Reports say North Korea's Internet has suffered two additional brief outages. Their cause is unclear — DPRK IT infrastructure is brittle and impoverished, and, as Dyn notes, such outages are consistent with mundane causes like power failures.
Observers continue to debate North Korea's responsibility for the attack on Sony, but the emerging consensus hold the FBI has it about right. See Brian Krebs for a rundown of the evidence. Some think the "Guardians of Peace" had help from "LizardSquad," the skid gadflies who've infested Sony over the past year. Any official US response is still problematic — it's clear that any response should be proportional, but what counts as proportional remains obscure. North Korea remains defiant, threatening the US and boycotting UN Security Council human rights discussions.
For its part Sony will now permit "The Interview" to be screened on Christmas, and the media giant continues to wag its big-law bludgeon menacingly at those who would repeat those embarrassing corporate emails (Twitter's the current transgressor).
Many have noted the overheated descriptions of the attack ("war," "terrorism"). SINET's Rodriguez sensibly calls the attack more than cybervandalism, less than cyberwar, and possibly "tranformational." The Christian Science Monitor's Passcode joins those who reiterate warnings that a real cyberwar would probably open with a strike against power grids. (South Korea may be seeing early phases of this, as Wiper malware appears in a nuclear operator's network.)
Crimeware-as-a-service expands the unpleasant potential of the black market. Vawtrak banking malware is among the goods enabling increasingly targeted attacks.
Today's issue includes events affecting China, France, India, Ireland, Democratic Peoples Republic of Korea, Republic of Korea, Russia, Ukraine, United Kingdom, United Nations, United States.
The CyberWire staff now departs to celebrate Christmas with their families. Regular publication will resume December 26 (interrupted again for New Year's Day, then resuming as usual on January 2). Enjoy the holidays.
Cyber Attacks, Threats, and Vulnerabilities
North Korea Internet hit by 2 more outages(USA TODAY) North Korea's Internet service, which was out for almost 10 hours on Monday, went down two more times on Tuesday, including a 31-minute stretch, according to Dyn Research
Who Was Behind The North Korean Web Blackout? Here Are 3 Theories(Forbes) North Korea's internet connection has never been that stable by today's standards, but the almost-unprecedented 10-hour outage that ended early Tuesday morning has prompted questions about whether the U.S. government had launched some sort of cyber attack on the country's network. Pres. Barak Obama's said Friday that the U.S. would "respond proportionally" to the recent cyber attack on Sony Pictures which American officials have linked to North Korea
Despite What the Cyber Skeptics Say, North Korea Is Behind the Sony Hack(Slate) It is healthy to be a cynic sometimes. Taking information as it is handed out as fact is dangerous. The goal should be to investigate, to interrogate the nature of our beliefs as they meet the facts and context to settle on some wisdom as to what actually happened. The problem with the emerging narrative on the Sony hack is that in the convergence of evidence and cynicism, some still side with the idea that North Korea did not perpetuate an attack on Sony's networks
The Case for N. Korea's Role in Sony Hack(KrebsOnSecurity) There are still many unanswered questions about the recent attack on Sony Pictures Entertainment, such as how the attackers broke in, how long they were inside Sony's network, whether they had inside help, and how the attackers managed to steal terabytes of data without notice. To date, a sizable number of readers remain unconvinced about the one conclusion that many security experts and the U.S. government now agree upon: That North Korea was to blame. This post examines some compelling evidence from past such attacks that has helped inform that conclusion
North Korea May Have Had Help From the Hackers Who Hit Sony in 2011(Bloomberg) The sweeping conclusion by President Obama and the FBI last week, blaming North Korea for the Sony hack, was clean and, to many, wholly satisfying. It's unusual that a huge cyber-crime is solved so definitively and so quickly. It felt like something out of the movies
Did North Korea really hack Sony?(Vox) Did North Korea really hack Sony? Not everyone is convinced by the FBI's claim that the country is responsible for last month's devastating cyberattackon Sony Pictures. And the skeptics are right that none of the evidence the US government has released so far definitively ties the Pyongyang regime to the attacks
