http://fusion.net/story/31469/sony-pictures-hack-was-a-long-time-coming-say-former-employees/
Posted from WordPress for Android
http://fusion.net/story/31469/sony-pictures-hack-was-a-long-time-coming-say-former-employees/
Posted from WordPress for Android
105 Comments
Tomi Engdahl says:
Sony Pictures’ security chief once thought data breaches weren’t a big deal
http://mashable.com/2014/12/05/sony-hack-infosec-comments/
Tomi Engdahl says:
Sony Hackers Offer to Withhold Stolen Data From Promised Leak
http://recode.net/2014/12/14/sony-hackers-offer-to-withhold-stolen-data-from-promised-leak/
A group claiming responsibility for the devastating hacking attack against Sony Pictures Entertainment on Sunday offered to selectively hold back on releasing email correspondence of its employees, provided that they write in and ask.
The offer, apparently from the Guardians of Peace, a group that says it has carried out the attacks, marks a new twist in its ongoing campaign of embarrassing leaks of data stolen from the studio’s computers studio, now entering its third week.
“Message to SPE Staffers,” reads the posting written in halting English. “We have a plan to release emails and privacy of the Sony Pictures employees. If you don’t want your privacy to be released, tell us your name and business title to take off your data.”
The message appeared on Pastebin and Friendpaste, two sites for sharing text files often favored for circulating information obtained in hacking attacks. It warned about a forthcoming disclosure that will contain more email correspondence of Sony Pictures employees.
Tomi Engdahl says:
Here’s Sony Lawyer’s Letter Telling Publishers to Stop Publishing Leaks
http://recode.net/2014/12/14/sony-demands-end-to-publishing-leaks-from-stolen-data/
Sony Pictures Entertainment has demanded that news organizations stop the publishing of private information from what is shaping up to be one of the most devastating corporate hacks of all time.
Tomi Engdahl says:
Sony hackers PINCH early version of James Bond Spectre script
Producers are shaken AND stirred
http://www.theregister.co.uk/2014/12/14/early_james_bond_spectre_film_script_swiped_by_sony_hackers/
An early screenplay of the upcoming James Bond movie Spectre was stolen by hackers who ransacked Sony Pictures Entertainment’s computer system, the film’s producers confirmed on Saturday.
Eon productions said in a statement on the official 007 website that a script had been leaked, after Sony’s network suffered a massive security breach at the start of this month.
The company added that the screenplay had been “illegally made public” by the hackers, who were yet to be unmasked.
Tomi Engdahl says:
Sony Pictures Leak Reveals Quashed Plan To Upload Phony Torrents
http://yro.slashdot.org/story/14/12/15/0348203/sony-pictures-leak-reveals-quashed-plan-to-upload-phony-torrents
Motherboard.vice offers an interesting scoop from the hacked Sony Pictures email trove. A plan championed by Polish marketing employee Magda Mastalerz was to upload false versions of highly-pirated Sony programming, effectively polluting torrent sites with false positives.
Sony Execs Argued Over Uploading ‘Fake Torrents’ to Fight Piracy
http://motherboard.vice.com/read/sony-execs-argued-over-uploading-fake-torrents-to-fight-piracy?utm_source=mbfb
One easy takeaway from perusing leaked emails from Sony’s TV and movie division is that the company, like the rest of the Hollywood establishment, absolutely loathes digital piracy and everything associated with it—so much so that a plan to circulate a fake version of a television show was praised for being “clever” but spiked because of a strict policy against using torrent sites.
“Personally, I love this… unfortunately the studio position is that we absolutely cannot post content (even promos) on torrent sites,” Pamela Parker, a senior executive in the division responsible for international television content, wrote in an email that was leaked to the public after hackers attacked Sony Pictures Entertainment.
“The studio spends millions of dollars fighting piracy and it doesn’t send a good message if we then start using those same pirate sites to promote our shows.”
Furthermore, the Sony legal department was concerned that official use of torrent sites would complicate any lawsuits the industry might want to bring against them in the future.
Tomi Engdahl says:
New York Times:
Sony Pictures Demands That News Agencies Delete ‘Stolen’ Data — LOS ANGELES — Sony Pictures Entertainment warned media outlets on Sunday against using the mountains of corporate data revealed by hackers who attacked the studio’s computer systems.
http://www.nytimes.com/2014/12/15/business/sony-pictures-demands-that-news-organizations-delete-stolen-data.html?_r=0
Aaron Sorkin Slams Journalists for Publishing Hacked Sony Documents
http://variety.com/2014/biz/news/aaron-sorkin-slams-journalists-for-publishing-hacked-sony-documents-1201379408/
“The Newsroom” creator Aaron Sorkin has a message for real-life newsrooms, taking aim at publications posting leaked Sony documents in a new op-ed.
Published on the New York Times’ website Sunday evening, Sorkin acknowledged the fact that his name was brought up in many of the emails, given that he wrote the “Jobs” biopic that’s at the center of a few of the leaked email squabbles, but clarified that he’s not why he’s calling out the publications posting the hacked data.
“Because I and two movies of mine get a little dinged up, I feel I have the credibility to say this: I don’t care,” he writes. “Because the minor insults that were revealed are such small potatoes compared to the fact that they were revealed. Not by the hackers, but by American journalists helping them.”
Tomi Engdahl says:
Russell Brandom / The Verge:
Stolen Sony emails reveal scheming by MPAA, movie studios against Google in “Project Goliath” and their fight against piracy at the expense of the open web — Project Goliath: Inside Hollywood’s secret war against Google — What is “Goliath” and why are Hollywood’s most powerful lawyers working to kill it?
Project Goliath: Inside Hollywood’s secret war against Google
SOPA was just the beginning
http://www.theverge.com/2014/12/12/7382287/project-goliath
MPAA Prepares to Bring Pirate Site Blocking to the U.S.
By Andy
on December 11, 2014
C: 249
Breaking
http://torrentfreak.com/mpaa-prepares-to-bring-pirate-site-blocking-to-the-u-s-141211/
The MPAA is in discussions with the major movie studios over ways to introduce site blocking to the United States. TorrentFreak has learned that the studios will try to achieve website blockades using principles available under existing law. Avoiding another SOPA-style backlash is high on the agenda.
Tomi Engdahl says:
Hacked Emails, ‘Air–Kissing’ — and Two Firm Denials
http://publiceditor.blogs.nytimes.com/2014/12/12/maureen-dowd-amy-pascal-email-leak-questions/
A BuzzFeed story, published Thursday, based on leaked Sony Pictures emails, reports that the Pulitzer-winning Times columnist Maureen Dowd promised the husband of an interview subject an advance look at her column.
Tomi Engdahl says:
Sony Pictures Knew of Gaps in Computer Network Before Hack Attack
December 12, 2014, 6:45 PM PST
http://recode.net/2014/12/12/sony-pictures-knew-of-gaps-in-computer-network-before-hack-attack/
A security audit of Sony Pictures Entertainment’s computer network conducted just months before hackers unveiled a devastating cyberattack against the company showed gaps in the way the company monitored its systems.
The audit, performed by PricewaterhouseCoopers, found one firewall and more than 100 other devices that were not being monitored by the corporate security team charged with oversight of infrastructure, but rather by the studio’s in-house group, which was tracking activity on logs.
This raised a red flag for the auditors, who said it could slow Sony’s response to a problem.
