now browsing by tag


Report: NSA Hacked North Korea Before Sony Breach

Source: PCMag

More details are being released in regards to North Korea, and the breach that occurred at Sony.

What is now being reported is that the NSA has had access to North Korea’s computer (read: hacked) since 2010. Some are now reporting that the hack at Sony was in retaliation to the hacking that NSA had done against North Korea.

I’m still very hesitant to call the Sony breach as being a hack perpetrated by North Korea, even with the additional evidence/details about NSA being inside North Korea’s computers.

From the article:

As it turns out, the U.S. had some inside information. According to reports from Der Spiegel and The New York Times, the U.S. knew that North Korea hacked Sony because the U.S. had hacked North Korea.

The National Security Agency (NSA), in fact, has had access to North Korean networks and computers since 2010, the Times said. Officials wanted to keep tabs on the country’s nuclear program, its high-ranking officials, and any plans to attack South Korea, according to a document published by Der Spiegel.

North Korea did attack South Korea in 2013, crippling several of the nation’s leading financial and media organizations. At one point, however, the hackers revealed their IP addresses – the same IP addresses that popped up again in the Sony hack.


UD expert predicts bumpy year ahead for cybersecurity

Source delawareonline – The News Journal

UD expert predicts bumpy year ahead for cybersecurity

They can’t hold a candle to modern-day hacktivists, who can steal from hundreds of thousands of people while sitting at home in their pajamas.

Pres. Barack Obama has warned that cyberattacks are among the most serious economic and national security challenges facing the nation. Cybersecurity is a top priority of the Senate Committee on Homeland Security and Governmental Affairs, previously chaired by Democratic Sen. Tom Carper of Delaware.

“Cybercrime is becoming everything in crime,” FBI Director James Comey said in a recent interview with CBS’ “60 Minutes.” Comey estimated national losses in the billions each year.

Last week, a hacker group believed to be associated with ISIS took control of the Twitter accounts and website services of the Albuquerque Journal newspaper in New Mexico and WBOC 16 TV station in Maryland. Calling itself “Cyber Caliphate,” the group posted several confidential documents, including driver’s licenses, corrections records and addresses.

The high-profile hack against Sony Pictures Entertainment in November resulted in massive dumps of employees’ personal information and the brief cancellation of the theatrical release of “The Interview.” The FBI has blamed the North Korean government for the data breach.

Many cyber attacks are related to vulnerabilities in three areas: “Computing and software, networked communications, such as the Internet and cell phones, and last, fooling humans into making mistakes,” according to Chase Cotton, director of the University of Delaware’s Center for Information and Communications Sciences.

Cotton, a professor of electrical and computer engineering, is one of several experts involved in a new cybersecurity initiative at UD, which seeks to train the next generation of specialists to meet a critical need. The U.S. faces a severe cyber workforce shortage, according to national statistics, with more than 30,000 jobs available and only 1,000 skilled specialists who can design secure computing systems and write secure code.

Last year, UD named Starnes Walker, a physicist and national cyber defence expert, to lead the regional initative, funded by $3 million in state aid and a research grant from the National Science Foundation. UD is one of only nine universities involved in the first federally funded research and development center solely dedicated to enhancing cybersecurity and protecting national information systems.

The university itself fell victim to a cyberattack in 2013, when hackers stole the names, addresses and social security numbers of more than 72,000 current and past employees.

UD has since introduced five new cybersecurity courses for undergraduate and graduate students. Last fall, the university began offering a minor in Cybersecurity, and administrators are planning graduate degree and certificate programs in the near future.

The educational programs at UD are being developed in collaboration with other local universities and cybersecurity employers, along with the U.S. Army and Delaware National Guard.

Experts are increasingly concerned that sophisticated cyber attackers are focused on taking out critical infrastructure – like the systems controlling the pipeliness of America’s energy sector – instead of consumer data breaches like the ones reported at Target, Staples and Home Depot.

Interviewed by e-mail Friday, Cotton discussed the cybersecurity landscape for 2015 and beyond.

Q: The extremist militant group ISIS has deftly handled social media in recruiting new members and spreading its message. Some experts have claimed that ISIS’ social media savvy doesn’t translate into a real cybersecurity threat. Do you believe that ISIS has the manpower/resources to launch a grand attack on U.S. infrastructure?

Currently no, and probably not alone, but possibly in collaboration with others now or in the future. The technology to make these types of attacks on major infrastructure exist today, though mainly in the hands of nation states. But the skills, much like physical weapons, are increasingly available to groups worldwide.

Q: Can we expect to see more frequent and more dramatic attacks?

Unfortunately yes. Most attacks that non-government organizations and individuals will see are primarily financially motivated. Exposure, unfortunately, is heightened by our increasing reliance on our wired electronic infrastructure.

As for governments, and similarly for critical public infrastructure (e.g., the electrical grid, transportation, manufacturing, etc.), attacks will also continue …We are in a race to stay ahead and protect these assets in both the public and private sectors…

For each [vulnerability], there is a method of attack.

A software application may have a flaw that allows an attacker to modify what the program does, or access data held on the computer where the application is running. This is an attack often used against Internet websites.

