Threat Level: green Handler on Duty: Tom Webb

SANS ISC Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 hour ago Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack

Dark Reading View Synopsis+1
President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.

1 hour ago "‹Microsoft sues US-based 'phony tech support' outfit

ZDNet View Synopsis+1
Microsoft has filed a suit against a US-based operation for misusing its trademarks.

2 days ago Staples finally admits credit card info compromised

IT Toolbox Blogs View Synopsis+1
The latest firm to finally admit they were hacked is Staples. supposedly 1.16 Million cards were compromised. If you believe that number, I have a bridge in Brooklyn for you! The usual advice applies. You have to assume that at some pint, your c...

2 days ago Feds finger Norks in Sony hack, Obama asks: HOW DO YOU SOLVE A PROBLEM LIKE KOREA?

The Register View Synopsis+1
Blaming Kim Jong Un is like Saddam's WMDs all over again

The Federal Bureau of Investigation has claimed to have found evidence linking North Korea with the hackers who ransacked Sony Pictures' servers and dumped gigabytes of sensitive data online.

2 days ago Heads up! If Tor VANISHES over the weekend, this is why

The Register View Synopsis+1
Developers warn of swoop plot to cripple privacy network

The Tor Project is warning that its network - used by netizens to mask their identities on the internet - may be knocked offline in the coming days.

Top News

3 hours ago Easily Exploitable NTP Vulnerabilities Put ICS Operators at Risk

SecurityWeek View Synopsis+1

Remotely Exploitable NTP Vulnerabilities Put Critical Infrastructure Systems at Risk

3 hours ago Meet Anunak - The Hacker Crew That Owned Staples And Earned $25m In 2014

Forbes View Synopsis+1
Forbes understands a hacker crew called Anunak was responsible for attacks on major US retailers Staples, Bebe and Sheplers, likely costing the industry millions. They're making most of their money from breaches of Russian banks, however, and have been spotted doing some espionage on government bodies.

2 hours ago SKorea holds N-plant drills against cyber threats

Yahoo Security View Synopsis+1
SEOUL, South Korea (AP) - South Korea's monopoly nuclear power company said it began drills Monday against possible cyberattacks after online threats of attack against its plants.

1 hour ago Reacting to the Sony Hack

Schneier blog View Synopsis+1

First we thought North Korea was behind the Sony cyberattacks. Then we thought it was a couple of hacker guys with an axe to grind. Now we think North Korea is behind it again, but the connection is still tenuous. There have been accusations of cyberterrorism, and even cyberwar. I've heard calls for us to strike back, with actual missiles and bombs. We're collectively pegging the hype meter, and the best thing we can do is calm down and take a deep breath.

First, this is not an act of terrorism. There has been no senseless violence. No innocents are coming home in body bags. Yes, a company is seriously embarrassed­and financially hurt­by all of its information leaking to the public. But posting unreleased movies online is not terrorism. It's not even close.

Nor is this an act of war. Stealing and publishing a company's proprietary information is not an act of war. We wouldn't be talking about going to war if someone snuck in and photocopied everything, and it makes equally little sense to talk about it when someone does it over the internet. The threshold of war is much, much higher, and we're not going to respond to this militarily. Over the years, North Korea has performed far more aggressive acts against US and South Korean soldiers. We didn't go to war then, and we're not going to war now.

Finally, we don't know these attacks were sanctioned by the North Korean government. The US government has made statements linking the attacks to North Korea, but hasn't officially blamed the government, nor have officials provided any evidence of the linkage. We've known about North Korea's cyberattack capabilities long before this attack, but it might not be the government at all. This wouldn't be the first time a nationalistic cyberattack was launched without government sanction. We have lots of examples of these sorts of attacks being conducted by regular hackers with nationalistic pride. Kids playing politics, I call them. This may be that, and it could also be a random hacker who just has it out for Sony.

Remember, the hackers didn't start talking about The Interview until the press did. Maybe the NSA has some secret information pinning this attack on the North Korean government, but unless the agency comes forward with the evidence, we should remain skeptical. We don't know who did this, and we may never find out. I personally think it is a disgruntled ex-employee, but I don't have any more evidence than anyone else does.

What we have is a very extreme case of hacking. By "extreme" I mean the quantity of the information stolen from Sony's networks, not the quality of the attack. The attackers seem to have been good, but no more than that. Sony made its situation worse by having substandard security.

