China forces service providers to provide decryption keys

ISPs and telecommunication companies must provide technical assistance to the government, including decrypting communications,

I am not sure why there is so much hoo-hah here. China has had similar laws for the Banking and Financial sector for a long while now. That's just how the country works.

Raspberry Pi Offered Money to pre-install malware

I wouldn't have been surprised if one of the governments had tried to do that, but seems like it's someone else!

Firewalls backdoor-ed!

Juniper released a statement saying:
... attackers could exploit the “unauthorized code” in order “to gain administrative access to NetScreen devices and to decrypt VPN connections, and then wipe the logs to remove any trace of a compromise
Let's take a minute and understand the gravity of the matter.

  • Clearly a state sponsored group of hackers, managed to sneak their code to Juniper 
  • This bypassed all internal checks from Juniper, and got released on all their Netscreen devices.
  • This went unnoticed for 3-ish years
  • Meaning, anyone using their hardware could have been eavesdropped upon, in the last 3 years. And best part - they could have done this without getting detected, and without leaving any logs behind!

Update 22-Dec-2015:
More details released, the hard-coded password is:     <<< %s(un='%s') = %u

Update 22-Jan-2016:
Backdoors found on Fortinet firewalls as well!

Security Firm Hacked - MacKeeper

It's a pity when 'security' companies are make huge mistakes when it comes to securing themselves.
The data breach was discovered by Chris Vickery, a white hat hacker who was able to download 13 Million customer records by simply entering a selection of IP addresses, with no username or password required to access the data.
Story here.

Govt Surveillance vs Encryption

There is a battle, a collision, of balance going on, seems like governments are having a hard time in figuring out if they should ban encryption: which goes against all ethics and right to privacy of individuals. BUT on the other hand helps setup surveillance programs to counter terrorism.

  • Kazakhstan mandates Internet backdoor
  • FBI Director James Comey, called for tech companies currently offering end-to-end encryption to reconsider their business model

BlackBerry to exit Pakistan

BlackBerry has decided not to operate in Pakistan after Dec. 30, rather than let the local government intercept communications on its enterprise services.
It just plain stupid for a country to pressurize any IT company to a level, that they decide to leave and take their operations with them.  Reminds me of Google and their China's exit.

Net result:

  • The country still doesn't have the backdoors they wanted
  • Some people will lose their jobs when the company closes their doors
  • It's a long lasting deterrent for any new IT companies exploring to come in

Update 09-Jan-16:
Thankfully better sense prevails, and the govt backs off.

biggest data breaches of 2015

A good look-back at the year. Plus a sum-up of what happened, and how long it took to discover the incident.
Story here

Sharjah bank held to ransom by hacker

It’s not clear how the hacker broke into the bank’s computers. In a direct message to this journalist via Twitter, Hacker Buba claimed he is seeking $3 million and has access to the bank database and back up files from all its servers.
Story here

Health Insurer Excellus: Attackers Breached 10M Records

Excellus has revealed that in August of this year it discovered a nearly 2-year old intrusion campaign in its network that gave hackers access to potentially all its customers’ records. That data includes names, birth dates, Social Security numbers, mailing addresses, telephone numbers, and a variety of account information including claims and financial payment details. 
Full Story 

Aviva Employee Sells Customer Data

A letter sent by Aviva to its customers:

"I am writing to make you aware that Aviva has identified that information about a motor claim which you were involved in may have been accessed and passed to a third party without Aviva's consent. We have dismissed the employee concerned and reported this to the police and the Financial Conduct Authority."
Story here

Tool: KeeFarce

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%
Details here

ProtonMail DDoS Extortion

the service was extorted by one group of attackers, then taken offline in a large distributed denial-of-service (DDoS) attack by a second group that it suspects may be state sponsored.
Full Story

Biggest cyber heist in history

How JP Morgan (and others) got hacked, and the story behind pump-n-dump scheme of hackers. And hackers caught.

