Sony PlayStation and Microsoft Xbox networks were both disrupted yesterday, with disruptions continuing into today. LizardSquad claims they did it — no announced motive. See the Christian Science Monitor's Passcode for a profile of the group, and its baffling celebrity.
US attribution of the Sony Pictures hack to North Korea remains controversial, with insiders and hacker collectives providing the principal alternative suspects. Another alternative theory seems thin and circumstantial, but perhaps no more so than attribution of cyber attacks tends to be: language the "Guardians of Peace" used in their communications strikes some (at Taia Global, at any rate) as containing errors Russian native speakers characteristically make when attempting English. (Languages checked include Korean, Russian, Mandarin Chinese, and German. Taia Global had an admittedly small corpus of messages to work on.) But leading explanations still point to North Korea, even to one General Kim Yong-chol.
There is consensus, however, that better information-sharing and network security are the order of the day. Lawyers, defense intellectuals, and policy wonks debate the nature of cyber war (what constitutes, when justified, how to wage, etc.). See the New York Times for a series of connected op-eds.
The US, Japan, and South Korea announce closer intelligence cooperation against what they regard as a common threat from the DPRK. South Korea asks China for assistance with an investigation into attacks on networks of a nuclear power producer (the reactors themselves are reported safe and secure) as some believe China provides cyber training and tools to North Korea.
Today's issue includes events affecting Australia, China, European Union, India, Japan, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, Romania, Russia, United States.
The CyberWire has resumed regular publication. We'll take another day off on January 1st, returning as usual on January 2. We hope you continue to enjoy the holidays.
Cyber Attacks, Threats, and Vulnerabilities
Sony and Microsoft video games hit by outages(Financial Times) Sony and Microsoft were struggling to respond to an apparent cyber attack on their video games networks over Christmas, leaving millions of customers unable to play games and access entertainment
Hackers Take Credit For PlayStation Network And Xbox Live Outages On Christmas(TechCrunch) Gamers who received new consoles for Christmas might find themselves unable to connect and play with friends, thanks to a coordinated attack by hackers who claim to have taken down the two largest gaming networks. On what might be the biggest gaming day of the year, a hacker group called Lizard Squad is claiming responsibility for taking down both Xbox Live and PlayStation Network
Taia Global Linguists Establish Nationality of Sony Hackers as Russian, not Korean(Taia Global) In the wake of the Sony(TYO: 6758; NYSE: SNE) attack, and the U.S. government's pronouncement of responsibility for the attack on the government of North Korea, Taia Global linguists conducted a preliminary scientific analysis on 20 Sony hacker messages using Native Language identification and L1 Interference analysis
The Sony Hack and the Rise of Cyber Ransoms(Bloomberg) Just three days before cyber-attackers crippled Sony Pictures, the hackers sent an e-mail to executives Michael Lynton and Amy Pascal that said they would do great damage to the company if they weren't paid off
FBI Warned Year Ago of Impending Malware Attacks — but Didn't Share Info with Sony(Intercept) Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm's reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack. But the FBI never sent Sony the report
Sizing Up Cyber Risks after the Sony Breach(JD Supra) Sony's most recent data breach underscores the difficulties in underwriting and insuring cyber risk. Sony incurred losses that were surprising in both their scope and type. The company already is a defendant in at least four new lawsuits concerning the disclosure of employees' confidential information. In addition to potential liability, Sony suffered substantial first-party losses that may be difficult to quantify, including forensic costs, reputational injury, and business interruption losses
Is Your SSL Traffic Hiding Attacks?(Venafi) Encrypted traffic is growing fast and becoming mainstream. According to Gartner, SSL traffic comprises 15-25% of the total web traffic, making it a significant percentage. The use of SSL varies by industry, but often helps to securely transmit sensitive or confidential information
Hacking the Internet of Things: Beware of the Toasters(Tripwire: the State of Security) In previous posts, we've discussed using refrigerators as literal bombs launched by catapults and fridges used as bots to execute denial-of-service attacks against hapless networks. But now, all that is small potatoes when you think about the rapid push towards the creation of the Internet of Things
Security Patches, Mitigations, and Software Updates
Sony cyberattack is seminal moment in hacking: CEO(CNBC) The cyberattack on Sony that exposed sensitive internal communications and coerced theater chains to drop one of the company's films represents a seminal moment in the advancement of hacking, a cybersecurity executive told CNBC on Wednesday. While the attack was not technologically sophisticated, its success may embolden other cyber criminals to follow suit, George Kurtz, CEO of Crowdstrike said in a "Squawk on the Street" interview
Public Relations & Damage Control in the Aftermath of the Sony Hack(Business Insider) The entertainment world was completely shocked by the amount of information leaked in the recent Sony Industries hack. Sony was targeted by hackers in protest of the film "The Interview". In this comedy, journalists are instructed to assassinate North Korea's Leader, Kim Jong-un, after booking an interview with him. Loads of sensitive financial, personal and artistic information were leaked in this surprise attack, which has put a dent in Sony's reputation
Why we believe Akamai is fairly valued(Trefis Team via Forbes) Akamai had a stellar 2014 and its stock price is up over 30% year to date. The company reported strong numbers for the third quarter and displayed growth across all its reported business segments and geographies. This growth is likely to continue and will be driven by the secular trends of more business being conducted online, increased online content and traffic, content providers striving to improve the experience of their users and the increased demand for faster and safer content delivery. We believe that Akamai is fairly valued and our price estimate for Akamai stands at $61.70. This price estimate is based on our expectation that the company can increase its revenue by 1.9x from an expected $2.0 billion in 2014 to $3.8 billion by the end of our forecast period. We expect the company to accomplish this by growing its customer base by 1.25x during the same time frame, with the remaining growth coming from an increase in its average revenue per customer
ForeScout Inducted Into SC Magazine Industry Innovators Hall of Fame(Nasdaq) ForeScout Technologies, Inc., the leading provider of continuous monitoring and mitigation solutions for Global 2000 enterprises and government organizations, today announced that it has been named to the SC Magazine 2014 Industry Innovators Hall of Fame for ForeScout's CounterACT™ appliance. Inductees to the Industry Innovators Hall of Fame must demonstrate technology and business innovation, staying power and market success, and they must also be selected by SC Magazine as a Best Buy for three consecutive years
Kaspersky Lab Launches Cyber Threat Logbook Project(VAR Guy) Kaspersky Lab recently launched its interactive targeted cyberattacks logbook project to help users understand the correlations and relationships between major targeted attacks. The project is expected to give users additional insight into some of the most infamous cyberattacks on record so they can protect themselves from future attacks
Are you using the most secure and private web browser?(Computerworld) Aviator web browser, created by a WhiteHat Security, is setup to maximize privacy and security safeguards by default. Simply download OS X or Windows versions and then start surfing in private, protected mode without being tracked. You are not a product being sold in exchange for this free software
BitSight Bits: How to Prove that Security Ratings Work(BitSight) During last month's FS-ISAC webinar, Home Depot, the SEC and Increasing Board Oversight: Why Metrics Matter More and More, BitSight CTO and Co-Founder Stephen Boyer answered questions from attendees about why using IT security metrics is more important than ever before. He also performed a live demo of BitSight Security Ratings to show how to prove that security ratings work
Technologies, Techniques, and Standards
Incident Response at Sony(Internet Storm Center) For those of you who are not aware; Sony currently has a job posting for a Manager of Incident Response. Where I come from they refer to that as "closing the barn door after the horse has got out". They do need to start somewhere and all in all it sounds like a cool job for an experienced Incident Handler. They do mention SANS certifications. Of course they do put SANS certifications on the same level as CISSP and CISM, but it is a step
What's an Asset?(RSA: Speaking of Security) Ask a security professional for his or her job description, and you're likely to get an answer along the lines of, "Protecting the company's assets from being stolen or compromised"
How to avoid a malware wipe-out(IT-Online) Malware development has reached a new threat level with the emergence of destructive "wiper" worms, such as that used in the attack against Sony Pictures. Doros Hadjizenonos, Check Point South Africa sales manager looks at how firms can defend themselves
IBM supports biometrics for corporate BYOD use(Biometric Update) IBM stated in a recent blog post that it expects that the addition of biometrics to personal mobile devices will enhance security surrounding corporate 'bring your own device' (BYOD) policies
Inadvertent Algorithmic Cruelty(Meyerweb) I didn't go looking for grief this afternoon, but it found me anyway, and I have designers and programmers to thank for it. In this case, the designers and programmers are somewhere at Facebook
For America's Youth, Career Success STEMs from Competition(Fox Business) When Cooper Yerby was six years old, he wanted to be a pilot. But, like most young children, as he grew up, his opinion changed. A few years later, he wanted to be a meteorologist, then a plastic surgeon, then a chemical engineer
Girl Scouts learn about cyber security and related careers(Press Enterprise) About 200 Girl Scouts from middle schools throughout San Bernardino County learned about cyber security, deciphering codes and how to design and create model airplane gliders during a hands-on engineering and technology event at Cal State San Bernardino on Dec. 17
Japan Is Preparing For A Possible Cyberattack From North Korea(Reuters via Business Insider) Japan, fearing it could be a soft target for possible North Korean cyberattacks in the escalating row over the Sony Pictures hack, has begun working to ensure basic infrastructure is safe and to formulate its diplomatic response, officials said
Israeli expert: 'cyberspace has become a battlefield'(Al Monitor) Col. Gabi Siboni (ret.) heads the Cyber Security Program at the Israeli Institute for National Security Studies. Considered one of the top experts in the field, Siboni publishes numerous studies and position papers on the issue on behalf of the institute. The most recent of these, published the week of Dec. 22, is devoted to the cyberwar between the United States and North Korea
Iran and Modern Cyber Warfare(Global Research) Today US intelligence services seem to finally have become aware of the potential damage a cyber-attack can inflict, therefore Washington is placing particular stress on enhancing its "combat capabilities" in virtual space. Therefore, not only the CIA, but the NSA and the Pentagon have started getting substantial resources on an annual basis in order to be able to create the most advanced cyber-weapons conceivable
When Does Cyber Crime Become an Act of Cyberwar?(Townhall) No consensus exists between the U.S. government and cyber security experts as to whether North Korea is responsible for the online dumping of Sony Pictures Entertainment's confidential business data and emails. Even if it could be proven beyond any doubt with uncontestable forensic evidence that this theft is also, in fact, an act of computer hacking, it still wouldn't technically constitute an act of cyberwar — regardless of the identity of the perpetrator. So then, when would it?
