China’s Xi says country will not close door to global internet

WUZHEN, CHINA — Chinese President Xi Jinping said on Sunday the country will not close its door to the global internet, but that cyber sovereignty is key in its vision of internet development.

Xi’s comments were read by Huang Kunming, head of the Chinese Communist Party’s publicity department at the country’s largest public cyber policy forum in the town of Wuzhen in eastern China.

“The development of China’s cyberspace is entering a fast lane…China’s doors will only become more and more open,” said Xi in the note.

Cyber sovereignty is the idea that states should be permitted to manage and contain their own internet without external interference.

China’s Communist Party has tightened cyber regulation in the past year, formalizing new rules that require firms to store data locally and censor tools that allow users to subvert the Great Firewall.

In June, China introduced a new national cybersecurity law that requires foreign firms to store data locally and submit to data surveillance measures.

Cyber regulators say the laws are in line with international rules, and that they are designed to protect personal privacy and counter attacks on core infrastructure. Business groups say the rules unfairly target foreign firms.

China has advocated strongly for a larger role in global internet governance under Xi.

“China stands ready to develop new rules and systems of internet governance to serve all parties and counteract current imbalances,” said Wang Huning, a member of the Communist Party standing committee at the event on Sunday.

The conference, which is overseen by the Cyberspace Administration of China (CAC) invited foreign executives, Apple Inc’s CEO Tim Cook and Google Inc chief Sundar Pichai as well as a Facebook Inc executive.

Google and Facebook are banned in China, along with Twitter Inc and most major western news outlets.

Top executives from Alibaba Group Holding Ltd, Tencent Holdings Ltd and Baidu Inc also attended the forum.

source: interaksyon.com

Hackers target ‘Game of Thrones’; data, script stolen — HBO

NEW YORK — U.S. cable channel HBO said on Monday that hackers had stolen upcoming programming, and Entertainment Weekly reported that the theft included a script for an unaired episode of the hit fantasy show “Game of Thrones”.

HBO, a unit of Time-Warner Inc, declined to comment on the specific programming stolen in the hack.

“As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming,” HBO Chairman Richard Plepler wrote in a message to employees, which the company shared with reporters.

The company declined to comment on reports that unbroadcast episodes and scripts were among the data hacked, citing an “ongoing investigation” by unspecified law enforcement officials.

Entertainment Weekly reported that hackers stole 1.5 terabytes of data and had already posted online unbroadcast episodes of “Ballers” and “Room 104,” along with “a script or treatment” for next week’s episode of “Game of Thrones”.

Reuters also received an e-mail on Sunday from a person claiming to have stolen HBO data, including “Game of Thrones”.

The show is now in its seventh season and due to wrap up next year.

source: interaksyon.com

North Korea hacking focused more on making money than espionage – South Korean study

SEOUL — North Korea is behind an increasingly orchestrated effort at hacking into computers of financial institutions in South Korea and around the world to steal cash for the impoverished country, a South Korean state-backed agency said in a report.

In the past, suspected hacking attempts by North Korea appeared intended to cause social disruption or steal classified military or government data, but the focus seems to have shifted in recent years to raising foreign currency, the South’s Financial Security Institute (FSI) said.

The isolated regime is suspected to be behind a hacking group called Lazarus, which global cybersecurity firms have linked to last year’s $81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony’s Hollywood studio.

The U.S. government has blamed North Korea for the Sony hack and some U.S. officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.

In April, Russian cybersecurity firm Kaspersky Lab also identified a hacking group called Bluenoroff, a spinoff of Lazarus, as focused on attacking mostly foreign financial institutions.


The new report, which analyzed suspected cyberattacks between 2015 and 2017 on South Korean government and commercial institutions, identified another Lazarus spinoff named Andariel.

“Bluenoroff and Andariel share their common root, but they have different targets and motives,” the report said. “Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”

Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons program.

Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry “ransomware” cyberattack that infected more than 300,000 computers in 150 countries in May.