Sony's reaction has all the markings of a company without any sort of coherent plan. Near as I can tell, every Sony executive is in full panic mode. They're certainly facing dozens of lawsuits: from shareholders, from companies who invested in those movies, from employees who had their medical and financial data exposed, from everyone who was affected. They're probably facing government fines, for leaking financial and medical information, and possibly for colluding with other studios to attack Google.

If previous major hacks are any guide, there will be multiple senior executives fired over this; everyone at Sony is probably scared for their jobs. In this sort of situation, the interests of the corporation are not the same as the interests of the people running the corporation. This might go a long way to explain some of the reactions we've seen.

Pulling The Interview was exactly the wrong thing to do, as there was no credible threat and it just emboldens the hackers. But it's the kind of response you get when you don't have a plan.

Politically motivated hacking isn't new, and the Sony hack is not unprecedented. In 2011 the hacker group Anonymous did something similar to the internet-security company HBGary Federal, exposing corporate secrets and internal emails. This sort of thing has been possible for decades, although it's gotten increasingly damaging as more corporate information goes online. It will happen again; there's no doubt about that.

But it hasn't happened very often, and that's not likely to change. Most hackers are garden-variety criminals, less interested in internal emails and corporate secrets and more interested in personal information and credit card numbers that they can monetize. Their attacks are opportunistic, and very different from the targeted attack Sony fell victim to.

When a hacker releases personal data on an individual, it's called doxing. We don't have a name for it when it happens to a company, but it's what happened to Sony. Companies need to wake up to the possibility that a whistleblower, a civic-minded hacker, or just someone who is out to embarrass them will hack their networks and publish their proprietary data. They need to recognize that their chatty private emails and their internal memos might be front-page news.

In a world where everything happens online, including what we think of as ephemeral conversation, everything is potentially subject to public scrutiny. Companies need to make sure their computer and network security is up to snuff, and their incident response and crisis management plans can handle this sort of thing. But they should also remember how rare this sort of attack is, and not panic.

This essay previously appeared on Vice Motherboard.

1 hour ago Sneaky Russian hackers slurped $15 MILLION from banks

The Register View Synopsis+1
ATM malware, remote employee monitoring - you name it, they did it

Millions of dollars, credit cards and intellectual property have been stolen by a newly discovered group of cyber criminals.

56 minutes ago Security firm IOActive to expand Vehicle Security Service program

SC Magazine View Synopsis+1
An investment into a garage located within its testing labs will enable the security firm to conduct various tests on cars and provide manufacturers with security strategies.

53 minutes ago Exploits for dangerous network time protocol vulnerabilities can compromise systems

Yahoo News View Synopsis+1
Remote code execution vulnerabilities in the standard implementation of the network time protocol (NTP) can be exploited by attackers to compromise servers, embedded devices and even critical infrastructure systems that run UNIX-like operating systems. The flaws, which can be exploited by sending specially crafted packets to machines running a vulnerable version of the NTP daemon (ntpd), pose a ...

11 minutes ago Biggest Health Data Breaches in 2014

InfoRiskToday View Synopsis+1
Federal Tally Reveals Latest TrendsThe five biggest 2014 health data breaches listed on the federal tally so far demonstrate that security incidents are stemming from a variety of causes, from hacker attacks to missteps by business associates.

Latest News

56 minutes ago Meet Anunak - The Hacker Crew That Owned Staples And Earned $18m In 2014

Forbes View Synopsis+1
Forbes understands a hacker crew called Anunak was responsible for attacks on major US retailers Staples, Bebe and Sheplers, likely costing the industry millions. They're making most of their money from breaches of Russian banks, however, and have been spotted doing some espionage on government bodies.

1 hour ago Sony & Cybersecurity: Supply Chain Concerns

Forbes View Synopsis+1
Be Very Afraid A scene early in the "Lord of the Rings" trilogy has the warrior king Aragorn asking Frodo Baggins whether he is afraid, and then warning the Hobbit hero that he is not nearly afraid enough.  The ring of power which Frodo carries is being sought by evil forces [...]

1 hour ago Five of the best (and free) Android security apps

ZDNet View Synopsis+1
Worried about hackers and fraudsters gaining access to the data on your Android smartphone or tablet? You should be. But you can also reduce that risk by installing a security app on your device. Here are five of the best (and free) apps available out there.

1 hour ago Time To Rethink Patching Strategies

Dark Reading View Synopsis+1
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.