“Security incidents impacting these network or infrastructure devices may not be detected or resolved timely,” warns PriceWaterhouseCoopers, which conducted the audit from July 14 to Aug. 1.
The confidential report, dated Sept. 25, was among Sony Pictures General Counsel Leah Weil’s email correspondence, which hackers released to public file-sharing networks earlier this week. It included recommendations for bolstering security.
The revelation that the studio knew of its network vulnerabilities comes as Sony struggles to recover from a crippling attack on Nov. 24 that resulted in the public disclosure of scores of personal emails, budgets, salary information and other previously private documents. In all, a hacker group calling itself Guardians of Peace claimed to have stolen under 100 terabytes of data.
Sony Pictures told law enforcement it is worried the studio might fall victim to another round of cyberattacks after it releases the film “The Interview” on Dec. 25, Reuters reported.
Months before the Guardians of Peace announced its attack on studio, auditors had been asked to evaluate unspecified security incidents at Sony Pictures, according to the audit. The investigation focused on inner workings of computer security procedures such as incident notifications and tracking, essentially keeping track of problems that might indicate a security breach is underway.
Auditors found that since transitioning from a third-party vendor in September 2013, Sony Pictures had failed to notify the corporate security team to monitor newly added devices, such as web servers and routers.
Auditors also found that Sony Pictures failed to reconcile the list of security devices its corporate team should have been monitoring with those it was monitoring.
Tomi Engdahl says:
Eugene Volokh / Washington Post:
Sony unlikely to prevail in court if it sues media organizations for publishing stolen data —
Can Sony sue media outlets who publish the stolen Sony documents?
http://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/12/15/can-sony-sue-media-outlets-who-publish-the-stolen-sony-documents/
David Boies, representing Sony, has written a letter to various media outlets, demanding that they not publish or otherwise use the stolen Sony documents, and threatening lawsuits if the information in the documents is indeed “used or disseminated by [the receipients] in any manner.” Does Sony have a legal leg to stand on?
Probably not, at least as to most of the information that media outlets would want to publish. There are two relevant precedents, which aren’t squarely on point, but which are pretty close.
When information is on a matter of public concern, the court held, the fact that it was illegally leaked doesn’t make publishing it an invasion of privacy.
Thus, it seems likely that the publication of the documents isn’t likely to be tortious. And even if it can fit within some tort (such as the improper use of trade secrets, a tort that is sometimes said to apply to disclosers of illegally released information), the First Amendment would likely preempt the tort.
Some particular publications of specific information in the Sony material might lead to a successful lawsuit. First, disclosure of facts about particular people that are seen as highly private (e.g., medical or sexual information) and not newsworthy might be actionable under the “disclosure of private facts” tort.
Second, publication of large enough portions of a leaked e-mail might be seen as copyright infringement.
So Sony is unlikely to prevail — either by eventually winning in court, or by scaring off prospective publishers — especially against the well-counseled, relatively deep-pocketed, and insured media organizations that it’s threatening.
Tomi Engdahl says:
James Franco, Seth Rogen Spoof Sony Hack on SNL (Video)
http://recode.net/2014/12/07/james-franco-seth-rogen-spoof-sony-hack-on-snl-video/
While the actual hack has been anything but funny — some Sony employees and their families have been threatened by the attackers — it has done much to hype the movie, which comes out on Christmas Day.
Tomi Engdahl says:
Sony hackers dump more hunks of stolen data, promise another ‘Christmas gift’
Still creepily trying to woo Sony staff too
http://www.theregister.co.uk/2014/12/16/sony_hackers_release_more_chunks_of_stolen_data_promises_another_christmas_gift/
The Guardians of Peace, the hackers who plundered Sony Pictures’ servers, has leaked more data swiped from the movie studio – and threatened a bigger document dump in the run up to Christmas in a set of sinister messages.
It comes amid claims the Sony subsidiary’s bosses knew its systems had been hacked, and sensitive information leaked, in late 2013.
“We are preparing for you a Christmas gift,” said the first message, which was briefly posted on Pastebin and Friendpaste on Saturday, stating: “The gift will be larger quantities of data. And it will be more interesting. The gift will surely give you much more pleasure and put Sony Pictures into the worst state.”
The GOP has released extensive records – including salaries, CVs, criminal record checks, home addresses and social security numbers – of more than 40,000 current and former Sony employees, plus tons of embarrassing emails, so the horse has already comfortably bolted the stable in terms of privacy.
Tomi Engdahl says:
In Damage Control, Sony Targets Reporters
http://krebsonsecurity.com/2014/12/in-damage-control-sony-targets-reporters/
Over the weekend I received a nice holiday letter from lawyers representing Sony Pictures Entertainment, demanding that I cease publishing detailed stories about the company’s recent hacking and delete any company data collected in the process of reporting on the breach. While I have not been the most prolific writer about this incident to date, rest assured such threats will not deter this reporter from covering important news and facts related to the breach.
For a more nuanced and scholarly look at whether reporters and bloggers who write about Sony’s hacking should be concerned after receiving this letter, I turn to an analysis by UCLA law professor Eugene Volokh, who posits that Sony “probably” does not have a legal leg to stand on here in demanding that reporters refrain from writing about the extent of SPE’s hacking in great detail. But Volokh includes some useful caveats to this conclusion (and exceptions to those exceptions), notably:
“Some particular publications of specific information in the Sony material might lead to a successful lawsuit,” Volokh writes. “First, disclosure of facts about particular people that are seen as highly private (e.g., medical or sexual information) and not newsworthy might be actionable under the ‘disclosure of private facts’ tort.”
Volokh observes that if a publication were to publish huge troves of data stolen from Sony, doing so might be seen as copyright infringement.
This is actually the second time this month I’ve received threatening missives from entities representing Sony Pictures.
Comment:
“Sony has long ignored negative comments from customers and I’d be willing to bet that this hack is the result of long standing frustration with that attitude, plus the unwarranted and unreasonable actions of organizations like the MPAA.”
Tomi Engdahl says:
Sony Pictures warns new and old employees that hackers could use personal data
Days after James Bond Spectre film producers confirm script leak
http://www.theinquirer.net/inquirer/news/2383278/gop-hackers-brings-sony-pictures-to-its-knees-with-ransom-demand
SONY PICTURES has warned its current and former employees to be aware that hackers could use their stolen data, including detailed personal information, after the epic breach on its systems last month.
According to Reuters, the company said that the hackers could use private information such as social security numbers, credit card details, bank account information, healthcare information and compensation and other employment-related information.
The warning comes just days after the producers of the upcoming James Bond film Spectre confirmed that an early version of the script was among the material stolen by hackers in the same breach.
Eon Productions, which has produced 23 James Bond films since 1962, said it learned of the leak of the screenplay on Saturday.
“An early version of the screenplay for the new Bond film Spectre is amongst the material stolen and illegally made public by hackers who infiltrated the Sony Pictures Entertainment computer system,” a statement reads on the movie’s official website.
The so-called GOP hacker group broke into Sony’s computer system in November and leaked movies and employee information, making it one of the biggest ever cyber security breaches.
Earlier this week it was revealed that Sony didn’t make it too difficult for the hackers to breach its systems, and held passwords in a file named ‘passwords’.
The hack is playing out badly for Sony and not a day goes by when we are not treated to another revelation from leaked documents or hushed insiders.
The password file included log-ins for services like Facebook and something called MySpace – no, us neither – and suggests that someone at Sony needs a lesson in security, or at the very least, a lesson in file-naming.
“Security technologies are an important shield, but minimising the target and reducing the footprint of sensitive data is more critical than ever.”
“TrendLabs engineers were recently able to obtain a sample of the ‘destructive malware described in reports about the FBI warning to US businesses last December 2′,” said the first report from the firm.
“It is now apparent that a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents,” Sony said, according to the report.
While some are clearly not paying attention, the FBI has warned businesses to watch out for attacks that look to separate them from their hardware and communications systems.
“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” the report said.
The firm is being held to a kind of ransom by a hacker group called GOP and is facing down threats to release information that it would reportedly rather not release.
On top of this, Sony Pictures has lost control over some social media accounts and internal communications systems.
Now some of its movie releases, including Fury with one Brad Pitt, have been leaked in a viewable DVD screener format, suggesting that the hackers have entertainment industry crown jewels, i.e. actual movie content.
TorrentFreak, which ranks the most downloaded movies on BitTorrent on a weekly basis, finds that Fury, a new entry to the list, is the fifth most popular item already.
Around five titles from the Sony camp are in the wild, including a remake of the Annie musical. You have been warned.
According to other reports, Sony has hired the services of security firm Mandiant, which is part of FireEye, to aid in the clean up and, presumably, forensic work.
Tomi Engdahl says:
Josh Constine / TechCrunch:
Leaked Sony emails show Snapchat acquired QR scanning company Scan for $50M and AddLive for $30M, negotiated with Vevo for music partnership — Snapchat Plans Music Feature, Acquired QR Scan.me For $50M And Vergence Eyeglass Cam For $15M, — Leaked emails from the Sony Pictures hack …
Snapchat Plans Music Feature, Acquired QR Scan.me For $50M And Vergence Eyeglass Cam For $15M,
http://techcrunch.com/2014/12/16/snapchat-emails-not-so-ephemeral/
Tomi Engdahl says:
Sony hit with lawsuit by former employees over email leaks
http://www.latimes.com/entertainment/envelope/cotown/la-et-ct-sony-class-action-lawsuit-employees-20141215-story.html
The first legal salvo has been leveled against Sony Pictures Entertainment since the massive computer breach that exposed the personal information of thousands of current and former employees.
Lawyers representing two former Sony Pictures employees filed a class-action lawsuit in federal court in Los Angeles. The 45-page complaint on behalf of former and current employees alleges that the Culver City studio was negligent by ignoring warnings that its computer system was prone to attack.
Sony “failed to secure its computer systems, servers and databases, despite weaknesses that it has known about for years” and “subsequently failed to timely protect confidential information of its current and former employees from law-breaking hackers,” according to the complaint filed late Monday by the Seattle law firm, Keller Rohrback.
The complaint called the breach “an epic nightmare, much better suited to a cinematic thriller than real life.”
“Put simply, Sony knew about the risks it took with its past and current employees’ data,” the suit said. “Sony gambled, and its employees — past and current — lost.”
Tomi Engdahl says:
LEAKED: Jennifer Lawrence Got American Hustled In Sony Deal
http://www.businessinsider.com/jennifer-lawrence-paid-less-than-male-co-stars-2014-12
In the latest leaked Sony emails, it is revealed that Jennifer Lawrence and Amy Adams were paid less than their male costars in 2013′s “American Hustle,” which was co-financed by Sony arm Columbia Pictures.
According to the spreadsheet, which lists the salaries of 6,000 employees, 17 of the employees were making $1 million or more, but only one of those was a woman.
Tomi Engdahl says:
The US Needs To Stop Pretending The Sony Hack Is Anything Less Than An Act Of War
http://www.businessinsider.com/sony-hack-should-be-considered-an-act-of-war-2014-12
The most devastating cyberattack ever on a US-based company wasn’t an act of war, according to established guidelines of cyberwarfare.
NATO’s Tallinn Manual defines an act of cyberwar that permits a military response as “a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.”
The world after the Sony Pictures hack may require a new perspective.
Dave Aitel, a former NSA research scientist and CEO of the cybersecurity firm Immunity, argues that while the attack “doesn’t meet the threshold for a response by our military,” it should still be viewed as an act of war.
“We need to change the way we think about cyberattacks,” Aitel told Business Insider in an email. “In many cases, these aren’t ‘crimes’ — they’re acts of war. A non-kinetic attack (i.e., destructive malware, destructive computer network attack) that causes just as much damage as a kinetic attack (i.e., a missile or bomb) should be viewed at the same level of urgency and need for US government/military response.”
Nevertheless, one proactive move the US should consider, according to Aitel, is “declaring certain cyberattacks terrorist acts and the groups behind them terrorists,” which would “set in motion a wider range of legal authority, US government/military resources, and international options.”
Tomi Engdahl says:
NY premiere of The Interview cancelled after hackers’ terrorist threats
GoP hint at 9/11-style attack for screenings of Nork assassination movie
http://www.theregister.co.uk/2014/12/17/the_interview_ny_premiere_cancelled_after_hacker_terrorist_threats/
The New York premiere of Sony Pictures’ movie about a fictional assassination attempt on Kim Jong-Un has been cancelled in the wake of hacker threats invoking 9/11.
The Interview was due to debut on Thursday at Landmark’s Sunshine Cinema in Manhattan, but a spokesperson confirmed to Variety that the screening was off late on Tuesday, US time. There are rumours that other theatres are also pulling their showings, after a group calling itself Guardians of Peace (GOP) threatened anyone who attended.
Sony Pictures in the UK refused to comment when contacted by The Reg.
The threatening message was mixed in with further leaks of Sony files stolen from the systems by GOP. So far, the cyber criminals have released tens of gigabytes of sensitive information, including employee salaries and personal identity data, credit card numbers, movies and their scripts and email correspondence between executives that’s proved hugely embarrassing for the studio.
GOP warned that anyone who went to see The Interview, including at the premiere, would see “how bitter fate those who seek fun in terror should be doomed to”. The group also said “remember the 11th of September 2001”.
Tomi Engdahl says:
Sony Leaks Reveal Hollywood Is Trying To Break DNS
http://yro.slashdot.org/story/14/12/17/1410237/sony-leaks-reveal-hollywood-is-trying-to-break-dns
The tactic was first proposed as part of the Stop Online Piracy Act (SOPA) in 2011, but three years after the law failed in Congress, the MPAA has been looking for legal justification for the practice in existing law and working with ISPs like Comcast to examine how a system might work technically. If a takedown notice could blacklist a site from every available DNS provider, the URL would be effectively erased from the internet.
Sony leaks reveal Hollywood is trying to break DNS, the backbone of the internet
A leaked legal memo reveals a plan for blacklisting pirate sites at the ISP level
http://www.theverge.com/2014/12/16/7401769/the-mpaa-wants-to-strike-at-dns-records-piracy-sopa-leaked-documents
Tomi Engdahl says:
Sony: Employee Health Information May Have Been Compromised
The letter, which also was sent to the California Office of the Attorney General, says that the attackers who thoroughly infiltrated SPE’s network may have gotten access to a wide range of personal health data protected by HIPAA, including Social Security numbers, claims appeal information, diagnosis and disability codes, birth dates, home addresses and member IDs. This in addition to the other data that may have been compromised as well, which includes driver’s license numbers, passport numbers, salaries, bank account data and other sensitive information.
