In-brief: Premera Blue Cross said on Tuesday that it was the victim of a sophisticated attack. The hackers had access to Premera’s network for more than six months, stealing information on as many as 11 million members and employees.
attribution
The Deadly Game of Cyber Mis-Attribution | Digital Guardian
In-brief: Tools to attribute cyber attacks are still primitive – leading to potentially damaging mis-identification. (This post first appeared on the Digital Guardian blog.)
From Beijing with Love: Healthcare Firms Confront Foreign Adversaries
In-brief: Reports say that the attack on Anthem health may have roots in China. If so, it would be the latest evidence that sophisticated, overseas hacking crews have turned their attention to healthcare providers.
N.S.A. Breached North Korean Networks Before Sony Attack – NY Times
The New York Times claims that the U.S. National Security Agency used intelligence gleaned from a clandestine operation to compromise North Korea’s cyber warfare unit to pin the blame for the Sony Pictures Entertainment hack on the reclusive Communist country. According to the story by David Sanger and Martin Fackler, the Obama Administration’s decision to quickly blame the hack on the DPRK grew out of a four year-old National Security Agency (NSA) program that compromise Chinese networks that connect North Korea to the outside world. The classified NSA program eventually placed malware that could track the internal workings of the computers and networks used by the North’s hackers and under the control of the Reconnaissance General Bureau, the North Korean intelligence unit, and Bureau 121, the North’s hacking unit, which mostly operates out of China. It has long been recognized that North Korea, which lacks a mature information technology infrastructure, does much of […]
Sony: A Game Changer for Cyber Attribution
We’ve been writing a lot about the issue of cyber attribution in recent weeks, following the attack on Sony Pictures Entertainment in November. That incident has become something of a Rorschach Test for those in the information security field: revealing as much about the individual attempting to explain the Sony hack as about the attack itself. Rid and a Ph.D student, Ben Buchanan, have authored a paper in the Journal of Strategic Studies. In their paper, Rid and Buchanan note that one of the biggest challenges of cyber attribution: bridging the technical and political or cultural issues that often surround cyber attribution. As Rid notes: the individuals doing the basic forensic work on the incident may not have a grasp of the larger cultural or political issues at play. That’s a dynamic we’ve seen at play (in spades) in recent news about the hack of Sony Pictures. In this podcast, Rid […]
