radar” of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts
Mr. Obama’s decision to accuse North Korea of ordering the largest destructive attack against an American target — and to promise retaliation, which has begun in the form of new economic sanctions — was highly unusual: The United States had never explicitly charged another government with mounting a cyberattack on American targets.
“Attributing where attacks come from is incredibly difficult and slow,”
“The speed and certainty with which the United States made its determinations about North Korea told you that something was different here — that they had some kind of inside view.”
For about a decade, the United States has implanted “beacons,” which can map a computer network, along with surveillance software and occasionally even destructive malware in the computer systems of foreign adversaries. The government spends billions of dollars on the technology
The extensive American penetration of the North Korean system also raises questions about why the United States was not able to alert Sony as the attacks took shape last fall, even though the North had warned, as early as June, that the release of the movie “The Interview,” a crude comedy about a C.I.A. plot to assassinate the North’s leader, would be “an act of war.”
But those attacks did not look unusual.
In recent weeks, investigators have concluded that the hackers spent more than two months, from mid-September to mid-November, mapping Sony’s computer systems, identifying critical files and planning how to destroy computers and servers.
“They were incredibly careful, and patient,”
American intelligence agencies “couldn’t really understand the severity” of the destruction that was coming
The skeptics say, however, that it would not be that difficult for hackers who wanted to appear to be North Korean to fake their whereabouts. Mr. Comey said there was other evidence he could not discuss.
http://www.spiegel.de/media/media-35679.pdf
Tomi Engdahl says:
Just WHY is the FBI so sure North Korea hacked Sony? NSA: *BLUSH*
DOH! Clapper smacker for crapper tapper
http://www.theregister.co.uk/2015/01/19/nsa_saw_sony_hack/
For those still wondering why US President Barack Obama and the FBI have so confidently blamed North Korea for the Sony Pictures hack, it’s apparently because the NSA compromised the secretive country’s computer network years before – giving American intelligence a front-row seat for subsequent shenanigans.
The New York Times reports that the penetration (PDF) was accomplished in 2010, years before the hack of Sony Pictures, and initially with the assistance of South Korea.
FBI Director James Comey went on the record earlier this month to say that one key piece of evidence implicating North Korea was that IP [Internet protocol] addresses used to post and to send the emails by the Guardian of Peace connected with the attack were coming from IPs that were exclusively used by the North Koreans. Comey told delegates at a cyber conference at Fordham University on 7 January that the North Koreans had erred by being “sloppy” in disguising the source of the attack.
General James Clapper, director of the NSA, backed the attribution of the Sony attack to North Korea at the same conference without revealing the NSA’s apparent role.
http://www.spiegel.de/media/media-35679.pdf
Comment
Quite why the Feds are going to such lengths to convince the doubting infosec community, drawing attention to a program to wiretap a hostile country’s internet infrastructure, is a puzzle. Perhaps the program had been uncovered. If not, why is the US intel community disclosing source and methods just to bolster the credibility of its explanation for the Sony hack?
Tomi Engdahl says:
Sony blames N Korea Interview cyber strike for delayed Q3 report
Offline finance and accounting systems not back until mid-Feb
http://www.theregister.co.uk/2015/01/23/sony_hack_delays_reporting/
Sony wants to delay its third-quarter financial results and has blamed North Korea’s crippling cyber attack on Sony Pictures Entertainment’s business systems.
The media giant has asked Japan’s Financial Services Agency to extend its deadline by a month so it can compile the period’s results.
Sony needs the extension so its film unit can enter two months’ worth of trading data into financial systems taken offline in response to last November’s breach.
Sony Pictures Entertainment shut down its internal networks to contain the attack, taking essential financial and accounting applications offline.
Sony on Friday said most of those applications would not be functional again until “early” February.
This was “due to the amount of destruction and disruption that occurred, and the care necessary to avoid further damage by prematurely restarting functions.”
Sony won’t be able to complete the restart, data entry and verification and review by accountants in time for the current deadline of 16 February.
Sony has offered its employees 12 months of free identity protection services.
Tomi Engdahl says:
News
The confused bystander’s guide to the Sony Pictures hack
http://fusion.net/story/33440/the-confused-bystanders-guide-to-the-sony-pictures-hack/
Tomi Engdahl says:
Ryan Faughnder / Los Angeles Times:
Sony says studio hack cost it $15 million in fiscal third quarter
http://www.latimes.com/entertainment/envelope/cotown/la-et-ct-sony-hack-cost-20150204-story.html
Sony Corp. said it has spent as estimated $15 million investigating and recovering from the massive cyberattack that crippled its movie and TV studio.
