IT Support and Hardware for Clinics
32.7K views | +3 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

How NSA Hacked North Korean Hackers

How NSA Hacked North Korean Hackers | IT Support and Hardware for Clinics | Scoop.it

The U.S. government's attribution of the Sony Pictures Entertainment hack attack to North Korea stems, in part, from the U.S. National Security Agency having infected a significant number of North Korean PCs with malware, which the intelligence agency has been using to monitor the country's hacking force.


So says The New York Times, which bases its report, in part, on interviews with unnamed former U.S. and foreign officials, as well as a newly leaked NSA document. The document, published Jan. 17 by German newsmagazine Der Spiegel - and obtained via former NSA contractor Edward Snowden - details how the NSA worked with South Korea - and other allies - to infiltrate North Korea. The agency reportedly infiltrated at least some of these computers by first exploiting systems in China and Malaysia that help manage and administer North Korea's connection to the Internet.

According to the Times report, the hacked computers have given the NSA an "early warning radar" against attacks launched by the Pyongyang-based government of North Korea. Related intelligence gathered by the NSA also reportedly helped convince President Obama that North Korea was behind the Sony Pictures hack.

North Korea's Reconnaissance General Bureau intelligence service, as well as its Bureau 121 hacking unit, control the vast majority of the country's 6,000-strong hacking force, some of which operates from China, according to news reports.

Fourth Party Collection

Some of the evidence of the NSA's ability to monitor North Korean systems comes from a leaked NSA document, which appears to be a transcript of an internal NSA question-and-answer discussion that's marked "top secret" and is restricted to the U.S. and its Five Eyes spying program partners: Australia, Canada, New Zealand and the United Kingdom. The document refers to the NSA's practice of "fourth party collection," which involves hacking into someone else's hack, according to a Der Spiegel report.

The document relays an episode that involves North Korea: "We found a few instances where there were NK [North Korea] officials with SK [South Korea] implants [malware] on their boxes, so we got on the exfil [data exfiltration] points, and sucked back the data," the document reads.

Der Spiegel reports that this practice, which is employed by the NSA's Tailored Access Operations team, has been used extensively to undermine many hack attacks emanating from Russia and China and has allowed the NSA to obtain the source code for some Chinese malware tools.

But some attacks against U.S. systems did succeed, and one leaked NSA document says that as of several years ago, 30,000 separate attacks had been detected against U.S. Defense Department systems, 1,600 systems had been hacked, and related "damage assessment and network repair" costs had exceeded $100 million.

The NSA document also discloses that South Korea in recent years has begun attempting to hack into some U.S. government systems.

The FBI has previously said that its attribution of the Sony Pictures hack was based in part on intelligence shared by the NSA, although that attribution did not single out the North Korean government, thus leaving open the possibility that pro-Pyongyang hackers or even mercenaries may have also been involved.

The Role of Botnets

On the attribution front, meanwhile, documents newly published by Der Spiegel - and leaked by Snowden - have detailed an NSA program, code-named "Defiantwarrior," which involves the NSA using infected nodes - or zombies - in a botnet. When such nodes are traced to U.S. computers, the FBI reportedly uses the information to help shut down those parts of the botnet. But when nodes are discovered on computers in countries outside the Five Eyes program, the NSA - according to the leaked documents - may use these to launch attacks against targets. While such attacks might be traced back to the botnet node, this practice reportedly helps the agency launch attacks that are difficult - if not impossible - to attribute back to the NSA.

Did NSA Keep Quiet?

The report that the NSA had hacked into many of the systems employed by the North Korean military, and was monitoring them, has prompted information security experts to question whether the agency knew about the Sony Pictures hack and failed to stop it.

"If the NSA were secretly spying so comprehensively on the networks used by North Korea's hackers, how come they didn't warn Sony Pictures?" asks independent security expert Graham Cluley in a blog post.

If the NSA did detect signs of the Sony hack planning, reconnaissance and actual attack unfolding, however, then it might have declined to warn the television and movie studio to avoid compromising that monitoring ability, says Europol cybersecurity adviser Alan Woodward, who's a visiting computing professor at the University of Surrey in England. Similar questions have been raised in the past, for example, over the World War II bombing of Coventry, England, by the Germans, and why - if the British had cracked the Nazis' secret Enigma codes - the U.K. government didn't evacuate the city.

Another outstanding question is the extent to which the leadership of North Korea suspected - or knew - that their computer systems may have been infiltrated by foreign intelligence services. "Presumably, the cat is now out of the bag," Cluley says. "These news stories may take some of the heat off the [United] States from some of those in the IT security world who were skeptical about the claims of North Korean involvement, but it also tips off North Korea that it may want to be a little more careful about its own computer security."


more...
Szymon Mantey's curator insight, January 19, 2015 2:28 PM

Poradnik w jak łatwy sposób zostac shakowanym przez skośnookich  w ktorym to kradną nasze dane osobowe a NSA nie ejst wstanie nic z tym zrobić...

