Hacking, Security & Privacy - Page 32

The Anonymous hacker collective has publicly launched a campaign against Islamic extremists tied to the attacks on Charlie Hebdo, which has killed 12 people. The group plans to target al-Qaeda, ISIS and other terrorists, with a focus on bringing down their social media accounts and websites used to spread propaganda.

"We, Anonymous around the world, have decided to declare war on you the terrorists," the group declared in a YouTube video. "We intend to take revenge in their name, we are going to survey your activities on the net, we are going to shut down your accounts on all social networks."

#OpCharlieHebdo has already claimed one victim, though the victimized website returned to service after an hour or two of downtime. However, distributed denial of service (DDoS) attacks and other cyberattacks are expected to target the terrorist groups operating in Iraq, Syria, and elsewhere in the Middle East.

The North Korean Bureau 121 cyber warfare unit has continued to recruit new computer experts to its unit, with potential long-term plans of conducting wide-scale cyberespionage operations. Despite additional sanctions levied against Pyongyang, it hasn't slowed momentum of the secretive cyber unit.

"North Korea is currently running its 6,000 (-member) workforce for cyber warfare and performing cyberattacks for physical and psychological paralysis inside South Korea such as causing troubles for military operations and national infrastructures," said the South Korean Defense Ministry, in a statement published by Reuters.

The North Korean government has denied it was involved in breaching Sony Pictures Entertainment - but details of its hacker group continue to be published. Bureau 121 has been blamed for several notable breaches targeting South Korean banks and other infrastructure, with the unit's skills reportedly developing.

Based on its success during cybersecurity-based competitions, the University of Central Florida (UCF) has won the 2014 Collegiate Cybersecurity Championship Cup.

"The Cybersecurity Championship Cup program is designed to encourage collegiate participation in all cybersecurity-based competitions - not just specific events," said Dr. Gregory White, Director of the Center for Infrastructure Assurance and Security. "The program is similar to the FedEx or Sprint Cups - teams gain points for participation in placement in disparate cybersecurity competitions."

The cup competition is supported by a grant from the Department of Homeland Security Science and Technology Director Cyber Security Division, and is managed by the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio. There is a growing need for cybersecurity specialists - both by the private sector and the federal government - as foreign cyberattacks continute to warrant great concern.

Sony Pictures is still dealing with the aftermath of its data breach originally suffered seven weeks ago, and it has been a major headache. However, the incident will be covered by SPE's insurance, and likely won't require the company to endure additional cost-cutting measures, according to SPE CEO Michael Lynton.

"I would say the cost is far less than anything anybody is imaging and certainly shouldn't be anything that is disruptive to our budget," Lynton recently told Reuters.

The financial cost related to post-breach cleanup may be covered, but Sony Pictures must now work on its public relations image. Employee morale is reportedly high, and payroll has been managed, but leaked email conversations between SPE executives embarrassed the company. It will take time and effort, but Lynton acknowledge rebuilding trust with company employees and Hollywood partners already is being worked on.

Sony Pictures managed to release "The Interview" to the Internet on Christmas Eve and in theaters on Christmas, but it continues to be a bumpy road for the movie studio. The Guardians of Peace hacker group compromised SPE servers, took all the data, and then "wiped them clean" so Sony no longer had backups.

The initial breach took place shortly before Thanksgiving, and the movie studio's networks are still down - and likely won't be back online for a few more weeks, at the earliest.

"We are the canary in the coal mine, that's for sure," said Michael Lynton, Sony Pictures CEO, in an interview with the Associated Press. "There's no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions without being able to refer to a lot of experiences you've had in the past or other peoples' experiences. You're on completely new ground."

Companies struggle to keep their networks secure, and are becoming frustrated by cyberattacks and data breaches. Despite some interest in launching retaliatory attacks, there are a number of hurdles that make it difficult, legal issues aside - not only would it be ineffective because it could escalate the matter further, but there are concerns victims would launch cyberattacks against the wrong targets.

The topic came back to life after JPMorgan Chase may have recruited hackers to launch attacks in retaliation for a cyberattack. Cybersecurity experts and the US government don't recommend companies seek revenge, as US infrastructure has the most to lose - and it'll likely end poorly for the victim either way.

"The technical sector is the backbone of the American economy, and if we start engaging in these kind of behaviors, in these kind of attacks, we're setting a standard, we're creating a new international norm of behavior that says this is what nations do," said former NSA contractor Edward Snowden, in a an interview that PBS Nova will publish soon.

Former NSA contractor Edward Snowden answered questions for a video interview with NOVA, from June 2014, discussing cyber warfare programs on the national level.

The Regin malware, likely created by the American NSA or British GCHQ, is an example of how clever governments have become in their effort to spy on one another. Unfortunately, there is growing concern that these types of cyberattacks could have real militaristic consequences, though countries tend to deny any and all attributions of their crimes.

"Now, this is something that people don't understand fully about cyberattacks, which is that the majority of them are disruptive, but not necessarily destructive," Snowden said. "One of the key differentiators with our level of sophistication and nation-level actors is they're increasing pursuing the capability to launch destructive cyberattacks, as opposed to the disruptive kinds that you normally see online, through protestors, through activists, denial of service attacks, and so on. And this is a pivot that is going to be very difficult for us to navigate."

Sony CEO Kazuo Hirai complemented employees and partners for their support and patience following a late 2014 cyberattack. Hirai is optimistic that Hollywood actors and companies will continue to choose to work with the company in 2015 and later down the road - despite how damning some of the information leaked was, likely hurting SPE's reputation.

"We are still reviewing the effects of the cyber attack," Hirai told reporters during CES. "However, I do not see it as something that will cause a material upheaval on Sony Pictures business operations."

Meanwhile, the company is still analyzing full effects of the attack and data breach, which revealed former and current employee personal information, leaked emails, unreleased films, and other company-related information.

CES 2015 - Smart and connected technologies accessing the Internet of Things (IoT) have generated significant interest during CES 2015. Manufacturers mainly promoted the benefits of their connected devices, though cybersecurity experts and government regulators want consumers to be aware of potential risks.

Security and privacy concerns could become major headaches for consumers, manufacturers, and security experts embracing connected devices. Collection of personal data with - and often times without - consumer consent, how that information is used, and the theft of data currently are the biggest security concerns.

"Any device that is connected to the Internet is at risk of being hijacked," said Edith Ramirez, Federal Trade Commission (FTC) chairwoman, in a statement made during CES. "Moreover, the risks that unauthorized access create intensify as we adopt more and more devices linked to our physical safety, such as our cars, medical care and homes."

If you've ever heard someone guarantee 100 percent security to you in cyberspace then you know you've got yourself a liar - and not a very good one. Of course, cyberspace will never be truly secure according to Martin Giles. This is why cyber security is becoming increasingly complex and as threats do as well. Huge compromises to data occur in rare events, but the biggest day-to-day threats come in the form of crooks attempting to steal financial data from businesses and individuals.

The hackers best at what they do are certainly making life more difficult for cyber security professionals. Simply put, however, the most common breaches of security are often the result of the most obvious mistakes. For example, an employee can physically write down a password on paper only to have it fall into the wrong hands, or customer information is available to those that have no business with such confidential information. Because of this, it appears that some businesses are not able to anticipate incoming cyber attacks.

In fact, there are reports that argue there is a great need to actually provide businesses with incentives to take cyber security more seriously than they already are. Here are some simple tips for prevention:

A former employee with Morgan Stanley was canned after being accused of stealing and looking to sell personal information of 350,000 of the firm's clients.

Wealth Management clients are now being informed that the employee took partial client data - and there is no evidence of economic loss - but client information of up to 900 clients, including account names and numbers, were posted on the Internet.

"Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the appropriate authorities to conduct and conclude a thorough investigation of this incident," the company said in a public statement.

CES 2015 - The annual Consumer Electronics Show (CES) is supposed to be all about announcing and launching new, innovative products, but it wasn't all fun for Sony. Kazuo Hirai, president and CEO of Sony, spoke out against the cyberattack that hit Sony Pictures, while applauding employees for their resolve.

The Guardians of Peace made it a rough end of the year for Sony Pictures, crippling the company, leaking embarassing emails, stealing data, and terrorizing former and current employees - and it remains a rather trying time for employees.

Both Sony, former employees and current employees were the victim of one of the most vicious and malicious cyberattacks in recent history," Hirai said. "I have to say that I'm very proud of all the employees, and certainly the partners who stood up against the extortionist efforts of criminals, and worked tirelessly, sometimes for days on end to bring you 'The Interview,'"

The bitcoin exchange BitStamp has suspended operation following a significant data breach in which 19,000 bitcoins - valued at more than $5 million - were stolen from the company. BitStamp has frozen user accounts, blocked deposits and suspended all trades as an investigation and security audit are reportedly underway.

The company has a public disclaimer informing customers of the breach on its website: "Upon learning of the breach, we immediately notified all customers that they should no longer make deposits to previously issued bitcoin deposit addresses," part of the message reads. "To repeat, customers should NOT make any deposits to previously issued bitcoin deposit addresses."

Bitcoins endured a turbulent growth period in 2014, with more consumers and businesses expanding adoption - but the currency remained volatile, and overall value has dipped. These type of incidents could be catastrophic for future growth of bitcoins, at a time when consumers already are skeptical of long-term potential.

There was a 50 percent decline in cyberattacks against U.S. retailers in 2014, but a whopping 61 million records were taken in the data breaches that did occur, according to a recent IBM Security report. In 2013, there were 4,200 recorded daily cyberattacks, and that number dropped to 3,043 in 2014.

Cybercriminals are perfecting their craft and using newer, more sophisticated techniques to compromise retailers. Despite increased concern that criminals would target Black Friday and Cyber Monday, but they instead waited it out and are carefully choosing how they launch attacks.