Since November, Sony Pictures Entertainment has been working to repair the damage caused by a group calling itself Guardians of Peace in an assault that the U.S. government has blamed on North Korea.
The Tokyo-based electronics giant disclosed the $15 million in “investigation and remediation costs” as part of its Wednesday earnings forecast for its fiscal third quarter, which ended Dec. 31.
Analysts had said the costs to the company from the hacking attack could end up totaling tens of millions of dollars. However, Sony executives in Japan told reporters that the company doesn’t expect a significant loss as a result of the assault.
To be sure, the damage to the studio is not limited to the costs of finding the hackers and repairing the damage. The cyberattack resulted in troves of sensitive data leaking onto the Internet, including some embarrassing emails between executives and thousands of Social Security numbers belonging to people connected to the company.
In addition, multiple new and unreleased movies were leaked online in the wake of the hack.
Revenue for Sony Pictures was $1.6 billion in the quarter, down 23% from the same period of time a year ago, thanks partly to lower box-office totals and home entertainment sales of its films. Its profit dropped to $20 million year-over-year, due to the lower motion picture and television revenue and the costs from the hack.
“The Interview,” which cost about $44 million to make, had taken in $40 million from Internet and other video on-demand outlets as of Jan. 20. In theaters, it grossed a little more than $6 million.
Tomi Engdahl says:
Thomas Fox-Brewster / Forbes:
Russian Hackers Are Selling Access To Sony Pictures Network, Claims US Security Firm
Forget North Korea – Russian Hackers Are Selling Access To Sony Pictures, Claims US Security Firm
http://www.forbes.com/sites/thomasbrewster/2015/02/04/russians-hacked-sony-too-claims-us-firm/
Sony Pictures might have another cyber disaster on its hands. Or the same hackers could still be silently leaking information from the film studio’s servers. That’s what US security firm Taia Global has suggested, making a bold claim in an already heated debate around the November atttacks.
The firm claimed it has evidence Russian hackers have been silently siphoning off information from Sony’s network for the last few months and may even be the ones responsible for the catastrophic attacks in November, which the US blamed on North Korea. The Russians may have just been working unwittingly alongside the Guardians of Peace hackers
Though the data was passed to the company via a Ukraine-based hacker, Jeffrey Carr, CEO of Taia, told Forbes he was “100 per cent certain” the information was legitimate and that it’s highly likely the Russians are still on the Sony network.
Analysis by Taia staff indicated the spreadsheets were not in the original dumps by the so-called Guardians of Peace (GOP), whilst the two most recent emails acquired by Carr were dated 14 January and 24 January, the CEO said.
Yama Tough told Carr a Russian hacker who carried out “occasional contract work for Russia’s Federal Security Service” was responsible and was now selling access to Sony’s network. “This is all they do, they break into networks and they steal data. And they do it for multiple companies and they never leave the network… It is an ongoing breach,” Carr said.
The findings throw further doubt on US claims that North Korea was the sole party responsible for taking control of Sony’s systems, shutting them down and leaking gigabytes of data. But Taia’s report indicated that Sony might have just been compromised by two or more groups at the same time. Given the poor state of security at Sony Pictures, as revealed by the leaks, it would come as little surprise if more than one hacker group had breached the company. Indeed, the leaked files from last year showed how Sony had been successfully breached on at least three occasions in 2014.
Tomi Engdahl says:
Tatiana Siegel / Hollywood Reporter:
In wake of hack, Sony Pictures Co-Chairman Amy Pascal to step down
Amy Pascal to Step Down From Top Sony Post
http://www.hollywoodreporter.com/news/amy-pascal-step-down-top-755789
Amid the fallout of the Sony hacking crisis, Amy Pascal will step down from her post as co-chairman of Sony Pictures Entertainment.
The move has been widely expected ever since the studio became engulfed in scandal following one of the worst cyberattacks in corporate history — and certainly the most embarrassing hit ever taken by a major Hollywood institution in the digital age.
Pascal became the obvious target for housecleaning once President Obama fingered the North Korean government as being behind the hack. She alone was responsible for green-lighting the comedy The Interview, which is believed to have sparked the wrath of North Korea.
As often is the case with ousted studio heads, Pascal will launch a major new production venture at the studio.
