They and cyber security experts say the same malware used in the Sony attack is the first major destructive one against a US company on American soil. There’s been similar attacks in Asia and the Middle East. Cyber security expert Tom Kellermann calls it this kind of hacking? “…a watershed event”. An FBI report gave businesses a five page report on the malware used on the attack, gave them tips to combat it, and told them to advise the FBI if hit by this and other kinds of similar malware. Apparently, this malware is so potent it topples all hard drive data and makes them nearly impossible to even boot up. Last week’s attack on Sony did more than illegally release upcoming attractions for free download. It crippled email and other systems for nearly a week during one of the busiest times of the film industry year.
Here’s the scary part of this attack. Around this time of year, we’ve had attacks for the sole purpose of illegally getting money. Some hacks have been between two governments.? This seems to go far deeper. This is the kind of hacking that is revenge based, the most dangerous kind of all. That’s one reason I think the FBI is worried. The other is the potency of this malware. If it crippled a major motion picture house for a week, I shutter to think what this could do to a small business. I don’t talk about this to spread fear or panic. But I think we should take all protection necessary against any and all forms of malware. Isn’t it better to know something before it could happen than to wait until after it happens?
Hollywood is hacked. Five upcoming movies produced by Sony Pictures are now scrambling to protect it’s copyright laws and file-sharing hubs around the world. And who is to blame?
Movie ‘Fury’ and the remake of ‘Annie’ are being hit the hardest. Annie has been leaked and pirated three weeks before it’s much anticipated debut. It’s been downloaded over 205,000 times. Fury has been illegally downloaded over 1.2 million times in the last several days. Fury is already one of the most pirated movies of all-time; this is before it’s even released. The hack itself happened on November 24, 2014. During one hack of a Sony corporate system, a skeleton appeared on their computers saying, “Hacked by #GOP”. The group call themselves ‘Guardians of Peace’. Not only are they releasing whole movies before their theater due date, these ‘Guardians of Peace’ are threatening to release many top secrets of Sony. But there’s another, and even more sinister dynamic to this dilemma.
There’s a Sony movie called ‘The Interview’ that is scheduled to be released Christmas Day. The Interview is a blatant, unflattering spoof of the communist regime of North Korea and it’s dictator, Kim Jong-Un. It stars James Franco and Seth Rogen, and they’re journalists/talk show host scouted by the FBI to kill Kim Jong-Un. This spoof makes the N. Korean dictator very unhappy, so unhappy that he’s threatened severe consequences if The Interview isn’t pulled. How coincidental Sony gets hacked right when The Interview and several other Christmas season movies (or should I say Oscar season) are being promoted and released. Look at the names chosen: GOP, Guardians of Peace. That doesn’t sound like N. Korea. That’s the point. The hackers don’t want to look too obvious. That’s why they didn’t hack The Interview. First off, that would be too obvious. Second off, that would give more people exposure to this movie, and Jong-Un doesn’t want that. So why not go after other Sony movies? Is North Korea behind this hacking?
Can China shut us down? That question was asked at a House intelligence committee meeting in Washington, DC. The answer is a disturbing yes.
According to US Cyber Command top leader Admiral Michael Rodgers, China and a couple of other nations have the potential to cyber attack our electric grid and other major computer systems. The danger of a major foreign cyber attack has been fairly well known for years, but this is the first time it’s been confirmed by a major cyber security leader. We’re not just talking something that can disrupt a computer, but can disrupt treatment facilities, even nuclear plants, and entire online retail networks. Admiral Rodgers warns these powerful hackers can virtually do anything they want with little trace or consequence. the Admiral also warns cyber economic espionage has gotten so strong, skilled and sophisticated that their ability can do intense damage to our economic future. And the hackers have little to fear because there’s so much allusiveness and very little accountability.
I’m not writing this to scare anybody nor am I fear peddling. I believe this issue should be addressed sooner than later. But I thank Admiral Rodgers for letting us know about this potential threat. Knowledge is the first step. He also says things can be done to combat the threat. He urged Congress to pass a bill allowing companies to share online threats with the government and each other. But that’s going to be a difficult to pass in the wake of the NSA’s Edward Snowden scandal last year. But something has to be done. Imagine going hours, or even days, without any electricity, nuclear power or Internet connection all over America. Imagine the economic and social calamities a major power grid hack could cause. One Asian country had to endure that several weeks ago. What can we civilians do? One thing we can do is call our state and federal representatives and call on them to the proper steps necessary to protect our infrastructure, without putting our civil liberties or civil rights at risk. What else can be done to protect our cyber entities?
Today is November 18, 2014. The book Spam Nation is being released. It’s written by cyber security expert and investigative reporter Brian Krebs. Krebs’ forecast on cyber fraud is not optimistic.
On a morning show, Krebs is expecting another cyber security breach in the coming holiday shopping season. Remember the Target breach last year? In Spam Nation, he exposes the criminal masterminds behind such cyber attacks. They’re often from organized crime, gang members, and many of them are from Eastern European nations like Russia to Bulgaria. And not only is it getting easier for them, they’re getting more sophisticated. Krebs talks about spam pharmacies, viruses, malware and other devices they use. They’re even digital mob groups like Cosma, who stole untold American passwords and logins through an unforgiving malware attack. Did you know organizations like this will sell your information for as little as $25 to anyone willing to pay? Then these buyers will buy things with your account numbers, gift cards,? and anything else they get their hands on. It’s a win-win for everyone…except you the innocent consumer.
Krebs also sheds light on other issues. Did you know that you can expose yourself to spam pharmacies and hacking mobs even when you don’t open a spam or junk email? Spammers get the email, and sell usernames and passwords to the underground black market. This isn’t just an American problem; this is a global one. It costs consumers and companies billions of dollars every year. It can open the door to ills like divorce, foreclosures, even suicides. Spam Nation isn’t just doom and gloom. It gives the reader common sense things they can do to protect themselves. And it’s an easy and? read. You can read Brian Krebs security blog; he does a great job keeping up on computer security issues. Krebs does a good job exposing cyber fraud, the culprits behind it, and what we can do to protect ourselves and our households. Is Spam Nation a bestseller in the making?
Microsoft’s Internet Explorer isn’t what it used to be. Maybe it never was. And now, an IBM research team found a flaw that goes as far back as the Windows 95 era.
Tech giant IBM’s X-Force Research team found a data manipulation venerability called CVE-2014-6332. It’s nicknamed the unicorn bug. It’s a rare bug IE depends on but a hacker can use it for attacks that force codes to run remotely and take over the user’s machine. Don’t let the name 2014 fool you. This venerability has been around since the mid-1990s. This bug became exploitable when IE 3.0 and Visual Basic Script was released back in 1996. Hackers can use these remote codes to install malware, which can lead to keylogging, screen-grabbing, exploiting remote address, and other malware problems. IBM X-Force revealed the problem in spring 2014, even talked about it at this year’s Black Hat USA Conference. When the bug was found, they didn’t find it harmfully active, but there’s still room for caution. Exploitation is tricky, but when it’s successful, it can cause data attacks that can wipe out important files and destroy any system.
This explains a lot. The quality of Internet Explorer over the years has been downhill and I see little improvement in sight. Plus, web browser competitors like Firefox and Google Chrome are becoming more and more popular, probably because IE is slipping in quality. The other disturbing thing is that it took nearly twenty years for this problem to be exposed.? And it took an outside company to expose the Windows venerability. And why isn’t mainstream media talking about this? For a problem to be plaguing one of the largest Internet conglomerates for nearly two decades; that should be breaking news. I think IE is lucky nobody really exploited this issue. If they did, it probably would have cause the whole Internet as we know it to near collapse. Is this venerability the reason IE isn’t what it used to be?
Yesterday, it was announced the United States Postal Service (USPS) was hacked. This hack attack goes as far back as mid-September 2014.
No customers were affected by the attack. No credit card numbers or transactions done online or in? USPS stations were hit. But the information of as many as 800,000 post office employees, including names, dates of birth, Social Security numbers, and addresses were compromised. Employees affected range from the lowest paid mail hand to Postmaster General Patrick Donahue himself. Officials say the hacker/s weren’t interested in committing ID theft or credit card fraud. While no specific culprit has been named, China is suspected. The Chinese government vehemently denies being involved in this, or in any cyber attack. They let it be known they have a strict anti-cyber crime policy. To add suspicion, China was suspected in the hacking of the Federal Office of Personal Management. Plus, cyber security experts say it makes sense for China to target a major federal agency like USPS. Hackers may assume their post office systems are just alike. If they ever wanted to get lots of info on a huge number of government employees at once, the USPS would be the jackpot. Motives could include everything from building their own companies to building intelligence.
I always thought fraud and ID theft were the worst things that came from hacking. I’m starting to think twice about that. Being personally ripped off from a computer is awful, but for one government to compromise another can be outright dangerous. And what about these employees? It’s chilling that all their addresses and names could be in the hands of foreigners they will never meet. Scarier still their personal information could be used for? foreign intelligence purposes, and there’s no telling what the intelligence could be used for. Or am I blowing this out of proportion? Do government and private security companies need to do more to prevent cyber attacks of entire entities?