- See more at: http://threatpost.com/sony-employee-health-information-may-have-been-compromised/109907#sthash.yrfQKFvk.dpuf
Tomi Engdahl says:
Gregg Kilday / Hollywood Reporter:
Sony hackers achieve key aim as three largest theater chains in US cancel screenings of The Interview
Top Five Theater Circuits Drop ‘The Interview’ After Sony Hack
http://www.hollywoodreporter.com/news/source-top-five-theater-circuits-758843
The top five theater circuits in North America have decided not to play Sony’s The Interview.
Regal Entertainment, AMC Entertainment, Cinemark, Carmike Cinemas and Cineplex Entertainment have all decided against showing the film.
“Due to the wavering support of the film The Interview by Sony Pictures, as well as the ambiguous nature of any real or perceived security threats, Regal Entertainment Group has decided to delay the opening of the film in our theatres,” Regal said in a statement to THR Wednesday.
Several other chains have also announced that they will not be showing the film at this time.
On Dec. 16, hackers raised the threat level with an emailed message to reporters invoking the Sept. 11, 2001, terror attacks. But Sony refused to back down from its plans to release the film, starring Seth Rogen and James Franco, on Dec. 25. Instead, in discussions with exhibitors, it told the exhibitors it was up to them whether or not they played the movie and that Sony would support whatever decision they made.
Earlier today, the National Association of Theater Owners, the trade association that represents movie-theater owners nationwide, issued its first statement about the situation. It emphasized that “individual cinema operators may decide to delay exhibition of the movie so that our guests may enjoy a safe holiday movie season experiencing the many other exciting films we have to offer.” It also said that its members were working closely with security and law enforcement agencies, saying that the “safety and comfort [of our guests] is and will continue to be a priority for theater owners.”
Tomi Engdahl says:
Alex Hern / Guardian:
Reddit bans SonyGOP subreddit and users for sharing leaked Sony documents, deletes posts after receiving DMCA takedown request — Reddit bans users for sharing hacked Sony documents — The social news site has acceded to a DMCA takedown request from Sony and removed a hub for sharing the company’s hacked files
Reddit bans users for sharing hacked Sony documents
http://www.theguardian.com/technology/2014/dec/17/reddit-bans-users-for-sharing-hacked-sony-documents
Tomi Engdahl says:
Top Five Theaters Won’t Show “The Interview” Sony Cancels Release
http://entertainment.slashdot.org/story/14/12/17/2149215/top-five-theaters-wont-show-the-interview-sony-cancels-release
This comes after the group which carried off a massive breach of its networks threatened to carry out “9/11-style attacks” on theaters that showed the film.
Sony cancels ‘The Interview’ after major theaters pull out
http://money.cnn.com/2014/12/17/media/the-interview-sony-theater-owners/index.html?hpt=hp_t2&hpt=hp_c2
Sony on Wednesday said it would cancel next week’s planned release of “The Interview,” after most of the country’s largest theater chains had decided not to show it.
The decision by Sony (SNE) follows a threat on Tuesday from anonymous hackers that people should avoid going to theaters where “The Interview” is playing.
“Sony Pictures has been the victim of an unprecedented criminal assault against our employees, our customers, and our business. … We are deeply saddened at this brazen effort to suppress the distribution of a movie. … We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome.”
“The Interview” became controversial because its plot involves the attempted assassination of North Korean dictator Kim Jong-un. Sony Pictures has been devastated by a cyberattack that appears motivated by anger over the film.
The film’s Los Angeles premiere went off without a hitch last week, but the New York premiere planned for Thursday was called off after the new threat on Tuesday.
The threat, which invoked the Sept. 11, 2001 terrorist attacks, received widespread press attention.
“The possibility that people will avoid theaters altogether is the problem,”
The FBI is investigating the hack, and the U.S. Department of Homeland Security said Tuesday that “there is no credible intelligence to indicate an active plot against movie theaters within the United States.”
Tomi Engdahl says:
New York Times:
U.S. Said to Find North Korea Ordered Cyberattack on Sony — WASHINGTON — American intelligence officials have concluded that the North Korean government was “centrally involved” in the recent attacks on Sony Pictures’s computers, a determination reached just as Sony on Wednesday canceled …
U.S. Said to Find North Korea Ordered Cyberattack on Sony
http://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=0
American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.
Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was debating whether to publicly accuse North Korea of what amounts to a cyberterrorism attack. Sony capitulated after the hackers threatened additional attacks, perhaps on theaters themselves, if the movie, “The Interview,” was released.
Tomi Engdahl says:
The Evidence That North Korea Hacked Sony Is Flimsy
http://www.wired.com/2014/12/evidence-of-north-korea-hack-is-thin/
Today Sony canceled the premiere of “The Interview” and its entire Christmas-Day release of the movie because of fears that terrorists might attack theaters showing the film.
The actions show just how much power the attackers behind the Sony hack have amassed in a short time. But who exactly are they?
1 The New York Times reported this evening that North Korea is “centrally involved” in the hack, citing unnamed U.S. intelligence officials. It’s unclear from the Times report what “centrally involved” means
Other theories of attribution focus on hacktivists—motivated by ideology, politics or something else—or disgruntled insiders who stole the data on their own or assisted outsiders in gaining access to it. Recently, the finger has pointed at China.
In the service of unraveling the attribution mess, we examined the known evidence for and against North Korea.
First off, we have to say that attribution in breaches is difficult. Assertions about who is behind any attack should be treated with a hefty dose of skepticism. Skilled hackers use proxy machines and false IP addresses to cover their tracks or plant false clues inside their malware to throw investigators off their trail. When hackers are identified and apprehended, it’s generally because they’ve made mistakes or because a cohort got arrested and turned informant.
Nation-state attacks often can be distinguished by their level of sophistication and modus operandi, but attribution is no less difficult. It’s easy for attackers to plant false flags that point to North Korea or another nation as the culprit.
Then there are hacktivists, who can be confused with state actors because their geopolitical interests and motives jibe with a state’s interests.
First of all, Sony and the FBI have announced that they’ve found no evidence so far to tie North Korea to the attack. 2 New reports, however, indicate that intelligence officials who are not permitted to speak on the record have concluded that the North Koreans are behind the hack. But they have provided no evidence to support this
Nation-state attacks aren’t generally as noisy, or announce themselves with an image of a blazing skeleton posted to infected computers, as occurred in the Sony hack. Nor do they use a catchy nom-de-hack like Guardians of Peace to identify themselves. Nation-state attackers also generally don’t chastise their victims for having poor security, as purported members of GOP have done in media interviews. Nor do such attacks involve posts of stolen data to Pastebin—the unofficial cloud repository of hackers—where sensitive company files belonging to Sony have been leaked. These are all hallmarks of hacktivists—groups like Anonymous and LulzSec, who thrive on targeting large corporations for ideological reasons or just the lulz, or by hackers sympathetic to a political cause.
Despite all of this, media outlets won’t let the North Korea narrative go
a complaint North Korea made to the United Nations last July about the Seth Rogen and James Franco flick, which was originally slated to be released in October before being changed to Christmas Day
In other statements, North Korea threatened a “resolute and merciless” response if the U.S. didn’t ban the film.
But in their initial public statement, whoever hacked Sony made no mention of North Korea or the film. And in an email sent to Sony by the hackers, found in documents they leaked, there is also no mention of North Korea or the film.
A person purporting to be a Guardians of Peace spokesperson then emphasized again, in an interview with CSO Online published Dec. 1, that they are “an international organization … not under direction of any state.” The GOP’s members include, they wrote, “famous figures in the politics and society from several nations such as United States, United Kingdom and France.”
Even if members of GOP lack the means or intent to pull off a terrorist attack on their own, they’ve now created an open invitation for opportunistic attackers to do so in their name—in essence, escalating their crimes and influence to a level no other hackers have achieved to date.
So why do some people continue to claim that North Korea is the culprit? There are two forensic discoveries that fuel this assertion, but they are flimsy.
Evidence: Malicious Files Point to Possible Korean Speakers
Evidence: Files Show Up In Other Hacks
OK, So Who Hacked Sony?
Regardless of whether the Sony, Saudi Aramco and South Korea attacks are related, the evidence indicating they’re nation-state attacks is circumstantial. And all of the same evidence could easily point to hacktivists. Our money is on the latter.
Tomi Engdahl says:
Dave McNary / Variety:
Sony Has ‘No Further Release Plans’ for ‘The Interview’ — Sony Pictures Entertainment has walked out on “The Interview,” deciding against releasing the Seth Rogen-James Franco comedy in any form — including VOD or DVD. — “Sony Pictures has no further release plans for the film,” a spokesman said Wednesday.
Sony Has ‘No Further Release Plans’ for ‘The Interview’
http://variety.com/2014/film/news/sony-has-no-further-release-plans-for-the-interview-1201382167/
Sony Pictures Entertainment has chosen to stand down for “The Interview,” deciding against releasing the Seth Rogen-James Franco comedy in any form — including VOD or DVD, as U.S. officials reportedly link Sony’s massive cyber attack to North Korea.
“Sony Pictures has no further release plans for the film,” a spokesman said Wednesday.
The studio issued the statement a few hours after pulling the planned Christmas Day release of “The Interview” in the U.S. in response to the hackers who threatened a 9/11-style attack against U.S. theaters and moviegoers if the comedy were released.
By late Wednesday afternoon, the studio had removed any mention of “The Interview” from its official web site.
Prior to the decision to pull the controversial movie, a Sony Pictures insider had told Variety that the studio was weighing releasing the film on premium video-on-demand. Such a move would have allowed the studio to recoup some of the film’s $42 million budget and tens of millions in promotion and advertising expenditures.
In response, most of the country’s largest theater chains — including AMC, Regal, Cinemark, Carmike and Southern Theatres — announced they would either delay showing the picture or would drop it altogether.
“The Interview” centers on an assassination attempt on North Korean dictator Kim Jong-un.
Tomi Engdahl says:
John Biggs / TechCrunch:
Sony Pictures’ internal systems still haven’t fully recovered, forcing some employees to work with decades-old tech
Sony Pictures Employees Now Working In An Office “From Ten Years Ago”
http://techcrunch.com/2014/12/17/sony-pictures-employees-now-working-in-an-office-from-ten-years-ago/
t’s been different for everyone,” she said. She was upbeat, optimistic, even after finding out her bank account information had been traded on a black market website. She was worried her identity had also leaked. She imagined her private information on some forum somewhere and shuddered. She had a right to be concerned.
She works for Sony Pictures. She said she’s now working in an office on lock-down, a throw-back to an earlier time when the Internet wasn’t around.
“We are stuck in 1992 over here,” she said.
She requested anonymity but agreed to talk a bit about her day-to-day experience as a Sony Pictures Employee post-hack. She said things were getting back to normal and were, in some ways, more pleasant.
But the thing that bothers her most is the need to depend on old technology to do new work, now.
“We had barely working email and no voicemail so people talked to each other. Some people had to send faxes. They were dragging old printers out of storage to cut checks,” she said. “It was crazy.”
That is what a major corporate security breach sounds like: the squeal of a fax machine and the low murmur of co-workers now required to talk to each other instead of depending on email or instant messages.
Internally, SPE is reacting. All employees have been given a year of identity theft protection and many have purchased Lifelock, a popular identity theft prevention system. Others are worried that they will find their credit cards and mortgage statements online. Everyone has changed their passwords on everything, from their Facebook pages to their credit card logins.
“My bank account was hacked [on the day of the first attack,]” said our source who works at SPE offices in Los Angeles. “At first we just thought it was total coincidence.”
Now she suspects someone found something in the email dump that allowed them to access her accounts.
“We’re mostly a fully-functioning office. We’re going about or daily business. We just got our voicemail back. Everyone is a little calmer now after the initial shock.”
Tomi Engdahl says:
Michael Calderone / The Huffington Post:
New York Times Reporters Told Not To Open Hacked Sony Emails, Some Of Which Involve The Times — NEW YORK — The massive Sony hack has left editors with a decision sure to be studied in media ethics classes for years to come: Should journalists report on materials stolen from a corporation by hackers?
New York Times Reporters Told Not To Open Hacked Sony Emails, Some Of Which Involve The Times
http://www.huffingtonpost.com/2014/12/17/new-york-times-sony-emails_n_6340776.html
The massive Sony hack has left editors with a decision sure to be studied in media ethics classes for years to come: Should journalists report on materials stolen from a corporation by hackers?
The New York Times, for one, has covered revelations from the hacked Sony emails, but only after they’ve first been made public by other news organizations. Executive editor Dean Baquet said Monday it “would be a disservice to our readers to pretend” that already-surfaced documents “weren’t revealing and public.”
Times reporters have not only stopped short of first reporting information from the hacked email cache, but according to one, have been advised by the papers’ attorneys not to download and open them at all.
“This is stolen material,”
Sony has warned news organizations that they’re trafficking in stolen materials, which hackers identifying themselves as “Guardian of Peace” have made available on anonymous download sites like Pastebin and GitHub. Hackers targeted Sony in retaliation for “The Interview,” a forthcoming comedy in which James Franco and Seth Rogen, who play journalists, are recruited by the government to assassinate North Korean leader Kim Jong-un.
Tomi Engdahl says:
US Links North Korea To Sony Hacking
http://news.slashdot.org/story/14/12/18/0249222/us-links-north-korea-to-sony-hacking
Speaking off the record, senior intelligence officials have told the New York Times, CNN, and other news agencies that North Korea was “centrally involved” in the hack of Sony Pictures Entertainment. It is not known how the US government has determined that North Korea is the culprit, though it is known that the NSA has in the past penetrated North Korean computer systems.
U.S. Said to Find North Korea Ordered Cyberattack on Sony
http://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html?_r=1
American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.
Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was debating whether to publicly accuse North Korea of what amounts to a cyberterrorism attack. Sony capitulated after the hackers threatened additional attacks, perhaps on theaters themselves, if the movie, “The Interview,” was released.
The government is “considering a range of options in weighing a potential response,” said Bernadette Meehan, a spokeswoman for the National Security Council.
While intelligence officials have concluded that the cyberattack was both state-sponsored and far more destructive than any seen before on American soil, there are still differences of opinion over whether North Korea was aided by Sony insiders with knowledge of the company’s computer systems, senior administration officials said.
