Cyber attacks on the USA (catch all)

[AdamG]

Working under the code name Sabu, Hector Monsegur was responsible for some of the most notorious hacks ever committed. As he told "CBS This Morning" co-host Charlie Rose earlier this month, Monsegur began cooperating with the FBI after getting caught. He now works as a security researcher.

"For something like this to happen, it had to happen over a long period of time. You cannot just exfiltrate one terabyte or 100 terabytes of data in a matter of weeks," Monsegur said. "It's not possible. It would have taken months, maybe even years, to exfiltrate something like 100 terabytes of data without anyone noticing."

Monsegur said there's also a chance the hack could have originated from China.

"I mean, it's possible," he said. "It might be a North Korean inside China."

Some of the investigators point to malware written in Korean, but Monsegur said that doesn't necessarily mean the hackers are Korean.

"Well, it doesn't tell me much. I've seen Russian hackers pretending to be Indian. I've seen Ukrainian hackers pretending to be Peruvian.There's hackers that pretend they're little girls. They do this for misinformation, disinformation, covering their tracks," he said. "Do you really think a bunch of nerds from North Korea are going to fly to New York and start blowing up movie theaters? No. It's not realistic. It's not about 'The interview.' It's about money. It's a professional job."

Monsegur thinks it's also possible this was an inside job, that an employee or consultant downloaded all the information from Sony's servers and then sold it to someone else.

http://www.cbsnews.com/news/sony-hac...s-responsible/

Shave with Occam's Razor

[selil]

My quick comments on investigating digital crime (less about this and more about general concepts) http://selil.com/archives/6129

[AdamG]

I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.

Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.

http://www.theatlantic.com/internati...k-sony/383973/

Note: Bruce Schneier is a contributing writer for The Atlantic and the chief technology officer of the computer-security firm Co3 Systems.

[AdamG]

In Plain English: Five Reasons Why Security Experts Are Skeptical that North Korea Masterminded the Sony Attack

https://medium.com/elissa-shevinsky/...e-24509b4b8331

[AdamG]

All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.

I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world's leading mobile security company, Cloudflare, I think I am worth hearing out.

http://www.thedailybeast.com/article...hack-sony.html

[AdamG]

FBI agents investigating the Sony Pictures hack were briefed Monday by a security firm that says its research points to laid-off Sony staff, not North Korea, as the perpetrator — another example of the continuing whodunit blame game around the devastating attack.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Read more: http://www.politico.com/story/2014/1...#ixzz3NMAk7Dow

[AdamG]

http://www.wsj.com/articles/penn-sta...ked-1431804110

Hackers apparently based in China have had access to Pennsylvania State University’s engineering school computers for over two years, the university disclosed on Friday after a lengthy analysis by federal and private investigators.

The breach potentially has exposed research pertaining to technology for the U.S. Defense Department.

The university said it would take the affected computer network offline for several days to root out the hackers.

“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” Penn State President Eric Barron said in a letter to students and faculty.

[AdamG]

Cybersecurity Expert: Be Afraid, America. Be Very Afraid.

Leading cybersecurity expert Joseph Weiss writes about how vulnerable America’s computer systems are. He features in the NOVA documentary ‘CyberWar Threat,’ premiering Oct. 14 on PBS.

http://www.thedailybeast.com/article...ry-afraid.html

[AdamG]

SAN FRANCISCO — Over the last four years, foreign hackers have stolen source code and blueprints to the oil and water pipelines and power grid of the United States and have infiltrated the Department of Energy’s networks 150 times.

So what’s stopping them from shutting us down?

The phrase “cyber-Pearl Harbor” first appeared in the 1990s. For the last 20 years, policy makers have predicted catastrophic situations in which hackers blow up oil pipelines, contaminate the water supply, open the nation’s floodgates and send airplanes on collision courses by hacking air traffic control systems.

http://bits.blogs.nytimes.com/2015/1...ing-pace/?_r=1

[AdamG]

US Still Doesn’t Know Who’s In Charge of What If Massive Cyber Attack Strikes Nation
NOVEMBER 3, 2015 BY PATRICK TUCKER
Cyber physical attacks on infrastructure may be an unlikely sneak attack, but if it happens, the chain of command is far from clear.
http://www.defenseone.com/threats/20...ref=d-mostread

[AdamG]

For those of you folks in the bowels of the Kremlin following this thread, nice job guys!

Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.

https://www.washingtonpost.com/world...7a0_story.html