North Korea Likely Had Help with Sony Cyberattack — Linguistic analysis of communications points to Russia — Putin’s government actively “condoning” hacks

.  

Vladimir Putin’s government is actively “condoning” hacks

Image may contain: outdoor
Photo: Reuters

By Mark Hosenball and Jim Finkle 

WASHINGTON/BOSTON (Reuters) – U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.

As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work, according to the official, who was not authorized to speak on the record about the investigation.

The attack on Sony Pictures is regarded to be the most destructive ever against a company on U.S. soil because the hackers not only stole huge quantities of data, but also wiped hard drives and brought down much of the studio’s network for more than a week.

While U.S. officials investigate whether North Korea enlisted help from outside contractors, the FBI stood by its previous statement that Pyongyang was the prime author of the attack against the Sony Corp unit.

Image may contain: 2 people, suit

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” the Federal Bureau of Investigation said in a statement to Reuters.

“There is no credible information to indicate that any other individual is responsible for this cyber incident,” the FBI said.

North Korea has denied that it was behind the Sony attack and has vowed to hit back against any U.S. retaliation.

The people who claimed responsibility for the hack have said on Internet postings that they were incensed by the film “The Interview,” a Sony Pictures comedy about a fictional assassination of North Korean leader Kim Jong Un.

Some security experts have begun to question the FBI’s assertion that Pyongyang was behind the cyberattack. For instance, consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggest they were more likely from Russia than North Korea. Cybersecurity firm Norse said it suspects a Sony insider might have helped launch the attack.

“I think the government acted prematurely in announcing unequivocally that it was North Korea before the investigation was complete,” said Mark Rasch, a former federal cybercrimes prosecutor. “There are many theories about who did it and how they did it. The government has to be pursuing all of them.”

(Reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Tiffany Wu and Warren Strobel)

**************************

Russian President Vladimir Putin’s government is actively “condoning” hacks on Western retail and banking businesses

By Christopher Joye

Russian President Vladimir Putin’s ­government is actively “condoning” hacks on Western retail and banking businesses, according to the founder of one of the world’s leading cyber security firms ahead of the G20 summit in Brisbane and a meeting between Prime Minister Tony Abbott and the Russian leader at the APEC summit in Beijing.

And several local intelligence sources said there was also evidence of Russian hackers inside Australian networks.

“The Russians are much more ag­gressive right now across the board – both government and criminal elements – and we’re having a tough time distinguishing between the two,” Kevin Mandia, the founder of Mandiant told The Australian Financial Review in an interview from Canberra, where he was consulting with government officials.

He speculated that the spike in ­high-end Russian compromises was probably driven by a combination of the Ukrainian crisis, Edward Snowden’s ­revelations of the “five-eyes” Western intelligence capabilities and the im­position of sanctions on Russia.

Mr Mandia said he was “certain the Russian government was condoning the compromises”.

“It stretches credulity that Russian law enforcement and intelligence services, who monitor a hell of a lot of what their people do online, are not aware of what Russian hackers are doing,” he said.

His eponymous firm, Mandiant, is famous for being hired by The New York Times and The Wall Street Journal to thwart Chinese hackers and for fingering a hacking crew inside China’s People’s Liberation Army that was subsequently indicted by a US grand jury for fraud, espionage, trade secret theft and other crimes.

More sophisticated than Chinese

President Putin is due to arrive in Australia for the G20 leaders summit, which begins in Brisbane on November 15.

Alex Odoevsky, the second secretary at Russia’s embassy in Canberra, did not respond to an interview request.

Multiple former intelligence officials who spoke with the Financial Review confirmed that the government was aware of Russian penetrations of private Australian networks, but none would comment on the record. Over the weekend media alleged that Russian spies were extracting top-secret information from moles inside the Australian Security Intelligence Organisation in the early 1990s.

John Borchi, a former director in cyber security analysis at the highly secretive Australian Signals Directorate, said ­Russian cyber actors were much more difficult to find, and more sophisticated, than their Chinese counterparts.

“I liken the Chinese to a tank through a cornfield,” Mr Mandia concurred. “They are so successful at getting the information they want in obvious ways, they continue to be obvious.”

Mr Mandia said the internet was becoming increasingly “Balkanised” – with nations erecting barriers to tech­nology trade and competing for control of crucial telecommunications assets – because intelligence agencies are playing catch-up and trying to “pierce ­anonymity with the same efficacy the Americans have”.

He said countries now claimed they want to shield citizens’ privacy “because of fears US intelligence may violate it”.

“But I am more convinced they want a more equal intelligence-gathering ­playing field,” he said.

Mr Mandia said he was worried that there were currently no bilateral dis­cussions between China and the US on rules of engagement for cyber espionage.

“There was hope that would one day occur, but I am pretty damn sure there is no traction there. And because there are no repercussions for China and Russia hacking the West, the problem is just going to get worse,” he said.

Private sector targets

He said the frequency and severity of attacks was rising despite massive ­investments in superior cyber security. In this context Mr Mandia claimed there had been a substantial increase in sophisticated Russian attacks on private companies over the past 12 months compared with what he had seen in his 20 years of incident response experience.

“Russian criminals used to go for the low hanging fruit,” Mr Mandia said. “Now they’re going for the best retail and financial services brands in business – the folks that actually have the good security. And that’s surprising.”

He said historical attempts to penetrate businesses to carry out activities such as credit card fraud were not char­acterised by concerted efforts to conceal the intruders’ footprints.

“But in the past year I’ve witnessed first-hand much better counter-forensic techniques and better hacking capabilities against private retail and banking companies from the financial crimes guys in St Petersburg and Moscow.”

Mr Mandia said during his career, which included time as a computer ­security officer inside the Pentagon, ­Russian spy agencies typically “used valid login credentials as their ”No. 1” way of accessing a target – not exploits and not malware. “We are starting to see that more and more in private sector attacks.”

On October 28 Mandiant’s parent company, FireEye Inc, released a report identifying a highly skilled and state-sponsored Russian hacking group that had been spying on defence and geopolitical targets across Europe since 2007.

Christopher Joye is a contributing editor to The Australian Financial Review. He is a leading economist, fund manager and policy adviser who has previously worked for Goldman Sachs and the RBA, and was a director of the Menzies Research Centre. He is currently a director of Smarter Money Investments.

http://www.afr.com/p/technology/russia_is_behind_cyber_attack_on_9HnfgkCniUbMtoDV7VG5dJ

Related Stories

Advertisements

Tags: , , , , , , , , , , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: