Hacking, Security & Privacy News - Page 62

The ongoing drama for Sony Pictures Entertainment took a dark turn on Tuesday, with the hacker group responsible issuing a terrorist threat when 'The Interview' hits theaters. It would seem the threat is working, as some movie theater operators are considering pulling the movie.

"We will clearly show it to you at the very time and places 'The Interview' [will] be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to," the hackers said in a statement. "Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001."

The group also recommended people stay away from theaters after the movie is released.

Cybercriminals are compromising US consumers and business workers on a large scale, able to steal personal information and payment details in bulk. Home Depot was compromised and 56 million payment card numbers and 53 million email addresses were taken in a single breach alone, along with Target, Neiman Marcus, and a number of retailers also falling victim.

However, trying to make use of stolen information forces cybercriminals to act quickly - if 10,000 cards are compromised, only around 100 could cash out, with an estimated 10 cars actually working, according to Alex Holden, from Hold Security.

"Cybercriminals don't have enough resources to monetize stolen data in big volumes," said Andrew Komarov, IntelCrawler CEO, in a statement to PCWorld. "It really has a small margin, and it is pretty complicated to resell it in big amounts."

Sony Pictures Entertainment employees heard from company CEO Michael Lynton and co-chair Amy Pascal during an open town hall meeting on Monday. The company is still painfully suffering after a major data breach led to emails stolen, employee personal information leaked, and other disruptions to its business.

"This will not take us down," Lynton said during the town hall meeting in front of employees. "You should not be worried about the future of this studio."

Lynton apologized that employee personal information and medical records were stolen - and then posted online - by the cybercriminals. During the two sessions held on Monday, there were no question and answer segments for employees to ask questions to Lynton or Pascal.

Billionaire investor Mark Cuban was caught up in the data breach suffered by Sony Pictures Entertainment, as Sony Pictures Television President Steve Mosko, Cuban, and Cuban Companies attorney Robert Hart were discussing contract negotiations for "Shark Tank." Cuban was not pleased to be offered $30,000 per episode in season 5, $31,200 per episode in season 6, and $32,488 per episode in season 7.

Cuban now speaks directly with Mosko via Cyber Dust, Cuban's free texting app, providing a secure platform in which messages and photos are purged after 30 seconds. Similar to SnapChat, however, it would appear Cyber Dust messages can be captured - but indicates a growing trend among users looking for more secure communications.

"For those following the Sony hack situation, you may have seen one of my emails about my Shark Tank salary and deal emerge," Cuban recently said via Cyber Dust. "What they don't know is that I moved all the rest of my discussions to Cyber Dust! That's why there was only one email. Moral of the story is that the 'no big deal' email you send today can easily be part of tomorrow's big hack leak. No matter who you are, someone you know is getting hacked and it could impact you."

The Anonymous hacker collective and Lizard Squad aren't happy with the Swedish government for dropping The Pirate Bay, and is launching cyberattacks to compromise government officials. Hackers provided the URL and IP addresses used by the Swedish police force, inviting other hackers to target its website. Additional attacks related to the remove of The Pirate Bay are expected to continue in coming weeks from a number of different groups.

Last week, Swedish ISP Telia also suffered cyberattacks, causing online services disruptions and connectivity issues for subscribers throughout the country. Usernames and passwords of numerous Swedish government officials were posted online by Anonymous. Hackers also targeted government email addresses for representatives in Argentina, Israel, India, Mexico and Brazil.

Trying to prevent these cyberattacks proves difficult for government agencies and companies, especially with Anonymous operating as an organized, decentralized collective of skilled hackers.

Point-of-Sale (PoS) vendors are facing an increasing number of cyberattacks, as organized hackers find new methods to compromise customer data. The Charge Anywhere payment gateway solution provider announced it was compromised, with the breach first occurring in 2009.

The PoS infrastructure, especially as more companies begin to test mobile payment services, will become a major target for criminals. In addition to Charge Anywhere, PoS system vendor Signature Systems also confirmed it suffered a data breach in September, with custom malware installed to steal data. Trying to crack down - and limit - these types of attacks will be extremely difficult, with a growing number of highly-organized cybercriminal groups trying to steal US consumer payment data.

"I would expect attacks like this to become more frequent and more widespread for the reason that seems to be underreported on this breach - the substantial increase in mobile payments due to ease of use, and the ability to accept payments equickly, especially to smaller businesses," said Tom Bain, CounterTack VP of security strategy, as noted by Dark Reading. "Users expect and have a blind trust in applications that support their business - and just expect that security measures are taken to protect them. In just a six-month span this year, mobile malware attacks have increased [by six times] globally."

The Guardians of Peace hacker group, which has taken credit for compromising Sony Pictures Entertainment, has offered to withhold compromising data: employees only need to email them their name and business title to be spared. The unique correspondence comes ahead of another promised round of published email correspondence between SPE employees.

Here is what the group said in an email: "Message to SPE staffers. We have a plan to release emails and privacy of the Sony Pictures employees. If you don't want your privacy to be released, tell us your name and business title to take off your data."

The message also has an ominous warning to SPE executives: "The sooner SPE accept our demands, the better, of course. The farther time goes by, the worse state SPE will be put into and we will have Sony go bankrupt in the end."

Sony Pictures Entertainment is still trying to recover from a nasty data breach, and now the company's attorneys are taking aim at the media. Hackers have released eight rounds of data, much of it embarrassing, as SPE's attorneys want journalists and bloggers to stop publicizing leaked data.

"We are writing to ensure that you are aware that SPE does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use of the stolen information," according to a letter written by attorney David Boies, and sent to several tech media outlets.

The Supreme Court previously found a radio not liable for broadcasting an illegally recorded conversation, as the station was a third-party and didn't participate in actively making the audio recording. It would seem unlikely the SPE can make any legal demands of journalists for posting the data - and outlets will continue to air SPE's dirty laundry in public.

Before Sony Pictures Entertainment was compromised in a significant cyberattack that crippled its computer systems and led to large amounts of data stolen, the company was warned of lapses in cybersecurity. SPE's firewall and at least 100 other devices were being monitored by the studio's in-house team instead of Sony's corporate security team, according to an audit done by PricewaterhouseCoopers (PwC).

"Security incidents impacting these network or infrastructure devices may not be detected or resolved [in a] timely [manner]," according to a PrincewaterhouseCoopers confidential report available in September. Re/code received a copy of the report and indicated SPE knew of significant security problems, but had a slow reaction time before trying to resolve problems.

Hollywood studios and other major corporations have the opportunity to learn from SPE's significant data breach, at Sony's expense.

The Internet of Things (IoT) is expected to explode in popularity in coming years, but trying to keep a growing number of connected devices secure from cybercriminals remains a major effort. To help get a step ahead of malicious criminals, companies are embracing white hat hackers specialized in finding and exploiting potential security loopholes - and then sharing details with the company.

"Source code analysis, integrating security testing into the normal test cycle, and penetration testing at the end," said Michael Murray, director of GE Healthcare cybersecurity consulting and assessment, in a statement published by Dark Reading. "I'm [still] breaking lots of stuff. I'm just breaking it before it gets to the customer to make sure bad things don't happen to people out in the world."

Connected devices are increasing to vehicles, our homes and apartments, medical devices, and virtually everywhere else - but keeping consumers and users secure is a major effort.