Cyber attacks on the USA (catch all)

**davidbfpo** · 04-29-2014

Apparently a rare White House comment on matters cyber, entitled 'Heartbleed: Understanding When We Disclose Cyber Vulnerabilities' and all beyond me:http://www.whitehouse.gov/blog/2014/...lnerabilities?

Meantime over here a RUSI comment on how the UK responds:

The UK’s Computer Emergency Response Team (CERT) was launched this week to universal nods of approval. Questions remain, however, over how it will achieve its aims and what value it will add in an increasingly crowded UK network of cyber security teams.

See:https://www.rusi.org/analysis/commen.../#.U1-mfqJZAdU

**AdamG** · 05-21-2014

(Reuters) - A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security.

DHS did not identify the utility in a report that was issued this week by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

"While unauthorized access was identified, ICS-CERT was able to work with the affected entity to put in place mitigation strategies and ensure the security of their control systems before there was any impact to operations," a DHS official told Reuters on Tuesday.

Such cyber attacks are rarely disclosed by ICS-CERT, which typically keeps details about its investigations secret to encourage businesses to share information with the government. Companies are often reluctant to go public about attacks to avoid potentially negative publicity.

http://www.reuters.com/article/2014/...A4J10D20140521

**AdamG** · 12-18-2014

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?

The White House says the devastating cyber attack on Sony Pictures was done with "malicious intent" and was initiated by a "sophisticated actor" but it would not say if that actor was North Korea.

Spokesman Josh Earnest says the matter is still under investigation.

http://www.npr.org/blogs/thetwo-way/...e-proportional

**selil** · 12-19-2014

Originally Posted by AdamG

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?

http://www.npr.org/blogs/thetwo-way/...e-proportional

Great question asked by a lot of people. Not being answered either.

**Bill Moore** · 12-19-2014

Originally Posted by AdamG

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?

http://www.npr.org/blogs/thetwo-way/...e-proportional

Attribution is frequently challenging in cyber, but I suspect we will know with some degree of certainty, or we won't respond.

What would be a proportionate response for the hermit kingdom when it comes to cyber? Blocking the Dear Leader's access to porno?

**OUTLAW 09** · 12-19-2014

Weaponization of code is one of the most important elements of the "new hybrid" war UW strategy and next to the weaponization of information two elements we are totally unprepared to handle.

As one coming from the active world of internet security I see many large enterprise corporations that would also have not been able to suppress such an attack---US companies and the government have throw literally millions of dollars at the problem but it is like a checklist mentality---do I have this check, do I have that check and on and on.

At the end of the checklist they "feel" fully protected and are stunned when something like Sony occur.

My phone has not stopped ringing since Sony and I must thank Sony for "awakening" CEOS, CTOs and CIOs to the seriousness of the problem.

But here is the single most important issue---no major company drives offensive defensive internet security--most companies rely on a defensive mode concept and that no longer works. Also we are seeing a paradigm change that most companies still have not seen---away from a structured approach of internet security to a distributed multifunctional team approach which some of us were already pushing in 2004 and it was laughed at.

If one would see in articles on a daily basis concerning the dark internet sites being driven by criminals that even offer now total software hacking packages---ie you buy it just like regular software complete with a technical help desk if the software does not work--then we might hear a new tone coming from American end users but until then Sony types events will start increasing. Actually in the area of say the consumer world we see massive computer break-ins daily now with literally millions of CC data stolen and resold on the dark sites.

We often think American computer types are the greatest but there is a generation of Russians, Ukrainians, Chinese, NKoreans, and Iranians that are far better at cyber warfare/ cyber criminal activities than we are.

**AdamG** · 12-20-2014

Working under the code name Sabu, Hector Monsegur was responsible for some of the most notorious hacks ever committed. As he told "CBS This Morning" co-host Charlie Rose earlier this month, Monsegur began cooperating with the FBI after getting caught. He now works as a security researcher.

"For something like this to happen, it had to happen over a long period of time. You cannot just exfiltrate one terabyte or 100 terabytes of data in a matter of weeks," Monsegur said. "It's not possible. It would have taken months, maybe even years, to exfiltrate something like 100 terabytes of data without anyone noticing."

Monsegur said there's also a chance the hack could have originated from China.

"I mean, it's possible," he said. "It might be a North Korean inside China."

Some of the investigators point to malware written in Korean, but Monsegur said that doesn't necessarily mean the hackers are Korean.

"Well, it doesn't tell me much. I've seen Russian hackers pretending to be Indian. I've seen Ukrainian hackers pretending to be Peruvian.There's hackers that pretend they're little girls. They do this for misinformation, disinformation, covering their tracks," he said. "Do you really think a bunch of nerds from North Korea are going to fly to New York and start blowing up movie theaters? No. It's not realistic. It's not about 'The interview.' It's about money. It's a professional job."

Monsegur thinks it's also possible this was an inside job, that an employee or consultant downloaded all the information from Sony's servers and then sold it to someone else.

http://www.cbsnews.com/news/sony-hac...s-responsible/

Shave with Occam's Razor