IT Support and Hardware for Clinics
32.7K views | +1 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

How NSA Hacked North Korean Hackers

How NSA Hacked North Korean Hackers | IT Support and Hardware for Clinics | Scoop.it

The U.S. government's attribution of the Sony Pictures Entertainment hack attack to North Korea stems, in part, from the U.S. National Security Agency having infected a significant number of North Korean PCs with malware, which the intelligence agency has been using to monitor the country's hacking force.


So says The New York Times, which bases its report, in part, on interviews with unnamed former U.S. and foreign officials, as well as a newly leaked NSA document. The document, published Jan. 17 by German newsmagazine Der Spiegel - and obtained via former NSA contractor Edward Snowden - details how the NSA worked with South Korea - and other allies - to infiltrate North Korea. The agency reportedly infiltrated at least some of these computers by first exploiting systems in China and Malaysia that help manage and administer North Korea's connection to the Internet.

According to the Times report, the hacked computers have given the NSA an "early warning radar" against attacks launched by the Pyongyang-based government of North Korea. Related intelligence gathered by the NSA also reportedly helped convince President Obama that North Korea was behind the Sony Pictures hack.

North Korea's Reconnaissance General Bureau intelligence service, as well as its Bureau 121 hacking unit, control the vast majority of the country's 6,000-strong hacking force, some of which operates from China, according to news reports.

Fourth Party Collection

Some of the evidence of the NSA's ability to monitor North Korean systems comes from a leaked NSA document, which appears to be a transcript of an internal NSA question-and-answer discussion that's marked "top secret" and is restricted to the U.S. and its Five Eyes spying program partners: Australia, Canada, New Zealand and the United Kingdom. The document refers to the NSA's practice of "fourth party collection," which involves hacking into someone else's hack, according to a Der Spiegel report.

The document relays an episode that involves North Korea: "We found a few instances where there were NK [North Korea] officials with SK [South Korea] implants [malware] on their boxes, so we got on the exfil [data exfiltration] points, and sucked back the data," the document reads.

Der Spiegel reports that this practice, which is employed by the NSA's Tailored Access Operations team, has been used extensively to undermine many hack attacks emanating from Russia and China and has allowed the NSA to obtain the source code for some Chinese malware tools.

But some attacks against U.S. systems did succeed, and one leaked NSA document says that as of several years ago, 30,000 separate attacks had been detected against U.S. Defense Department systems, 1,600 systems had been hacked, and related "damage assessment and network repair" costs had exceeded $100 million.

The NSA document also discloses that South Korea in recent years has begun attempting to hack into some U.S. government systems.

The FBI has previously said that its attribution of the Sony Pictures hack was based in part on intelligence shared by the NSA, although that attribution did not single out the North Korean government, thus leaving open the possibility that pro-Pyongyang hackers or even mercenaries may have also been involved.

The Role of Botnets

On the attribution front, meanwhile, documents newly published by Der Spiegel - and leaked by Snowden - have detailed an NSA program, code-named "Defiantwarrior," which involves the NSA using infected nodes - or zombies - in a botnet. When such nodes are traced to U.S. computers, the FBI reportedly uses the information to help shut down those parts of the botnet. But when nodes are discovered on computers in countries outside the Five Eyes program, the NSA - according to the leaked documents - may use these to launch attacks against targets. While such attacks might be traced back to the botnet node, this practice reportedly helps the agency launch attacks that are difficult - if not impossible - to attribute back to the NSA.

Did NSA Keep Quiet?

The report that the NSA had hacked into many of the systems employed by the North Korean military, and was monitoring them, has prompted information security experts to question whether the agency knew about the Sony Pictures hack and failed to stop it.

"If the NSA were secretly spying so comprehensively on the networks used by North Korea's hackers, how come they didn't warn Sony Pictures?" asks independent security expert Graham Cluley in a blog post.

If the NSA did detect signs of the Sony hack planning, reconnaissance and actual attack unfolding, however, then it might have declined to warn the television and movie studio to avoid compromising that monitoring ability, says Europol cybersecurity adviser Alan Woodward, who's a visiting computing professor at the University of Surrey in England. Similar questions have been raised in the past, for example, over the World War II bombing of Coventry, England, by the Germans, and why - if the British had cracked the Nazis' secret Enigma codes - the U.K. government didn't evacuate the city.

Another outstanding question is the extent to which the leadership of North Korea suspected - or knew - that their computer systems may have been infiltrated by foreign intelligence services. "Presumably, the cat is now out of the bag," Cluley says. "These news stories may take some of the heat off the [United] States from some of those in the IT security world who were skeptical about the claims of North Korean involvement, but it also tips off North Korea that it may want to be a little more careful about its own computer security."


more...
Szymon Mantey's curator insight, January 19, 2015 2:28 PM

Poradnik w jak łatwy sposób zostac shakowanym przez skośnookich  w ktorym to kradną nasze dane osobowe a NSA nie ejst wstanie nic z tym zrobić...

Scoop.it!

Who Disrupted Internet in North Korea?

Who Disrupted Internet in North Korea? | IT Support and Hardware for Clinics | Scoop.it

Companies that monitor Internet traffic say the Internet went dark in North Korea on Dec. 22, days after President Obama pledged there would be a "proportionate response" to the cyber-attack on Sony Pictures Entertainment that the FBI blames on the North Koreans.

"I haven't seen such a steady beat of routing instability and outages in KP before," Doug Madory, director of Internet analysis at Dyn Research, tells the website North Korea Tech, referring to North Korea's Internet domain abbreviation. "Usually there are isolated blips, not continuous connectivity problems. I wouldn't be surprised if they are absorbing some sort of attack presently."


North Korea lost connectivity around 11 a.m. EST, according to CloudFlare, a provider of performance and security services for websites. Twelve hours later, the Associated Press reported the service had been restored.

Small Internet Footprint

CloudFlare chief executive Matthew Prince says if North Korea was victimized by a DDoS attack, it wasn't necessarily conducted by the United States or another nation state. Prince estimates that the capacity of North Korea's Internet is no greater than tens of gigabits per second. "Given the largest DDoS attacks are an order of magnitude larger than that," he says, "it is conceivable that an attack saturated the connection and knocked the site offline."

Prince says groups much smaller than a nation-state - even an individual - could pull off such a DDoS attack, pointing out that a British teenager pleaded guilty a few weeks ago to launching an attack generating 300 Gbps against Spamhaus, an organization that tracks e-mail spammers.

"That, again, is likely at least an order of magnitude larger than the total capacity of North Korea's link to the public Internet," he says. "In other words, if it turns out it was an attack, I'd be far more surprised if it was a government launching the attack than I would if it was a kid in a Guy Fawkes mask." The Guy Fawkes mask is a symbol used by the hacktivist group Anonymous.

Who's Responsible?

Dan Holden, director of security research at Arbor Networks, told Bloomberg News that it was unlikely the U.S. was behind the outage. "If the U.S. government was going to do something, it would not be so blatant and it would be way worse," he said. "This could just be someone in the U.S. who is ticked off because they're unable to see the movie," he said, referring to "The Interview," the film that Sony yanked after receiving threats from hackers.

State Department spokeswoman Marie Harf wouldn't comment on whether the United States was behind a cyber-attack on North Korea. "We aren't going to discuss publicly operational details about the possible response options," she said at a Dec. 22 briefing, adding that "as we implement our responses, some will be seen, some may not be seen."

The impact of an Internet outage in North Korea would be negligible because so few individuals and businesses in North Korea have access to the Internet. "It might cause short-term pain for the elites that have access to Internet, but it's not going to have a long-term effect," says Adam Segal, director of the program on digital and cyberspace policy at the Council of Foreign Relations, a think tank.