“We’ve seen an increasing trend of North Korea using its cyber espionage capabilities for financial gain. With the pressure from sanctions and the price growth in cryptocurrencies like Bitcoin and Ethereum — these exchanges likely present an attractive target,” said Luke McNamara, senior analyst at FireEye, a cybersecurity company.

North Korea has routinely denied involvement in cyberattacks against other countries. The North Korean mission to the United Nations was not immediately available for comment.

ATMs, online poker

The report said the North Korean hacking group Andariel has been spotted attempting to steal bank card information by hacking into automated teller machines, and then using it to withdraw cash or sell the bank information on the black market. It also created malware to hack into online poker and other gambling sites and steal cash.

“South Korea prefers to use local ATM vendors and these attackers managed to analyze and compromise SK ATMs from at least two vendors earlier this year,” said Vitaly Kamluk, director of the APAC research center at Kaspersky.

“We believe this subgroup (Andariel) has been active since at least May 2016.”

The latest report lined up eight different hacking instances spotted within the South in the last few years, which North Korea was suspected to be behind, by tracking down the same code patterns within the malware used for the attacks.

One case spotted last September was an attack on the personal computer of South Korea’s defense minister as well as the ministry’s intranet to extract military operations intelligence.

North Korean hackers used IP addresses in Shenyang, China to access the defense ministry’s server, the report said.

Established in 2015, the FSI was launched by the South Korean government in order to boost information management and protection in the country’s financial sector following attacks on major South Korean banks in previous years.

The report said some of the content has not been proven fully and is not an official view of the government.

source: interaksyon.com

Cyberattack sweeps globe, researchers see ‘WannaCry’ link

MOSCOW/KIEV/WASHINGTON — A major global cyberattack on Tuesday disrupted computers at Russia’s biggest oil company, Ukrainian banks and multinational firms with a virus similar to the ransomware that last month infected more than 300,000 computers.

The rapidly spreading cyber extortion campaign underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

It included code known as “Eternal Blue,” which cyber security experts widely believe was stolen from the U.S. National Security Agency and was also used in last month’s ransomware attack, named “WannaCry.”

“Cyberattacks can simply destroy us,” said Kevin Johnson, chief executive of cyber security firm Secure Ideas. “Companies are just not doing what they are supposed to do to fix the problem.”

The ransomware virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin payments to restore access. More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

Microsoft said the virus could spread through a flaw that was patched in a security update in March.

“We are continuing to investigate and will take appropriate action to protect customers,” a spokesman for the company said, adding that Microsoft antivirus software detects and removes it.

Russia and Ukraine were most affected by the thousands of attacks, according to security software maker Kaspersky Lab, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States. The total number of attacks was unknown.

Security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks using Eternal Blue code.

Still, the attack could be more dangerous than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks said in a blog post analyzing the attack.

Researchers said the attack may have borrowed malware code used in earlier ransomware campaigns known as “Petya” and “GoldenEye.”

Following last month’s attack, governments, security firms and industrial groups aggressively advised businesses and consumers to make sure all their computers were updated with Microsoft patches to defend against the threat.

The U.S. Department of Homeland Security said it was monitoring the attacks and coordinating with other countries. It advised victims not to pay the extortion, saying that doing so does not guarantee access will be restored.

In a statement, the White House National Security Council said there was currently no risk to public safety. The United States was investigating the attack and determined to hold those responsible accountable, it said.

The NSA did not respond to a request for comment. The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.

Several private security experts have said they believe Shadow Brokers is tied to the Russian government, and that the North Korean government was behind WannaCry. Both countries’ governments deny charges they are involved in hacking.

WATCH THE REUTERS TV REPORT:


The first attacks were reported from Russia and Ukraine.

Russia’s Rosneft, one of the world’s biggest crude producers by volume, said its systems had suffered “serious consequences,” but added oil production had not been affected because it switched over to backup systems.

Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network went down and the central bank reported disruption to operations at banks and firms including the state power distributor.

Danish shipping giant A.P. Moller-Maersk said it was among the victims, reporting outages at facilities including its Los Angeles terminal.

WPP, the world’s largest advertising agency, said it was also infected. A WPP employee who asked not to be named said that workers were told to shut down their computers: “The building has come to a standstill.”

A Ukrainian media company said its computers were blocked and it was asked to pay $300 in the crypto-currency bitcoin to regain access.

“Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said, according to a screenshot posted on Ukraine’s Channel 24.

Russia’s central bank said there were isolated cases of lenders’ IT systems being infected. One consumer lender, Home Credit, had to suspend client operations.

Other companies that identified themselves as victims included French construction materials firm Saint Gobain, U.S. drugmaker Merck & Co.  and Mars Inc.’s Royal Canin pet food business.

India-based employees at Beiersdorf, makers of Nivea skin care products, and Reckitt Benckiser, which owns Enfamil and Lysol, told Reuters the ransomware attack had impacted some of their systems in the country.

Western Pennsylvania’s Heritage Valley Health System’s entire network was shut down by a cyber attack on Tuesday, according to local media reports.

Last’s month’s fast-spreading WannaCry ransomware attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called “kill switch” that experts hailed as the decisive step in slowing the attack.

Security experts said they did not believe that the ransomware released on Tuesday had a kill switch, meaning that it might be harder to stop.

Ukraine’s cyber police said on Twitter that a vulnerability in software used by MEDoc, a Ukrainian accounting firm, may have been an initial source of the virus, which researchers including cyber intelligence firm Flashpoint said could have infected victims via an illegitimate software update.

In a Facebook post, MEDoc confirmed it had been hacked but denied responsibility for originating the attack.

An adviser to Ukraine’s interior minister said earlier in the day that the virus got into computer systems via “phishing” emails written in Russian and Ukrainian designed to lure employees into opening them.

According to the state security agency, the emails contained infected Word documents or PDF files as attachments.

Following is a list of companies and organizations that have reported being hit by cyberattacks:

ROSNEFT

Russia’s top oil producer Rosneft said its servers had been hit been a large-scale cyberattack but its oil production was unaffected.

A.P. MOLLER-MAERSK

Danish shipping giant A.P. Moller-Maersk, which handles one out of seven containers shipped globally, said a cyberattack had caused outages at its computer systems across the world.

Maersk’s port operator APM Terminals was also hit. Dutch broadcaster RTV Rijnmond reported that 17 shipping container terminals run by APM Terminals had been hacked, including two in Rotterdam and 15 in other parts of the world.

WPP

Britain’s WPP, the world’s biggest advertising company, said computer systems within several of its agencies had been hit by a suspected cyberattack.

MERCK & CO

Pharmaceutical company Merck & Co. said in a tweet its computer network was compromised as part of a global hack.

RUSSIAN BANKS

Russia’s central bank said there had been “computer attacks” on Russian banks and that in isolated cases their IT systems had been infected.

All Russian branches of Home Credit consumer lender are closed because of a cyberattack, an employee of a Home Credit call center in Russia said.

UKRAINIAN BANKS, POWER GRID

A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyberattack that disrupted some operations, the Ukrainian central bank said.

UKRAINIAN INTERNATIONAL AIRPORT

Yevhen Dykhne, director of the capital’s Boryspil Airport, said it had been hit. “In connection with the irregular situation, some flight delays are possible,” Dykhne said in a post on Facebook.

SAINT GOBAIN

French construction materials company Saint Gobain said it had been a victim of a cyberattack, and it had isolated its computer systems to protect data.

DEUTSCHE POST

German postal and logistics company Deutsche Post said systems of its Express division in the Ukraine have in part been affected by a cyberattack.

METRO

Germany’s Metro said its wholesale stores in the Ukraine had been hit by a cyberattack and the retailer was assessing the impact.

MONDELEZ INTERNATIONAL

Food company Mondelez International said employees in different regions were experiencing technical problems but it was unclear whether this was due to a cyberattack.

TNT EXPRESS

The Netherlands-based shipping company said it was experiencing interference with some of its systems, following a global ransomware attack.

EVRAZ

Russian steelmaker Evraz said its information systems had been hit by a cyberattack but its output was not affected.

NORWAY

A ransomware cyberattack is taking place in Norway and is affecting an unnamed international company, the Nordic country’s national security authority.

MARS INC

A unit of candy manufacturer Mars Inc. has been targeted by cyber attackers, and the company has isolated the issue, a spokeswoman for the company said.

BEIERSDORF AG

India-based employees at Beiersdorf AG, the maker of Nivea skincare products, told Reuters the ransomware attack had impacted some of the company’s systems in the country. The extent of the impact was unclear and Beiersdorf, which is based in Germany, could not be reached immediately for comment in India.

RECKITT BENCKISER

The Indian unit of British consumer goods company Reckitt Benckiser Group Plc, which owns brands such as Enfamil, Dettol and Lysol, was also hit by the ransomware attack, employees in India told Reuters. The extent of the impact on its systems was not immediately clear and the company could not be reached for comment in India.

source: interaksyon.com

WikiLeaks says it releases files on CIA cyber spying tools

WASHINGTON — Anti-secrecy group WikiLeaks on Tuesday published what it said were thousands of pages of internal CIA discussions about hacking techniques used over several years, renewing concerns about the security of consumer electronics and embarrassing yet another U.S. intelligence agency.

The discussion transcripts showed that CIA hackers could get into Apple Inc iPhones, Google Inc Android devices and other gadgets in order to capture text and voice messages before they were encrypted with sophisticated software.

Cyber security experts disagreed about the extent of the fallout from the data dump, but said a lot would depend on whether WikiLeaks followed through on a threat to publish the actual hacking tools that could do damage.

Reuters could not immediately verify the contents of the published documents, but several contractors and private cyber security experts said the materials, dated between 2013 and 2016, appeared to be legitimate.

A longtime intelligence contractor with expertise in U.S. hacking tools told Reuters the documents included correct “cover” terms describing active cyber programs.

Among the most noteworthy WikiLeaks claims is that the Central Intelligence Agency, in partnership with other U.S. and foreign agencies, has been able to bypass the encryption on popular messaging apps such as WhatsApp, Telegram and Signal.

The files did not indicate the actual encryption of Signal or other secure messaging apps had been compromised.

The information in what WikiLeaks said were 7,818 web pages with 943 attachments appears to represent the latest breach in recent years of classified material from U.S. intelligence agencies.

Security experts differed over how much the disclosures could damage U.S. cyber espionage. Many said that, while harmful, they do not compare to former National Security Agency contractor Edward Snowden’s revelations in 2013 of mass NSA data collection.

“This is a big dump about extremely sophisticated tools that can be used to target individual user devices … I haven’t yet come across the mass exploiting of mobile devices,” said Tarah Wheeler, senior director of engineering and principal security advocate for Symantec.

Stuart McClure, CEO of Cylance, an Irvine, California, cyber security firm, said that one of the most significant disclosures shows how CIA hackers cover their tracks by leaving electronic trails suggesting they are from Russia, China and Iran rather than the United States.

Other revelations show how the CIA took advantage of vulnerabilities that are known, if not widely publicized.

In one case, the documents say, U.S. and British personnel, under a program known as Weeping Angel, developed ways to take over a Samsung smart television, making it appear it was off when in fact it was recording conversations in the room.

The CIA and White House declined comment. “We do not comment on the authenticity or content of purported intelligence documents,” CIA spokesman Jonathan Liu said in a statement.

Google declined to comment on the purported hacking of its Android platform, but said it was investigating the matter.

Snowden on Twitter said the files amount to the first public evidence that the U.S. government secretly buys software to exploit technology, referring to a table published by WikiLeaks that appeared to list various Apple iOS flaws purchased by the CIA and other intelligence agencies.

Apple Inc did not respond to a request for comment.

The documents refer to means for accessing phones directly in order to catch messages before they are protected by end-to-end encryption tools like Signal.

Signal inventor Moxie Marlinspike said he took that as “confirmation that what we’re doing is working.” Signal and the like are “pushing intelligence agencies from a world of undetectable mass surveillance to a world where they have to use expensive, high-risk, extremely targeted attacks.”