"The threat from organized cybercrime rings remains the largest security challenge for retailers," said Kris Lovejoy, GM of the IBM Security Services, in a press statement. "It is imperative that security leaders and CISOs in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats."

Cybercriminals are finding new methods to compromise corporate and government networks, and are increasingly spending more time doing reconnaissance without being detected. These longer-lasting operations are difficult to prevent with many corporations focusing on perimeter-based cybersecurity defense, not considering the idea that criminals may already be inside.

Companies such as Sony Pictures, Home Depot, Target and other major corporations are first breached using spear-phishing attacks or stolen third-party user login credentials - and the problems only get worse from there. Cybersecurity experts recommend creating protocols so companies are able to identify who is accessing data, from where, and how they are interacting with the accessed data. If a cybersecurity audit is completed, then following through with recommended improvements should also be carried out as quickly as possible.

"We are beginning to realize in some cases that the situation is far worse than we realized," said Stephen Hulquist, chief evangelist at RedSeal Networks, in a statement published by Dark Reading. "In some cases attackers have been inside networks for months and even years without being discovered."

Malware threats garnered major media attention throughout 2014, but cybersecurity experts are concerned that casual users and business decision leaders aren't going to proactive enough to prevent breaches.

There will be more attention directed towards ransomware, which typically begin with a successful phishing attack. Ransomware demands monetary payments for criminals to turn over control of systems and data back to the victim, and evasion techniques used to deliver payloads are becoming increasingly sophisticated.

"In 2014 we saw a number of significant wins against malware with the dismantling of several major botnets. This type of takedown will be much harder in 2015 with malware becoming stealthier," said Andy Avanessian, VP of professional services at endpoint security company Avecto, in a statement published by Forbes. "In the coming months, we will see increased use of p2p, darknet and tor communications, forums selling malware and stolen data will also retreat further into hidden corners of the internet in an attempt to avoid infiltration."

Password length, complication and changes are something that many companies, news outlets and IT whizz-kids often drum into the general consumer. One of the best ways to prevent yourself falling victim to your 'general hacker' is to keep your passwords fresh, long and complicated.

iDict is a basic password-guesser that has just been pushed to GitHub. Containing a list of 500 passwords in its library, it will try to guess your accounts password based solely upon the list it has at hand. If your password looks anything like those of this list, we suggest you change them immediately for all services and never look back.

These types of simple passwords are often seen in the 'most popular password lists', with password1 or 12345 often ranking quite highly.

Remember how children these days are taught not to 'joke' about security when in an airport? The same should go for online mediums. Homeland Security blogger, David Garrett Jr., spent his new years day being questioned by the FBI - thanks to an apparent joke in which he 'threatened' CNN, posing as a GOP member and leading the FBI to believe the threats to be real.

Thankfully for Garrett, this was poised as a joke and he 'came clean' straight away. In a statement to Fusion, Garrett claimed that a FBI investigator wisely told him "in the future, it's a good idea not to pretend to be someone they're investigating."

In the end everyone has come out unharmed with the only cost being a waste of the FBI's time. Take note kids, sometimes the feds can press charges and make arrests even for what you might think is a joke - luckily in this case, Garrett was let go without prosecution.

Cybersecurity experts believe 2015 will be another busy year, as sophisticated attacks against users and businesses continue. Criminals will rely on working attacks to compromise victims, while also working to advance their weapons, making them harder to spot.

"Hackers are a diverse bunch, from lone wolves, to nation-state cyber warriors and organized cybercrime rings," said Joe Caruso, founder, CEO and CTO of the cybersecurity Global Digital Forensics (GDF) firm, in a press release. "But one thing they all have in common is they are more than willing to let it ride on a winning horse until it quits paying off. SO expect the favorites, phishing and spear-pshing, RATs (Remote Access Tools), ransomware, watering hole attacks and other third-party compromises, to keep getting ridden hard in 2015."

Numerous point-of-sale (POS) data breaches and the cyberattack against Sony Pictures should serve as painful reminders as to the importance of proper cybersecurity - but won't lead to decision makers acting urgently enough, many security specialists warn. As such, companies need to become proactive in conducting cybersecurity audits, and then following through to improve security protocols - in an attempt to make it more difficult for successful attacks to occur.

Sony Pictures Entertainment was compromised in a big way by the Guardians of Peace hacker group, and there is uncertainty if the hackers were properly removed from the company's network. SPE could be back to enjoying a fully operational network within the next two months if security holds, but would face lingering problems if hackers still have backdoors into the network.

"It took me 24 or 36 hours to fully understand that this was not something we were going to be able to recover from in the next week or two," Sony Entertainment CEO Michael Lynton said in a statement published by the Wall Street Journal. The company began using an old fleet of BlackBerry smartphones to communicate and conduct day-to-day business, following the data breach.

Since being released on Christmas, "The Interview" has collected more than $18 million in digital and box-office revenue - and has proven popular among Internet pirates. However, Lynton and other executives continue to apologize to movie actors and other industry bigwigs following leaked email conversations.