January, 2015

now browsing by month


Report: NSA Hacked North Korea Before Sony Breach

Source: PCMag

More details are being released in regards to North Korea, and the breach that occurred at Sony.

What is now being reported is that the NSA has had access to North Korea’s computer (read: hacked) since 2010. Some are now reporting that the hack at Sony was in retaliation to the hacking that NSA had done against North Korea.

I’m still very hesitant to call the Sony breach as being a hack perpetrated by North Korea, even with the additional evidence/details about NSA being inside North Korea’s computers.

From the article:

As it turns out, the U.S. had some inside information. According to reports from Der Spiegel and The New York Times, the U.S. knew that North Korea hacked Sony because the U.S. had hacked North Korea.

The National Security Agency (NSA), in fact, has had access to North Korean networks and computers since 2010, the Times said. Officials wanted to keep tabs on the country’s nuclear program, its high-ranking officials, and any plans to attack South Korea, according to a document published by Der Spiegel.

North Korea did attack South Korea in 2013, crippling several of the nation’s leading financial and media organizations. At one point, however, the hackers revealed their IP addresses – the same IP addresses that popped up again in the Sony hack.


How Can I Stay Secure in The Cyber World?

Source: Tech Legends

A very basic, yet, very good article from Tech Legends, discussing safety concerns everyone should have when browsing the internet.

There are some important tips in here, to remember, especially regarding SSL certificates and passwords.

From the article:

It has now been a few days following 2015. So, we thought to enlighten our readers mind about some Internet Security facts which will help you to keep yourself more secure in the New Year 2015.

If you think you are already secure then do read the article carefully, because if you find anything which makes your internet insecure then you may find a way to correct it. The points discussed below are basic things which usually a “layman” internet user doesn’t care of. You will find some useful Internet Security facts below which will help you secure your internet activity.


4 Mega-Vulnerabilities Hiding in Plain Sight

Source: Dark Reading

Dark Reading is going back, and re-hashing some of the major vulnerabilities found in 2014. Specifically, they bring up the following: Heartbleed (CVE-2014-0160), Shellshock (CVE-2014-6271), Winshock (CVE-2014-6332), and Kerberos Checksum (CVE-2014-6324).

The article continues to go into detail about these 4 vulnerabilities, because, combined, they equate up to 90% of the internet. That is 90% of the internet, vulnerable to these bugs, for a long time — I believe the article stated nearly 15 years or more. That is huge.

It is also important that you are protected against these massive vulnerabilities. While when these vulnerabilities dropped in 2014, you can bet there was a scramble to get each one of these fixed. 556 Forensics can assist you in finding and mitigating similar threats.

US Centcom’s twitter account hacked

Sources: Way too many to name them all. . . ComputerWorld, SecurityAffairs, Defense One, and the list continues about where this was reported. . .

So, being reported on, like crazy right now, are the details about the hacking of the U.S. Centcom twitter page.

More details to follow soon. . .

UD expert predicts bumpy year ahead for cybersecurity

Source delawareonline – The News Journal

UD expert predicts bumpy year ahead for cybersecurity

They can’t hold a candle to modern-day hacktivists, who can steal from hundreds of thousands of people while sitting at home in their pajamas.

Pres. Barack Obama has warned that cyberattacks are among the most serious economic and national security challenges facing the nation. Cybersecurity is a top priority of the Senate Committee on Homeland Security and Governmental Affairs, previously chaired by Democratic Sen. Tom Carper of Delaware.

“Cybercrime is becoming everything in crime,” FBI Director James Comey said in a recent interview with CBS’ “60 Minutes.” Comey estimated national losses in the billions each year.

Last week, a hacker group believed to be associated with ISIS took control of the Twitter accounts and website services of the Albuquerque Journal newspaper in New Mexico and WBOC 16 TV station in Maryland. Calling itself “Cyber Caliphate,” the group posted several confidential documents, including driver’s licenses, corrections records and addresses.

The high-profile hack against Sony Pictures Entertainment in November resulted in massive dumps of employees’ personal information and the brief cancellation of the theatrical release of “The Interview.” The FBI has blamed the North Korean government for the data breach.

Many cyber attacks are related to vulnerabilities in three areas: “Computing and software, networked communications, such as the Internet and cell phones, and last, fooling humans into making mistakes,” according to Chase Cotton, director of the University of Delaware’s Center for Information and Communications Sciences.

Cotton, a professor of electrical and computer engineering, is one of several experts involved in a new cybersecurity initiative at UD, which seeks to train the next generation of specialists to meet a critical need. The U.S. faces a severe cyber workforce shortage, according to national statistics, with more than 30,000 jobs available and only 1,000 skilled specialists who can design secure computing systems and write secure code.

Last year, UD named Starnes Walker, a physicist and national cyber defence expert, to lead the regional initative, funded by $3 million in state aid and a research grant from the National Science Foundation. UD is one of only nine universities involved in the first federally funded research and development center solely dedicated to enhancing cybersecurity and protecting national information systems.

The university itself fell victim to a cyberattack in 2013, when hackers stole the names, addresses and social security numbers of more than 72,000 current and past employees.

UD has since introduced five new cybersecurity courses for undergraduate and graduate students. Last fall, the university began offering a minor in Cybersecurity, and administrators are planning graduate degree and certificate programs in the near future.

The educational programs at UD are being developed in collaboration with other local universities and cybersecurity employers, along with the U.S. Army and Delaware National Guard.

Experts are increasingly concerned that sophisticated cyber attackers are focused on taking out critical infrastructure – like the systems controlling the pipeliness of America’s energy sector – instead of consumer data breaches like the ones reported at Target, Staples and Home Depot.

Interviewed by e-mail Friday, Cotton discussed the cybersecurity landscape for 2015 and beyond.

Q: The extremist militant group ISIS has deftly handled social media in recruiting new members and spreading its message. Some experts have claimed that ISIS’ social media savvy doesn’t translate into a real cybersecurity threat. Do you believe that ISIS has the manpower/resources to launch a grand attack on U.S. infrastructure?

Currently no, and probably not alone, but possibly in collaboration with others now or in the future. The technology to make these types of attacks on major infrastructure exist today, though mainly in the hands of nation states. But the skills, much like physical weapons, are increasingly available to groups worldwide.

Q: Can we expect to see more frequent and more dramatic attacks?

Unfortunately yes. Most attacks that non-government organizations and individuals will see are primarily financially motivated. Exposure, unfortunately, is heightened by our increasing reliance on our wired electronic infrastructure.

As for governments, and similarly for critical public infrastructure (e.g., the electrical grid, transportation, manufacturing, etc.), attacks will also continue …We are in a race to stay ahead and protect these assets in both the public and private sectors…

For each [vulnerability], there is a method of attack.

A software application may have a flaw that allows an attacker to modify what the program does, or access data held on the computer where the application is running. This is an attack often used against Internet websites.

A large system, like a wireless network, may have a design weakness that allows an attacker to listen in on your communications. An attacker may be able to use a technically sophisticated attack to take advantage of these weaknesses and listen in on your calls or see your Internet activities.

Very motivated attackers will do detailed research using the Internet and social media and identify key individuals in an organization, (e.g. computer administrators). They will then try to fool those individuals and try to infect their personal computers in order to get access to business systems they manage. We call this “spear phishing.”

Q: What can the average citizen do to better protect himself/herself?

Keep your computers, tablets, smartphones, operating systems and application software up to date. Also update home-networked devices like Wi-Fi access points, cloud drives, sound systems, security systems/cameras, etc., and always set up strong non-default passwords on these devices.

Run an antivirus program on your computers.

Don’t click on links from someone you don’t know. And use care about links even when sent from your friends. Make sure the underlying link (URL) is a real company or organization you recognize.

Choose strong passwords (eight or more characters mixing upper and lower case letters, numbers, special characters). Or, better yet, use long pass-phrases, (e.g. “my dog eats RED shoes on wednesdays!”). And don’t reuse passwords across different accounts.

Use two-factor authentication, [two separate forms of identification to verify identity], on critical accounts (banking, email, cloud storage).

You and your family members should normally try to use non-administrator accounts on your computers for day-to-day activities. This will minimize damage and ease recovery when you eventually get infected with computer malware.

Q: Apart from getting off the Internet completely, can we ever truly be safe from such attacks?

Unfortunately, security will never be 100 percent, but we should eventually be able to get to where successful attacks are rare, like having the occasional fender bender.

Contact Margie Fishman at 302-324-2882 or mfishman@delawareonline.com.

Microsoft Axes “Advanced Notification Service”

Source: Norse and Microsoft Technet

In a very interesting move, Microsoft has made the decision to ax its “Advanced Notification Service”. Almost as a move to alienate more of its customer base, Microsoft has decided that the Advanced Notification Service will only be available to select premier customers, that are involved with Microsoft’s security program.

