Group items tagged

The Obama administration has been tightlipped about its controversial naming of the North Korean government as the definitive source of the hack that eviscerated Sony Pictures Entertainment late last year. But FBI director James Comey is standing by the bureau’s conclusion, and has offered up a few tiny breadcrumbs of the evidence that led to it. Those crumbs include the claim that Sony hackers sometimes failed to use the proxy servers that masked the origin of their attack, revealing IP addresses that the FBI says were used exclusively by North Korea. Speaking at a Fordham Law School cybersecurity conference Wednesday, Comey said that he has “very high confidence” in the FBI’s attribution of the attack to North Korea. And he named several of the sources of his evidence, including a “behavioral analysis unit” of FBI experts trained to psychologically analyze foes based on their writings and actions. He also said that the FBI compared the Sony attack with their own “red team” simulations to determine how the attack could have occurred. And perhaps most importantly, Comey now says that the hackers in the attack failed on multiple occasions to use the proxy servers that bounce their Internet connection through an obfuscating computer somewhere else in the world, revealing IP addresses that tied them to North Koreans.

“In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy,” Comey said. “Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using…were exclusively used by the North Koreans.” “They shut it off very quickly once they saw the mistake,” he added. “But not before we saw where it was coming from.” Comey’s brief and cryptic remarks—with no opportunity for followup questions from reporters—respond to skepticism and calls for more evidence from cybersecurity experts unsatisfied with the FBI’s vague statements tying the hack to North Korean government. In a previous public announcement the FBI had said only that it found “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” as well as IP addresses that matched prior attacks it knows to have originated in North Korea. At that time, the FBI also said it had further evidence matching the tools used in the attack to a North Korean hacking attack that hit South Korean banks and media outlets.

Following those elliptical statements, the cybersecurity community demanded more information be released to prove North Korea’s involvement. Some have even signed a petition on the White House website calling for more transparency in the investigation. Well-known security blogger and author Bruce Schneier has compared the FBI’s “trust us” mentality to the claims of the Bush administration about Saddam Hussein’s nonexistent weapons of mass destruction in the run-up to the Iraq War. Without more information, security experts themselves have remained deeply divided in their conclusions about who hacked Sony.

A Japanese company with some offices in California was hacked. Several terrabytes of data were copied off its internal networks and some of it was put on file sharing sites. One of the items copied was a film produced in Canada that depicts as comedy the terror act of killing of a current head of state. The U.S. State Department applauded that movie scene. But there were tons of other data like social security numbers, payroll data, and internal emails stolen all of which that might have been the real target of the hackers. The tools to hack the company are well known and in the public domain. The company, Sony, had lousy internal network security and had been hacked before. The hackers probably had some inside knowledge. They used servers in Bolivia, China and South Korea to infiltrate. There is zero public evidence in the known that the hack was state sponsored.

But the U.S. is claiming that the event is a "national security matter". Who's national security? Japan's? Canada's? Why? A private Japanese entertainment(!) company left the doors open and had some equipment vandalized and some of its private property stolen. Why, again, is that of U.S. "national interest"? Why would the U.S. even consider some "proportional response"? The White House is anonymously accusing the state of North Korea of having done the hack. It provides no evidence to support that claim and the government of North Korea denied any involvement. The FBI and Sony say they have no evidence for such a claim. Still the New York Times editors eat it all up:

North Korean hackers, seeking revenge for the movie, stole millions of documents, including emails, health records and financial information that they dished out to the world. How do the editors know that these were "North Korean hackers"? The same way the knew about Iraq's weapons of mass destruction? Make believe and anonymous claims by U.S. government officials? Yeah - those folks never lie. Right?

Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending to be bad at writing English. 2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible.

3. It’s clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony’s internal architecture and access to key passwords. While it’s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of an insider. It also fits with the pure revenge tact that this started out as. 4. Whoever did this is in it for revenge. The info and access they had could have easily been used to cash out, yet, instead, they are making every effort to burn Sony down. Just think what they could have done with passwords to all of Sony’s financial accounts? With the competitive intelligence in their business documents? From simple theft, to the sale of intellectual property, or even extortion – the attackers had many ways to become rich. Yet, instead, they chose to dump the data, rendering it useless. Likewise, I find it hard to believe that a “Nation State” which lives by propaganda would be so willing to just throw away such an unprecedented level of access to the beating heart of Hollywood itself.

5. The attackers only latched onto “The Interview” after the media did – the film was never mentioned by GOP right at the start of their campaign. It was only after a few people started speculating in the media that this and the communication from DPRK “might be linked” that suddenly it became linked. I think the attackers both saw this as an opportunity for “lulz” and as a way to misdirect everyone into thinking it was a nation state. After all, if everyone believes it’s a nation state, then the criminal investigation will likely die.

resident Obama has done his best to tamp down fury at North Korea for hacking Sony--"I don't think it was an act of war," he said Sunday on CNN, but "cybervandalism"--but to find true skepticism about North Korea's role in the attack, you have to turn to the professional hacking and anti-hacking community.

Many hackers, anti-hackers and cybersecurity experts still don't share the FBI's conclusion that "the North Korean government is responsible for these actions," as the agency declared last week. They've picked apart the FBI's evidence, which was set forth in a public memo Friday and a much more detailed alert circulated to corporation security departments early in December, and found it wanting. 

As we explained earlier, that's important for two main reasons: You don't want to stoke anger at a government that may be either innocent or peripherally involved (North Korea has denied responsibility for the Sony attack), and you don't want the real perpetrators to evade the law-enforcement net.Let's take a look at what the experts are saying.

President Barack Obama on Friday took the first declared U.S. action against North Korea in response to the crippling cyberattack on Sony Pictures Entertainment over Thanksgiving, ordering a fresh set of financial sanctions against the authoritarian regime. Senior administration officials told reporters it was the first time the U.S. has sanctioned a country as a direct result of a cyberattack on an American business, though in the past sanctions have been imposed for human rights abuses by cyber means. Story Continued Below The president signed an executive order Friday afternoon authorizing the action, and the Treasury Department immediately sanctioned a North Korean government agency, two trading companies and 10 individuals affiliated with them under the new powers.

The FBI announced it had concluded North Korea was behind the attack, which wiped out Sony’s servers and computer network for a week and dumped massive amounts of sensitive company data, emails and other intellectual property on the Internet, on Dec. 19. Obama reiterated the government’s determination of North Korea’s responsibility at a press conference that day before leaving for his Hawaiian trip, and pledged a “proportionate response.” Friday’s sanctions are the U.S. government’s first declared response since that day. In the interim, the cybersecurity community has expressed skepticism of North Korea’s culpability based on the indicators the FBI cited as evidence for its conclusion, but officials and the FBI have remained firm that there is no evidence suggesting any other entity is behind the attack. In Friday’s call an official said the FBI is “standing by our assessment” and has access to channels for intelligence that private security firms do not.

Lost in the kerfuffle over North Korea’s hacking of Sony is this little irony: South Korea, the Hermit Kingdom’s main rival and a stalwart ally of the United States, has also been cyberspying on America. South Korea has an active online espionage program that is primarily aimed at the North but also has been “targeting us,” according to a newly disclosed internal National Security Agency document.

The NSA document, which was included in the trove of classified files leaked by ex-NSA contractor Edward Snowden and published last week by Der Spiegel, includes a first-person account from an unnamed NSA employee who says the agency was aware of South Korea’s hacking operations but not “super interested” in them until they were ramped up “a bit more” against the United States. The document is undated but makes reference to an NSA manual published in 2007. It gives no indication why South Korea stepped up its cyberspying on the United States.

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

For years the influence of the CIA in Hollywood was hidden and unacknowledged. Now it’s more of an open secret; not publicized, but pretty easy to read up on if you care. Just ask the spy agency’s Entertainment Industry Liaison. Yes, such a thing really exists.You see, the CIA’s man in Hollywood wants to help actors, authors, directors, producers and screenwriters “gain a better understanding” of the intelligence agency in order to ensure “accurate portrayals” of its activities. It even wants to help fire up the neurons and actually give you some good ideas if you’re coming up short in that department. Indeed, the CIA provides “inspiration for future storylines” and lists them on its website. Of course, it’s all in the interest of creating authentic and balanced portrayals of US intelligence agencies and the US military. And they’re quite busy, too. Between 2006 and 2011, the CIA public relations office had input into at least 22 film and movie projects.In a column for the Washington Post in 2011, David Sirota noted that the Pentagon too enlists the help of Hollywood for PR purposes when things are going awry and Americans are becoming weary of war. Movies like Top Gun in the 1980s and Zero Dark Thirty more recently were made in consultation with the Pentagon and White House. The result of this “creative input for Pentagon assistance” bargain created an entertainment culture “rigged to produce relatively few anti-war movies and dozens of blockbusters that glorify the military” and which amounts to “government subsidized propaganda,” Sirota wrote.

The CIA has had a hand in creating TV shows like 24, Homeland and Alias. The Americans — an FX show about two Russian spies living undercover in the US — was created by a former CIA agent, and the agency reportedly approves the scripts for each episode.A piece in the Guardian in 2008 called the CIA’s involvement in Hollywood a “tale of deception and subversion that would seem improbable if it were put on screen”. Of course, it’s unlikely to be put on screen, given that the agency which provides guidance on CIA-related movies (...) is the CIA.

Remember the “inspiration for future storylines” list mentioned earlier? Well, guess what? The liaison’s “current pick” for a possible future movie project is about one Ryszard Kukliński — a Polish colonel and spy for NATO who spent years passing secret Soviet documents to the CIA. I wonder why they’d be interested in that sort of thing right now. It couldn’t be anything to do with deteriorating relations between Russia and the West, could it?It may sound like conspiracy theory, but the 2014 hack of Sony Pictures Entertainment revealed that the the US State Department has actively sought out the biggest players in Hollywood and tried to enlist their help with what they called “anti-Russia messaging” for the public’s consumption through innocent entertainment. In other words, the government asked Hollywood for help producing propaganda — although I’m sure the State Department would call it something nicer.Richard Stengel, the US under secretary for public diplomacy, wrote to Sony CEO Mark Lynton explaining that the government needed help countering both ISIS and “Russian narratives” and said this wasn’t something the State Department could do “on its own”. He suggested convening a meeting of media executives to discuss ideas, content, production and “commercial possibilities”. Lynton responded with a list of media executives at other entertainment companies including Disney and Fox. It’s unclear from the emails whether that meeting Stengel requested ever happened, but judging by much of the recent entertainment industry output, one might be forgiven for assuming it did.

President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”

The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.

“We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.