A large system, like a wireless network, may have a design weakness that allows an attacker to listen in on your communications. An attacker may be able to use a technically sophisticated attack to take advantage of these weaknesses and listen in on your calls or see your Internet activities.

Very motivated attackers will do detailed research using the Internet and social media and identify key individuals in an organization, (e.g. computer administrators). They will then try to fool those individuals and try to infect their personal computers in order to get access to business systems they manage. We call this “spear phishing.”

Q: What can the average citizen do to better protect himself/herself?

Keep your computers, tablets, smartphones, operating systems and application software up to date. Also update home-networked devices like Wi-Fi access points, cloud drives, sound systems, security systems/cameras, etc., and always set up strong non-default passwords on these devices.

Run an antivirus program on your computers.

Don’t click on links from someone you don’t know. And use care about links even when sent from your friends. Make sure the underlying link (URL) is a real company or organization you recognize.

Choose strong passwords (eight or more characters mixing upper and lower case letters, numbers, special characters). Or, better yet, use long pass-phrases, (e.g. “my dog eats RED shoes on wednesdays!”). And don’t reuse passwords across different accounts.

Use two-factor authentication, [two separate forms of identification to verify identity], on critical accounts (banking, email, cloud storage).

You and your family members should normally try to use non-administrator accounts on your computers for day-to-day activities. This will minimize damage and ease recovery when you eventually get infected with computer malware.

Q: Apart from getting off the Internet completely, can we ever truly be safe from such attacks?

Unfortunately, security will never be 100 percent, but we should eventually be able to get to where successful attacks are rare, like having the occasional fender bender.

Contact Margie Fishman at 302-324-2882 or

If It Can Happen to Sony, It Can Happen to You

Source:  Re/Code

Following up on the recent breach at Sony; this article states that 2014 was labelled as “The Year if the Breach”. The other thing that this article is pointing out, you don’t have to be a mega-corporation to get breached, you can be a small business, you can be a small start-up, it doesn’t matter. You can be targeted, your company may or may not contain valuable information, that is valued by the attacker.

Security experts are now saying there are only two types of companies left in the U.S.: Those that have been hacked, and those that don’t yet know they’ve been hacked. And although cybersecurity is being forced to the forefront of national consciousness, we still are not seeing the urgency needed to make a difference.

There is no more time to wait on the issue of cybersecurity. Government agencies and corporations alike must become both educated and absolutely determined to stop cybercrime now. Neither can afford mediocre approaches to security and customers (whether citizens, in the case of government; or paying clients, in the case of corporations) must demand better. Organizations must have the right plans and the right technologies in place to deal with the threats we’ve seen do so much damage in 2014, and the threats we know are on the way in 2015.

It is important to keep you guard up, maintain safe systems, and keep your organization secure. Remember that 556 Forensics can assist you in keeping you and your organization safe.

More on Sony and North Korea

Source: Krypt3ia

First, I want to point out, that I’m loving all the info that Krypt3ia is throwing out there.

There has been many battles brewing on the internet, IRC, and twitter about what is going on, and how the U.S. is attributing the Sony hack to North Korea. From everything, I have read, it has been based on circumstantial evidence, primarily from the piece that says U.S. has determined that this is directly linked to North Korea, because a) The vulnerability was developed in the Korean language, and b) Because it uses the same malware, that was attributed to 2 or 3 other breaches, that were also from “North Korea”. I’m not necessarily doubting that the other attacks came from North Korea, but what I want to point out, is that these attacks and vulnerabilities have ways of making themselves known to other people, other groups, other countries; that doesn’t 100% tie attribution to North Korea.

From Krypt3ia’s blog:

Well here we are… It’s the beginning of the cyber wars my friends. POTUS came out on stage and said that we would have a “proportionate response” to the hacking of Sony and that in fact the US believes that it was in fact Kim Jong Un who was behind this whole thing. Yup, time to muster the cyber troops and attack their infrastructure!

Anyways, all credit goes to Krypt3ia for the analysis he has performed on this, and I definitely think you should check out his blog.

Why the Sony hack is unlikely to be the work of North Korea

Source: Marc’s Security Ramblings and Krypt3ia

I agree, that everyone jumping on the band-wagon, saying that N. Korea is behind this hack is wrong. This is the way I feel about a fair number of security ramblings coming from Mandiant/Fire Eye, Norse, and the rest of the huge companies out there. I think some of their information can be wrong. I also agree with the statements made at Krypt3ia, that we are now at “cyber-war” with North Korea. It feels like another Cold War race, with a lot more countries involved.

However, the really scary part, is that now, foreign influences have now proved, that they can hold United States (and companies within the US) at bay with attacks on there computer infrastructure.


From the article:

Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:

1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending to be bad at writing English.

2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible. See here –

here –

and here –

This change in language is also most pronounced when it comes to special words, such as technical terms. That’s possibly because in South Korea, many of these terms are “borrowed” from other languages, including English. For example, the Korean word for “Hellicopter” is: 헬리콥터 or hellikobteo. The North Koreans, on the other hand, use a literal translation of “vehicle that goes straight up after takeoff”. This is because such borrowed words are discouraged, if not outright forbidden, in North Korea –

Lets not forget also that it is *trivial* to change the language/locale of a computer before compiling code on it.


Read more at Marc’s Security Ramblings and at Krypt3ia