Military Response Should Be Limited to Threats to Infrastructure(New York Times) All the fiery, yet contradictory, rhetoric over how to classify the Sony attacks is a strong indicator that the American government is operating in uncharted territory. President Obama, who has identified North Korea as the orchestrator, has called the attack an act of "cybervandalism" — a fairly strong label that would seem to prompt a law enforcement response. Senators John McCain and Lindsey Graham, on the other hand, have called the attacks "a new form of warfare" and an "act of terrorism," respectively. Those even stronger designations would seem to warrant a military response
International Law Permits a Measured Military Response to Cyberattacks(New York Times) The military plays a direct role in preventing cyberattacks only on its own networks. Otherwise, the military can share threat information to allow governmental and non-governmental actors to defend their networks, and it can deter some cyberattacks through the threat of a military response
International Consensus on Cyberattacks Is Blurry(New York Times) There are few satisfying responses to North Korea's "cyberattack" on Sony. Military action is not one of them. Under international law, a nation against whom force has been used has the right to use force in response, in self-defense. If a cyberattack has an equivalent effect to a kinetic attack — resulting in destruction or casualties — it qualifies for the use of force. What happened to Sony was not the use of force, terrorism or war
Sony Hack: No Good Options for U.S. on Private Sector Cybersecurity(World Politics Review) When they set out to make "The Interview," a comedic movie about assassinating the leader of North Korea, actors Seth Rogen and James Franco likely did not realize they would spark a massive cyber attack, lead the White House to dub those attacks a national security problem or inadvertently trigger a First Amendment crisis in the United States. When Sony and theater owners bowed to hacker demands that they cancel the movie's Christmas Day release, followed shortly by Paramount's refusal to allow movie theaters to run "Team America: World Police" — another comedy made at North Korea's expense — in its place, they highlighted a much bigger national security problem than many have realized: Not only can adversaries use cyberspace to steal and spy on a massive scale, or threaten critical infrastructure, they can also threaten the very freedoms that Americans take for granted
IT Security Suffers from Noncompliance(Office of the Inspector General, Department of Homeland Security) The Department of Homeland Security (DHS) has made progress to improve its information security program, but noncompliance by several DHS component agencies is undermining that effort, according to a new report by the DHS Office of Inspector General (OIG)
Evaluation of DHS' Information Security Program for Fiscal Year 2014(Office of the Inspector General, Department of Homeland Security) DHS has taken steps to improve its information security program. For example, DHS expanded the ongoing authorization program to improve the security of its information systems through a revised risk management approach. Additionally, DHS developed and implemented the Fiscal Year 2014 Information Security Performance Plan, which defines the performance requirements, priorities, and overall goals for the Department. DHS has also taken actions to address the President's cybersecurity priorities, which include the implementation of trusted internet connections, continuous monitoring of the Department's information systems, and strong authentication
Cybersecurity World Conference(New York, New York, USA, January 9, 2015) Welcome to Cyber Security World Conference 2015 where renowned information security experts will bring their latest thinking to hundreds of senior business executives and officials focused on protecting...
ShmooCon(Washington, DC, USA, January 16 - 18, 2015) ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and...
California Cybersecurity Task Force Quarterly Meeting(Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...
FIC 2015(Lille, France, January 20 - 21, 2015) The International Cybersecurity Forum (FIC) forms part of a thinking and exchange process that aims at promoting a pan-European vision of cybersecurity and strengthening the fight against cybercrime, a...
AppSec California(Santa Monica, California, USA, January 26 - 28, 2015) OWASP's AppSec California goes beyond "security for security?s sake" bringing application security professionals and business experts together with the objective of sharing new information that helps get...
Financial Cryptography and Data Security 2015(San Juan, Puerto Rico, USA, January 26 - 30, 2015) The goal of the conference is to bring security and cryptography researchers and practitioners together with economists, bankers, implementers and policy-makers. Intimate and colourful by tradition, the...
Data Privacy Day San Diego — The Future of IoT and Privacy(San Diego, California, USA, January 28, 2015) Join the Lares Institute, Morrison & Foerster, and the National Cyber Security Alliance for Data Privacy Day in San Diego. DPD San Diego will bring together privacy luminaries to discuss fundamental issues...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.