This seems to be a very bad move on the part of Microsoft, with no real advantage coming from it. Since they are still distributing the information to select customers, there will be no savings there. I just don’t understand why Microsoft would make this move.

From the Norse Blog:

But Microsoft believes that organizations who employ their products have shifted how they use the ANS, and the company has come to the decision that the majority of the non-premium customers no longer need the lead time to prepare, as they typically just wait for automatic patching to occur.

“While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically. More and more customers today are seeking to cut through the clutter and obtain security information tailored to their organizations,” Betz said.

Chick-Fil-A Investigating Possible Data Breach

Source: Dark Reading and Krebs On Security

Another day, another company, and another breach.

The latest news is the supposed breach from Chick-Fil-A. I happen to know that the wife and I are frequent customers of Chick-Fil-A, partly for their pretty good food, but their kids play area as well. We go to Chick-Fil-A probably several times a week (This is important, I promise).

We are heading into week two (at least) after a supposed breach, which compromised customer credit cards. We are now looking at another breach where customers cards were compromised, the company will pay a minimal amount, for each of customers affected (if they can even reasonably determine the customers affected). Chick-Fil-A will be yet another company that gets off extremely light in this, their company won’t be impacted negatively (at least beyond a couple weeks, a quarter, at the absolute most). Banks and consumers will be the ones left footing the bill for the cost of this breach. The big question I’m going to ask you (and myself), will this effect my family’s patronage of Chick-Fil-A. From my wife’s prospective, I can definitely tell you, that it will have absolutely no consequences on her spending habit at Chick-Fil-A.

So, you may be asking yourself, what is your point. . .

My point, is that, Chick-Fil-A/Target/Home Depot and countless other companies are going to get their slap on the hand, pay their minimal fines, and will continue day-to-day business without any sort of consequences after losing all our credit card/payment information.

Until regulating bodies, and probably a combination of them, like PCI, banks, OCR (for HIPAA violations), FTC, and other organizations start holding companies responsible for the breaches that occur, they will keep occurring, and the consumer will be the one getting hit.

From the article:

Fast food restaurant chain Chick-Fil-A says it’s working with law enforcement, the payment industry, and security firms to determine whether reports of suspicious activity with payment cards used at some of its restaurants were due to a data breach.

“Chick-Fil-A recently received reports of potential unusual activity involving payment cards used at a few of our restaurants,” the company said in a statement. “We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so.”

“Born at the Right Time”: How Kid Hackers Became Cyberwarriors

Source: Re/Code and NBC News

Found this particular article, and it struck a chord with me. For one, I have a 3 year old son, who I hope, in the back of mind, becomes involved with IT in some form or fashion. The other thing, that I’m always thinking about, is how I wonder I would have grown up, if I grew up in a different decade, more specifically, a more modern decade. I’ve seen quite the transition in my time. I remember dialing into local BBS over my 1200 baud modem, I remember all the crappy old ISPs like AOL, Prodigy, CompuServe, and even eWorld (yes, I was a member, for a short while).

Now I’m living in the age of high-speed data, where everyone has an email address, and the modern world is connected with copper and fiber. I’ve seen a lot in my days, and I’m curious what my son will see in his days.

Some quotes from the article(s):

A few years ago, when Greg Martin was in his mid 20s and teaching a computer security course for NASA engineers, he stumbled on an arcane bit of information that stopped him cold: the original set of rules governing the Internet, created in September 1981, the month he was born.

That coincidence helped Martin understand a little better his improbable journey from rural Texas to the center of the fight against cybercrime. A former child hacker who commandeered his high school’s servers and spent his teens studying, manipulating and repairing some of the earliest computer networks, Martin’s life had paralleled the rise of the Internet, culminating with an explosion in data theft, corporate espionage and digital warfare that made him and a generation of other self-taught security experts some of the most sought-after figures in Silicon Valley. “I was just born at the right time,” he said.

The escalating roster of high-profile attacks against America’s most powerful corporations, including a hack of Sony Pictures that stoked hostilities between the U.S. and North Korea, has fueled the rise of a cybersecurity industry in which a growing number of CEOs are native hackers like Martin, now 33 and the founder of a startup called ThreatStream, which helps companies and government agencies share data on attacks as they develop around the world.

Read more of this article at Re/Code and NBC News.