According to the New York Times, North Korea does very little commercial or government business over the Internet, officially registering only 1,024 Internet protocol addresses, though the actual number may be somewhat higher. The United States, by comparison, has billions of addresses.

Other Possible Causes

CloudFlare's Prince offered three other potential causes for the outage, including the North Korean government removing itself from the Internet. "We've seen this before when other countries with low levels of connectivity and governments with high degrees of power over telecommunications have terminated Internet access," Prince says, citing Syria as an example.

North Korea's Internet service provider, China Unicom, might have terminated service. "Since North Korea relies on a single provider upstream of the country, if China Unicom terminated access, it would effectively eliminate North Korea's Internet access," he says.

Prince also says that North Korea might have fallen victim to an "unfortunately timed" hardware failure or cable cut. "It's unlikely that North Korea has an up-to-date Cisco support contract, and a critical resource may have failed for innocuous reasons."



more...
No comment yet.
Scoop.it!

Congress will hold a public hearing on North Korea's hacking powers next week

Congress will hold a public hearing on North Korea's hacking powers next week | IT Support and Hardware for Clinics | Scoop.it

In the wake of the Sony Pictures hack, Washington is showing a new focus on the threat posed by North Korea. The House Foreign Affairs Committee has called for a public briefing on Tuesday that will examine the country's hacking capabilities, with testimony from the Departments of State, Treasury and Homeland Security. The briefing will focus on steps the US is taking to curtail or protect against the country's apparent capabilities. "There can be no doubt that the Kim regime means America harm," Chairman Ed Royce (R-CA) said in a statement, "and as we saw last month, Pyongyang can deliver on its threats."

President Obama has already ordered new sanctions against North Korea in direct response to the attack, but has also hinted at further measures yet to come, calling the sanctions the "first aspect" of the government's response. Others in Congress are also calling for new defensive measures, resurrecting the controversial CISPA cybersecurity bill. Given the newfound interest in digital defense, supporters see this as the bill's best chance to get through Congress. On Wednesday, FBI director James Comey reiterated his confidence that the nation was responsible, saying, "we know who hacked Sony. It was the North Koreans."


more...
No comment yet.
Scoop.it!

Sony Hackers Threaten Movie Theaters

Sony Hackers Threaten Movie Theaters | IT Support and Hardware for Clinics | Scoop.it

The U.S. Department of Homeland Security says it has no evidence to suggest that a "terror" threat made by hackers against movie theaters and theatergoers - in relation to the release of the forthcoming Sony Pictures Entertainment comedy "The Interview" - is credible.


While DHS confirms that it's aware of the threat, the agency says in a statement that "at this time there is no credible intelligence to indicate an active plot against movie theaters within the United States."


The response from DHS follows the release of a message from a group that calls itself the Guardians of Peace. "Remember the 11th of September 2001," the group warns. "We will clearly show it to you at the very time and places 'The Interview' be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. ... We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you'd better leave.)"

The warning was contained in a message posted Dec. 16 to the FriendPaste and Pastebin text-sharing websites, by "G.O.P.," following the group's damaging Nov. 24 wiper malware attack against Sony Pictures Entertainment, as well as its ongoing anti-Sony public relations campaign, which to date has seen the group reportedly release tens of gigabytes of stolen Sony data.

In response to G.O.P.'s threat, Sony Pictures has told theaters that it will allow them to decide whether they want to show the film. On Dec. 16, Carmike Cinemas - the fourth-largest U.S. exhibitor, by number of screens - said it won't show the film, The Wall Street Journal reports.

The Interview, which is due to have its U.S. release on Christmas Day, stars James Franco and Seth Rogan - who also co-directed - as a tabloid TV reporting team who land an interview with North Korean dictator Kim Jong-un in Pyongyang, but who get approached by the CIA to instead assassinate him.

In response to G.O.P.'s threat against theaters and movie-goers, some Hollywood luminaries have responded by publicly pledging to see the film.



more...
No comment yet.