A Modest Defense of the Government’s Legal and Policy Confusion Re Sony(Lawfare) The attribution problem makes it very hard for the public to know if North Korea in fact attacked Sony, the precise damage Sony suffered, and the party responsible for the (apparent) counter-attack in North Korea. Attribution problems are present in other realms of conflict, of course. Some kinetic terrorist attacks leave no fingerprint; covert action is by definition designed to avoid attribution; and the like. But as the Sony episode shows, what is distinctive about cyber-conflict is the pervasiveness of the attribution problem. The problem makes it hard to judge the seriousness of the attack, the justification for the response, and the proportionality (and, more broadly, legality) of the response. The cyber context highlights how much our legal and political categories depend on knowing who did what
How to respond to the Sony cyber attack(Washington Times) Whatever happens to the movie "The Interview" — a Sony Pictures flick that parodies an assassination of North Korea's Kim Jong-un — is not quite as important as our nation's response to the North Korean attack on Sony, but nearly so. At this point, the Obama administration appears undecided on what, if any, our response should be
Is Sony Hack Really 'The Worst' In U.S. History, As CEO Claims?(NPR) The CEO of Sony Pictures has been saying that the cyberattack against his company is "the worst cyberattack in U.S. history." And you can see where he's coming from. An entire feature film got canned — at least for now. And his corporate networks were so damaged, Sony workers had to revert to using fax machines to communicate. That said, "the worst" is a big claim
Take that, Kim Jong-un! The Interview will play in theaters on Christmas Day(Quartz) Several US theater owners are reporting that Sony has contacted them to authorizing screenings of The Interview. Sony had yanked the film from its original Dec 25 release date after the group that hacked the company posted threats against any theaters showing the film, a comedy in which North Korean leader Kim Jong-un is assassinated
Sony Hack: What You Missed(re/code) On Nov. 24, a group of hackers calling themselves the Guardians of Peace unveiled the mother of all hacks — the break-in of the computer networks of Sony Pictures Entertainment. The group has claimed to have stolen just about everything and has steadily released a huge trove of emails from senior executives, the personal information of its employees, secrets about upcoming projects and five feature films. In all, the group said it has under 100 terabytes of data that it has disclosed periodically
If cyberwar erupts, America's electric grid is a prime target(Christian Science Monitor: Passcode) Cybersecurity experts say that targets in a cyberwar wouldn't be Hollywood studios but instead the nation's critical infrastructure, which is already under attack by hackers trying to infiltrate, study, and potentially cripple US utilities
MBR Wiper Attacks Strike Korean Power Plant(TrendLabs Security Intelligence Blog) In recent weeks, a major Korean electric utility has been affected by destructive malware, which was designed to wipe the master boot records (MBRs) of affected systems. It is believed that this MBR wiper arrived at the target systems in part via a vulnerability in the Hangul Word Processor (HWP), a commonly used application in South Korea. A variety of social engineering lures were used to get would-be victims to open these files. Below is a quick overview of the attack with the infection chain starting from a spearphishing email sent to the employees' inboxes
Meet Anunak — The Hacker Crew That Owned Staples And Earned $18m In 2014(Forbes) In November this year, dignitaries and bigwigs of the cyber security industry gathered inside Europol's headquarters in The Hague. As they talked about general issues affecting the community, namely financially-motivated criminals, ears pricked up when one particular strain of malware, called Anunak, was said to have brought about the "armageddon" of the Russian banking industry, according to Andy Chandler, a senior vice president at security firm Fox-IT
Patches Not Cure-all for Shellshock(TrendLabs Security Intelligence Blog) Earlier this year, Linux system administrators all over the world had to deal with the Shellshock vulnerability, which could lead to malicious code being run on Linux systems. Servers running various web services were at particular risk
Top Facebook scams and malware attacks(Help Net Security) Millions of people fell for Facebook scams in 2014. Though security experts, companies and tech-savvy users guard against Facebook cyber attacks, many unwary users continue to fall victim to scams on the social network every day, with veteran users still falling for the same old e-threats
The "Snappening" Had No Impact On Snapchat Growth, Usage Or Engagement(TechCrunch) No single bad PR incident can impact Snapchat's growth or popularity, it seems. Earlier this year, the mobile social network made headlines when thousands of Snapchat accounts were hacked, causing around 200,000 private photos — many of a decidedly racy nature — to be leaked publicly to the web. Meanwhile, Snapchat's tone-deaf response to the event — dubbed the "Snappening," a hat-tip to the iCloud photo breach which had been referred to as the Fappening — was to point the finger at third-party apps which had reverse-engineered the Snapchat API. But Snapchat's explanation also meant the company was essentially blaming its own user base — the victims — for putting themselves at risk
Wise County Sheriff defiant after cyber-attack(WFAA) Christmas carols and country music echo off the walls of the Wise County Courthouse. The Decatur courthouse square rings with nostalgia. And the Wise County sheriff longs for those good old days of rural Texas, before cyber-crooks on the far side of the world could hold his computer files for ransom
Security Patches, Mitigations, and Software Updates
Apple copies Microsoft security system(Fudzilla) The fruity cargo cult Apple has done what Microsoft has been doing for years — pushing out security updates. It seems that Apple has just discovered the technique which the Tame Apple Press is trying to explain as something "super", "cool" and "original"
GovCon Leaders Talk Federal Cyber Defense in Sony Hack's Wake(ExecutiveBiz) The widely-reported cyber attack on Sony Pictures Entertainment that compromised emails written by the movie and television company's leaders and personal information of employees took another turn Friday when the FBI publicly held North Korea's government responsible for the hack
2014: A Specious Odyssey(Threatpost) The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it's time to scramble again. In 2014, those small moments of downtime were hard to come by. There was a seemingly endless parade of major vulnerabilities, data breaches and high-profile hacks. It was a year filled with Heartbleeds, POODLEs, Shellshock and a lot of pain for users, administrators and anyone else who likes to do things on the Interweb. Thankfully, the network is still standing after all that, so we went back and looked at all the stories we did this year and picked out the 10 most popular ones, put a fresh coat of paint on them and put them together to give you a picture of the year that was in security. Enjoy
Security Intelligence Becomes a Critical Service(MSPmentor) IT security attacks are becoming more covert with each passing year. Rather than launching waves of attacks that can be easily detected, cybercriminals these days are injecting malware into systems and lying in wait for months before doing anything. Known collectively as advanced persistent threats (APTs), these types of attacks still represent a minority of the types of IT security attacks being launched, but they are generally among the most lethal
Keep An Eye Out For Cybersecurity Stocks(Bidness Etc.) Cyber-attacks plagued companies this year like never before, and the issue is thought to be getting more serious. In such a scenario, cybersecurity companies may come out as winners
ModernGraham Annual Valuation Of Symantec Corporation(Seeking Alpha) SYMC is not suitable for Defensive Investors or Enterprising Investors following the ModernGraham approach. According to the ModernGraham valuation model, the company is undervalued at the present time. The market is implying only 4.93% earnings growth over the next 7-10 years, considerably lower than the rate the company has seen in recent years
8 Free Privacy Programs Worth Your Year-End Donations(Wired) Free software isn't free. Someone's got to shell out for the expensive development, maintenance, bug fixes and updates for programs that so many of us who live online have come to see as almost natural resources. And increasingly, those taken-for-granted tools have become vital for the privacy and security of millions of people
Are You Prepared For A Cyber-Attack? The Treasury Department Provides 10 Questions To Guide Corporate Leaders Through A Cybersecurity Assessment.(Law.com) On December 3rd, Deputy Secretary of the U.S. Treasury Sarah Bloom Raskin addressed the importance of cybersecurity planning and preparedness in a speech to the Texas Bankers' Association. With these comments, Treasury joins the Securities and Exchange Commission ("SEC"), the Federal Trade Commission ("FTC") the Federal Communications Commission ("FCC"), and other regulators in saying that cybersecurity must be a high priority in the c-suite of financial services intuitions. Arguably, cyber threats are a greater risk to the economy than terrorism in that one serious breach of a major financial institution could cause a customer confidence crisis that cripples a financial services firm
Health IT: Medical Devices(National Cybersecurity Center of Excellence) The National Cybersecurity Center of Excellence (NCCoE), in collaboration with the Technological Leadership Institute at the University of Minnesota, has devised a project to improve the security of wireless medical infusion pumps. This is the first of a series of use cases focused on medical device security
How PCI DSS 3.0 Can Help Stop Data Breaches(Dark Reading) New Payment Card Industry security standards that take effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples
Key industries train to thwart cyber attacks(USA TODAY) In a small hotel meeting room a few blocks from the White House, employees from power plants, factories, airports and oil refineries hunched over their laptops as they worked frantically to stop cyber terrorists from firing a rocket launcher into the heart of a picturesque American town
How I learned to stop worrying and love malware DGAs…(Internet Storm Center) The growth of malware families using algorithms to generate domains in 2014 has been somewhat substantial. For instance, P2P Gameover Zeus, Post-Tovar Zeus and Cryptolocker all used DGAs. The idea is that code generates domains (usually but not always) by taking the data and running it throw some magic math to come up with a list of many domains per day. This allows the attacker to avoid static lists of domains for callbacks in their code and allow them additional flexibility to make takedowns a little more difficult. Instead of getting one domain suspects, now you have to get thousands suspended. And if you think the "good guys" are on to you, you can change your encryption seed and get a new list of domains
How to Avoid Cyber-Burglars this Holiday Season(ABC News) Before the age of computers and smartphones, a would-be burglar would have to look in your window to see that you are gone on a holiday vacation. These days, all a would-be burglar has to do is check social media to see if you are away — a 21st century reality Laverne Cheatham learned the hard way
Ukrainian government sings agreement on cyber security cooperation with Microsoft(Kyiv Post) State Service for Special Communication and Information Protection of Ukraine, supervised by the Cabinet of Ministers, and the Ukrainian office of Microsoft (U.S.) have signed an agreement, according to which the corporation will provide the agency with access to source code and technical data on Microsoft software, services and systems (Government Security Program, GSP)
ANSSI adapts to Wassenaar(Intelligence Online) France's computer security agency ANSSI is looking to have a say on exports of French cryptography materiel
How Laws Restricting Tech Actually Expose Us to Greater Harm(Wired) We live in a world made of computers. Your car is a computer that drives down the freeway at 60 mph with you strapped inside. If you live or work in a modern building, computers regulate its temperature and respiration. And we're not just putting our bodies inside computers — we're also putting computers inside our bodies. I recently exchanged words in an airport lounge with a late arrival who wanted to use the sole electrical plug, which I had beat him to, fair and square. "I need to charge my laptop," I said. "I need to charge my leg," he said, rolling up his pants to show me his robotic prosthesis. I surrendered the plug
"Open Caching," Open Standards, and Privacy(Center for Democracy and Technology) In a recent letter, FCC Commissioner Ajit Pai claims that Netflix took steps to "impede[ ] open caching software from correctly identifying and caching Netflix traffic[.]" Absent from that letter is a discussion of what "open caching" is, whether software used by ISPs and others should be able to identify the source and content of traffic requested by Internet users, and what limitations should apply to how such information is used. Instead, the letter charges that Netflix's nonparticipation in an unnamed "effort to develop open standards for streaming video" threatens "standards collectively agreed upon by much of the industry[.]" The letter does not explain what those standards are or how they were agreed upon. The implications of this dustup for both privacy and the development of open standards warrant attention
Privacy Groups Upbraid MPAA For Trying To Bring SOPA Back At The State Level(TechCrunch) The ongoing struggle between Google and the Mississippi Attorney General Jim Hood has new players this week, as a number of privacy groups waded into the mix, dinging the Motion Picture Association of America (MPAA) for, in their words, a "coordinated campaign to shut down and block access to individual websites through backdoor methods resoundingly rejected by the public and federal lawmakers"
Boston Children's Hospital Settles Data Breach Allegations(FierceITSecurity) Boston Children's Hospital (BCH) has agreed to pay $40,000 and take steps to prevent future security violations following allegations related to a data breach that affected patient information, Attorney General Martha Coakley announced today
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
ShmooCon(Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.