Hacking, Security & Privacy News - Page 65

North Korea is not surprisingly denying its involvement in the Sony Pictures Entertainment cyberattack last week that brought the company to a grinding halt. The country previously showed displeasure at SPE's movie The Interview, which will be released later this month, featuring a plot by two Americans to assassinate North Korean leader Kim Jong-Un.

"The hostile forces are relating everything to the DPRK. I kindly advise you to just wait and see," a North Korean spokesperson recently said. I do not know anything about this."

Some cybersecurity experts don't believe North Korea has significant infrastructure to launch cyberattacks - but could have called upon China or Russia - to launch the attack on its behalf. Some organized cybercriminal groups are willing to offer their services to the highest bidder, especially if it involves targeting high-profile attacks targeting companies in the United States.

Four different movies from Sony Pictures Entertainment, including Annie, Fury, Mr. Turner and Still Alice, have leaked online via peer-to-peer file sharing networks. The company suffered a major cyberattack last week, which is now being investigated by law enforcement, Sony confirmed. The digital copies are watermarked and were likely caused by the SPE network intrusion, sources have confirmed.

"The theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it," a Sony spokeswoman recently said.

Fury made its appearance on file sharing networks on Nov. 27, and has been downloaded at least 888,000 times. This is the largest leak since July, after the Expendables 3 movie was released online almost one month before release in theaters.

Sony Pictures Entertainment has tasked cybersecurity firm Mandiant with helping it clean up after a vicious cyberattack that knocked its computer networks offline last week. The "Guardians of Peace" claimed responsibility for the attack, saying they stole terabytes of data from SPE, with SPE's IT team unable to defend against the attack.

The SPE email system is expected to be restored by end of business tomorrow, while Sony executives remain relatively quiet about the incident.

It is a lucrative time to be in cybersecurity, as companies are turning to private sector companies for additional consultations - as cyberattacks are on the rise, with criminals able to steal internal data, disrupt daily work activities, and compromise customers.

Forget China and Russia - Sony Pictures Entertainment is investigating a major cyberattack that could have originated from North Korea. The attack crippled SPE's email and computer systems since Monday, interrupting employee operations throughout the short holiday week. Several movies being promoted by SPE were also impacted, as Twitter feeds were disrupted by the cyberattack.

The "Guardians of Peace" group claimed responsibility for the attack, and said it has a large amount of internal Sony data that it has taken. GOP is reportedly preparing a "volume of the data" to the Internet in the immediate future.

SPE is the studio behind "The Interview," a geopolitical satire that features James Franco and Seth Rogen as a talk show host and producer turned American operatives tasked with killing Kim Jong Un.

Panda Security collected 20 million new malware samples created worldwide, with an average of 227,747 new samples per day during Q3. The global infection rate increased from 36.87 percent up to 37.93 percent year-over-year, and Trojans are the most common type of malware. Trojans accounted for 78.08 percent of malware types, with viruses (8.89 percent) and worms (3.92 percent) also making an appearance.

Internet users face a cybersecurity threat from hackers, state-sponsored cybercriminals, and national government spy agencies - and trying to stay secure is rather difficult. China (49.83 percent), Peru (42.38 percent) and Bolivia (42.12 percent) are the three countries most targeted by cyberattacks, with nine European countries in the top ten most secure nations: Norway (23.07 percent), Sweden (23.44 percent), and Japan (24.02 percent) are the top three most secure.

"Over recent months cybercrime has continued growing," said Luis Corrons, PandaLabs Technical Director at Panda Security. "Cyber-crooks are still creating malware in order to infect as many computers as possible and access confidential data - but corporate environments have also come under attack. For example, over the last three months large companies have been the subjects of some scandals, such as the infamous 'Celebgate,' in which photos of actresses and models hosted on Apple's iCloud service were leaked, or the theft of Gmail and Dropbox passwords."

Following a massive data breach that left 56 million debit and credit card details stolen, along with 53 million email addresses, the company spent $43 million during Q3 to deal with the aftermath. The company expects to receive $15 million reimbursement as part of a $100 million network liability insurance policy - and must now work to ensure the problem doesn't occur again.

Meanwhile, the company faces multiple lawsuits and will "incur significant legal and other professional services expenses" due to the incident. The company's payment card data network was complaint in fall 2013, and was undergoing 2014 certification when the breach occurred, according to an independent auditor.

"The forensic investigator working on behalf of the payment card networks may claim the company was not in compliance with those standards at the time of the data breach," Home Depot noted.

Former GCHQ boss Sir John Adye believes current generation biometrics need more control, as he has concerns related to fingerprint scanners used by the Apple iPhone 6 and other devices. Despite believing the use of biometrics is a positive step toward device security, Sir John also is concerned about what happens to people's data when using these devices.

Sir John called out Apple specifically, with Apple Pay now allowing users to make payments simply with their fingerprint.

"I think Apple has done some good things. They appear to have a good system at the moment for protecting their operating system so it's difficult for anyone outside to penetrate it and retrieve data from it. But how long will that last, because the criminals... are very inventive at finding ways in, and although you can protect it in that way on the device itself, what happens if the device is lost or stolen?"

The FBI stepped over its boundaries with this particular case, where the US agency wanted to gain entry into a particular hotel guest's room, all without a warrant. When they couldn't secure one, they did the next best thing: posed as Internet technicians, gaining access to the hotel room, all without a warrant.

From the motion to suppress, we find out: "The next time you call for assistance because the internet service in your home is not working, the "technician" who comes to your door may actually be an undercover government agent. He will have secretly disconnected the service, knowing that you will naturally call for help and -- when he shows up at your door, impersonating a technician -- let him in. He will walk through each room of your house, claiming to diagnose the problem. Actually, he will be videotaping everything (and everyone) inside. He will have no reason to suspect you have broken the law, much less probable cause to obtain a search warrant. But that makes no difference, because by letting him in, you will have "consented" to an intrusive search of your home".

The FBI agents secured evidence from the hotel room, and submitted it to a magistrate to get a warrant. Kind of the reverse of what should happen, but they obviously wouldn't have told the judge that they posed as the Internet technicians in order to get into the room to secure the evidence they required to obtain the warrant in the first place.

The Southern District of Texas offered a misdemeanor plea deal to hacker Fidel Salinas, 28, just a few months after the hacker was charged with 44 felony counts of computer fraud and cyberstalking. Each count had a maximum 10-year prison sentence, totaling a potential 440 years in prison.

Instead, the suspected Anonymous-linked hacker plead guilty to one misdemeanor count of computer fraud and abuse - and must also pay $10,000. He faces up to one year in prison when sentenced on February 2, 2015, and his attorney will argue the monetary restitution is enough.

Salinas reportedly tried to access the Hidalgo County administrative website, using a script that racked up more than 14,000 access attempts. The brute force attack led county IT administrators to be locked out of the system themselves.

Anonymous has continued its #OPKKK campaign against members of the Ku Klux Klan in Missouri, after the group brazenly challenged the hacker collective online. The @KuKluxKlanUSA Twitter account was compromised last week, and the hacking fun was only beginning for Anonymous.

I won't link directly to the dox page, but it doesn't take much imagination into how one would easily find the information posted online, courtesy of Anonymous. Frank Ancona, the "KKK Imperial Wizard," had his address, phone number, Social Security number, credit card information, and other personal information - with the dox also targeting his wife - posted online.

Anonymous also might target government websites and infrastructure in Missouri to respond for the Grand Jury failing to indict Officer Darren Wilson: "We find it disturbing that you, the grand jury, have chosen this patch as everyone will not choose to stand calm and let you choose to let him walk free. As you've seen all the riots and businesses, police cars, etc., being burned down while Anonymous shall target any Missouri government or bank sites now, so you better increase your security because we're here and we're not going to stand by and watch you let this man walk free."