In the two-plus months since Sony first noticed that its servers had been breached by an unknown group dubbing itself Guardians of Peace, the studio watched powerlessly as huge swaths of its most sensitive documents and correspondence were leaked on the Internet. Among the most damaging were the personal information and Social Security numbers of some 47,000 past and present staffers as well as film budgets, profitability figures and thousands of emails sent to and from Pascal.
But even before the crippling hack, Pascal’s grip had begun to weaken as the studio weathered one of the worst years for any major in 2013 with a string of expensive flops
Tomi Engdahl says:
US creates new surveillance agency in response to Sony hack
Hatches being battened down all over
http://www.theinquirer.net/inquirer/news/2394852/us-creates-new-surveillance-agency-in-response-to-sony-hack
THE UNITED STATES IS adding another security agency to the global roster, introducing it as a reaction or solution to incidents like the hack on Sony.
The Sony incident rather made a mockery of US-based businesses and their security, and showed just how little is actually achieved by communications hauling and inspection, and how infrequently serious things are nipped in the bud.
The Cyber Threat Intelligence Integration Centre (CTIIC) will put an end to this, apparently, and will work in ways that have eluded its peers. A ‘war room’ at its centre – think Dr Strangelove – will coordinate action and response.
Lisa Monaco, president Obama’s homeland security and counterterrorism adviser, revealed the agency during a think tank meeting in Washington.
“Currently, no single government entity is responsible for producing coordinated cyber threat assessments. This is filling a critical gap,” she said.
The launch follows high-profile breaches at organisations including Sony and Target in which huge numbers of people were exposed and a couple of high level jobs were lost.
The CTIIC has been welcomed by some in the industry, including Mike Lloyd, chief technology officer at security analysts RedSeal.
“The idea of a cyber intelligence hub is a good and timely one. Modern cyber security still has a lot to learn from traditional military strategists, including the central role of a ‘war room’ – a single location where complex flows of data about the fight can be centralised, filtered, compared, mapped out and acted on,”
Tomi Engdahl says:
WikiLeaks releases a searchable archive of hacked Sony Pictures emails and documents
http://thenextweb.com/insider/2015/04/16/wikileaks-sony-hack/
WikiLeaks today released “The Sony Archives,” a searchable online database that the organization claims contains the 173,132 emails and 30,287 documents that were stolen as part of the 2014 Sony Pictures hack.
According to WikiLeaks, the archive details email exchanges between the company and the White House, with “almost 100 US government email addresses” in the database.
“This archive shows the inner workings of an influential multinational corporation,” WikiLeaks editor-in-chief Julian Assange said in the press release. “It is newsworthy and at the centre of a geo-political conflict. It belongs in the public domain. WikiLeaks will ensure it stays there.”
Following the hack in 2014, the White House named North Korea as the attacker behind the hacks in retaliation for the release of the film “The Interview,” in which the main characters plot to kill Kim Jong-un.
Many of the leaked documents also made headlines last year when they disclosed the titles and scripts of upcoming movies from Sony Pictures
Tomi Engdahl says:
Michael Cieply / New York Times:
Sony again warns news media against using stolen emails, citing copyright and computer fraud laws
Sony Studio Renews Warning After WikiLeaks Posts Stolen Data
http://www.nytimes.com/2015/04/18/business/media/sony-studio-renews-warning-after-wikileaks-posts-stolen-data.html
LOS ANGELES — David Boies, a lawyer for Sony Pictures Entertainment, began warning news media outlets on Friday that WikiLeaks’s posting of emails and documents stolen from Sony does not, in the media giant’s view, make them fair game.
“WikiLeaks is incorrect that this Stolen Information belongs in the public domain, and it is, in many jurisdictions, unlawful to place it there or otherwise access or distribute it,” Mr. Boies wrote in a letter that was prepared for distribution to outlets that post or publish the material.
Tomi Engdahl says:
Hacked Sony emails reveal that Sony had pirated books about hacking
http://www.dailydot.com/politics/sony-pirated-book-pdf/
Sony doesn’t like pirates—except, perhaps, when Sony feels like pirating.
Hacked Sony Pictures Entertainment emails, published in full on Thursday by WikiLeaks, reveal that Sony had pirated ebooks on its servers. This is particularly notable because Sony has engaged in aggressive and even illegal anti-piracy actions in the past.
Here’s another dose of irony for you: The books are educational tomes about hacking, exactly the subject that Sony would now like to be thoroughly educated in since last year’s hacks put all this information into the public sphere.
Meanwhile, Sony was thinking of new ways to combat piracy including, the leaked emails reveal, putting out fake torrents on sites like Pirate Bay as part of their anti-piracy strategy.
The idea was nixed.
Later on, another Sony executive vice president, Amiee Wolfson, celebrated the arrest of a Pirate Bay founder as a “huge win” though she worried if hackers would retaliate.
Tomi Engdahl says:
Nork hackers no pantomime villains, but a hugely unpredictable menace
Modest resources but still able to launch a debilitating attack
http://www.theregister.co.uk/2015/04/21/north_korea_hacker_sony_analysis_rsa/
North Korea’s cyber attack on Sony Pictures revealed two uncomfortable truths about cybersecurity: businesses don’t have to be an obvious target to get hacked, and their aggressors don’t have to be superpowers.
Despite the US government’s insistence, the tech world is less than completely convinced that North Korea was behind last November’s Sony megahack, which saw thousands of computers on the entertainment giant’s network scribed with wiper malware, as well as the theft and subsequent release of all manner of confidential information, ranging from corporate emails and employee data to unreleased films.
A group of hackers named Guardians of Peace claimed responsibility for the megahack.
The (main) alternative theory — backed by most IT security experts up until fairly recently — is that disgruntled ex-employees, possibly in co-operation with hacktivists types, are the most likely culprits1.
“Sloppy” North Korean Sony attackers let their real IP addresses slip on occasion, according to the Feds.
Infosec pros characterised that particular strain of evidence as flimsy and circumstantial. IP addresses are, after all, easily fake or spoofed.
Politically motivated hacking isn’t new, and the Sony hack is sadly far from unprecedented. Anonymous did something similar to the internet security company HBGary Federal, exposing corporate secrets and internal emails, back in 2011.
The Sony hack does however differ from previous assaults as it has become the first to create a diplomatic row, leading directly to the imposition of tougher sanctions against North Korea and an unconfirmed reprisal cyber attack against North Korea’s internet on-ramp and flimsy internet infrastructure.
Politically motivated hacking isn’t new, and the Sony hack is sadly far from unprecedented. Anonymous did something similar to the internet security company HBGary Federal, exposing corporate secrets and internal emails, back in 2011.
North Korea has had extensive offensive cyber capabilities for years, as covered by Voice of America (here), Al Jazeera (here), and news.com (here). And it has extensive support from China, its primary (if not only) ally on the world stage.
Reuters reports that North Korea has poured the country’s scant resources into creating a cyber warfare cell called Bureau 121, made up of a “handpicked and pampered elite” of computer science majors around 1,800 strong.
Nation state V US company
“We routinely see attacks of 10-20Gbps against our commercial clients, with those of 100Gbps no longer uncommon,” said Ofer Gayer, a security researcher at DDoS mitigation firm Incapsula. “Even if North Korea had ten times its publicly reported bandwidth, bringing down its connection to the net would not be difficult from a resource or technical standpoint.”
Attribution of the Sony Pictures hack to North Korea may have taken the general public by surprise but security intelligence firms have been tracking the mendacious actives of the North Koreans for some time.
For example, South Korea banking and TV station networks were hit by wiper malware in March 2013 during the so-called Dark Seoul attacks.
Adam Meyers, CrowdStrike’s VP of intelligence, told El Reg that while Russian attacks employed sophisticated trade-craft, Chinese attacks were of a far greater volume. “Chinese attacks are like a giant vacuum cleaner” for confidential data, according to Meyers. The security intelligence expert added that slinging computer wiper malware is a standard modus-operandi for North Korean cyber operations.
CrowdStrike is confident that North Korea attacked Sony Pictures
Security response firm Mandiant, which was called in to help Sony Pictures in the aftermath of the breach, said that “neither [Sony] nor other companies could have been fully prepared”.
“Sony was not an attack on our critical infrastructure,” Sorebo writes in a blog post. “While Sony will suffer, neither our infrastructure nor our economy will feel any noticeable impact. What the attack does demonstrate is the lengths that a rogue state or terrorist group will go to achieve a seemingly limited aim, to stop the release of a movie.”
Tomi Engdahl says:
Sony Hack Was Not an Inside Job, Says Security Expert Kevin Mandia
http://recode.net/2015/04/21/sony-hack-was-not-an-inside-job-says-security-expert-kevin-mandia/
Last year’s Sony hack was clearly the work of North Korea and not that of a disgruntled insider, according to FireEye president Kevin Mandia.
“Definitely not an insider,” Mandia said at Code/Enterprise in San Francisco. “Nope.”
While he said it is governments, not security firms, that are in the best position to assign blame, Mandia said the Sony hack was clearly the work of a government. Mandia noted that this was the first time a U.S. president publicly blamed another country for a cyber attack.
Over the course of several weeks as details in last year’s Sony hack emerged, critics questioned whether it was possible for North Korea to carry out the attack as the FBI has alleged.
FireEye’s Mandiant incident response unit was called in to help the company investigate the attack and begin the process of recovering. Mandia likened it to his aunt being attacked by a UFC fighter. “It was an unfair fight.”
He said the Sony attack represented a combination of factors not seen all at once in prior attacks. He said you had a government attacking a private sector company, releasing private information and then “blowing up the house” on the way out.
That was a wake-up call to all companies. “Everyone in this room recognizes the risk profile just changed.”
Tomi Engdahl says:
Hacked Sony emails reveal that Sony had pirated books about hacking
http://www.dailydot.com/politics/sony-pirated-book-pdf/
Sony doesn’t like pirates—except, perhaps, when Sony feels like pirating.
Hacked Sony Pictures Entertainment emails, published in full on Thursday by WikiLeaks, reveal that Sony had pirated ebooks on its servers. This is particularly notable because Sony has engaged in aggressive and even illegal anti-piracy actions in the past.
ADVERTISEMENT
ADVERTISING
Here’s another dose of irony for you: The books are educational tomes about hacking, exactly the subject that Sony would now like to be thoroughly educated in since last year’s hacks put all this information into the public sphere
Sony doesn’t like pirates—except, perhaps, when Sony feels like pirating.
Hacked Sony Pictures Entertainment emails, published in full on Thursday by WikiLeaks, reveal that Sony had pirated ebooks on its servers. This is particularly notable because Sony has engaged in aggressive and even illegal anti-piracy actions in the past.
Here’s another dose of irony for you: The books are educational tomes about hacking, exactly the subject that Sony would now like to be thoroughly educated in since last year’s hacks put all this information into the public sphere.
Author Jeffrey Carr’s Inside Cyber Warfare is a classic of the information-security genre that’s been widely read and widely copied. Some of those readers and copiers work within Sony, it was revealed yesterday when WikiLeaks published their searchable version of the Sony archives. Both the PDF and TXT files are available.
Meanwhile, Sony was thinking of new ways to combat piracy including, the leaked emails reveal, putting out fake torrents on sites like Pirate Bay as part of their anti-piracy strategy.
The torrents would be disguised as Sony television shows, in this case Hannibal, but would actually be 60-second public service announcements urging users to watch the show legally.
The idea was nixed.
Tomi Engdahl says:
Dawn Chmielewski / Re/code:
WikiLeaks publishes a cache of 276,394 Sony Pictures documents after releasing 30K in April — WikiLeaks Drops More Sony Documents — Reverberations from a devastating cyber attack continue to rattle Sony Pictures Entertainment. — WikiLeaks has published a second giant cache of documents …
WikiLeaks Drops More Sony Documents
http://recode.net/2015/06/18/wikileaks-drops-more-sony-documents/
Reverberations from a devastating cyber attack continue to rattle Sony Pictures Entertainment.
WikiLeaks has published a second giant cache of documents — 276,394 in all — that it claims hackers stole from the studio in one of the most devastating corporate computer breaches in history.
This latest data dump purports to contain sensitive legal documents, including some tied to an alleged bribery investigation, WikiLeaks claimed on Twitter. This spring,WikiLeaks released some 30,000 stolen emails and documents, claiming the disclosure shed rare insight into the guts of a huge company.
Tomi Engdahl says:
Peter Elkind / Fortune:
Instead of hardening security defenses, Sony Pictures focused on offending North Koreans less, and was more afraid of security costs than risks
Inside the Sony Hack
A cyber-invasion brought Sony Pictures to its knees and terrified corporate America. The story of what really happened—and why Sony should have seen it coming. A special three-part investigation.
Part 1: Who was manning the ramparts at Sony Pictures?
http://fortune.com/sony-hack-part-1/
Part 2: The storm builds
http://fortune.com/sony-hack-part-two/
Tomi Engdahl says:
Sony hack nears end credits as firm reaches settlement with ex-employees
Fall out from The Interview hack continues to rain down
http://www.theinquirer.net/inquirer/news/2424379/sony-hack-nears-end-credits-as-firm-reaches-settlement-with-ex-employees
SONY IS STILL feeling the effects of the possible North Korean hack on its film business, but is close to ending at least one part of the problem: the settlement of a lawsuit filed by some of the firm’s affected employees.
The hack on Sony stripped it of data and dignity and plunged all elements of its business into the spotlight. There are a lot of ramifications to deal with. One of these, a lawsuit raised by employees who had their data breached and posted online, could be coming to a conclusion.
The class action suit followed the assault on SPE that peeled the company like a banana and released the fruit to the masses. The firm was put under the thumb of the hackers, thought to be North Korean, and its documents were shared by outfits including WikiLeaks.
“There is no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions without being able to refer to a lot of experiences you’ve had in the past or other people’s experiences. You’re on completely new ground.”
Tomi Engdahl says:
SONY HACK WAS WAR says FBI, and ‘we’re still struggling to hire talent’
Cybercrims may be safe at home, but Feds dare them to go on holiday
http://www.theregister.co.uk/2015/09/18/sony_hack_was_war_says_fbi_still_struggling_to_hire_talent/
Cloudsec Yesteryear’s hack of Sony Pictures was an act of war, stated FBI Supervisory Special Agent Timothy Wallach, who delivered the FBI’s gradation system of cybercriminals to net security conference Cloudsec on Thursday, 17 September.
US agencies have fingered the North Korean government for the Sony attack repeatedly, initially to much scorn as the nation is popularly believed to be residing in the technical dark ages.
However, the Norks role in the breach has been increasingly accepted, as information about the NSA’s role in attribution has been made public.
Presenting the act of war at one end of the spectrum, with hacktivists at the other end, FBI Supervisory Special Agent Timothy Wallach told Cloudsec about the agency’s ongoing efforts to deal with cybercrime.
Wallach made it clear the FBI distinguished hacktivists – a term he suggested covered ideological actors, including everyone from LOIC and Lizard Stresser ego-hackers, through to those defacing police websites following the shootings of young African American men – from those cybercriminals who were motivated by financial gain or espionage.
The hack of Sony pictures, he suggested, was an act of warfare, though it remains unclear how it might be considered a military act of sabotage, other than its nation-state backing.
According to Wallach, who is currently assigned to lead the Cyber Task Force in the Seattle Field Office of the FBI, reports of breaches increased by 55 per cent between 2013 and 2014.
These breaches often targeted personal identifiable information, although an increasing number went after healthcare information, which Wallach regards as a larger target.
Tomi Engdahl says:
Ted Johnson / Variety:
Sony Pictures settlement of cyber attack lawsuit includes identity theft protection through 2017, $4.5M in reimbursement funds
Sony Cyber Attack Settlement Includes ID Theft Protection, $4.5 Mil Reimbursement Funds
http://variety.com/2015/film/news/sony-hack-class-action-settlement-id-theft-protection-1201621993/
The settlement reached by Sony Pictures Entertainment and ex-employees who sued over last year’s massive cyber attack includes additional years of identity protection services, a $2 million fund to compensate for unreimbursed expenses and up to $2.5 million for losses from ID theft.
The terms of the settlement were disclosed in a filing with U.S. District Court in Los Angeles on Monday.
Ten former Sony employees filed class action lawsuits in December and January, in cases that were eventually consolidated. In September, the studio and the ex-employees informed the court that they had reached an agreement.
The settlement also provides for the class counsel to receive $3.5 million in attorneys fees, costs and expenses.
Tomi Engdahl says:
Sony finds some loose change, flings most of it at lawyers … the rest at staff hit by ‘North Korea’
A few million dollars to be paid out in Interview fallout
http://www.theregister.co.uk/2015/10/21/sony_interview_settlement/
Sony Pictures Entertainment (SPE) has agreed to pay up to $8m (£5.18m) to settle a lawsuit stemming from its 2014 IT security meltdown.
The movie studio will pay out damages after the personal details of 47,000 current and former employees leaked onto the internet following a network breach said to have stemmed from its decision to release the film The Interview.
Under the terms of the settlement [PDF], Sony will pay out damages of up to $2m (£1.29m) to the current and former employees whose data was stolen by hackers, as well as a fund of up to $10,000 (£6,400) per employee and up to $2.5m (£1.61m) in total for any individuals who experienced identity theft or fraud as a result of the leak. Additionally, the studio will pay out $3.5m (£2.26m) to cover attorney fees and legal costs related to the lawsuit.