Scoop.it!

Sony Hacking Scandal -- Execs Convinced It's an Inside Job

Sony Hacking Scandal -- Execs Convinced It's an Inside Job | IT Support and Hardware for Clinics | Scoop.it

Sony execs are now convinced someone who worked for the studio is behind the massive hacking ... because no one from the outside could so precisely target the compromising information.

Multiple sources connected to the studio tell TMZ ... the strong, prevailing view is that the North Koreans are probably involved, but they used someone with intimate knowledge of the Sony email system to laser in on the most embarrassing information.

We're told the people at Sony who are investigating believe the hackers had intimate knowledge of mail systems and their configurations. They also believe the hackers have knowledge of the internal media distribution systems and the internal IT systems, including human resources and payroll.

Several people suggested a possible link between the hackers and Sony layoffs, which included a large number of IT employees.



Via Roger Smith, Paulo Félix
more...
Roger Smith's curator insight, December 17, 2014 4:43 PM

Insider job or very precise social engineering, either way not understanding the threat is the biggest problem for an organisation.

Mcol's curator insight, December 19, 2014 9:46 AM

Exemple de SONY

Scoop.it!

The Hackers' Shocking, Pointless Defeat of 'The Interview'

The Hackers' Shocking, Pointless Defeat of 'The Interview' | IT Support and Hardware for Clinics | Scoop.it

The latest, strangest turn in the Sony hack saga, an ongoing sequence of cyber-attacks seemingly motivated by Seth Rogen and James Franco's "assassination of Kim Jong-un" comedy The Interview, has a film studio taking a seemingly unprecedented step: letting movie theaters pull the movie entirely in the wake of terrorist threats. The film was due for release on Christmas Day and now may not be shown in any theater—certainly not the major chains (AMC, Regal, Cinemark, Cineplex) that most Americans attend. It's a shocking turn, especially since it's motivated by extremely vague threats ("The world will be full of fear…remember the 11th of September 2001…we recommend you to keep yourself distant from the places at that time.").

In one obvious sense, then, the terrorists have won. But if their goal really was to prevent people from seeing Kim Jong Un’s fictional assassination, then it may turn out to be a pointless victory.

It remains to be seen how this situation will play out exactly—but it’s easy to guess. Within hours of The Interview getting yanked from theaters, news hit that Sony is apparently considering a premium online release for the film. That seems like the most logical step—both from a profit standpoint and a safety one. Sony stands to lose millions in this whole affair, not to mention whatever penalties they might owe the film’s creative personnel, so any money that could be recouped on VOD would help offset that. It also makes a certain sense that theaters are acting in unison on this—as vague as the threat might be, it would take just one incident to create enormous liability for them. The New York Times pointed out that shopping malls, in which many theaters reside, helped lobby for the decision to avoid screening The Interview.


The Interview could very well benefit, in a cruel and unusual sort of way, from all this bizarre publicity.


Still, many are pointing out the scary precedent of Sony bowing to unspecified threats, especially when the Department of Homeland Security said the threats were not credible. Say someone disagrees with the premise of an upcoming film—one that deals with a hot-button issue like abortion or race, for example. If a terror threat gets called in, would theaters be compelled to make the same decision they made here? Though the Sony hackers have displayed their might in a sense—by ripping hundreds of terrabytes of information from its private servers to publicly embarrass the company—they haven’t demonstrated the capability to make good on the more horrifying threat they made Tuesday.

The Internet has enabled the hackers’ power, but it has also neutered them: The Interview will almost certainly be seen, whether in theaters or not. In 1990, a similar situation would have doomed a film to utter obscurity. Even in 2001, the Arnold Schwarzenegger action vehicle Collateral Damage, which was due for release on October 5, 2001 and was pushed to the next February because it depicted a bomb attack in the U.S., was basically forgotten outside of that pop-culture history footnote. But because of on-demand technology, The Interview could very well benefit, in a cruel and unusual sort of way, from all this bizarre publicity. Were the situation not so financially harmful and publicly embarrassing for Sony, it’d be easy to conspiratorially regard it as some kind of high-concept publicity stunt to convince us of The Interview’s political bravery.

Still, who knows if that will translate into online viewings—or what Sony will even charge for the privilege of watching it in one’s own home, free of a terrorist threat. That’s how precedent-setting this is: Nothing like this has ever happened before. Three years ago Universal weighed releasing its comedy Tower Heist on VOD three weeks after it hit theaters, at $60 a pop, to generate public interest. Theaters threatened to boycott and the decision was scrapped. We lived in strange times then—but stranger times now.



more...
Paul Gill's curator insight, December 25, 2014 3:37 PM

Dear Kim Jong-un and everyone else - Merry Christmas - um, regarding The Interview - What was the Point?