What caused Sony hack: What we now know

By Jose Pagliery
December 29, 2014
NEW YORK (CNNMoney)

What we now know about the Sony Pictures hack shows this cybermystery isn't over yet.

The FBI presented evidence that North Korea was behind the hack. Upon closer examination, security experts, hackers, and people familiar with Sony's computer networks are uniting with this disheartening reality: Anyone could have pulled this off.

It could have been a disgruntled Sony employee, profit-seeking hackers, North Korea--or a combination of the three.

Here's the facts about the hack that we do know:

• Hackers used computer servers in Bolivia, Cypress, Italy, Poland, Singapore, Thailand and the United States to attack Sony. 
• The IP addresses associated with those servers have "previously [been] linked to North Korea" by the FBI
• The malware used against Sony had what the FBI calls "lines of code" and "data deletion" methods similar to malware "North Korean actors previously developed."
• The computer-wiping software used against Sony was also used in a 2013 attack against South Korean banks and news outlets, which the FBI attributed to North Korea. 
• The malware was built on computers set to Korean language--unusual in the hacking world. 
• Hackers demanded Sony Pictures pull "The Interview" to avoid starting a war over a movie.

These facts are why the Obama administration has accused North Korea of hacking Sony Pictures and has vowed to retaliate.

But security experts aren't 100% ready to point their fingers at North Korea--not yet, anyway.

Technical evidence shows anyone can tap servers for hacking and spamming. Hackers routinely borrow and share computer code. Computer wiping software can be bought legally by anyone. A computer's language settings can be changed on a whim. And this hack actually started as an extortion attempt on Nov. 21 when Sony executives got emails saying "The compensation for it, monetary compensation we want."

Robert Graham, a researcher with Errata Security, stresses that anyone can hire hackers on the black market. These cybersoldiers of fortune might work on behalf of a country or an ex-Sony employee--and not even know it. 

He's also wary of how quickly the US government blamed North Korea. Hacking investigations typically take months, including the FBI's takedown of online drug bazaar Silk Road and hunting down members of LulzSec. 

"Even if its true that is was North Korea, I don't think the FBI would do it in three weeks," Graham said. "Maybe six months."

This year's major hacks are a perfect example. Law enforcement still hasn't publicly identified--or arrested--those who broke in to Target, Home Depot, and JPMorgan and stole millions of credit cards and lots of personal data. 

Robert M. Lee, co-founder of consulting and software firm Dragos Security, puts it this way: There might be evidence against North Korea, but what the FBI presented doesn't cut it. 

Lee, until recently a U.S. Air Force intelligence officer specializing in cyber warfare, also worries about how quickly North Korea was blamed. Lee said intelligence agencies and law enforcement don't typically work together at this kind of breakneck speed--and when they do, they often rely on outdated or inaccurate information, because there are so many conflicting intelligence reports. 

For its part, North Korea's government says it was framed. Take that for what you will.

Adding to the fog: Lots of Sony employees with critical access to the computer network were laid off by the company earlier this year, according to ex-employees. And early on, the hackers talked about seeking "equality" at Sony.

A simple explanation points to North Korea. But those who understand hacking worry its just too simple. 

http://money.cnn.com/2014/12/24/technology/security/sony-hack-facts/index.html

Scam of the Week: "Shipping Problem"

Posted by Stu Sjouwerman

We have Black Friday and Cyber Monday behind us. After losing ground to online competitors, brick-and-mortar retailers have struck back with incredible online deals. Wal-Mart said Thanksgiving was its second biggest day ever for online sales and Target's online buying was up 40% over last year.

This is the time of year that people buy new smartphones, TVs, and new game consoles because they are able to get killer deals and they are dying to get their hands on these new goodies.

What you may not know is that similar to a magazine's editorial calendar, hackers have a "scam calendar" which focuses on events exactly like this. They have them planned and ready to roll starting TODAY for the rest of the month.

These malware campaigns do not discriminate between the home and the office, and use social engineering to trick users. A billion of these criminals emails are sent each day. So, I strongly recommend you send this to your users today. Feel free to edit in any way you like:

"Scammers are preying on people that have just made a lot of online purchases on Black Friday and Cyber Monday. There are several scam campaigns being sent right now.

1) Be on the lookout of "Shipping Problem" emails from FedEx, UPS, or the US Mail, where the email claims they tried to deliver a package from (for instance Apple Computer) but could not deliver due to an incomplete address. "Please click on the link to correct your address and you will get your package." If you do, your computer is likely to get infected with malware. Warn everyone in the family, especially teenagers.

2) Watch out of alerts via a TEXT to your smartphone that "confirm delivery" from FedEx, UPS, or the US Mail, and then asks you for some personal information. Do not enter anything. Think before you click!

3) And to reiterate a warning we sent out a few weeks ago, there is a fake refund scam going on that could come from a big retailer. It claims there was a "wrong transaction" and wants you to "click for a refund" but instead, your device may be infected with ransomware.

http://blog.knowbe4.com/scam-of-the-week-shipping-problem

Sony pictures computer system hacked in online attack

25 November 2014

Sony Pictures Entertainment has been targeted by computer hackers in an attack which reports say forced it shut down its systems on Monday.

A skull appeared on computer screens along with a message threatening to release data "secrets" if undisclosed demands were not met, reports said.

The message showed "#GOP" indicating a group called Guardians of Peace was behind the attack.

Sony has issued a statement saying the firm is investigating the "IT matter".

The tech firm has reportedly shut down its computer network as a precaution and advised employees that resolving the situation could take anywhere from one day to three weeks.

Meanwhile, an anonymous user on the Reddit news website posted an image allegedly from a Sony computer screen, which said "Warning: We've already warned you, and this is just the beginning...We have obtained all your internal data including secrets and top secrets".

News of the online attack comes just months after Sony's Playstation network was forced offline by a cyber attack in August.

Wee Teck Loo, head of consumer electronics research at Euromonitor said any negative news for Sony just "piles" pressure on the company that has been struggling financially in both its TV and mobile business.

"Three years ago, the hack on PlayStation network was massive, expensive and absolutely embarrassing. This time round, I don't believe that there will be massive damage, save for Sony's ego, even if the hack is real," Mr. Loo said.

Charles Lim, senior industry analyst at ICT, Frost & Sullivan Asia Pacific, however, said that the attack has put into question what "multi-layers of prevention" Sony has to detect and handle such risks.

"In this breach, GOP claimed to have accessed private keys, source codes, password files and even their production schedule and notes, and that will raise questions," Mr Lim said.

High profile companies like Sony can be targeted and hacked every day, according to Naveen Menon, partner at consulting firm AT Kearney.

In its latest research, the firm said that experts estimate that at least 25% of all companies have already suffered financial loss through some form of cyber attack.

Sony is understandably keen to downplay this latest hacking threat. "We are investigating the matter" is the kind of benign language more commonly used for routine technological issues, not chilling messages threatening to unleash reams of data to the world.

The demands are opaque so it is unclear how much damage could be wrought should Sony fail to resolve the situation before the deadline. Sony Pictures has at least reclaimed its compromised Twitter accounts.

Nevertheless, this internal corporate attack does not yet appear to be of the magnitude of previous public breaches that Sony has suffered.

But the fact that hackers have again apparently infiltrated Sony's systems will do nothing to restore public faith that the Japanese technology giant has its security affairs in order.

And it is somewhat ironic that Sony has only just dismissed the allegation made by hackers that they had succeeded in breaching the Playstation network earlier this year. This latest attack cannot be so easily dismissed.

http://www.bbc.com/news/technology-30189029