1 hour ago Top bankers need to take cyber threat seriously: BoE

Yahoo Security View Synopsis+1

By Matt Scuffham and William Schomberg LONDON (Reuters) - Top British bankers and other senior executives in the financial services industry are not taking the risk of cyber attacks seriously enough, financial policymakers at the Bank of England say. Cyber crime costs the global economy $445 billion a year and the bill is rising, according to the Center for Strategic and International Studies. Banks are particularly vulnerable, despite spending hundreds of millions of dollars a year on cyber defenses. ...

1 hour ago Top Ten Technology Stories Of 2014

Forbes View Synopsis+1
As the year draws to a close, and as you plan some time off, perhaps with a warming beverage in front of the fire, I am pleased to offer my take on the best stories in written, video, and audio form of 2014. One Startup's Struggle to Survive the Silicon Valley [...]

1 hour ago 2014: Apple's competence wanes, but my trust remains

ZDNet View Synopsis+1
Apple's had a tough year. So have we. Here's how the iPhone maker made it up to us.

1 hour ago Tor Warns of Possible Attempts to Disable Anonymity Network

SecurityWeek View Synopsis+1

The Tor anonymity network might be disrupted in the next few days via the seizure of directory authorities, the Tor Project has learned.

There are a total of nine directory authorities spread out in the United States and Europe. These servers provide a signed list of all the relays that make up the Tor network.

2 hours ago Taking IT Security's Pulse: What to Expect in 2015

SecurityWeek View Synopsis+1

According to Gartner, worldwide spending on information security was expected to reach $71.1 billion in 2014, an increase of 7.9 percent over 2013. Total information security spending will grow a further 8.2 percent in 2015 to reach $76.9 billion. Based on these numbers it would appear that we have made progress towards a more secure world in the past 12 months. Did we? And what can we expect in 2015?

3 hours ago South Korea Nuclear Plants Stage Drill Against Cyber Attack

SecurityWeek View Synopsis+1

South Korea's nuclear power plant operator launched a two-day drill Monday, testing its ability to thwart a cyber attack, after a series of online information leaks by a suspected hacker.

4 hours ago South Korea nuclear plant operator says hacked, raising alarm

Yahoo Security View Synopsis+1
By Meeyoung Cho and Jack Kim SEOUL (Reuters) - Computer systems at South Korea's nuclear plant operator have been hacked, the company said on Monday, sharply raising concerns about safeguards around nuclear facilities in a country that remains technically at war with North Korea. The Korea Hydro and Nuclear Power Co Ltd (KHNP) and the government said only "non-critical" data was stolen by the hackers, and that there was no risk to nuclear installations, including the country's 23 atomic reactors. ...

4 hours ago How the operating system was born. Part 6

IT Toolbox Blogs View Synopsis+1

Again with the recap on the previous article where I mentioned how the bios was one of the first operating systems and how it was extremely limited.


The name actually gives that reason away as it is, as you should know by now, an acronym for Basic Input/Output System. This basic is the literal basic and not  Beginners All purpose Symbolic Instruction Code :)



4 hours ago China condemns cyberattacks, but says no proof North Korea hacked Sony

Yahoo Security View Synopsis+1

By Megha Rajagopalan and Steve Holland BEIJING/WASHINGTON (Reuters) - China said on Monday it opposed all forms of cyberattacks but there was no proof that North Korea was responsible for the hacking of Sony Pictures, as the United States has said. North Korea has denied it was to blame and has vowed to hit back against any U.S. retaliation, threatening the White House and the Pentagon. The hackers said they were incensed by a Sony comedy about a fictional assassination of North Korean leader Kim Jong Un, which the studio has pulled. ...

5 hours ago Hackers pop German steel mill, wreck furnace

The Register View Synopsis+1
Phishing proves too hot for plant

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces.

6 hours ago China to develop trust rating index for cloud vendors

ZDNet View Synopsis+1
Chinese government will allow only those with full security clearance to be involved in government projects, potentially leaving foreign players out of such contracts.

8 hours ago STAY AWAY: Popular Tor exit relays look raided

The Register View Synopsis+1
USB plugged into Atlas, Global servers before control was lost

As foreshadowed last week, Tor network exit nodes have gone down after what appear to be raids by law enforcement authorities.

10 hours ago Dangerous NTP hole ruins your Chrissy lunch

The Register View Synopsis+1
Sysadmins: Down beers and patch now!

Critical holes have been reported in the implementation of the network time protocol (NTP) that could allow unsophisticated attackers root access on servers.