“This is of a different nature than past attacks,” one official said.
An attack that began by wiping out data on corporate computers — something that had been previously seen in South Korea and Saudi Arabia — had turned “into a threat to the safety of Americans,” the official said. But echoing a statement from the Department of Homeland Security, the official said there was no specific information that an attack was likely.
It is not clear how the United States determined that Mr. Kim’s government had played a central role in the Sony attacks.
It is hardly a foolproof system. Much of North Korea’s hacking is done from China. And while the attack on Sony used some commonly available cybertools, one intelligence official said, “this was of a sophistication that a year ago we would have said was beyond the North’s capabilities.”
It is rare for the United States to publicly accuse countries suspected of involvement in cyberintrusions. The administration never publicly said who attacked White House and State Department computers over the past two months, or JPMorgan Chase’s systems last summer. Russia is suspected in the first two cases, but there is conflicting evidence in the JPMorgan case.
But there is a long forensic trail involving the Sony hacking, several security researchers said. The attackers used readily available commercial tools to wipe data off Sony’s machines. They also borrowed tools and techniques that had been used in at least two previous attacks, one in Saudi Arabia two years ago — widely attributed to Iran — and another last year in South Korea aimed at banks and media companies.
The Sony attacks were routed from command-and-control centers across the world, including a convention center in Singapore and Thammasat University in Thailand, the researchers said. But one of those servers, in Bolivia, had been used in limited cyberattacks on South Korean targets two years ago. That suggested that the same group or individuals might have been behind the Sony attack.
Tomi Engdahl says:
Marc Rogers / Marc’s Security Ramblings:
Why the Sony hack is unlikely to be the work of North Korea. — Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes …
Why the Sony hack is unlikely to be the work of North Korea.
http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/
Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending to be bad at writing English.
2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible.
Tomi Engdahl says:
Sean Gallagher / Ars Technica:
State-sponsored or not, Sony Pictures malware “bomb” used slapdash code
State-sponsored or not, Sony Pictures malware “bomb” used slapdash code
Malware was just good enough to do the job, perhaps what North Korea intended.
http://arstechnica.com/security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/
According to multiple reports, unnamed government officials have said that the cyber attack on Sony Pictures was linked to the North Korean government. The Wall Street Journal reports that investigators suspect the attack was carried out by Unit 121 of North Korea’s General Bureau of Reconnaissance, the country’s most elite hacking unit.
But if the elite cyber-warriors of the Democratic People’s Republic of Korea were behind the malware that erased data from hard drives at Sony Pictures Entertainment, they must have been in a real hurry to ship it.
Analysis by researchers at Cisco of a malware sample matching the MD5 hash signature of the “Destover” malware that was used in the attack on Sony Pictures revealed that the code was full of bugs and anything but sophisticated. It was the software equivalent of a crude pipe bomb.
Compared to other state-sponsored malware that researchers have analyzed, “It’s a night and day difference in quality,” said Craig Williams, senior technical leader for Cisco’s Talos Security Intelligence and Research Group, in an interview with Ars. “The code is simplistic, not very complex, and not very obfuscated.”
Faking hacktivism
Based on the mailbox files leaked by the attackers, data was being pulled from the network—likely from desktop backups—as late as November 23, the day before the attack wiped disk drives. While data may have been extracted over a much longer period of time, it seems likely that it was retrieved in bulk directly from Sony Pictures’ network on the Sunday before the attack by someone with direct access to the network and that the wiper malware was implanted at the same time.
That approach would have required inside help or the insertion of operatives into Sony’s organization. Such an operation might not exactly be high-tech, but it would certainly require organizational sophistication and significant intelligence collection in advance—both things that play to the strengths of a state actor like Unit 121.
According to South Korean reports, North Korea has been building a cyber-army of incredible magnitude for over a decade.
Wiper Malware – A Detection Deep Dive
http://blogs.cisco.com/security/talos/wiper-malware#more-160237
Tomi Engdahl says:
Brent Lang / Variety:
Sony Pictures could lose $75M on “The Interview”, which cost $44M to make, $30M to promote — Sony Could Lose $75 Million on ‘The Interview’ (EXCLUSIVE) — Sony Pictures Entertainment could lose $75 million over the cancellation of its planned Christmas release “The Interview” …
Sony Could Lose $75 Million on ‘The Interview’ (EXCLUSIVE)
http://variety.com/2014/film/news/sony-could-lose-75-million-on-the-interview-exclusive-1201382506/
Sony Pictures Entertainment could lose $75 million over the cancellation of its planned Christmas release “The Interview” after theater owners refused to play the picture amid threats of violence from cyber-terrorists who hacked the studio.
That figure includes the $44 million that Sony spent producing the film, as well as the $30 million it shelled out to promote it, according to two people with knowledge of the matter.
Insurance will cover a portion of the costs, but not the full amount, these people said.
The studio might eventually succeed in selling off the picture to another party that could release it via video-on-demand or through a subscription streaming service like Netflix. But, at this juncture, it seems unlikely that any company would touch the film out of fear of getting hacked as well.
It is widely believed that “The Interview” may have prompted a sophisticated cyber-attack on Sony that resulted in leaked emails, film budgets and the personal information of thousands of employees.
Sony explored the idea of releasing the picture on-demand and even though analysts believe it would have been among the top-selling titles in the format’s history, it would not have replaced the money lost theatrically.
“In a way it’s the perfect premium VOD title, because there’s huge visibility and people want to see it, but not necessarily in theater,” said Tom Adams, a media research analyst.
But he adds, “As a premium VOD title without a theatrical run it would be almost impossible to make the money back.”
Repairing the company’s cyber-defenses will cost tens of millions of dollars, and the Japanese-owned studio already faces lawsuits from former employees upset over their leaked personal data.
Tomi Engdahl says:
FBI concludes that the North Korean government is responsible for Sony Pictures hack — Update on Sony Investigation … Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE).
Update on Sony Investigation
http://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation
Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.
The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.
After discovering the intrusion into its network, SPE requested the FBI’s assistance.
FBI now has enough information to conclude that the North Korean government is responsible for these actions.
our conclusion is based, in part, on the following:
Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North K
We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves.
Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.
Tomi Engdahl says:
Brian Stelter / CNNMoney.com:
In new email sent to Sony executives, hackers threaten further release of “sensitive data” pending any “additional trouble”
Hackers to Sony: We’ll stand down if you never release the movie
http://money.cnn.com/2014/12/19/media/insde-sony-hack-interview/
Tomi Engdahl says:
President Obama Slams Sony for Canceling “The Interview”; Sony Blames Theater Owners (Updated)
http://recode.net/2014/12/19/president-obama-slams-sony-hack-response/
Share:
President Obama, speaking at his year-end presser, said it was a mistake for Sony Pictures Entertainment to cancel screenings of “The Interview” after it received threats of violence, saying it could lead to an era of self-censorship in Hollywood.
“We cannot have a society in which some dictator some place can start imposing censorship here in the United States,” the president said, while also acknowledging he was sympathetic to Sony’s circumstances.
Sony exec fires back at President Obama
http://money.cnn.com/2014/12/19/media/sony-executive-michael-lynton-responds-to-president-obama/index.html?iid=TL_Popular
Sony Entertainment CEO Michael Lynton, denying that the studio had “caved” by scrapping next week’s opening of “The Interview,” fired back Friday after President Obama said the studio had “made a mistake.”
“We do not own movie theaters,” Lynton said. “We cannot determine whether or not a movie will be played in movie theaters.”
Tomi Engdahl says:
Andrew Nusca / Fortune:
I work at Sony Pictures. This is what it was like after we got hacked.
http://fortune.com/2014/12/20/sony-pictures-entertainment-essay/
An employee* in the Los Angeles office of Sony Pictures Entertainment SNE opened up to Fortune about the personal ordeal they went through following revelations of North Korea’s alleged cyber attack on the company.
The Monday before Thanksgiving, we all came to work. Some people had turned on their computers and were working. At around 8:15 a.m., that black screen of death came on.
They shut down the entire network. We couldn’t really work the rest of the week, which seemed OK because it was a holiday week. But as Tuesday and Wednesday progressed, it became clear that this wasn’t a simple hack.
It wasn’t until Monday or Tuesday of the following week when we realized the extent of it. That’s when we got word that it might take weeks to get back up. Things became more clear when it was revealed what information was released. Around Wednesday or Thursday, people started saying: call your bank, change your passwords, set up a new checking account.
I was completely irate. Once it got personal, it was just, are you kidding me? Seeing the faces of colleagues with families—they’re worried about their life savings, their retirement funds, their kids.
And the blogs were the ones giving us all the information.
The company provided us with All Clear ID, which is a security monitoring firm, but some people said that LifeLock was the way to go, and I decided to get it. There’s a reason you pay [$29.99 a month] for it.
That weekend, I set up alerts on all my bank accounts and credit cards. I get a text message about every transaction
I changed every single password.
A few days later, we were on loaner laptops, pen and paper, recreating PowerPoints, re-creating databases.
We chugged along. We did as much as we could. But there were certain days that people had to leave the office to do what they had to do personally.
I decided that I’m never going to access any of my financial accounts on my work computer ever again. If I need to do something urgently, I’ll use my smartphone, or I’ll go home and do it. It’s not worth the risk.
And there’s the frustration at the way the top top brass handled the situation. Why didn’t they provide more for the employees? Why didn’t they bring in security consultants?
You read all these reports about morale being low. I wouldn’t say it’s low. You chug along.
Tomi Engdahl says:
Guardian:
Obama says Sony hack was an act of cybervandalism, not war, considers putting North Korea back on state sponsors of terrorism list — Obama: North Korea hack on Sony Pictures was not an act of war — President tells CNN North Korea may go back on state terror list
US may put North Korea back on state terror list after Sony ‘cybervandalism’
http://www.theguardian.com/us-news/2014/dec/21/obama-us-north-korea-state-terror-list-sony-hack
Obama says North Korea’s Sony Pictures hack was not an act of war
North Korea warns ‘toughest counteraction will be boldly taken’
Tomi Engdahl says:
New York Times:
Obama administration seeks China’s help in blocking North Korea’s ability to launch cyberattacks
U.S. Asks China to Help Rein In Korean Hackers
http://www.nytimes.com/2014/12/21/world/asia/us-asks-china-to-help-rein-in-korean-hackers.html?_r=0
The Obama administration has sought China’s help in recent days in blocking North Korea’s ability to launch cyberattacks, the first steps toward the “proportional response” President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials.
“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said.
So far, the Chinese have not responded. Their cooperation would be critical, since virtually all of North Korea’s telecommunications run through Chinese-operated networks.
Tomi Engdahl says:
Sony and the rise of state-sponsored hacking
http://www.cnet.com/news/sony-and-the-rise-of-state-sponsored-hacking/
North Korea has been blamed for one of the most destructive cyberattacks on a company in US history. It’s just the latest in a string of hacks sanctioned and funded by governments.
James Bond may need a license to kill, but North Korea only needed an Internet connection and computers to cripple an entire company.
That’s the lesson from one of the most damaging hacks ever on a US company. North Korea targeted Sony Pictures Entertainment because the studio planned to release “The Interview,” a satirical film depicting a plot to assassinate North Korea’s Supreme Leader Kim Jong-Un.
“This is absolutely a wake-up call,” said Bruce Bennett, an expert on North Korea and military defense for the RAND Corporation think tank. “We have North Koreans who built nuclear weapons. Why should we suspect they can’t do cyberattacks?”
While the latest cyberattack puts North Korea in the public eye, the country is not unique. China, Israel, France, Syria and the US are among the world’s most powerful countries that have amassed armies of hackers engaged in cyberwarfare. These countries have reportedly used sophisticated computer skills to disable Iran’s uranium enrichment plants, cripple oil and gas production in Saudi Arabia and sabotage satellite and infrastructure systems around the world.
hackers working on behalf of various countries have carried out plots against nations and corporations.
US President Barack Obama said these types of breaches will grow in regularity. “They’re going to be costly, they’re going to be serious,” he said in a Friday news conference.
President Obama also said he doesn’t believe North Korea worked with other countries in the attack against Sony.
In the not-too-distant future, warfare with traditional weaponry may take a backseat to potentially more destructive tactics: computer code attacking the companies and infrastructures, including electric grids and oil and gas pipelines, that society relies on.
That isn’t as farfetched as it once was, said Dmitri Alperovitch, co-founder of security services firm CrowdStrike. “From a technical perspective, this attack wasn’t unprecedented,” he said. “There’s no doubt we’ll see more of these in the future.”
Tomi Engdahl says:
What The US Could Do In Response To The Sony Hack
http://www.businessinsider.com/what-the-us-can-do-in-response-to-the-sony-hack–and-the-risks-for-each-2014-12
“They caused a lot of damage, and we will respond,” President Obama told reporters in an end-of-year news conference.
This malicious intent and apparent state sponsorship have forced the US to respond to the incident as a matter of national security, instead of treating it simply as an instance of cybercrime.
Declare North Korea a state sponsor of terrorism.
Risks: North Korea was on the state sponsors of terrorism list until 2008, when it was removed by the Bush administration during nuclear negotiations. Putting it back on would be nothing more than a return to the status quo.
Declare the hackers terrorists.
Risks: Designating North Korea a terrorist sponsor could hamper any future nuclear negotiations with Pyongyang (the US removed the country from the state sponsors of terror list in 2008 to make headway on the nuclear issue).
Would China and Russia be labeled state supporters of cyberterror for their distributed denial of service (DDoS) attacks against American companies and sabotage of US government systems? And what would this designation even mean in practicality — which people or entities would be affected, and how might an expanded legal regime complicate other US economic and political interests? For starters, sanctioning cyberterrorists or companies that assist them could conceivably complicate some US firms’ business dealings in China.
Engage in counterhacks.
Risks: Any cyber engagement against North Korea runs the risk of escalating a conflict into a full-blown cyberwar between the two nations — and the US wouldn’t have much to gain from it
“You can turn out the lights in Pyongyang, and they could turn out the lights in New York. Who loses more? There’s no way for us to win a trade,”
Go after Chongryon.
The US could pressure the Japanese government to shut down and expel the organization.
Risks: Japan has been negotiating with North Korea over the fate of nearly a dozen Japanese citizens kidnapped and taken to North Korea over the past 40 years. Sony is a Japanese company, but Japan may bristle at what could be perceived as American intrusion into its foreign and domestic affairs.
Expand sanctions.
Risks: High-level sanctions on North Korea could lead to more difficult relations with China.
Totally end trade.
Risks: None, really. It’s just too little money to make much of a difference.
End even the possibility of expanding food or development aid.
Risks: This would effectively punish ordinary North Koreans for the actions of their government. And it probably wouldn’t do much
Try to run the North Korean government off of the internet.
Risks: This wouldn’t have much impact.
Nothing.
The US could treat the Sony breach as an attack on a single private company rather than on the US writ large. Even now, the attack doesn’t fit NATO’s definition of an act of cyberwar since there has been no loss of life or physical damage resulting from it.
Risks: By doing nothing, the US government would be saying that it doesn’t feel obligated to respond to even a highly damaging state-backed attack on an entity in the US. This may embolden future attackers. And it would fail to address any of the alarming issues that the Sony hack raises.
Diplomacy.
Risks: Nothing happens.
Tomi Engdahl says:
A Very Nervous Seth Rogen Tried To Explain Why He Thought ‘The Interview’ Was A Good Movie Idea
http://www.businessinsider.com/seth-rogen-explains-why-he-made-the-interview-on-colbert-report-2014-12
North Korea is not a fan of actor Seth Rogen’s latest film, “The Interview.” The comedy about the assassination of the country’s leader Kim Jong Un may not ever see the light of day.
Sony Pictures canceled the movie’s release after a massive cyberattack from hackers linked to North Korea and threats of violence against moviegoers.
The film has “upset the North Koreans,” Colbert said. “Did you think it would upset the North Koreans?”
“We did not think they would love the concept of the movie to be totally honest,” Rogen said. “But more than anything we wanted to make a movie that had one foot in reality. That’s something we as filmmakers like and think is interesting as audience members as well.”
“I personally think it is appropriate to make jokes about real things,” Rogen said with a nervous laugh. “We thought maybe we could inject some slight relevance.”
Tomi Engdahl says:
North Korea internet ‘totally down’ as US cyber attack suspected
http://www.telegraph.co.uk/news/worldnews/asia/northkorea/11309376/North-Korea-internet-totally-down-as-US-cyber-attack-suspected.html
The hermit country is suffering one of its worst ever internet outages and experts say it may be under attack as US officials decline to comment
North Korea is experiencing one of its worst ever internet outages days after US President Barack Obama vowed a “proportional” response for the hermit country’s cyber attack on a Hollywood studio.
It began encountering problems on Friday, and by Monday night North Korea was completely cut off from the world wide web. One expert described its connectivity as “toast.”
The US declined to comment on the situation amid speculation that America was hitting back in a new cyber war to protect itself from future hacking assaults.
Tomi Engdahl says:
Jason Koebler / Motherboard:
Sony Threatens to Sue Twitter Unless It Removes Tweets Containing Hacked Emails
http://motherboard.vice.com/read/sony-threatens-to-sue-twitter-unless-it-removes-tweets-containing-hacked-emails
Sony’s battle on people disseminating its hacked and leaked emails has extended from news outlets to random Twitter users to, now, Twitter itself. Sony’s lawyer has threatened Twitter with legal action if the social networking company doesn’t ban accounts that are sharing the leaks, according to emails obtained by Motherboard.
Sony demanded that Twitter “comply with all future requests with regard to any other account holder seeking to disseminate the Stolen Information via Twitter”
A spokesperson for Twitter confirmed that the letter is authentic but declined to specifically comment about the company’s response.
The letter Sony sent Twitter is much like the letter Sony sent to Broeksmit, which was also similar to notices sent to journalists reporting on the information contained in the Sony hacks.
Earlier today, a Twitter spokesperson told me that the social media network doesn’t allow the posting of another person’s private information, but that it does allow linking to such information.
Tomi Engdahl says:
Sony Threatened to Sue Someone for Tweeting Screenshots of Leaked Emails
http://motherboard.vice.com/read/sony-threatened-legal-action-for-tweeting-screenshots-of-leaked-emails?trk_source=recommended
Sony has threatened at least one person with legal action if he doesn’t stop tweeting information from the company’s hacked-and-leaked emails, according to emails obtained by Motherboard.
Val Broeksmit, a California-based musician, has been combing through gigabytes worth of documents and has been tweeting out screenshots of leaked emails that he finds newsworthy for a couple weeks now.
Tomi Engdahl says:
‘The Interview’ Now Has a Perfect 10 Rating on IMDb
http://motherboard.vice.com/read/the-interview-has-a-perfect-10-on-imdb?trk_source=recommended
The outpouring of public support came straight from the dank internet dungeon of 4chan’s TV discussion message board, on which an anonymous user posted a thread on December 19th encouraging people to rate the movie a 10 so that North Korean leader Kim Jong-Un can get
Tomi Engdahl says:
Hackers Used Sophisticated SMB Worm Tool to Attack Sony
https://www.securityweek.com/hackers-used-sophisticated-smb-worm-tool-attack-sony
Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise.
While not mentioning Sony by name in its advisory, instead referring to the victim as a “major entertainment company,” US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks.
The SMB worm propagates throughout an infected network via brute-force authentication attacks, and connects to a command and control (C2) infrastructure with servers located in Thailand, Poland, Italy, Bolivia, Singapore and the United States, the advisory said.
An FBI “flash memo” issued to a limited number of organizations earlier this month also warned about the dangerous malware, which has been referred to as “Destover” by some security vendors.
Tomi Engdahl says:
US Asked for China’s Help on North Korea Cyberattacks: Official
https://www.securityweek.com/us-asked-chinas-help-north-korea-cyberattacks-official
The United States has asked China to help block cyber attacks from North Korea as it weighs a response to the crippling hack of Sony Pictures, a US official said Saturday.
“We have discussed this issue with the Chinese to share information, express our concerns about this attack and to ask for their cooperation,” a senior US administration official told AFP.
North Korea called Saturday for a joint investigation with the US into the crippling attack on Sony, denouncing Washington’s “slandering” after President Barack Obama warned Pyongyang of retaliation.
China is North Korea’s closet ally, and has traditionally had long-standing influence with the leaders of the hermit state.
The US administration official said that in “our cybersecurity discussions, both China and the United States have expressed the view that conducting destructive attacks in cyberspace is outside the norms of appropriate cyber behavior.”
Tomi Engdahl says:
Indicators of Compromise for Malware Used by Sony Hackers
https://www.securityweek.com/indicators-compromise-malware-used-sony-hackers
Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise.
While not mentioning Sony by name in its advisory, instead referring to the victim as a “major entertainment company,” US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks.
According to the advisory, the SMB Worm Tool is equipped with five componments, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool.
The advisory also provides a summary of the C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.
Tomi Engdahl says:
China condemns cyberattacks, but says no proof North Korea hacked Sony
http://www.reuters.com/article/2014/12/22/us-sony-cybersecurity-idUSKBN0K006U20141222
China said on Monday it opposed all forms of cyberattacks but there was no proof that North Korea was responsible for the hacking of Sony Pictures, as the United States has said.
China is North Korea’s only major ally, and would be central to any U.S. efforts to crack down on the isolated state. But the United States has also accused China of cyber spying in the past and a U.S. official has said the attack on Sony could have used Chinese servers to mask its origin.
South Korea, which is still technically at war with North Korea, said computer systems at its nuclear plant operator had been hacked and non-critical data stolen, but there was no risk to nuclear installations or reactors.