CIA cyber programs
The CIA in recent years underwent a restructuring to focus more on cyber warfare to keep pace with the increasing digital sophistication of foreign adversaries. The spy agency is prohibited by law from collecting intelligence that details domestic activities of Americans and is generally restricted in how it may gather any U.S. data for counterintelligence purposes.

The documents published Tuesday appeared to supply specific details to what has been long-known in the abstract: U.S. intelligence agencies, like their allies and adversaries, are constantly working to discover and exploit flaws in any manner of technology products.

Unlike the Snowden leaks, which revealed the NSA was secretly collecting details of telephone calls by ordinary Americans, the new WikiLeaks material did not appear to contain material that would fundamentally change what is publicly known about cyber espionage.

WikiLeaks, led by Julian Assange, said its publication of the documents on the hacking tools was the first in a series of releases drawing from a data set that includes several hundred million lines of code and includes the CIA’s “entire hacking capacity.”

The documents only include snippets of computer code, not the full programs that would be needed to conduct cyber exploits.

WikiLeaks said it was refraining from disclosing usable code from CIA’s cyber arsenal “until a consensus emerges on the technical and political nature of the C.I.A.’s program and how such ‘weapons’ should be analyzed, disarmed and published.”

U.S. intelligence agencies have said that Wikileaks has ties to Russia’s security services. During the 2016 U.S. presidential campaign, Wikileaks published internal emails of top Democratic Party officials, which the agencies said were hacked by Moscow as part of a coordinated influence campaign to help Republican Donald Trump win the presidency.

WikiLeaks has denied ties to Russian spy agencies.

Trump praised WikiLeaks during the campaign, often citing hacked emails it published to bolster his attacks on Democratic Party candidate Hillary Clinton.

WikiLeaks said on Tuesday that the documents showed that the CIA hoarded serious security vulnerabilities rather than share them with the public, as called for under a process established by President Barack Obama.

Rob Knake, a former official who dealt with the issue under Obama, said he had not seen evidence in what was published to support that conclusion.

The process “is not a policy of unilateral disarmament in cyberspace. The mere fact that the CIA may have exploited zero-day [previously undisclosed] vulnerabilities should not surprise anyone,” said Knake, now at the Council on Foreign Relations.

U.S. officials, speaking on condition of anonymity, said they did not know where WikiLeaks might have obtained the material.

In a press release, the group said, “The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

U.S. intelligence agencies have suffered a series of security breaches, including Snowden’s.

In 2010, U.S. military intelligence analyst Chelsea Manning provided more than 700,000 documents, videos, diplomatic cables and battlefield accounts to Wikileaks.

Last month, former NSA contractor Harold Thomas Martin was indicted on charges of taking highly sensitive government materials over a course of 20 years, storing the secrets in his home.

source: interaksyon.com

US govt worse than all major industries on cyber security: report

Add caption

WASHINGTON — U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.

The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network.

Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers.

Government agencies have struggled for years to keep pace with malicious hackers and insider threats, a challenge that came into focus after it was disclosed last year that more than 21 million individuals had their sensitive data pilfered during a breach at the Office of Personnel Management.

SecurityScorecard said it tracked 35 major data breaches across government from April 2015 to April 2016.

President Barack Obama has made improving cyber defenses a top priority of his remaining year in office. His administration asked Congress to dedicate $19 billion to cyber security in its fiscal 2017 budget proposal, which would include $3.1 billion for technology modernization at various federal agencies.

Federal agencies scored most poorly on network security, software patching flaws and malware, according to SecurityScorecard, which said they may be more vulnerable to risk due to their large size.

Of the 600 government entities tracked, NASA performed the worst, the report found. The space exploration agency was vulnerable to email spoofing and malware intrusions, among other weaknesses, according to SecurityScorecard’s analysis.

Other low-performing government organizations included the U.S. Department of State and the information technology systems used by Connecticut, Pennsylvania, Washington and Maricopa County, Arizona.

Government organizations with the strongest security postures included Clark County, Nevada, the U.S. Bureau of Reclamation, and the Hennepin County Library in Minnesota.

source: interaksyon.com

Four attack techniques used by hackers

MANILA, Philippines - Security is no longer an afterthought. It’s a major component to the success of a business. This means that the Chief Information Security Officers (CISOs) need a spot at the executive table to ensure the IT security plans align with the business goals and objectives.

We are all connected to the Internet which is great; however being connected also means that we are all in a very large ecosystem.

It’s important to realize that anything happens with one company will often affect many other companies. Direct business partners will be affected and even the most remote company can be affected.

Many of the attack techniques used today are similar to the attack few years ago. However, there are some mounting cyber problems that are enabling the attackers to deliver their exploit more effectively and stealthier.

One of them being social media and on-line services. Everyone today is using some form of social media such as Facebook and LinkedIn, as well as online dating sites.

Because of this, attackers are shifting their entry points into user’s devices via these sites via social engineering, preying on the human emotions side. Social Engineering concepts are the same, but the attack vector or surface has changed. Next is the evasion techniques used by the attackers. The ability for the attacker to conceal themselves continues to advance. Because of this often times just having traditional anti-virus is not enough.


Below are techniques used by hackers, according to Anthony Giandomenico, Senior Security Strategist, FortiGuard Labs, Fortinet

Phishing Attack

Amongst the new hacking techniques, phishing attack is most likely the number one way to gain unauthorized access to company networks. A phishing email will attach a piece of malware or a malicious link, and is created to look legitimate and enticing for users to click the link.

Drive-by Attack

Another technique used by the hackers is the drive-by attack. The attackers will compromise a website and install a malicious java script that will redirect an unsuspecting user to another website containing malicious payload (malware) that will then be downloaded in the background to the user’s device. In a targeted attack, the attackers will spend many months researching websites that companies or industries will frequent and infect those websites.

Malvertising

The next technique used is malvertising. This attack is similar to the drive-by attacks except for the attacker will focus on infecting the advertising sites. An attacker can infect one ad site which in turn could infect 1000s of other websites. More bang for your buck!

Mobile Attack

Last but not least, the mobile attack. Many attacks against mobile devices are similar to the above listed attacks; they are just targeting the mobile device. In addition, malware can be delivered through SMS messages or they mask themselves as other fun applications such as games or even pornography.

Once the attacker has successfully breached a network and is sitting on a user’s device such as a laptop/desktop or mobile devices, the attacker now needs to download more malware and tools to complete their missions. Usually the data they are looking for is not on the workstations; it’s in the servers/databases and such.

As mentioned above, the usual entry point into the network is through users clicking on malicious links. Once the user device is compromised, the attackers will start moving about the network to find the data they are looking for. This is where network segmentation becomes extremely important. One, it helps reduce the impact of the breach since a company can isolate the breach to a specific location while not affecting the rest of the network. Also, it allows for sensitive data to be zoned in a higher security area which will give the bad guys a tougher time to exfiltrate data. Lastly, “You can’t protect and monitor everything within your networks”. The networks are too large and complex; so find the critical data, isolate it and put more granular focus on monitoring the avenues of approach to that data.

source: philstar.com

FBI probing Sony hack, as data leaks emerge

WASHINGTON — The FBI said Tuesday it was investigating a cyberattack on Sony Pictures, amid reports that employee information as well as new films were being leaked online.

“The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment,” a spokesman for the US federal law enforcement agency said in a statement.

“The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.”

Various reports meanwhile said the hackers appeared to have posted online both confidential employee data and films not yet released in theaters.

The security blogger and researcher Brian Krebs said he discovered on websites devoted to illicit trading a “global Sony employee list,” that included names, locations, salaries and dates of birth for more than 6,800 individuals.

“Another file being traded online appears to be a status report from April 2014 listing the names, dates of birth, SSNs (social security numbers) and health savings account data on more than 700 Sony employees,” Krebs wrote.

The Washington Post reported meanwhile that the FBI was warning companies in a confidential memo about the malicious software used in the Sony hack.

An FBI spokesman said only that “we provided a routine notification to private industry,” but declined to elaborate.

The spokesman added that the FBI “routinely advises private industry of various cyber threat indicators” to help protect computer networks.

According to the Post, the hackers used malware similar to that used to launch destructive attacks on businesses in South Korea and the Middle East, including one against oil producer Saudi Aramco.

Some reports in the past few days said Sony is looking into whether North Korea may have been behind the major cyberattack on the studio last week, possibly because of a upcoming comedy film about a CIA plot to assassinate its leader Kim Jong-Un.

“The Interview,” which stars Seth Rogen and James Franco as two journalists recruited by the CIA to bump off Kim, has infuriated the North Koreans, with state media warning of “merciless retaliation.”

The entertainment news site Variety has reported that unreleased Sony movies including the upcoming “Annie” have been made available on pirate file-sharing websites.

The war film “Fury” “Mr. Turner,” “Still Alice” and “To Write Love on Her Arms” were also made available.

Sony did not respond to an AFP request for comment.

source: interaksyon.com

Cyberspying tool could have US, British origins

WASHINGTON — A sophisticated cybersespionage tool has been stealing information from governments and businesses since 2008, researchers said Monday, and one report linked it to US and British intelligence.

The security firm Symantec identified the malware, known as Regin, and said it was used “in systematic spying campaigns against a range of international targets,” including governments, businesses, researchers and private individuals.

The news website The Intercept reported later Monday that the malware appeared to be linked to US and British intelligence, and that it was used in attacks on EU government networks and Belgium’s telecom network.

The report, citing industry sources and a technical analysis of the malware, said Regin appears to be referenced in documents leaked by former National Security Agency contractor Edward Snowden about broad surveillance programs.

Asked about the report, an NSA spokeswoman said: “We are not going to comment on speculation.”

Symantec’s report said the malware shares some characteristics with the Stuxnet worm– a tool believed to have been used by the US and Israeli governments to attack computer networks involved in Iran’s nuclear program.

Because of its complexity, the Symantec researchers said in a blog post that the malware “would have required a significant investment of time and resources, indicating that a nation state is responsible.”

The researchers added that “it is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks.”

Lurking in shadows

“Regin’s developers put considerable effort into making it highly inconspicuous,” Symantec said.

“Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files.”

The researchers also said many components of Regin are still probably undiscovered and that there could be new versions of this tool which have not yet been detected.

The infections occurred between 2008 and 2011, after which the malware disappeared before a new version surfaced in 2013.

The largest number of infections discovered — 28 percent — was in Russia, and Saudi Arabia was second with 24 percent. Other countries where the malware was found included Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan. There were no reported infections in the United States.

Around half of all infections occurred at addresses belonging to Internet service providers, but Symantec said it believes the targets of these infections were customers of these companies rather than the companies themselves.

Telecom companies were also infected, apparently to gain access to calls being routed through their infrastructure, the report noted.

Regin appeared to allow the attackers to capture screenshots, take control of the mouse’s point-and-click functions, steal passwords, monitor traffic and recover deleted files.

Symantec said some targets may have been tricked into visiting spoofed versions of well-known websites to allow the malware to be installed, and in one case it originated from Yahoo Instant Messenger.

Other security experts agreed this was a dangerous tool likely sponsored by a government.

“Regin is a cyberattack platform, which the attackers deploy in victim networks for total remote control at all levels,” said a research report from Kaspersky Lab.

Kaspersky added that Regin also appears to have infiltrated mobile communications through GSM networks, exposing “ancient” communication protocols used by cellphone networks.

Antti Tikkanen at Finland-based F-Secure called it “one of the more complex pieces of malware around,” and added that “our belief is that this malware, for a change, isn’t coming from Russia or China.”

The news comes amid heightened concerns on cyberespionage.

Last month, separate teams of security researchers said the Russian and Chinese governments are likely behind widespread cyberespionage that has hit targets in the US and elsewhere.

source: interaksyon.com