Introducing Tor Messenger

Much welcomed! Client currently supports:

  • Jabber (XMPP) chat protocol
  • IRC (Internet Relay Chat)
  • Facebook Chat
  • Google Talk
  • Twitter
  • Yahoo!

 Details here

Anonymous Threatens Banks!

Operation Black October 2015
Using its conventional approach, the group announced the launching of its latest campaign the Operation Black October through a YouTube video.The hacktivist urged people to take out all their money from the banks as soon as possibl

Free Open Source Ransom Ware

Good news for bad guys, we now have an open source ransomware [Hidden Tear], which can be tweaked and used by anyone with literally basic scripting skills. Features include:
  • Uses AES algorithm to encrypt files.
  • Sends encryption key to a server.
  • Encrypted files can be decrypted in decryption program with encryption key.
  • Creates a text file on Desktop with given message.
  • Small file size (12 KB)
  • Undetectable by antivirus programs

Ashley Madison Hack Study

A bit late in the day now, but here is my study of the (in)famous hack, of the website with the tagline, "Life is short, have an affair".


12-Jul-15:
The website's parent company called ALM (Avid Life Media) had been hacked. Employees first learned of the intrusion when they arrived at work and powered on their computers, to be presented with the initial message from the "Impact Team" - the hacker group that has claimed responsibility for the breach.

The news broke about, and as expected, there was a wide spread fear, among the impacted ~37M users. The original leak:
Besides snippets of account data apparently sampled at random from among some 40 million users across ALM’s trio of properties, the hackers leaked maps of internal company servers, employee network account information, companye c bank account data and salary information.
Hackers also claimed that the company had lied, when they sold a service called "Full Delete", which was supposed to purge all user details.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.” 
The demand from the hackers:
“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.”
Sounds like a "Robin Hood" of hackers, no? A good for the society, with no personal gains - No BTC demands!


18-Aug-15:
The company decided not to give in to the demands. And the hackers leaked what was promised (tech links). So, what happens now?

  1. There are numerous websites now offering services to search for your spouse and friends, to see if they were using the website
  2. We now have bad guys harassing the victims (for a lack of better word), and starting an extortion / blackmail program
  3. We also have two suicides, which could (not confirmed) be due to this disclosure 
  4. The ALM company has been taken to court, by the users, and face a class action law suit
  5. The CEO of the company stepped down, over all this controversy
  6. Some big names got exposed via this hack.

24-Aug-15:
The company announces a $500M bounty, for the person who is able to help find the culprit in this hack. At the same time Kerbs feels a twitter user Thadeus Zu (@deuszu) could be responsible.

15-Sep-15:
The company used all the right protocols for hashing and salting their passwords. However, poor implementation causes over 11M hashes to be cracked.

15-Dec-16:
Ashley Madison settles the lawsuits for $17.5 M. Interestingly at this point of time, it can only afford to pay up about 10% of this. Plus they will have a whopping 20 yrs of govt oversight to ensure network security.





Introducing Zerodium

As its name suggests, it specializes in acquiring zero-day exploits. And then selling them off.
The start-up is backed by Vupen, the French vulnerability dealer that has often drawn controversy for brokering exploits to the highest bidder
More Info Here ;  Website Here

BitDefender gets held at ransom for unencrypted passwords

It's a pity to see security companies forgetting basic security measures like hashed passwords!

Win-10 share wifi password 'feature'

Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends.
Full Story

Free sites learn programming

I feel every security practitioner should at least have some basic programming skills. I have seen CISO's make useless comments like, "x% of all security risks are due to poor coding". Well yes, since this is a huge arena in itself, and anyway forms bulk of the effort to setup any technology portal.

Some free sources to learn

Hacking Team Hacked

Who: Hacking Team is an Italian, controversial company which builds and sells spywares to Governments. Even though they used to deny it, we now know for sure that they were supplying to oppressive regimes, such as Sudan, Saudi, Iraq, etc. A full list of their clients is here.

Damage: About 400+ GB of corporate data is leaked on torrents (and here), and the source-code of their tool is loaded up on github.

Consequences: The 0-day exploits which they were exploiting, are now in the wild - can be used by anyone. However, Adobe immediately released the patch for their Flash player

Their most notorious tool was called Remote Control System (a 2014 report is here), and they apprantly had a few more, especially one that one relied on hijacking jailbroken iPhones.

Furthermore, their twitter and other online accounts were also hijacked. The primary reason here, is because of hilariously weak passwords:
The root passwords for Hacking Team's servers were inexplicably weak for their purpose. One of the passwords was simply "P4ssword,".
Other passwords grabbed from Hacking Team founder Christian Pozzi included "wolverine" and "universo," and other variations of dictionary words like "Passw0rd".
By: A hacker (crusader?!) who goes by the name of PhineasFisher has taken credit for the disclosure.

Update 25-Jul-15:
Another tool discovered in the dump, which was used to compromise Android devices.

UK Govt Bans Encrypted IM Apps

A pity to see how the government agencies perceive encryption and privacy of citizens.
Speaking earlier today, David Cameron, announced his plans for new surveillance laws which could spell the end of popular services such as WhatsApp and Snapchat.
Explaining his reason, the Prime Minister said: “In our country, do we want to allow a means of communication between people which we cannot read?”
"My answer to that question is no we must not."

North America is out of IPv4

Yikkess, you hear about this day will come one day, and here we are. Time to beef up the effort on v6.

Avionics Security

There have been a few news posts around technical security of the systems on an aircraft. I agree with Chris Roberts was even detained and investigated by the FBI, and later banned from United Airlines. There are stories about his tweet, which sounds more like a joke, and there are stories about him being able to hack the systems and force the plan to fly sideways.

Leaving aside the conflicting news articles, I agree with Bruce Schneier.
The real issue is that the avionics and the entertainment system are on the same network. That's an even stupider thing to do.

Apple, Linux (not Windows) most vulnerable OS in 2014

My confidence level in this article is small - it says:

A whopping average of 19 security vulnerabilities were reported every day in 2014. The top spot for vulnerabilities in operating systems no longer goes to Microsoft Windows; in fact, Windows isn't even listed in the top three. Instead, the most vulnerable OS was Apple Mac OS X, followed by Apple iOS and Linux kernel. 

Access WiFi From 2.5 miles away!

A $200 device, which will help with anonymity (and much more I am sure)!
Proxyham is comprised of a WiFi-enabled Raspberry Pi computer, along with a three antennas setup. One antenna is used to connect to a source Wi-Fi network at a public place, and the other two antennas are used to transmit the Wi-Fi signal at a 900 MHz frequency.
By relying on a 900 MegaHertz radio connection, ProxyHam effectively connects to a far-away Wi-Fi, with a range of between 1 and 2.5 Miles, depending upon certain interference factors.

Huge Samsung Galaxy security flaw

A bit late in blogging about this topic:
Samsung Galaxy S6, S5, S4 and S4 Mini phones have a massive flaw that allows an attacker to take over the device. It's in the keyboard code, of all places, thanks to a custom SwiftKey build. There are about 600 million of these things in circulation, it's thought.
The patch has been released now by Samsung.

Kaspersky Hack - Duqu 2.0

I am not sure what is the big fuss around the hack. Anyone sane reading the details of the attack, would immediately appreciate the responsible disclosure by the company. I fully agree with them, when they say:
They say there are two kinds of companies, those who know they have been hacked, and those who don't know they have been hacked.
Another article that speaks a bit more about what happened.

US Navy just paid millions to stay on Windows XP

Now, I completely agree that there could be legacy applications which are dependent on XP. However, considering this has been decommissioned for a while now, there is no good excuse - considering the country's defense depends on them.

Proxies For Secure Web Browsing

Does your office block out access to personal email accounts, social networking sites, etc?

Have you ever wanted to check your email or log on to your bank account but the only available internet connection was an unsecured wifi or a publicly shared network (like at cybercafes and airports).

Well for security freaks like us it is not really hard to keep ourselves safe. All we need to do is setup an old PC at home, to act as a proxy (or a hop off point to the internet). Once that is done, you can use an untrusted system or internet connection to establish a secure connection to your home PC and then browse to the net.

There are a number of softwares available out there to accomplish this:

(1) Psiphon: Really simple and straight forward to install. Perfect for beginners and newbies.

(2) VNC: A very useful and feature packed, open source tool.

Update 30-Jun-15:
Note: the free proxies may not be really "free", and may be forcing a HTTP (unencrypted session for malicious purposes). Another post, more geared towards TOR

LastPass Compromised

LastPass (a popular password management site) has been compromised. The company announced in their blog. Errata also has a good impact assessment on the topic.

Encrypting Windows Hard Drives

Bruce Schneier discusses the 'best of the worse' full-disk encryption tools available. I quote the conclusion below:
Based on what I know about BitLocker, I think it's perfectly fine for average Windows users to rely on, which is especially convenient considering it comes with many PCs. If it ever turns out that Microsoft is willing to include a backdoor in a major feature of Windows, then we have much bigger problems than the choice of disk encryption software anyway.
Whatever you choose, if trusting a proprietary operating system not to be malicious doesn't fit your threat model, maybe it's time to switch to Linux.

History of the insecure internet

A very well written article of the history of the internet, and why till date it remains an insecure nightmare :  Part One and Part Two

Tiversa - CyberSecurity firm that hacks to extort

A former employee of P2P cybersecurity firm Tiversa who has turned whistleblower testified that the firm hacks clients in order to fake data breaches and then extorts clients to pay for its 'incident response' services.
Full Story

Stegosploit - Exploiting via an image

A brilliant hack.. how to run an exploit from an image? All the victim needs to do is load an image on his browser.

Android Factory Reset - Inefficient!

The default reset feature leaves behind traces of user's data, and password tokens for Google, Facebook, etc. Another very good reason to encrypt the devices!

GitHub was indeed attacked by Chinese Govt

Cyber crime is usually very hard to attribute to any entity or government. In this case, it should be safe to conclude that the Chinese government was behind this.

Security Maturity Level

A CMMI type methodology - cybersecurity maturity level of an organization.

Download Google Search History

A wonderful way of reminding yourself, on what Google saves about yourself, and why you must turn off this feature immediately.

Introducing Dyre Wolf

An innovative and daring technique to steal money - using a malware and a call-center team!

While many popular banking Trojans have targeted individuals, Dyre has always been used to target organizations. Since its start in 2014, Dyre has evolved to become simultaneously sophisticated and easy to use, enabling cybercriminals to go for the bigger payout.

Introducing China's APT30

I am taking this with a pinch of salt, till I hear some better evidence :
FireEye claims to have uncovered the suite of tools that APT30 used to steal data over the last 10 years ... from air-gapped networks
Maybe similar to how BitWhisper works??!!

Indian telco decides money is more important than net neutrality

It's a pity when telcos take advantage of their position and decide what websites will or will not be made available to the users. I hope the regulators step in here, and use some common sense.

Update 16-Jul-15:
Better sense prevails, and the government's committee makes a 'recommendation' to not go this route.

Update 22-Jul-15:
A surprising outcome from this review: making VOIP calls from India to other countries is okay, but such calls within the country should be charged !?

Update 09-Feb-16:
Relief and happy with the Indian government sector - FB's Free Basics Banned!


CyberSecurity in the year 2020

An interesting report from Trend Micro, around how the world would like in the year 2020.

Uber Hack, caused by accidentally uploading of an internal password

GitHub acts as a collaborative repository for users’ code and projects. They can upload what they’re working on to share their progress, or even work together. But in a serious blunder, an Uber employee uploaded an internal password to the site. With this password, it was possible to access sensitive details on more than 50,000 of Uber’s drivers
Full Story

China reveals existence of their cyber-army

Surprise! Surprise! China has a military division to manage a cyber-army.

In the latest updated edition of a PLA publication called The Science of Military Strategy, China finally broke its silence and openly talked about its digital spying and network attack capabilities and clearly stated that it has specialized units devoted to wage war on computer networks. China has three types of operational military units:
  1. Specialized military forces to fight the network
  2. Groups of experts from civil society organizations 
  3. External entities 

BitWhisper: Leaking data from air-gapped systems

Israeli security researchers claim to have discovered a new way to jump supposedly secure air-gapped systems via heat emissions.

GSMem: another method of achieving the same

Anatomy of a hack

A very interesting narrative of how a person's mail.com, gmail, authy, AT&T accounts got compromised, in order to steal his bitcoins. The victim here for sure had taken more precautions than an average user, and hence is really an eye opener.

Google for VA, Security Scanning

Commendable move by Google. Helping website owners find security flaws in their own websites.

Gemalton's SIM encryption keys hacked (?)

The Intercept claims that NSA hacked and stole the encrustation keys across all sim cards manufactured by Gemalto.
The Dutch company supplies 2 billion SIM cards per year to a range of Tier 1 carriers, including Verizon Communications, Vodafone Group and China Mobile.
It is a known fact that NSA likes to hold on to as many encryption keys as they can. However, this is just going too far.

MITM on Lenovo Computers - Introducing Superfish

A tool deployed by default to help push 'relevant' advertisements, has been found to be doing MITM attack to grasp HTTPS website data. The tool internally uses a password called 'komodia'.
[Sighh... why do security researchers give out the exploits on a silver platter?]

Full Story

Introducing Carbanak Group

The story:
Kaspersky researchers have discovered the theft of $1 billion from 30 banks over the past two years....
..... criminal activity did not end here. In other cases, the cyberattackers "penetrated right into the very heart of the accounting systems," Kaspersky says. The criminals were able to inflate account balances before fraudulently transferring the money.

NIST Releases Cybersecurity Framework

From NIST:
In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The order calls for the development of a voluntary, risk-based Cybersecurity Framework—a set of existing standards, guidelines and practices to help organizations manage cyber risks. The resulting framework, created through public-private collaboration, provides a common language to address and manage cyber risk in a cost-effective way based on business needs, without placing additional regulatory requirements on businesses.

What is a 'sophisticated attack?'

What is common to majority of the big names getting hacked recently? They all claim they were victims of a "sophisticated attack".

Here is an article that breaks down this PR's default statement.
The truth, however, is that these attacks seem sophisticated only when you compare them to the unsophisticated security programs that fail to defend against them.
It always sounds like an attempt to forgive the victim for having insufficient protection, detection and reaction capabilities in place, both technical and nontechnical.

Pwn2Own Contest 2015

HP TippingPoint's Pwn2Own is back in Mar-2015.
The prize pool for this year's edition is 28% smaller than the record $645,000 of 2014.
The 2015 edition of Pwn2Own will offer cash awards to researchers who demonstrate exploits of previously-unknown vulnerabilities in Google's Chrome, Mozilla's Firefox, Microsoft's Internet Explorer 11 (IE11) or Apple's Safari browsers, or the Adobe Reader or Adobe Flash Player browser plug-ins.
Those targets are the same as the last two years, with the exception of Oracle's Java, which was dropped for 2015's contest.
Update 21-Mar-15:  Final results
The final count for vulnerabilities exploited this year stands as follows: five flaws in the Windows OS, four in Internet Explorer 11, three each in Mozilla Firefox, Adobe Reader, and Flash Player, two in Apple Safari and one in Google Chrome.

Anthem hacked of 80m records

2nd largest health insurance company in US, Anthem got hacked and lost personal and medical data of its clients. China is suspected here (as well?).

Find professional hackers

Now a platform (like finding a freelancer), but out in the open, and not hidden behind tor.

Update 14-Jun-15:
An article which speaks on the kind of requests getting posted on this website.

Introducing GHOST vulnerability

A flaw within the "gethostbyname function". Hence the name. Discovery is attributed to Qualys labs.

Ironically, the flaw itself was fixed back in 2013. However, it wasn’t recognized as a security threat at the time and so most stable and long-term support distributions were left un-patched.
Why this isn't too serious?

Sony Pictures - The Full Story

A bit of history

In the world that we live in today, it is not uncommon for big organizations to face some cyber-attacks. In fact, any decent sized organization would have faced some heat in the last few years. JP Morgan, LinkedIn, Microsoft, Standard Chartered, Alibaba, Home Depot, I could go on and on, have all been in the news. Eventually, if the adversaries are motivated enough, and given enough resources, it is only a matter of time before an organization gets compromised.

Sony is no exception to this rule. As per the public records available, Sony was compromised a whopping 21 times, between Apr-2011 and July-2011 alone. That is an average of more than once per week, during that time. As a response, they beefed up their security, and announced a new CISO (Philip Reitinger), around Sep-2011.

Goes without saying, one person cannot change the security posture of a company overnight. In fact, they continued to get compromised in Oct-2011, and Sep-2012, and again in Jul-2013. I am not trying to pass any judgment, but it did seem as if Sony was not taking security too seriously, at the time. Nevertheless, things did appear to have improved after early 2012.



Sony Pictures Hack

When Sony Pictures employees got into the office on Monday, 24-Nov-2014, they discovered that their corporate network had been hacked by “#GOP”. The attackers took terabytes of private data, deleted the original copies from Sony computers, and left threatening messages, on the computer screens of the employees. Apparently they had some demands, and Sony was given one day to comply, but I am not sure what these demands exactly were.

The impact: The organization had to switch to typewriters and fax machines, just because the network was so badly compromised, that no workstation or server could be trusted. In fact, even at the time of writing this, Sony is still not confident if their network is clean and trusted.



Lost, Leaked, Damaged?

It is estimated that about 100 TB of data was stolen. Not all has been leaked on the internet. What we do know so far:
  • Five Sony movies were leaked on peer-to-peer networks (torrents). Four of these movies were unreleased at the time (including ‘The Interview’). Meaning, a direct impact to the revenue of the company.
  • The employee’s healthcare, social security numbers, and salary data was leaked. In fact the employees later filed a class-action law suit against Sony, because of the lost personal data.
  • Internal email communication, which put some of the famous actors in bad light. So, these actors may now think twice about working with Sony again.
  • There was even an internal email, with a racist joke on President Obama
  • Budgets of some movies (like the upcoming James Bond Spectre), and what aliases are used by the Hollywood stars
  • Passport details of actors, movie crew, etc.

  • Worse, company lost the private keys to its digital certificates. This was later used to sign malware, and make it look like legit Sony products. The certs were quickly revoked by their CA (DigiCert). However, it is still a kick to the company’s goodwill to have malware signed as ‘trusted’ under their name.



The Interview

Now supposedly this whole attack is in retaliation to a movie called “The Interview”, a comedy movie that makes fun of the North Korean leader Kim Jong-un, and has a plot built around his assassination. The hacking group Guardians of Peace (GOP) issued a warning to Sony to not release the movie. In fact the employees of Sony too got some scary threats, to leave the company. Moreover, the movie theaters were threatened as well, and were warned to not play the movie.

Under pressure, Sony decided to stop all TV advertisements of the movie, and to scrap the planned Christmas Day release. However, after President Obama gave some confidence to the company, Sony made a U-turn on their decision, and finally did release the movie in theaters and VOD.




Blame North Korea!


The FBI, and even The President himself, has clearly pointed at North Korea for being the mastermind behind this attack. They are so sure of themselves that the Government even imposed some sanctions on North Korea. On the other hand, the Korean government has repeatedly denied any involvement in the hack. In fact, they even volunteered to help with the investigation.

Some evidence suggests that a former Sony employee may have provided information to Lulzsec members (a hacktivist organization), thus enabling the attack. While some sceptics believe this was all a publicity stunt, orchestrated by Sony.

There is another theory, that the hackers may not even be linked to North Korea. After all, at the  time of the hack, there was no mention of this movie. At the time it was all an extortion attempt. It is only after the media started suggesting that the hack was linked to ‘The Interview’, did the hackers conveniently get inspired by the idea, and played along.



Attribution is Difficult

Why is it so complicated to confirm who were these cyber-criminals? Here let me quote Bruce Schneier, who explains this very well.

Ordinarily, you could determine who the attacker was by the weaponry. When you saw a tank driving down your street, you knew the military was involved because only the military could afford tanks. Cyberspace is different. In cyberspace, technology is broadly spreading its capability, and everyone is using the same weaponry: hackers, criminals, politically motivated hacktivists, national spies, militaries, even the potential cyberterrorist. They are all exploiting the same vulnerabilities, using the same sort of hacking tools, engaging in the same attack tactics, and leaving the same traces behind. They all eavesdrop or steal data. They all engage in denial-of-service attacks. They all probe cyberdefences and do their best to cover their tracks.

So in other words, a cyberattack investigation will never lead to a smoking gun, or a video footage of the bad guys, patriotically holding their country’s flag, and typing furiously at their computers.



Known Facts

For obvious reasons neither FBI nor Sony has released all the facts publically. From what we do know, below is a list of some of the facts. Now some of these facts help point at North Korea, whereas most of these are inconclusive.

  1. The threats were written in broken English and North Korea had condemned “The Interview” in a July letter to the U.N. Secretary-General. Hence, they for sure had a motive. They had even called the movie an act of terrorism
  2. After examining the malware used to infiltrate the studio, the FBI said it found similarities with software used in previous cyber-attacks carried out by North Korea
  3. The IP addresses used in the attack are addresses used by North Korea in previous attacks attributed to their government
  4. Guardians of Peace (GOP) had previously sent threatening emails to Sony, sometimes using an Internet provider address used exclusively by North Korea
  5. The malware that was found on Sony’s systems was reverse-engineered, and had Korean language. However, some say it is in a different dialect
  6. Privileged passwords were used for the hack. So, maybe an insider was involved. Alternatively, it is also possible that the hackers were in the network long enough to break into the accounts. In some cases the privileged password was ‘password’ itself. So, cannot take too long to brute-force
The list goes on, but I try to cover the main ones here.



Conclusion

Personally I believe the whole theory of North Korean government being the sponsor of the attack is very circumstantial. In the unlikely scenario that a suspect is taken to the court, I do not see s/he getting prosecuted (based on the evidence we have so far).

Maybe it’s possible that a North Korean, with no links to the government, is behind it. What if there are multiple parties involved here? One who actually did hack and leak the internal data, and another who is just taking advantage of the situation and fueling their own propaganda.

Update 03-Mar-2016:  Some report about Operation Blockbuster & Lazarus Group ?!

White House Cybersecurity proposal

Overall,  the package “promotes better cybersecurity information sharing between the private sector and government, and it enhances collaboration and information sharing amongst the private sector,” according to a White House statement.
Details here

Hackers released Xbox SDK

Continuing with the attacks of the gaming network, we now have Xbox seriously compromised.

India: Internet Censorship

Update 11-Jan-2015:
Ban lifted for some of the websites.
Order released to unblock all 32 websites. I am glad to hear that, but what a good waste of time and effort.

Update 01-Jan-2015:
32 websites blocked by the orders of the India's DoT (Department of Telecom). The reasons given are not just silly, but completely idiotic.


Update: 06-June-2012:
Not surprisingly, they are now a target of a DoS attack from Anonymous.


Update: May-2012:
ISP's have been asked to block video sharing websites (like vimeo), and many torrent sites. Seems like the intent is to protect the film industry.


Update: Jan-2012:
Will India follow China and censor the internet? The story

What the government says:

The big threat for the [internet] companies at the moment is a lawsuit in a New Delhi trial court, which seeks to hold them and several other websites criminally liable for not censoring online content, including material that mocks or criticizes religious and political figures.

What the truth could actually be:
Some analysts and lawyers also say the Indian government is stepping up its enforcement of the Web at a time when public outrage over corruption and political dysfunction is spilling into blog posts, Facebook pages and Tweets.