Posts Tagged ‘Hacking’

FBI gets it wrong about N Korea and the Sony hack – deliberately?

December 19, 2014

I was listening to Sean Sullivan of F Secure on BBC radio today and I find his arguments that the FBI has got it wrong quite convincing. The FBI, it would seem, has less evidence of a N Korea connection than the US intelligence services ever had of WMD in Iraq! But they have now stated categorically that it was N Korea and the perpetrators would be hunted down. Unless of course Obama is looking to initiate his own war in his own name while he is still in office. In which case the FBI could have been tasked with getting the evidence to prove the desired conclusion. A simple act of extortion was followed by reference to the movie only after the Press brought it up. 

Industry experts have more credibility for me than the FBI in this case.

Kim hacking

 YahooNews:

Many computer-security experts doubt the validity of the claim that North Korea is behind the Sony Pictures Entertainment hack, citing a lack of strong evidence and the possibility of alternate scenarios.

“There’s no direct, hard evidence that implicates North Korea,” Sean Sullivan, a security researcher at Finnish security firm F-Secure, told Tom’s Guide. “There is evidence of extortion (the Nov. 21 email [to Sony executives which demanded money]) and the hackers only mentioned [the movie] The Interview after it was brought up in the press, which they then used to their advantage.”

“Is North Korea responsible for the Sony breach?” wrote Jeffrey Carr, founder and CEO of Seattle cybersecurity consulting firm Taia Global. “I can’t imagine a more unlikely.

Others also find the FBI evidence very flimsy. It seems that the N Korea narrative is essentially led by the media rather than by the evidence:

 Wired: ….. Despite all of this, media outlets won’t let the North Korea narrative go and don’t seem to want to consider other options. If there’s anything years of Law and Order reruns should tell us, it’s that focusing on a single suspect can lead to exclusionary bias where clues that contradict the favored theory get ignored.

Initial and hasty media reports about the attackers pointed to cyberwarriors from North Korea, bent on seeking revenge for the Sony movie The Interview. This was based on a complaint North Korea made to the United Nations last July about the Seth Rogen and James Franco flick, which was originally slated to be released in October before being changed to Christmas Day. 

But in their initial public statement, whoever hacked Sony made no mention of North Korea or the film. And in an email sent to Sony by the hackers, found in documents they leaked, there is also no mention of North Korea or the film. The email was sent to Sony executives on Nov. 21, a few days before the hack went public. Addressed to Sony Pictures CEO Michael Lynton, Chairwoman Amy Pascal and other executives, it appears to be an attempt at extortion, not an expression of political outrage or a threat of war.

“[M]onetary compensation we want,” the email read. “Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You’d better behave wisely.”

To make matters confusing, however, the email wasn’t signed by GOP or Guardians of Peace, who have taken credit for the hack, but by “God’sApstls,” a reference that also appeared in one of the malicious files used in the Sony hack.

I note that John McCain has declared that this is an Act of War by N Korea. A bi-partisan approach to attack N Korea could be forged. He is already calling for the US to conduct a cyber attack on N Korea (which has the lowest internet usage of any country). When the cyberwar fails, the logical next step would be to bomb Pyongyang and then mount a US-led, coalition invasion from Okinawa. George Clooney and Angelina Jolie could organise a petition from Hollywood supporting such action. All of Hollywood would surely support such decisive action. The coalition could consist of Japan and S Korea at least. Maybe Cuba could be persuaded to join. Sony could have cameras embedded in every military unit.  Jon Stewart and Stephen Colbert could make sure that the liberal population of the US could – for once – support the national pastime of going to war. James Franco and Seth Rogen clearly need special positions; perhaps they could orchestrate the invasion.

I see that the UN General Assembly has already passed a motion for the North Koreans to be referred to the International Criminal Court. The next step would be for the US to call for a special sitting of the Security Council. They could make a PowerPoint show a la Colin Powell, to show the world the evidence they have manufactured, and to get a suitable war resolution passed.

The entire N Korea narrative is probably nothing more than a media inspired narrative.

 

Not much sympathy for Sony(Goliath) in their war against GoP (David)

December 17, 2014

I know I am supposed to be against the evil hackers.

But I’m afraid I am only amused by Sony’s predicament in their battle against the “Guardians of Peace” hackers. Sony’s heavy handed approach and their legal threats to those who might disseminate the stolen material only makes them look even more foolish. The battle has a David and Goliath feel about it and David is winning. The indignant squeals of Hollywood celebrities at having their dirty underbellies revealed only adds to the amusement. When Aaron Sorkin (he who does not think much of actresses) takes as much space in the NYT to attack the hackers as the mass massacre of children by the Taliban gets, he only reduces any sympathy one might feel for the “hacked”.

