Vladimir Putin’s government is actively “condoning” hacks
By Mark Hosenball and Jim Finkle
WASHINGTON/BOSTON (Reuters) – U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.
As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work, according to the official, who was not authorized to speak on the record about the investigation.
The attack on Sony Pictures is regarded to be the most destructive ever against a company on U.S. soil because the hackers not only stole huge quantities of data, but also wiped hard drives and brought down much of the studio’s network for more than a week.
While U.S. officials investigate whether North Korea enlisted help from outside contractors, the FBI stood by its previous statement that Pyongyang was the prime author of the attack against the Sony Corp unit.
“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” the Federal Bureau of Investigation said in a statement to Reuters.
“There is no credible information to indicate that any other individual is responsible for this cyber incident,” the FBI said.
North Korea has denied that it was behind the Sony attack and has vowed to hit back against any U.S. retaliation.
The people who claimed responsibility for the hack have said on Internet postings that they were incensed by the film “The Interview,” a Sony Pictures comedy about a fictional assassination of North Korean leader Kim Jong Un.
Some security experts have begun to question the FBI’s assertion that Pyongyang was behind the cyberattack. For instance, consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggest they were more likely from Russia than North Korea. Cybersecurity firm Norse said it suspects a Sony insider might have helped launch the attack.
“I think the government acted prematurely in announcing unequivocally that it was North Korea before the investigation was complete,” said Mark Rasch, a former federal cybercrimes prosecutor. “There are many theories about who did it and how they did it. The government has to be pursuing all of them.”
(Reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Tiffany Wu and Warren Strobel)
Russian President Vladimir Putin’s government is actively “condoning” hacks on Western retail and banking businesses
By Christopher Joye
Russian President Vladimir Putin’s government is actively “condoning” hacks on Western retail and banking businesses, according to the founder of one of the world’s leading cyber security firms ahead of the G20 summit in Brisbane and a meeting between Prime Minister Tony Abbott and the Russian leader at the APEC summit in Beijing.
And several local intelligence sources said there was also evidence of Russian hackers inside Australian networks.
“The Russians are much more aggressive right now across the board – both government and criminal elements – and we’re having a tough time distinguishing between the two,” Kevin Mandia, the founder of Mandiant told The Australian Financial Review in an interview from Canberra, where he was consulting with government officials.
He speculated that the spike in high-end Russian compromises was probably driven by a combination of the Ukrainian crisis, Edward Snowden’s revelations of the “five-eyes” Western intelligence capabilities and the imposition of sanctions on Russia.
Mr Mandia said he was “certain the Russian government was condoning the compromises”.
“It stretches credulity that Russian law enforcement and intelligence services, who monitor a hell of a lot of what their people do online, are not aware of what Russian hackers are doing,” he said.
His eponymous firm, Mandiant, is famous for being hired by The New York Times and The Wall Street Journal to thwart Chinese hackers and for fingering a hacking crew inside China’s People’s Liberation Army that was subsequently indicted by a US grand jury for fraud, espionage, trade secret theft and other crimes.
More sophisticated than Chinese
President Putin is due to arrive in Australia for the G20 leaders summit, which begins in Brisbane on November 15.
Alex Odoevsky, the second secretary at Russia’s embassy in Canberra, did not respond to an interview request.
Multiple former intelligence officials who spoke with the Financial Review confirmed that the government was aware of Russian penetrations of private Australian networks, but none would comment on the record. Over the weekend media alleged that Russian spies were extracting top-secret information from moles inside the Australian Security Intelligence Organisation in the early 1990s.
John Borchi, a former director in cyber security analysis at the highly secretive Australian Signals Directorate, said Russian cyber actors were much more difficult to find, and more sophisticated, than their Chinese counterparts.
“I liken the Chinese to a tank through a cornfield,” Mr Mandia concurred. “They are so successful at getting the information they want in obvious ways, they continue to be obvious.”
Mr Mandia said the internet was becoming increasingly “Balkanised” – with nations erecting barriers to technology trade and competing for control of crucial telecommunications assets – because intelligence agencies are playing catch-up and trying to “pierce anonymity with the same efficacy the Americans have”.
He said countries now claimed they want to shield citizens’ privacy “because of fears US intelligence may violate it”.
“But I am more convinced they want a more equal intelligence-gathering playing field,” he said.
Mr Mandia said he was worried that there were currently no bilateral discussions between China and the US on rules of engagement for cyber espionage.
“There was hope that would one day occur, but I am pretty damn sure there is no traction there. And because there are no repercussions for China and Russia hacking the West, the problem is just going to get worse,” he said.
Private sector targets
He said the frequency and severity of attacks was rising despite massive investments in superior cyber security. In this context Mr Mandia claimed there had been a substantial increase in sophisticated Russian attacks on private companies over the past 12 months compared with what he had seen in his 20 years of incident response experience.
“Russian criminals used to go for the low hanging fruit,” Mr Mandia said. “Now they’re going for the best retail and financial services brands in business – the folks that actually have the good security. And that’s surprising.”
He said historical attempts to penetrate businesses to carry out activities such as credit card fraud were not characterised by concerted efforts to conceal the intruders’ footprints.
“But in the past year I’ve witnessed first-hand much better counter-forensic techniques and better hacking capabilities against private retail and banking companies from the financial crimes guys in St Petersburg and Moscow.”
Mr Mandia said during his career, which included time as a computer security officer inside the Pentagon, Russian spy agencies typically “used valid login credentials as their ”No. 1” way of accessing a target – not exploits and not malware. “We are starting to see that more and more in private sector attacks.”
On October 28 Mandiant’s parent company, FireEye Inc, released a report identifying a highly skilled and state-sponsored Russian hacking group that had been spying on defence and geopolitical targets across Europe since 2007.
Christopher Joye is a contributing editor to The Australian Financial Review. He is a leading economist, fund manager and policy adviser who has previously worked for Goldman Sachs and the RBA, and was a director of the Menzies Research Centre. He is currently a director of Smarter Money Investments.
- North Korea says its supporters may be behind Sony attack Reuters
- FBI says it is investigating cyber attack at Sony Pictures Reuters
- More Signs North Korea May Be Behind Hacking of Sony Pictures The Wall Street Journal
- North Korea denies involvement in Sony cyber attack Reuters
- Security experts doubt North Korea hacked Sony Associated Press
Tags: Australian Financial Review, Australian Security Intelligence Organisation, banking, China, cyberattack, cybercrimes, cybersecurity, FBI, FireEye Inc, linguistic analysis of communications, Mandiant, North Korea, private retail, Russia, Smarter Money Investments, Sony, Sony Pictures, Taia Global, U.S. investigation, Vladimir Putin’s government, Vladimir Putin’s government