In-brief: The Washington Post reports that the Obama Administration will announce the creation of a new agency to coordinate intelligence about cyber attacks. The move is, in part, a response to confusion following the hack of Sony Pictures Entertainment in November.
The official line on perhaps the biggest security story of the year shifted noticeably this week following a report by the security firm Norse Corp. that cast doubt on the official explanation of the devastating November hack: that it was a state-sponsored operation carried out by hackers working for the government of the Democratic Peoples Republic of Korea, or DPRK. Two reports in recent days – both citing officials close to the Sony hack investigation – suggest that the FBI believes – simultaneously – that the DPRK did not act alone and that it was the only actor responsible for the attack on Sony Pictures Entertainment.
The hack of Sony Pictures Entertainment has taken a turn for the worse, as evidence has turned up that suggests hackers have ransacked the networks of the high-profile studio, dumping everything from unreleased films to detailed business and employee records online. A spokesman for the Democratic People’s Republic of Korea (DPRK) did not explicitly deny or take responsibility for the attack when contacted by the BBC, telling the British news agency that “the hostile forces are relating everything to [North Korea]. I kindly advise you to just wait and see.” Sony Pictures’ network was attacked using destructive “wiper” malware last week that stole and exfiltrated data from the company, then erased data on infected PCs and servers. An FBI FLASH alert sent to U.S. firms provided details on the malware, including its use of a hard-coded list of IP addresses and hostnames, and the inclusion of configuration files created on computers […]
The White House’s cyber security czar, Michael Daniel, said the Obama Administration is deeply concerned about the reported hack of systems belonging to banking giant JP Morgan Chase & Co. but sees the incident as part of a larger trend of attacks against U.S. critical infrastructure. Asked about the targeted attack against JP Morgan and other banks and financial institutions, Daniel said that the White House was concerned, but not surprised by the incident. “We have watched for several years the trend of malicious actors in cyber try to figure out how to target critical infrastructure,” he said. “Financial services is critical infrastructure.” The White House was concerned that a major U.S. bank would fall victim to hackers, but sees it in the context of a “broad trend,” rather than an isolated incident, he said. Speaking with Michael Farrell, the Cybersecurity Editor at Christian Science Monitor, Daniel hit on many of the now-common talking […]
The onetime technology wunderkind, who left a job working for Lockheed to turn his curiosity about computer viruses into a thriving, global corporation showed up at two Las Vegas hacker cons last week: B-Sides Las Vegas and DEFCON. He offered some off-the-cuff rebukes to firms like Google. He also rambled long and hard about the dark forces that pursue him: the U.S. government, the government of Belize, Central American drug cartels and script kiddies desperate for his (virtual) scalp. Everywhere he goes, people take his picture. Who are they working for? The phones and computers he buys are bugged. His movements are being tracked. Those in attendance were admonished to beware of government snooping — especially via mobile applications. “Without privacy there is no freedom,” McAfee intoned. Listening to McAfee rant, it’s easy to forget there were plenty of folks walking the halls of Defcon, Black Hat, and B-Sides […]