Information Security News
Help Net Security
Infosec: More than reindeer games
Help Net Security
As CEO of XMAS Inc., the leading manufacturing and shipping enterprise, you face extraordinary pressure to deliver joy on Christmas morning to billions of kids around the world. In fact, it's hard to think of any other top business leader who is ...
by Sean Gallagher
It looks like the great cyber-war with North Korea has begun, at least by proxy. The entirety of North Korea was knocked off-line today by a distributed denial of service attack—not a difficult feat, considering that all of North Korea is connected to the global Internet by a single connection. And while Americans are undoubtedly carrying out the attacks, it’s doubtful that they are taking direction from the government at this point (unless you think Anonymous and Lizard Squad are directed by the National Security Agency).
It’s an interesting dichotomy, because the evidence presented thus far by the US government that North Korea is indeed responsible for the attack is extremely weak. None of the Internet Protocol addresses embedded in the malware used in the attack were in North Korea, and most of them were exploited systems that could have been (and probably were) used by any number of cybercriminals and black hat hackers. All of the IP addresses were clearly acting as proxy servers, and some were used for spam and malware distribution.
Only the similarity to other attacks that were apparently launched by North Korea, the apparent motive, and Occam's Razor suggest that the Guardians of Peace were in the employ of the Democratic People’s Republic of Korea, rather than some random group of laid-off employees or supporters of Kim Dotcom. But if what was done to Sony Pictures Entertainment was in fact North Korean directed cyber-terrorism, it was extremely effective.
Jordan and others have written in about North Korea being offline. Arbor has a great post with some analysis (http://www.arbornetworks.com/asert/2014/12/north-korea-goes-offline/). According to the article, the netblock that is being targted is126.96.36.199 188.8.131.52. For more detail follow the link above.
Tom Webb(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
by Sean Gallagher
On Friday, a warning of a possible effort to hijack significant portions of the anonymizing Tor network was leaked to the Tor Project. And over the weekend, a cluster of servers in a Netherlands' data center that were used as Tor “exit nodes” and as mirrors for two Tor Project services were taken offline. However, it’s not clear who took the servers down or if law enforcement was involved.
Thomas White, an operator of a large cluster of servers providing an exit point for Tor traffic in the Netherlands, reported to a Tor news list that there was suspicious activity overnight on the servers. The servers, according to DNS data, were hosted in a data center in Rotterdam.
“I have now lost control of all servers under the ISP and my account has been suspended,” White wrote late on Sunday, December 21, in his first message on the takedown. “Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.”
by Robert Lemos
Sony Pictures isn’t the only entertainment giant dealing with a massive breach.
Music icon Madonna quickly released six tracks from her latest album last week after someone stole 13 prereleased recordings—reportedly the entire album—and leaked them to the Internet. The Material Girl is now keeping all of her production material off the networks, requiring her production crew to avoid wireless and deliver files by hand-carrying hard drives, according to an interview with Billboard magazine published on December 21.
“We don’t put things up on servers anymore,” she said. “Everything we work on, if we work on computers, we’re not on WiFi, we’re not on the Internet, we don’t work in a way where anybody can access the information.”