Reuters:

The New York premiere of “The Interview”, a Sony Pictures comedy about the assassination of North Korean President Kim Jong-Un, has been canceled and a source said one theater chain had scrapped plans to show it, after threats from a hacking group.

The hackers, who said they were also responsible for seizing control of Sony Corp’s computer system last month, on Tuesday warned people to stay away from cinemas showing the film starring James Franco and Seth Rogen, and darkly reminded moviegoers of the Sept. 11 hijacked plane attacks on the United States in 2001.

“We recommend you to keep yourself distant from the places at that time,” the hackers wrote. “(If your house is nearby, you’d better leave.)”

Hollywood celebrities exploited their media access to whinge and whine:

The Guardian:

Various Hollywood figures, including Brad Pitt, Aaron Sorkin and Seth Rogen, have publicly criticised the media for publishing stories based on information hacked from Sony Pictures.

The hack by the group Guardians of Peace revealed email conversations between Sony executives and actors, discussing the likes of Pitt’s wife Angelina Jolie, who was described as a “minimally talented spoiled brat” by producer Scott Rudin. ……. 

Seth Rogen meanwhile, whose North Korea-baiting film The Interview was cited as a catalyst for the hacks by Guardians of Peace, said in an interview that “everyone is doing exactly what these criminals want… It’s stolen information that media outlets are directly profiting from.”

Aaron Sorkin, whose screenplay for an upcoming Steve Jobs biopic was at the heart of one set of hacked emails, has penned a New York Times opinion piece where he asserts that the media is “giving material aid to criminals… the minor insults that were revealed are such small potatoes compared to the fact that they were revealed. Not by the hackers, but by American journalists helping them. …… 

Guardians of Peace have threatened to release another batch of files as a “Christmas gift”, leading to pre-emptive manoeuvres by Sony staff. Co-chair Amy Pascal, whose correspondence has frequently been featured in the hacked emails, has contacted the likes of producer Harvey Weinstein to apologise if any disparaging remarks are leaked, according to Variety.

Any moral or ethics issues over the “stealing” of the information are overridden by the massive embarrassment for Sony in spite of the triviality of the titillating information released. That an electronics and entertainment giant such as Sony could be hacked so easily smacks of incompetence. That overpaid, under-employed Sony executives are having their positions threatened (for their own incompetence) arouses little sympathy.

Sorry – but I don’t perceive any great moral issues here.

“Go GoP”!

Oh Dear! Celebrities whinge at release of naked pictures

September 2, 2014

I am concerned that iCloud can be hacked – but only because my assessment of their security was clearly wrong. I’ll just have to give iCloud a lower rating for security than I have done.

But I cannot share the indignation of the celebrity “victims” at having their naked pictures publicised  and their “plight” leaves me largely unmoved.

The hackers may be despicable but those who upload naked pictures of themselves (or other compromising material) into the Cloud are just plain stupid. In fact I feel sure that the act in itself is some subconscious (or perhaps conscious) craving for the pictures to be leaked and for the resulting publicity. Stupid people can also be victims but my sympathy for stupidity is very heavily tempered.

What is much more upsetting is that I haven’t seen any of these pictures yet (but I shall not be spending any time looking for them either).

Ricky Gervais got it right first time.

Apparently he has now back-tracked somewhat in response to protest but I only think the less of him for that.

The comedian was criticised after posting this message on Twitter - blaming celebrities for taking the photos and storing them on their computers in the first place 

Chinese back doors and mincing rascals from the US!

May 21, 2014

The United States on Monday charged  five Chinese military officers and accused them of hacking into American nuclear, metal and solar companies to steal trade secrets, ratcheting up tensions between the two world powers over cyber espionage.

Washington is playing the victim of cyber-espionage when in fact it is the world’s top intelligence power, a Chinese state-run newspaper has said in a sharply worded editorial after US authorities levelled criminal hacking charges at China’s army. “Regarding the issue of network security, the US is such a mincing rascal that we must stop developing any illusions about it,” wrote the Global Times, which is close to the ruling Communist party.

Meanwhile we learn from the Snowden affair that the US Government turned Silicon Valley into a surveillance partner. The second part of the United States of Secrets is to be broadcast by PBS tonight.

Increasingly industrial systems have their hardware  and/or their control systems equipped, at the time of manufacture, with “backdoors” to allow remote access at some future time. Inevitably the backdoors” are associated with embedded software very often with features to make it undetectable. These include power plants and their components, industrial control systems, access control systems, network appliances, surveillance systems, communication devices and even commercial aircraft.

