Newsletter
IT and Cyber Security News Update from
Centre for Research and Prevention of Computer
Crimes,
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
Since June 2005 December
22, 2014 Issue no 1521
Tenth year of
uninterrupted publication
Todays edition
WAKING-UP : Government
to strengthen cyberspace monitoring
TREND : Cyberattack on German steel factory causes 'massive physical
damage'
IMPACT : Inside North Korea's scrappy,
masterful cyberstrategy
RETALIATION : Hackers Release Swedish Government Email
Details in Pirate Bay Retaliation
(Click on heading above to jump to related item. Click on Top to be back here)
WAKING-UP
: Government to strengthen cyberspace monitoring
Rajnath Singh has admitted gaps in cyberspace
monitoring by the government and said he had set up a committee to suggest ways
to strengthen the system.
ET Bureau
Dec
17, 2014
NEW
DELHI: Home minister Rajnath Singh on Tuesday
admitted gaps in cyberspace monitoring by the government and said he had set up
a committee to suggest ways to strengthen the system and ensure proper
monitoring of cyberspace.
It
was exposed last week that intelligence agencies had no clue of the identity or
location of Mehdi Biswas,
the Bangalore man behind the ISIS Twitter handle @ShahiWitness,
till UK's Channel 4 exposed his identity. The home minister's statement was
prompted after former home secretary and now BJP MP, RK Singh on Tuesday
pointed out in Parliament that the government had no control over ISIS
propaganda in cyberspace as servers were located abroad.
RK
Singh also pointed out that though the home ministry had banned ISIS and put it
under the schedule of banned organisations under Unlawful Activities
(Prevention) Act, it was not being communicated properly to people that ISIS
was a dangerous organization. "It is important that people of the country
are told that this is a dangerous organization and they should stay away from
it. The statements that should come to that effect...that we have not seen
yet," RK Singh said in Parliament on Tuesday.
The
home minister meanwhile gave credit to families from minority community for
discouraging their children from getting influenced by the terror group.
Also
see
TREND : Cyberattack
on German steel factory causes 'massive physical damage'
IDG
News Service
December
19, 2014
A
German steel factory suffered massive damage after hackers managed to access
production networks, allowing them to tamper with the controls of a blast
furnace, the government said in its annual IT security report.
The
report, published Wednesday by the Federal Office for Information Security
(BSI), revealed one of the rare instances in which a digital attack actually
caused physical damage.
The
attack used spear phishing and sophisticated social engineering techniques to
gain access to the factorys office networks, from which access to production
networks was gained. Spear phishing involves the use of email that appears to
come from within an organization. After the system was compromised, individual
components or even entire systems started to fail frequently.
Due
to these failures, one of the plants blast furnaces could not be shut down in
a controlled manner, which resulted in massive damage to plant, the BSI said,
describing the technical skills of the attacker as very advanced.
The
attack involved the compromise of a variety of different internal systems and
industrial components, BSI said, noting that not only was there evidence of a
strong knowledge of IT security but also extended know-how of the industrial
control and production process.
The
hack sounds similar to attacks involving the Stuxnet
worm. Considered the first known cyberweapon, Stuxnet is believed to have been created by the U.S. and
Israel to attack Irans nuclear program. Discovered in 2010, the worm has
espionage and sabotage functionalities that were used to destroy up to 1,000
uranium enrichment centrifuges at a nuclear plant near the city of Natanz in Iran.
IMPACT : Inside North Korea's
scrappy, masterful cyberstrategy
Heesun Wee
18 Dec 2014
ETCNBC.com
http://www.cnbc.com/id/102278702?es_p=205863
Sony Pictures Entertainment
has canceled the Christmas Day release of "The Interview" amid
threats of a widespread attack from hackers, who U.S. intelligence officials
say were working for North Korea. But how does a poverty-stricken country with
unreliable electricity even accumulate cyber-capabilities to level an
international corporation the size of Sony?
North Korea is a totalitarian
state with a per capita GDP of under $2,000, compared with $22,000 for South
Korea. But while average citizens hustle for food and survival, North Korea's
all-powerful upper classwith access to cashhas ramped up its digital
infrastructure in recent years. The regime's elite cyberarmy
has shrewdly learned to execute and recycle quick-and-dirtyyet effectivecyberattacks and malware to prey on high-level targets.
They previously have included a bank, university and media websites, according
to prosecutors.
"While the regime does
not appear to have an advanced cyber-capability, we should never underestimate
the potential impact of North Korea utilizing less advanced, quick-and-dirty
tactics," said Ted Ross, security research director for enterprise
security products at U.S. tech giant Hewlett-Packard.
The full details of North
Korea's involvement in the November data breach, according to U.S. officials,
aren't yet available. But an audit of Sony Pictures' computer network conducted
months before the attack revealed gaps in the way the company monitored its
system, as Re/code has reported. It was a window of opportunity, it seems, that
North Korean hackers noticed and seized to stunning effect.
The data breach has outed business transactions including the James Bond script
"Spectre" as well as personal details about
employee health records, bank transactions, Social Security numbers and emails
that go back years. Security experts say the Sony breach is an omen about the
dangers of modern cyberterrorism in a post 9/11
worldwhether the perpetrators are from North Korea or some other rogue state.
Wake-up call for all
companies, employees
As the ripple effect widens,
the Sony attack is proving to be about much more than leaked, juicy emails
among movie stars and Hollywood studio executives. The breach is a warning for
all employees and businesses, large and small, to reflect on the storage of
sensitive business information, and the treasure trove of employee details
housed in human resource departments.
There will be re-evaluations
about how companies conduct business including the use of cloud storage
computing and "BYOD," or the practice of bringing your personal
devices to work, which businesses allow amid cost-cutting.
The hackers obtained some 100
terabytes of data stolen from Sony servers. That's roughly 10 times the entire
printed collection of the Library of Congress.
"This incident covers
the broad spectrum of your worst nightmare for cybersecurity,"
said Jason Glassberg, co-founder of Casaba Security,
based in Seattle.
The movie "The
Interview" depicts two American journalists, played by Seth Rogen and James Franco, who secure a rare interview with
North Korean leader Kim Jong Un
and are tasked with executing him. The film's planned U.S. release on Christmas
Day was canceled Wednesday after several large cinema chains said they would
not show the film. There are no further release plans including video-on-demand
or other platforms.
The North Korean government,
meanwhile, has denied responsibility for the data breach. But a spokesman
quoted by the North's Korean Central News Agency described the attack as a
"righteous deed."
New revelations about North
Korea's involvement in the attack, according to U.S. officials, mark a sharp
turn for the federal investigation into the hack. But how might North Korea
have executed such a spectacular data breach?
For starters, the isolated,
communist nation has been pursuing cyberstrategies as
far back as the 1980s. It's cheaper than sending men to gather intelligence on
perceived enemies. There are at least 3,000 North Korean cyberwarriors,
though some reports place that number higher.
Rinse and repeat: The
north's cyberstrategy
North Korea's computer
network operations and their capabilities pale compared with wealthier,
industrialized nations including South Korea, one of the most wired countries
in the world. But the North's "regime has made significant progress in
developing its infrastructure and in establishing cyber-operations in the past
few years," said HP's Ross in an email to CNBC.com.
And while the regime's
network capabilities are far from modern, the North's cyberarmy
has smartly focused on more bare-bones cyberattacks
and replicated those tactics effectively. "Attacks and malware attributed
to North Korean origin are not particularly sophisticated and recycle similar
tactics, techniques and procedures," Ross explains. Malware can include
everything from viruses to infected software.
One simple yet efficient
cyber tool for the regime has been a distributed denial-of-service, often known
as "DDoS" attacks. In a typical DDoS attack, the perpetrator exploits many computers and
multiple server connections to create a wide, exponential effect. Such attacks
are generally more difficult to thwart than narrower cybertactics.
Tactics used in the Sony hack
also seem to mirror what's known about the North including the use of wiper
malware. This technique eliminates both the master boot record and all host
data, Ross explains. The technology and code behind wiper malware is not
particularly complex. But with enough industrious perpetrators cobbling
together the code, the end product can be effective malware with multiple
trigger points that set off a wave of data contamination.
"This is very similar to
the behavior of the malware used in previous attacks attributed to North
Korea," said Ross. The North also has been known to use malware that
targets South Korean military interests.
Luckily for poor North Korea,
low-level cyber-procedures can bring results. James A. Lewis, a cyberpolicy expert at the Center for Strategic and
International Studies, speaking at an event Wednesday, said 80 percent of
attacks only require basic techniques.
Gaps in Sony's system
Beyond specific cyberstrategies, the North's elite unit of cyberwarriors are culled from a young age and nurtured in
Pyongyang, North Korea's capital city, according to Heung Kwang
Kim, a North Korean defector and former computer science professor. Kim spent
nearly 20 years in the regime educating promising students.
Armed with skilled cyberwarriors and attack strategies, North Korea noted the
upcoming release of "The Interview." Sony Pictures' network,
meantime, was sitting there with gaps, as Re/code has reported. Then North
Korea pounced.
The security audit, from
mid-July to Aug. 1, was performed by PricewaterhouseCoopers and found one
firewall and more than 100 other devices that were not being monitored by the
corporate security team charged with oversight of infrastructure.
When it comes to data
security, companies generally focus intently on external data entering and
infecting the system. Less attention is paid to how sensitive company
information including emails and other documents leave a company network, an
area often referred to as "exfiltration."
Sony Pictures "didn't
seem to have a coordinated strategy in terms of intrusion detection or exfiltration or data moving out," said Glassberg of Casaba Security.
According to Re/code, a
spokesperson for the studio declined to comment on the audit report. A PwC
auditor who received the report did not respond to Re/code's interview
requests.
Beyond the audit, the sheer
breadth and depth of the breach suggest the data, from scripts to employee
health information, may have been housed on a small group of servers and not
distributed widely. "People are going to be talking about data segregation
going forward," Glassberg said.
What now?
Investigators, Sony
executives and lawyers are now combing over the wreckage. There are larger
diplomatic questions about how the U.S. might respond to the attack.
In a cluster of events, the
American-produced raucous comedy is the tip of North Korea's growing list of
problems and perceived enemies. The regime is facing international scrutiny
about human rights violations, which some leaders are now trying to refer to
the International Criminal Court.
The North Korean regime and
Kim, believed to be in his 30s, are watching all of its enemies, including
filmmakers. And the regime has responded deftly with its cyberarmy.
"This is a huge wake-up
call," says Jason Habinsky, a New York
City-based labor and employment partner at Haynes and Boone. "Every
company big and small is at risk now. This is like watching a thriller. Or a horror film."
Also see-
http://www.marketwatch.com/story/5-ways-the-sony-hack-attack-will-change-cybersecurity-2014-12-19
http://gizmodo.com/report-sony-hackers-got-in-with-stolen-admin-credentia-1672958426
http://www.kusi.com/story/27675345/fbi-concerned-over-security-after-sony-cyber-attack
http://jeffreycarr.blogspot.co.uk/2014/12/why-you-should-demand-proof-before.html
http://www.cbsnews.com/news/hacking-after-sony-what-companies-need-to-know/
RETALIATION : Hackers Release Swedish
Government Email Details in Pirate Bay Retaliation
by Scott Roxborough
Dec 15,
2014
http://www.hollywoodreporter.com/news/hackers-release-swedish-government-emails-757590
Hackers
have released the emails and passwords of employees of the Swedish government
in retaliation for Sweden's crackdown on the popular file-sharing site.
Last
week, Swedish authorities staged a raid, in which they seized computer servers
they said were used by The Pirate Bay as part of an operation targeting crimes
related to intellectual property rights. The Pirate Bay, one of the most
popular file-sharing sites on the Internet, went offline and has not yet
returned, although mirror and copy-cat sites have popped up in the wake of the
raid.
A
group calling itself HagashTeam 2015 posted a list of
email addresses and passwords for Swedish government employees. The post said
the release was in retaliation for The Pirate Bay! The post also included
individual emails from several other countries, including India, Mexico, Israel
and Brazil.
The
post, which ends with the cheerful Merry Christmas & a Happy New Year to
all! also thanks the hacktivist group Anonymous,
though it is not immediately clear if Anonymous was directly involved in the
hack. The HagashTeam has been active since 2013. Its
Twitter feed is dominated by political postings. A post dated Nov. 30, says the
reasoning behind our recent work is (to)... embarrass corporations/corrupt
organizations, as well as governments.
This
isn't the online hack attack connected to The Pirate Bay raid. Swedish Internet
group Telia confirmed it has been targeted by another
group, a hacking collective called Lizard Squad, in a move designed to slow or
disrupt Telia's online service.
The
Pirate Bay has been under fire by governments and copyright holders for years
but authorities have upped the pressure recently. Courts in France and the U.K.
have ordered Internet service providers to block access to the site and Google
has taken steps to remove apps liked to The Pirate Bay from its online app
store.
Also
See
http://www.hollywoodreporter.com/news/french-court-orders-internet-providers-754135?source=gravity
DLC
Stands for
"Downloadable Content."
DLC refers to additional content that can be downloaded within a video game. It
has become a common feature in PC, console, and mobile games.
The most common type of downloadable content is extra maps
or levels that extend the gameplay of the original
game. For example, Activision provides Modern Warfare players with new
downloadable levels every few months. The company also releases new songs for
its Guitar Hero series on a regular basis. By downloading new levels or songs,
players can continue to enjoy new challenges after completing the original
game.
Another popular type of DLC includes extra items that can
be incorporated into the game. For instance, Capcom
allows Street Fighter IV players to download custom outfits for their favorite
players. Microsoft provides additional vehicles that can be downloaded by Forza Motorsport 3 users. Epic Games provides Gears of War
3 players with new characters that can be added to the game.
While some downloadable content is offered for free, most
DLC must be purchased. The cost of downloadable content packs is typically much
less than the price the original game, though multiple DLC purchases may
surpass the cost of the game itself. Therefore, DLC has become a common way for
software developers to generate a continual long-term revenue stream from video
games.
NOTE: While DLC first became popular on gaming consoles, it
soon progressed to PC games, and then to mobile devices. Now, many mobile apps
offer "in-app purchases," which is synonymous with DLC.
We first fought the heathens
in the name of religion, then Communism, and now in the name of drugs and
terrorism. Our excuses for global domination always change.
Serj Tankian
Note -