TweakTown NewsRefine News by Category:
The Guardians of Peace hacker group, which has taken credit for compromising Sony Pictures Entertainment, has offered to withhold compromising data: employees only need to email them their name and business title to be spared. The unique correspondence comes ahead of another promised round of published email correspondence between SPE employees.
Here is what the group said in an email: "Message to SPE staffers. We have a plan to release emails and privacy of the Sony Pictures employees. If you don't want your privacy to be released, tell us your name and business title to take off your data."
The message also has an ominous warning to SPE executives: "The sooner SPE accept our demands, the better, of course. The farther time goes by, the worse state SPE will be put into and we will have Sony go bankrupt in the end."
Sony Pictures Entertainment is still trying to recover from a nasty data breach, and now the company's attorneys are taking aim at the media. Hackers have released eight rounds of data, much of it embarrassing, as SPE's attorneys want journalists and bloggers to stop publicizing leaked data.
"We are writing to ensure that you are aware that SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use of the stolen information," according to a letter written by attorney David Boies, and sent to several tech media outlets.
The Supreme Court previously found a radio not liable for broadcasting an illegally recorded conversation, as the station was a third-party and didn't participate in actively making the audio recording. It would seem unlikely the SPE can make any legal demands of journalists for posting the data - and outlets will continue to air SPE's dirty laundry in public.
Before Sony Pictures Entertainment was compromised in a significant cyberattack that crippled its computer systems and led to large amounts of data stolen, the company was warned of lapses in cybersecurity. SPE's firewall and at least 100 other devices were being monitored by the studio's in-house team instead of Sony's corporate security team, according to an audit done by PricewaterhouseCoopers (PwC).
"Security incidents impacting these network or infrastructure devices may not be detected or resolved [in a] timely [manner]," according to a PrincewaterhouseCoopers confidential report available in September. Re/code received a copy of the report and indicated SPE knew of significant security problems, but had a slow reaction time before trying to resolve problems.
Hollywood studios and other major corporations have the opportunity to learn from SPE's significant data breach, at Sony's expense.
The Internet of Things (IoT) is expected to explode in popularity in coming years, but trying to keep a growing number of connected devices secure from cybercriminals remains a major effort. To help get a step ahead of malicious criminals, companies are embracing white hat hackers specialized in finding and exploiting potential security loopholes - and then sharing details with the company.
"Source code analysis, integrating security testing into the normal test cycle, and penetration testing at the end," said Michael Murray, director of GE Healthcare cybersecurity consulting and assessment, in a statement published by Dark Reading. "I'm [still] breaking lots of stuff. I'm just breaking it before it gets to the customer to make sure bad things don't happen to people out in the world."
Connected devices are increasing to vehicles, our homes and apartments, medical devices, and virtually everywhere else - but keeping consumers and users secure is a major effort.
Despite major ramifications from its data breach suffered last month, with Sony still seeing bulk amounts of information leaked online, the company must continue moving forward. However, hopefully some people in the movie industry can now appreciate that public figures will remain a target of interest among hackers.
Agents, actors and movie studios in Hollywood can certainly learn from Sony's glaring mistakes, understanding that those emails with snide marks about others - which they expect to be confidential - shouldn't be sent, in fear potentially being leaked.
"[T]here's going to be consequences for senior people at the studio," said Sharon Waxman, founder and editor-in-chief of TheWrap, speaking to CNBC. "The studio has to go on with its business and it's drip drip drip everyday of an unknown damage hitting the studio - and embarrassment, another piece of information."
Chinese cybercriminals are finding success using social engineering attacks to easily compromise companies, with an increased focus on universities, financial institutions, defense contractors, and critical infrastructure. Likely state-sponsored cyberattackers were able to breach the Canadian National Research Council, searching around for scientific research information and possible trade secrets.
A spear-phishing attack, with the email including an attached piece of malicious code, found its way onto the organization's network. The Canadian government didn't disclose what type of information could have been compromised from the breach, which took place earlier in 2014.
It is also unclear as to whether any personal information has been compromised," said Tobi Cohen, a privacy commissioner spokeswoman, as noted by the CBC. "We are satisfied that the organization took appropriate steps to notify employees and other parties about the cyber-intrusion and that efforts are underway to update [information technology] systems and security procedures to prevent this from happening again."
The Guardians of Peace released more information stolen from Sony, and promised a large "Christmas gift" of additional data taken in a breach Sony suffered that started late last month. The leaked content reportedly contained more email correspondence and information related to Crackle, the online video website.
Here is part of the post from hackers (via Pastebin): "We are preparing for you a Christmas gift. The gift will be larger quantities of data. And it will be more interesting. The gift will surely give you much more pleasure and put Sony Pictures into the worst state."
The cybercriminals behind the Sony breach have released seven waves of stolen data and movies to the Internet, and will continue to do so. The FBI and cybersecurity companies are helping Sony clean up the mess, but the damage has clearly already been done.
It very well could have been a symbolic victory and nothing else, after The Pirate Bay was shuttered, but digital piracy levels didn't significantly drop. Piracy torrent statistics have been made available courtesy of the anti-piracy Excipio firm, which tracks movie, TV shows, music, video games, and software torrent downloads - and on Dec. 8, the day before Pirate Bay servers were seized, there were 101.5 million IP addresses engaged in torrent downloads.
The number dropped to 99 million on Dec. 9, then down to 95 million on Dec. 10, and 95.6 million downloads on Dec. 11, according to Excipio. However, the number again topped 100 million on Dec. 12, which noted that the daily average of torrent downloads worldwide since Nov. 1 was 99.99 million.
For interested Internet users, there are dozens of other websites that allow access to torrent downloads, and Internet piracy will continue to be a thorn in the side to governments and copyright holders.
US companies need to be aware of increasingly sophisticated Iranian cyberespionage operations, according to the FBI, with targets ranging from educational institutions, energy firms, defense contractors, and additional critical infrastructure.
As part of Operation Cleaver, there have been 50 victims in 16 countries reported so far, according to cybersecurity company Cylance. The FBI's "Flash" report also included technical details about sophisticated malware and attack strategies that are likely being used by Iranian cybercriminals. "It underscores Iran's determination and fixation on large-scale compromise of critical infrastructure," Cylance CEO Stuart McClure reportedly noted.
Potential victims have been asked by the FBI to speak with them, especially if potential links point towards foreign cybercriminals.
The Belgian telecoms company Belgacom was breached by UK spies on a larger scope than previously reported, according to a Belgian newspaper. Belgacom was reportedly infected with the Regin spy tool, a suspected US and UK creation, and was likely targeted because of partnerships with hundreds of major telecommunications companies spread throughout the world.
"In its digital attack on Belgacom, the British secret service was able to intercept more communications than was previously realized," according to the De Standaard Belgian newspaper. "The security service was thus able to intercept communications from Belgacom's individual clients, from NATO and the EU, as well as from clients of hundreds of international telecoms providers. It is an unprecedented violation of the privacy of anybody who used a mobile telephone."
Conducting cyberespionage efforts has evolved into a vital tool for national governments, though the US and UK have taken interest in monitoring its political own political allies. The GCHQ likely targeted the company starting in 2011, but it took until 2013 for the breach to be identified, after Belgacom reportedly improved its cybersecurity defenses.