In the US not only the software giants (Microsoft, Google, Apple, Facebook…), but even hardware manufacturers such as Boeing and GE and IBM and even automotive companies have been involved with installing “backdoors” and their associated software (malware) into their products.  Many US companies have regularly utilised their security services for industrial espionage and it is not very surprising that they feel beholden. Intelligence agencies in the US and Australia and the UK are not permitted to use Chinese Lenovo hardware because they are suspected of containing hidden  “backdoors”. Lenovo isn’t unique. Chinese firms accused of espionage in the past include Huawei and ZTE. Chinese government organisations in their turn are not permitted to use Microsoft products and Windows 8 is especially suspected for its many hidden, built-in vulnerabilities.

There is much active research in designing and hiding “backdoors” and in detecting and disabling them.

Hardware backdooring is practical, Jonathan Brossard, Blackhat Briefings and Defcon Conferences, Las Vegas, 2012

(We) will demonstrate that permanent backdooring of hardware is practical. We have built a generi proof of concept malware for the Intel architecture, Rakshasa, capable of infecting more than a hundred dierent motherboards. The net effect of Rakshasa is to disable NX permanently…. resulting in permanent lowering of the security of the backdoored computer, even after complete erasing of hard disks and re-installation of a new operating system. We shall also demonstrate that preexisting work on …. subversions such as bootkiting and preboot authentication software, brute-force or faking can be embedded in Rakshasa with little effort.

Silencing Hardware Backdoors, Adam Waksman and Simha Sethumadhavan, SP ’11 Proceedings of the 2011 IEEE Symposium on Security and Privacy,Pages 49-63

Hardware components can contain hidden backdoors, which can be enabled with catastrophic effects or for ill-gotten profit. These backdoors can be inserted by a malicious insider on the design team or a third-party IP provider. In this paper, we propose techniques that allow us to build trustworthy hardware systems from components designed by untrusted designers or procured from untrusted third-party IP providers. We present the first solution for disabling digital, design-level hardware backdoors. The principle is that rather than try to discover the malicious logic in the design–an extremely hard problem–we make the backdoor design problem itself intractable to the attacker. The key idea is to scramble inputs that are supplied to the hardware units at runtime, making it infeasible for malicious components to acquire the information they need to perform malicious actions.

The US accusing China is a case of the pot calling the kettle black. But the black methods now surely being used by the Chinese were all invented first in the US and probably under State sponsorship.

There are many Big Brothers out there.

Phone hacking: One law for the Guardian and another for the News of the World?

August 6, 2011

The list of UK journalists involved in phone hacking just gets longer. After the Mirror it is now the turn of the Guardian.

The Guardian newspaper may have been a major player in exposing the phone hacking scandal in Murdoch’s News of the World, but is not itself free from the cancer. Their investigations executive editor, David Leigh is a self-confessed hacker (5 years ago) but seeks to justify himself because his ends were in the public interest!!

David Leigh obviously considers himself an inherently good guy such that his means are justified by his ends. I am afraid Mr. Leigh’s ethics are a little confused, a little arrogant and not very convincing. The Daily Mail reports that he is to be questioned by the police.

UPDATE! It now seems that David Leigh was probably also involved in some kind of nefarious activity against the anti-global warming community after Climategate. It would seem that police provided him – or the Guardian – with information in contravention of the Data Protection Act. A form of “information laundering” perhaps!! 

Forbes: Jeff Bercovici

Here’s one more irony in a saga that already has plenty of them: The Guardian, the paper most responsible for bringing the phone hacking at News of the World to light, is harboring a confessed phone hacker. That would be investigations executive editor David Leigh, who, in 2006, volunteered that he had used some “questionable methods” to get scoops, including listening to a subject’s voicemail and lying about his identity on phone calls. That admission drew shrugs at the time, but the Guardian’s avidity in pursuing justice for other phone-hackers has given it new relevance. …

Does Leigh’s defense — that what he did was permissible because it was in the public interest and he was transparent about it after the fact — hold water? I put that question to Kelly McBride, who teaches ethics at the Poynter Institute. She thinks it doesn’t.

“The problem with that is he’s suggesting that the ends justify the means,” McBride says. “In most ethical reasoning it doesn’t because it’s a subjective call. For him, it’s exposing bribery and corruption. For somebody else it might be exposing that some pop star lip synchs over his songs.” (That might sound like a big leap of relativism, but think of all the stories that fall somewhere in the middle, like political sex scandals.)

…. Setting aside the lofty realm of ethics, there’s still the practical application of the law to consider. Leigh writes that “there is a public interest defence available under the Data Protection Act” that, in theory at least, protects him from prosecution while enabling the phone-hackers from News of the World to be brought to justice.

Even if that’s the case, McBride says journalists who choose to break the law ought to be prepared to accept the full consequences. That, in itself, is a useful guide for determining whether a story is one of overriding public interest or just a sexy scoop. “If you get 30 days in jail for trespassing, it’s got to be worth going to jail for 30 days,” she says.


%d bloggers like this: