Posts Tagged ‘hacking’

Hackers Are Threatening the Way That Hollywood Does Business

August 12, 2017

By Gary Smith
Bloomberg

August 11, 2017, 5:00 AM EDT August 11, 2017, 4:26 PM EDT
  • Recent breaches expose weaknesses at studios’ contractors
  • From music to special effects, many have access to material
A scene from HBO’s Game of Thrones Source: HBO

Sony. Netflix. And now, HBO.

While the 2014 hacking at Sony Pictures pushed entertainment giants to take computer security more seriously, recent incidents have exposed weaknesses throughout Hollywood’s food chain. Last week, as HBO investigated a cyberattack on its own systems, an unaired episode of its hit show “Game of Thrones” appeared online following an unrelated breach at a pay-TV partner in India. In April, when 10 episodes of Netflix Inc.’s “Orange Is the New Black” leaked, the incident was traced to a contractor.

Cybercrime is a growing problem for many industries, but Hollywood is especially vulnerable because of the long chain of people who work on a show or movie in post-production, experts say. Studios rely on an army of freelancers for everything from special effects to musical scores, creating a vast network of targets for hackers. Bringing those workers in-house is an option but would be expensive and could limit the talent studios can tap.

“Hollywood will have to recognize this will continue to grow and be an issue,” said Mike Orosz, who studies cyber risk as research director at the University of Southern California’s Information Sciences Institute.

HBO requires employees to have two-factor authentication and strong passwords for their computers. They also undergo security awareness training. But the company works with many post-production freelancers that handle sensitive information on personal email accounts and personal devices, raising security concerns, according to a former employee who asked not to be identified discussing an internal matter.

“Once the content is out of your hands, it’s truly out of your hands,” Orosz said. “The security of the third-party vendor is what you’re relying on.”

HBO is still investigating how hackers broke into its computer system. They stole episodes of Larry David’s “Curb Your Enthusiasm” and “Ballers,” a person familiar with the matter said at the time. They also stole an executive’s emails and a summary of an unaired episode of “Game of Thrones,” according to Variety.

After receiving a ransom demand, an HBO executive emailed the hacker on July 27 offering $250,000 as payment for finding a security flaw, according to a copy of the message obtained by Bloomberg. HBO asked the hacker to extend the deadline for a week while the company arranged a payment in bitcoin. That was a stalling effort, according to a person with knowledge of the matter. Variety reported on the email earlier.

The hackers don’t appear to have breached the company’s entire email system, Chief Executive Officer Richard Plepler told staff last week. The network, owned by Time Warner Inc., declined to make any additional comment.

For Hollywood, hackers are threatening both reputations and businesses. A stolen movie that appears online before appearing in theaters loses 19 percent of its box-office revenue on average compared with films that are pirated after they’re released, according to a study by professors at University of Maryland and Carnegie Mellon University. People may not be willing to subscribe to Netflix or HBO if they can watch their favorite shows and movies online for free.

Ransom Demands

What’s more, the wave of attacks is forcing media executives to confront a thorny question: Should they pay ransoms to hackers to get their content back?

The FBI says that’s always a bad idea.

“We believe it perpetuates the crime in general,” FBI spokeswoman Laura Eimiller said.

There’s also no guarantee paying the ransom will work. In April, Netflix refused to pay a hacker who stole unreleased episodes of “Orange Is the New Black.” Larson Studios, which worked with Netflix, told Variety it paid the ransom, about $50,000, in bitcoin. The hacker, who went by the name TheDarkOverlord, dumped the stolen episodes online anyway.

Larson Studios didn’t respond to a request for comment, while a Netflix official said only that the company is “constantly working to improve our security.”

In another high profile case this year, hackers threatened to leak a stolen copy of Disney’s new “Pirates of the Caribbean” if the company didn’t pay a ransom. The company refused, and Chief Executive Officer Bob Iger said later he believed it was all a hoax.

Even so, with millions of dollars at stake, some companies may decide paying is the best option, said Gary Davis, chief consumer security evangelist at the security firm McAfee Inc.

“If they got access to something like ‘Game of Thrones’ and I can pay them a couple million dollars to get that back, there’s probably a good use case,” he said.

The Sony attack, which embarrassed studio executives after private emails were made public, was linked by the FBI to North Korea, which allegedly was retaliating for “The Interview,” a film about a fictional plot to assassinate leader Kim Jong Un. Some studios have reportedly removed Russian President Vladimir Putin as a character in films because they’re concerned they’ll suffer a similar fate.

Sony has learned from that attack. Michael Lynton, former chief executive officer of Sony Entertainment, started transferring emails off his computer every 10 days.

“To me, that’s the solution,” Lynton said at event hosted by Lerer Hippeau Ventures in May. “Put it in a drawer and lock the drawer.”

https://www.bloomberg.com/news/articles/2017-08-11/hackers-are-threatening-the-way-that-hollywood-does-business

HBO’s Hack: ‘Hollywood Is Under Siege’

August 11, 2017

The recent breach at the network highlights vulnerabilities unique to the entertainment industry

Image may contain: 2 people, ocean and outdoor

Aug. 11, 2017 5:30 a.m. ET

At a time when HBO should be relishing the record ratings of its hit drama “Game of Thrones,” executives there are instead are grappling with a hacker shakedown that could be a plot point on the network’s “Silicon Valley.”

The breach of the network’s systems that was disclosed last month is developing into a prolonged crisis. Hanging over HBO now is the daily threat of leaks of sensitive information, ranging from show content to actors’ and executives’ personal information.

The hack at HBO comes almost three years after a high-profile one at Sony Corp. and highlights persistent vulnerabilities unique to the entertainment industry. The pressing issue isn’t safeguarding credit-card numbers and account details. Instead, executives are worried about potential damage to intellectual property if television-show spoilers are made available before episodes are officially aired.

“Hollywood is under siege,” said Jeremiah Grossman, chief of security strategy for cybersecurity company Sentinel One. “It seems easy to hack a network, and they perceive that they can make money doing so.”

Already, scripts of “Game of Thrones” episodes have been leaked by the hackers, whose leader calls himself “Mr. Smith.” Also made public were episodes of other shows, including comedies “Ballers” and “Insecure,” and a month’s worth of emails from an executive.

When the hackers came forward late last month, an HBO technology-department employee sent them a letter offering $250,000 to participate in the company’s “bug bounty” program, in which technology professionals are compensated for finding vulnerabilities, according to a person familiar with the matter.

HBO was buying time with that response and isn’t in negotiations with the hackers, the person said. The hacker has demanded a ransom of around $6 million.

The network has also been working with the Federal Bureau of Investigation and other law-enforcement agencies and cybersecurity firms to address the matter, people familiar with the matter say.

Meanwhile, the cable network is playing Whac-A-Mole. It managed to take down the website and digital locker the hacker initially used to distribute show material after sending takedown notices to internet-service providers, according to the person familiar with the matter. It alerted potentially exposed “Game of Thrones” cast members of the hack before Mr. Smith posted material that includes some of their phone numbers.

In a statement, HBO Chairman and Chief Executive Richard Plepler said, “The consensus here was a path to transparency. When something like this happens, the best you can do is try to protect the people you work with inside and outside the company. That’s what our focus has been.”

Unlike retailers, entertainment firms usually don’t shoulder the burden of protecting customer-account details, because that is handled by cable, satellite and web-TV distributors.

The urgent worry is that fewer viewers will watch episodes that can cost several million dollars each if hackers supply a stream of spoilers. That hasn’t happened yet. The last “Game of Thrones” episode, which aired on Aug. 6 attracted a record 10.2 million viewers.

The fear also relates to the chance of emails emerging that could hurt relations with talent or other companies. In the Sony hack, then-studio chief Amy Pascal was embarrassed by emails in which she made a joke about President Barack Obama’s taste in movies as well as disparaging remarks about actors, including Adam Sandler.

“Leakage will be your worst nightmare; your competitors will know about current & future strategies, your inner circle inside HBO & senior staff will be thrown into chaos,” the hackers promised in a video note to Mr. Plepler they posted earlier this week.

HBO has said it expects more information to leak out but said its review of the matter “has not given us a reason to believe that our email system as a whole has been compromised.”

After the Sony hack, many entertainment companies, including HBO’s parent Time Warner Inc., beefed up their own security.

Around the same time, though, in a cost-saving move, Time Warner centralized much of the technology operations that previously existed in the individual units, which also include Turner and Warner Bros.

Now that strategy is being rethought, and the individual units are being encouraged to take on more autonomy and responsibility for their own technology infrastructure, the person familiar with the matter said.

Prior to the HBO hack, sister unit Turner Broadcasting had already begun the process of overhauling some of its information technology after an assessment revealed that a hack into one network, such as Cartoon Network, could easily be a gateway into CNN.

The HBO hack also comes as Time Warner is in the process of being acquired by AT&T Inc. However, the hack isn’t expected to have any effect on the sale or the terms of the deal, according to media analyst Michael Nathanson of MoffettNathanson Research. An AT&T spokesman declined to comment.

Cybersecurity expert Mr. Grossman, who has tested security networks for Hollywood TV and movie companies, said these firms are vulnerable because they work with so many partners that “their data is all over the place.”

Write to Joe Flint at joe.flint@wsj.com and Tripp Mickle at Tripp.Mickle@wsj.com

https://www.wsj.com/articles/hbos-hack-hollywood-is-under-siege-1502443802

Related:

HBO Cyberattack Is ‘Seven Times Worse’ Than The Sony Hack — Video and sound files — 1.5 terabytes of data

August 3, 2017
 No automatic alt text available.

The latest HBO hacking scandal is shaping up to be much, much worse than a few leaked Game of Thrones episodes.

Now the FBI is getting involved, according to the latest update from the Hollywood Reporter. The cyberattack that occurred earlier this week compromised around 1.5 terabytes of data, which, it turns out, is seven times the amount of data that was leaked during the 2014 Sony hack (around 200 gigabytes of data).

Image result for news for bigger than sony pictures

What makes this hack even more frightening is that, according to multiple sources, there has been no ransom declared. That means the hackers’ motivation may have less to do with money and more to do with a political agenda, harnessing the power to release potentially compromising data (including internal memos and email correspondence) for HBO and its investors.

As of now, the only data that’s been released by the hacker group—going by the Game of Thrones-referencing alias “little.finger66″—is the script of an upcoming episode of the aforementioned television show, along with full episodes of Ballers and Room 104. But that hardly amounts to the 1.5 terabytes that could theoretically be unleashed.

“If not for video and sound, a corporation the size of HBO might fit [entirely] in a terabyte, including all the email and spreadsheets ever written or stored,” Farsight Security CEO Paul Vixie told the Hollywood Reporter. Video and sound files, meanwhile, take up much more space on their own, It’s still unclear whether the hackers took mostly video content (episodes of Game of Thrones and other popular HBO series) or printed content (documents, emails, etc.); FBI officials working with HBO have declined to elaborate. But their possession of a script hints that they have access to text-based files, which could be far more damaging to HBO’s internal operations than a few episode leaks. (Game of Thrones already has a huge pirating problem.)

Another widely-reported hacking incident occurred earlier this summer, when a collective known as TheDarkOverlord released all 10 episodes of the new Orange Is the New Black season before its official June release on Netflix. But in that case, it was only the television episodes, not internal documents, that were stolen, and there was a ransom involved. The HBO hack much more closely resembles the Sony security breach, which led to Sony co-chairman Amy Pascal stepping down from her position and may have even affected the 2016 election.

For the moment, all HBO can do is continue their investigation, and hope that little.finger66 doesn’t plan on releasing information far more damning than the upcoming deaths in Westeros.

http://www.newsweek.com/hbo-cyberattack-sony-hack-leak-game-thrones-645450

See also:

http://www.hollywoodreporter.com/news/hbo-hack-insiders-fear-leaked-emails-as-probe-widens-1025827

North Korea’s Army of Hackers Has a New Target: Bank Accounts — “Operates Like Organized Crime”

July 27, 2017

Emphasis on finances represents a significant shift from Pyongyang’s prior patterns of attack

North Korean leader Kim Jong Un watches a military parade in Pyongyang.
North Korean leader Kim Jong Un watches a military parade in Pyongyang. PHOTO: WONG MAYE-E/ASSOCIATED PRESS
.

July 27, 2017 12:05 a.m. ET

SEOUL—North Korea’s cyberarmy has splintered into multiple groups and is unleashing orchestrated attacks increasingly focused on funneling stolen funds to the secretive nation, according to a government-backed South Korean report released Thursday.

The emphasis on finances represents a significant shift from Pyongyang’s prior patterns of attack seeking to obtain military information, destabilize networks or intimidate. It also shows how North Korea’s fast-evolving—but costly—nuclear-missile program has accelerated its need for cash as it is subjected to financial sanctions.

Pyongyang has been blamed for major cyberattacks including 2014’s Sony Pictures Entertainment hack, last year’s daring cyberheist at Bangladesh’s central bank and this year’s WannaCry global ransomware attack.

Cybersecurity researchers have long suspected the hacking group Lazarus carried out those attacks with the backing of North Korea. Earlier this year, Russian cybersecurity firm Kaspersky Lab AO identified an offshoot of Lazarus, called BlueNoroff, which specializes in heists of foreign financial institutions.

In the new report, the government-funded Korea Financial Security Institute said it had identified a second group linked with Lazarus that has carried out a range of cyberattacks on South Korea. FSI researchers found eight attacks from 2013 to May conducted by this new hacking operative, which they call “Andariel,” and whose coding and internet-protocol address bear similarities to Lazarus attacks.

The efforts include even low-level scams such as planting malware in South Korean ATMs to steal bank-card information, according to the FSI report, the country’s first-ever public report on North Korean cyberattacks, with law enforcement and intelligence officials getting briefed on the findings. That is behavior more typical of an organized-crime ring.

Image may contain: 2 people, people standing

 Kim Jong-un North Korea’s top leader, and his wife Ri Sol-ju in

North Korean operatives then sold the swiped data to people in Taiwan, China and Thailand who would try to withdraw money from ATMs in their own regions. But only several thousand dollars were withdrawn before South Korean law enforcement identified the ruse after six days.

“North Korea now cares more about making money than causing disruptions or cyberterrorism,” said Joon Kim, owner of Naru Security Inc., who has advised South Korean law enforcement on cyber issues.

South Koreans have a unique lens into North Korea’s cyberoffenses, as Pyongyang’s longest-running and most frequent target. South Korean government groups and agencies withstand 1.4 million hacking attempts a day, according to law-enforcement and intelligence officials.

The eight Andariel attacks shared similarities in hacking tools and encrypted codes. To access “web shells,” or servers used by hackers that allow them to control computers remotely, the Andariel group used one of two passwords: “iamboss” or “youaredied,” according to a person familiar with Andariel’s techniques.

Andariel has also recently teamed up with BlueNoroff to target a large South Korean financial institution, according to the FSI report. The institution wasn’t identified.

Korea Internet and Security Agency employees monitor possible ransomware cyberattacks.
Korea Internet and Security Agency employees monitor possible ransomware cyberattacks. PHOTO: YUN DONG-JIN/ASSOCIATED PRESS
.

The report helps paint a fuller picture over how North Korea’s digital army has grown into a web of specialist teams.

“The problem is that it’s not just simple attacks anymore with North Korea. It’s more orchestrated now, as if it were a military operation,” said Kim Seung-joo, a Korea University professor who sits on a South Korean government cybersecurity advisory team.

The broader Lazarus group, discreet and meticulous in covering its tracks, has specialized in breaching computers or networks, foreign and South Korean cybersecurity experts said. BlueNoroff then follows up with the actual heists or data swipes with less regard for cloaking its moves.

Outside of South Korea, the Lazarus group has recently set its sights on casinos, financial-trade software firms—and even organized-crime rings, said Vitaly Kamluk, a global research and analysis director at Kaspersky Lab, who is focused on the Asia-Pacific region.

“It sounds like a perfect crime,” Mr. Kamluk said. “When you steal from a thief, nobody will go after you. Law-enforcement will focus on the criminal that stole the money in the first place.”

Lazarus and BlueNoroff in recent years have made attempts to breach financial companies or institutions in at least 18 countries, including Mexico, Norway and India, according to Kaspersky.

Write to Timothy W. Martin at timothy.martin@wsj.com

 

.
Related:
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

 

 

Rigged Debates: Wikileaks Emails Confirm Media in Clinton’s Pocket

 

Global ransomware attacks on the rise: Europol

July 25, 2017

AFP

© AFP | Britain’s National Health Service was one of those organisatiuon targeted in last May’s WannaCry ransomware attack

THE HAGUE (AFP) – Global ransomware attacks soared by over 11 percent in the 12 months to March, Europol reported Tuesday, but specialist tools developed with its partners had helped unlock some 28,000 encrypted devices.”Ransomware has soared since 2012, with criminals lured by the promise of profit and ease of implementation,” the European police agency said in a statement.

According to a report by cybersecurity specialists Kaspersky Lab, the “total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4 percent compared to the previous 12 months, from 2,315,931 to 2,581,026 users around the world”.

Europol and Kaspersky joined forces with the Dutch police and others a year ago to establish the “No More Ransom” initiative, just months before a couple of high-profile cyberattacks made headlines.

In May the WannaCry attack claimed more than 300,000 business victims across 150 countries in its first few days, Europol said.

The attack, using a type of malware that encrypts files on an infected computer and demands money to unlock them, crippled “critical infrastructure and businesses,” Europol said.

Then last month similar attacks hit Europe and North America, and were revealed to be an updated version of a malware called Petya.

“Some organisations are still struggling to recover from ExPetya attacks of 27 June,” the police agency said.

Europol has now posted some 54 decryption tools, provided by nine partners, on the “No More Ransom” website. Theses tools have helped “decrypt more than 28,000 devices, depriving cybercriminals of an estimated eight million euros in ransoms”.

More than 100 partners, including Barclays bank and the Cyber Security Agency of Singapore, have joined the “No More Ransom” initiative.

The website is now available in 26 languages, including Bulgarian, Chinese, Malay, Tamil and Thai.

Europol repeated its warnings to ensure that security on all computer systems was updated.

“If you do become a victim, it is important not to pay the ransom,” it warned, urging victims to call in the police.

Iran-linked cyber spies use simple yet effective hacks: report

July 25, 2017

Reuters

July 25, 2017

Image may contain: one or more people, night and laptop

A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo REUTERS

TEL AVIV (Reuters) – A cyber spying group with links to Iran and active for the past four years is targeting countries including Israel, Saudi Arabia, Germany and the United States, security researchers said on Tuesday.

A new report by Tokyo-based Trend Micro  and ClearSky of Israel detailed incidents as recently as April of this year involving a group known as “CopyKittens”.

The group targets its victims using relatively simple techniques like creating fake Facebook pages, corrupting websites or Microsoft Word attachments with a malicious code, according to the report.

It was seen impersonating popular media brands like Twitter, Youtube, the BBC and security firms such as Microsoft, Intel and even Trend Micro.

“CopyKittens is very persistent, despite lacking technological sophistication and operational discipline,” the researchers said in a statement.

“These characteristics, however, cause it to be relatively noisy, making it easy to find, monitor and apply counter measures relatively quickly,” they said.

Iranian officials were not available for comment.

Image may contain: 7 people

Ayatollah Khameini, the Iranian Supreme Leader, pictured at a military parade

The report itself does not link the group to Iran. As a matter of company policy, Trend Micro research into state-backed attacks focuses on technical evidence and forgoes political analysis.

However Clearsky researchers told Reuters that CopyKittens was “Iranian government infrastructure,” adding that the use of “kitten” in the industry indicates Iranian hackers, just as “panda” or “bear” refer to Chinese and Russians, respectively.

CopyKittens is distinct from another Iran-based cyber spy group dubbed Rocket Kitten, which since 2014 has mounted cyberattacks on high-profile political and military figures in countries near Iran as well as the United States and Venezuela.

CopyKittens has been operating since at least 2013, according to the report, though its activities were first exposed publicly in November 2015 by ClearSky and Minerva Labs. Earlier this year, ClearSky wrote another paper detailing more hacking incidents that affected some members of Germany’s parliament.

Eyal Sela, head of threat intelligence at ClearSky, said that once an initial hack against a government or commercial target is successful, CopyKittens uses that access to then attack other groups, though it tries to remain very focused.

As recently as late April, the group breached the email account of an employee in the Ministry of Foreign Affairs in Turkish Cypriot-controlled northern Cyprus and then tried to infect multiple targets in other governments, the report said.

Another time it used a document, likely stolen from Turkey’s Foreign Ministry, as a decoy.

Reporting by Tova Cohen, Ari Rabinovitch and Eric Auchard; Editing by Richard Balmforth

Related:

*******************************************

No automatic alt text available.

A prominent U.S. cyber warfare expert has admonished other cyber security experts for exaggerating the danger posed by Iran’s cyber warfare and espionage organisations and entities.

Dr. Brandon Valeriano, a Reader at Cardiff University in Wales and author of Cyber War versus Cyber Realities published by Oxford University Press in 2015, told the U.S. Senate’s Homeland Security and Governmental Affairs Committee on May 10, 2017, in Washington, DC, that Iran’s cyber warfare and espionage capabilities are inferior when compared to the capabilities of countries such as the United States, Israel, Russia, China, and those of a number of European countries.

“Iran is thought to be a serious and sophisticated cyber actor but evidence suggests the contrary to this conclusion,” Dr. Valeriano told U.S. Senators.

Citing the 2012 Shamoon cyber attacks against Saudi Arabia’s Aramco and Qatar’s RasGas thought to have been carried out by Iran, Dr. Valeriano said, “The Shamoon attacks on Saudi Arabia’s Aramco systems were destructive, but did not impede operations or wipe out critical information. Likely launched in response to the Stuxnet operation, it is also telling that the response by Iran was not to attack the alleged perpetrators directly, but to go after an ally indirectly, Saudi Arabia.”

Dr. Valeriano’s assessment is in line with other studies on Iran’s strategic behaviour that note Tehran’s preference to use indirect methods against its adversaries and avoid open conflict with militarily superior powers such as the United States and Israel.

Referencing the recent attempted espionage operation against Israeli targets by the Iranian-linked OilRig hacker group, as well as cyber-attacks carried out by other Iranian cyber proxies against U.S. financial institutions over the past few years, Dr. Valeriano pointed out that Iran’s cyber operations have been less than impressive:

Recent attacks on Israel have been reported as another telling aspect of the sophistication of Iranian cyber operations, but the reality is that the state was using released malware from the Shadowbrokers info dumps and spear phishing techniques. Similar attacks on U.S. networks have failed more often than succeeded as well. To argue that these are sophisticated attacks betrays our ability to judge information and impact in cyber security operations.

Similarly, the ongoing Shamoon II attacks against Saudi Arabian targets, again thought to be carried out by the OilRig hacker group, are underwhelming when compared to the sophisticated, effective, and even damaging cyber operations carried out by the likes of China and Russia. Dr. Valeriano noted that, “Ongoing attacks on industrial and financial networks have recently been dubbed Shamoon 2. Reports highlight that the new version of the operation builds on the 2012 attacks on Saudi oil networks and reuses 90 percent of the known code. This is not a highly new or original operation, but a continuation of old methods because targets are slow to update their systems and patch known vulnerabilities.”

Dr. Valeriano’s assessment is certainly at variance with that of many officials and analysts. Recently, for example, the U.S. Director of National Intelligence, Dan Coats, told U.S. Senators that:

Tehran continues to leverage cyber espionage, propaganda, and attacks to support its security priorities, influence events and foreign perceptions, and counter threats—including against US allies in the region. Iran has also used its cyber capabilities directly against the United States. For example, in 2013, an Iranian hacker conducted an intrusion into the industrial control system of a US dam, and in 2014, Iranian actors conducted a data deletion attack against the network of a US-based casino.

Such assessments have become the norm among officials and cyber security analysts in the West and Israel, making Dr. Valeriano’s assessment one to seriously consider if only because it is at odds with the dominant narrative on Iran’s cyber warfare and espionage capabilities.

Yet while Dr. Valeriano’s assessment questions the notion of Iranian sophistication and notoriety in cyberspace operations, it is also possible to underestimate their determination and persistence. Writing recently in The New York Times, correspondent Nicole Perlroth notes that, “By most accounts, these [Iranian-linked OilRig] hackers could best be described as the “B Team,” not nearly as sophisticated as the Chinese, Russian or Eastern European hackers whom security firms have been monitoring for more than a decade. But what OilRig’s hackers lacked in sophistication, they made up for in determination. They did their research. They were patient. When they were caught, they would wait for the dust to settle before trying again.”

It should also be pointed out that Iran has demonstrated a particular sophistication in information operations, which are often cyber-enabled, in Syria, Iraq, Yemen, Lebanon, and Bahrain, something that is rarely noticed in the West where attention is often focused on Iran’s often symbolic and indirect cyber warfare and espionage operations.

For Dr. Valeriano, however, the real danger in Iranian cyber operations lurks not so much in their capabilities and direct action, but in their prevalent use of cyber proxies. In his testimony to U.S. Senators, he said, “The main danger from Iran, just as it is in the terrorism threat vector, is the high probability that Iran will use proxy actors to attack Western targets. Enabling these actors, one group being called the Syrian Electronic Army, might be dangerous if Iran was to transfer technology to these groups who could then use known vulnerabilities in their operations.”

“But for now, Iran seems content to harass American allies, probe American networks, and reuse old malware to attack unprepared targets,” he concluded.

Original published at: https://spacewatchme.com/2017/05/analyst-irans-cyber-warfare-capabilities-concern-hardly-sophisticated-dangerous/

https://spacewatchme.com/2017/05/analyst-irans-cyber-warfare-capabilities-concern-hardly-sophisticated-dangerous/

How Cyberwarfare Makes Cold Wars Hotter

July 23, 2017

In the war taking place across the global internet, everyone is a combatant—and a target

Employees at the Korea Internet and Security Agency in Seoul monitor for possible ransomware cyberattacks on May 15, in the aftermath of the WannaCry attack.
Employees at the Korea Internet and Security Agency in Seoul monitor for possible ransomware cyberattacks on May 15, in the aftermath of the WannaCry attack. PHOTO: YUN DONG-JIN/ASSOCIATED PRESS

This is already a banner year for hacks, breaches and cyberwarfare, but the past week was exceptional.

South Carolina reported hackers attempted to access the state’s voter registration system 150,000 times on Election Day last November—part of what former Homeland Security Secretary Jeh Johnson alleges is a 21-state attack perpetrated by Russia. And U.S. intelligence officials alleged that agents working for the United Arab Emirates planted false information in Qatari news outlets and social media, leading to sanctions and a rift with Qatar’s allies. Meanwhile, Lloyd’s of London declared that the takedown of a major cloud service could lead to monetary damages on par with those of Hurricane Katrina.

Threats to the real world from the cyberworld are worse than ever, and the situation continues to deteriorate. A new kind of war is upon us, one characterized by coercion rather than the use of force, says former State Department official James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies.

Businesses and individuals now are directly affected in ways that were impossible in the first Cold War. In another age, the threat of nuclear annihilation loomed over everyone’s heads, but the cloak-and-dagger doings of global powers remained distinct from the day-to-day operations of businesses. Now, they are hopelessly entangled. The often-unfathomable priorities of terrorists, cybercriminals and state-affiliated hackers only makes things worse.

President Donald Trump spoke with Russian President Vladimir Putin at the G-20 summit in Hamburg, Germany, on July 7. Mr. Trump said they discussed cooperation on a cybersecurity unit.
President Donald Trump spoke with Russian President Vladimir Putin at the G-20 summit in Hamburg, Germany, on July 7. Mr. Trump said they discussed cooperation on a cybersecurity unit. PHOTO: EVAN VUCCI/ASSOCIATED PRESS

The current climate of cyberattacks is “crazy,” says Christopher Ahlberg of Recorded Future, a private intelligence firm that specializes in cyberthreats. “It’s like a science fiction book. If you told anybody 10 years ago about what’s going on now, they wouldn’t believe it.”

In the first Cold War, the U.S., China and the Soviet Union fought proxy wars rather than confront one another directly. In Cold War 2.0, we still have those—Syria and whatever is brewing in North Korea come to mind—but much of the proxy fighting now happens online.

The result is significant collateral damage for businesses that aren’t even a party to the conflicts, says Corey Thomas, chief executive of cybersecurity firm Rapid 7. Recent ransomware attacks that some analysts attribute to Russia may have been aimed at Ukraine but resulted in the shutdown of computer systems at businesses and governments around the world. Russia has denied involvement in these attacks. Botnets made of internet-connected devices, stitched together by an unknown hacker for unknown reasons, caused countless internet services and websites to become unavailable in October 2016.

A recent ransomware attack that some analysts attribute to Russia and that may have been aimed at Ukraine resulted in computer-system shutdowns at businesses around the world. Russia has denied involvement in the attack. Shown, an infected laptop displays a ransomware message on June 27.
A recent ransomware attack that some analysts attribute to Russia and that may have been aimed at Ukraine resulted in computer-system shutdowns at businesses around the world. Russia has denied involvement in the attack. Shown, an infected laptop displays a ransomware message on June 27. PHOTO: ROB ENGELAAR/EUROPEAN PRESSPHOTO AGENCY

The U.S. has, notably, contributed to the situation. The Stuxnet computer worm, in development by what analysts believe was a joint U.S. and Israeli team since at least 2005, physically damaged Iran’s nuclear enrichment plant in 2009. Stuxnet was discovered a year later. In 2012, U.S. Air Force General Michael Hayden lamented that its use had legitimized sophisticated cyberattacks that do physical damage. Its source code can now be downloaded, studied—and reused.

You can think of cyberweapons as akin to biological weapons. They often spread beyond their original targets, and once they are stolen or used, their DNA—the underlying code—can be endlessly repurposed. Exploits stolen from the U.S. National Security Agency have subsequently been used in attacks like WannaCry, which hit businesses in the U.S. and around the world. Microsoft has made this point and called for a “digital Geneva Convention.”

Attacks on businesses and individuals are often quite deliberate, says Milena Rodban, a geopolitical risk consultant who helps companies practice for cyberattacks and other crises. That’s because, more than ever, companies hold information that could be leveraged in a cyberwar.

“The information that Amazon is holding”—for example, data from financial institutions and government agencies stored on Amazon’s cloud—“could give someone a clear path into something really terrible that could upset national security,” Ms. Rodban says.

Patients in the reception area of a private medical clinic in Kiev, Ukraine, shown in a July 5 photo. The clinic was one of many institutions disrupted by a June 27 cyberattack that paralyzed computers across the globe.
Patients in the reception area of a private medical clinic in Kiev, Ukraine, shown in a July 5 photo. The clinic was one of many institutions disrupted by a June 27 cyberattack that paralyzed computers across the globe.PHOTO: EFREM LUKATSKY/ASSOCIATED PRESS
.

As a result, she adds, anyone who thinks about how to protect national security in the cyber arena must expand their definition of a national security asset. While U.S. Cyber Command might be tasked with defending government assets, it must also consider how it will cope with the takedown of a major cloud service provider, which in some ways is no less important than, say, the power grid.

Fixing this vulnerability could mean a great many things, from increased cooperation between government and private enterprise, to a broader role for U.S. Cyber Command in protecting U.S. businesses. The head of Cyber Command has said that government will need access to private firms’ networks if it is to help them defend against threats. The Trump administration is considering an Obama-era proposal to split Cyber Command from the NSA, so its offensive capability can be kept apart from the NSA’s mandate to gather intelligence.

In the first Cold War, the doctrine of mutually assured destruction kept nuclear-armed states from using their weapons. In the same way, China, the U.S. and Russia are held back from taking out critical infrastructure in each others’ countries, a capability experts widely believe all three have. (Look at attempts by Russian hackers to do just that in Ukraine.)

“What’s happened over the past year or two is nation-state capabilities have gotten into the hands of criminals,” says Mr. Ahlberg. “The bad guys picking up on these tool sets are not holding back.”

At their most dire, experts claim it is only a matter of time before America is hit by a “Cyber 9/11.” Terrorists haven’t yet shut down our power grid, but how long until that capability leaks into the hands of actors who aren’t restrained by the threat of retaliation? “It’s like a suicide bomber,” says Ms. Rodban. “It’s not hard to believe this could happen on the cyber level.”

https://www.wsj.com/articles/how-cyberwarfare-makes-cold-wars-hotter-1500811201?mod=e2fb

Related:

Image may contain: 1 person, smiling, suit and closeup

.
.
.
.

Ten Years of Russian Cyber Attacks on Other Nations

http://www.nbcnews.com/storyline/hacking-in-america/timeline-ten-years-russian-cyber-attacks-other-nations-n697111

President Barack Obama announced the lifting of economic sanctions on Iran, a prisoner swap and the $1.7 billion settlement with Iran in the Cabinet Room of the White House on Jan. 17.
President Barack Obama  PHOTO: JIM LO SCALZO/EUROPEAN PRESSPHOTO AGENCY

 (October 2013)

 (October 2013)

John Emerson, Washington's man in Berlin, to meet with Guido Westerwelle, German foreign minister, over claims Angela Merkel's phone was tapped by US

Chancellor Merkel called President Obama demanding answers after reports emerged that the US may have been monitoring her phone Photo: YVES HERMAN/REUTERS
.

 (October 2013)

James Clapper talking to a group of people
James Clapper
.

 (October 2013)

 (November 2013)

 (November 2013)

 (January 2014)

  (January 2014)

 (February 2014)

 (February 2014)

 (March 2014)

   (December 2014)

U.S. Ambassador to the United Nations Samantha Power speaks at the Center for American Progress’ 2014 Making Progress Policy Conference in Washington November 19, 2014.  Credit: Reuters/Gary Cameron

.

  (December 2014)

 (January 2015)

  (February 2015)

 (February 2015)

  (March 2015)

  (Apeil 2015)

  (May 2015)

  (May 2015)

 

 (May 2015)

  (June 2015)

 (June 2015)

 (June 2015)

  (June 2015)

 (June 2015)

 (July 2015)

 (2 Juky 2015)

 (July 2015)

 (July 2015)

  (July 2015)

 (July 2015)

 (July 2015)

 (1 August 2015)

 (August 2015)

 (August 2015)

 (August 2015)

 (September 2015)

 (September 2015)

 (September 2015)

Chinese President Xi Jinping and U.S. President Barack Obama at a joint news conference in Washington, D.C. on Sept. 25.
Chinese President Xi Jinping and U.S. President Barack Obama at a joint news conference in Washington, D.C. on Sept. 25. Photo: Pete Marovich/Bloomberg News
.

 (October 2015)

 (November 2015)

 (December 2015)

 (February 2016)

 (August 2016)

 (September 2016)

 (December 2016)

Qatar says cyberattack ‘originated from the UAE’

July 21, 2017

Al Jazeera

Planning and hacking of official media started as early as April, with IP address linked to the attack traced to UAE.

Qatar’s Ministry of Interior say experts now have evidence showing that the cyberattack on the country’s official media originated from the United Arab Emirates.

During a news conference in Doha on Thursday, officials said the planning for the hacking of Qatar News Agency (QNA) started as early as April.

Image result for Qatar News Agency , QNA, photos

Investigators also reportedly traced the IP (internet protocol) address linked to the hacking to the UAE.

Speaking to Al Jazeera, Captain Othman Salem al-Hamoud said that the level and the quality of the hacking was so professional that it had to have “state resources” behind it.

READ MORE: UAE arranged hacking of Qatari media, says Washington Post

Earlier, Lieutenant-Colonel Ali Mohammed al-Mohannadi, head of the ministry’s technology division, said the hacking operation took place in coordination with, and through, “one of the blockading states”.

“The hackers had total control of the QNA network, including the related accounts, websites and related social platforms,” Mohannadi said.

“This was meant to fabricate and post the false reports, which were attributed to His highness, the Emir.”

Image may contain: 1 person, smiling

Qatar Emir Sheikh Tamim bin Hamad Al Thani

Officials said the case has been referred to prosecutors.

The cyberattacks reportedly lasted for about three hours, from late at night on May 24 to the early hours of May 25, before the state media’s IT experts managed to take back control of the site.

In a video presentation, the ministry said that investigators found out that as early as April, hackers had already “infiltrated” the QNA network “using VPN software” and “scanned the website”.

The ministry said the hackers “exploited” a loophole in the network’s system, and installed “malicious programmes” which were then later used to carry out the publishing of the “false stories”.

Addresses, passwords and emails of all the employees of the state news agency were also collected.

An earlier report in the Washington Post said the UAE arranged the operation.

READ MORE: Qatar-Gulf crisis – All the latest updates

The US newspaper reported on Sunday that information from US intelligence officials showed that senior UAE government officials discussed the planned hacks on May 23, the day before the alleged hacking occurred.

The officials said it was unclear if the UAE hacked the websites or paid for them to be carried out, the newspaper reported.

Image result for Yousef al-Otaiba, photos

Yousef al-Otaiba, UAE ambassador to the US

The Washington Post did not identify the intelligence officials it spoke to for the report.

Yousef al-Otaiba, UAE ambassador to the US, rejected the report in a statement, saying it was “false”.

Image result for Anwar Gargash, photos

Anwar Gargash

Anwar Gargash, UAE state minister for foreign affairs, also said “the Washington Post story is not true, simply not true”.

Al Jazeera’s Ali Younes contributed to this report. Follow him on Twitter @Ali_reports

 

Source: Al Jazeera News

Related:

The Blockade Of Qatar Is Failing — Qatar Could Seek Damages

July 19, 2017

In the grown-up world of geopolitics, the Saudi and Emirati-led move against Doha does not seem to be achieving its goals.

Image may contain: skyscraper, sky, ocean, outdoor and water
Food supplies and other goods are still flowing into Qatar’s docks and airports (Representational)

.
It’s hard to imagine the leaders of Saudi Arabia and the United Arab Emirates thought it would go this way. Officials from their governments – as well as junior partners Egypt and Bahrain – described the punitive sanctions they collectively slapped on Qatar in early June as an unfortunate but necessary action, aimed at bringing the pesky Qataris to heel. It was as if Qatar, accused by its neighbors of fomenting extremism near and far, was an unruly child who needed to be disciplined.

But in the grown-up world of geopolitics, the Saudi and Emirati-led move against Doha does not seem to be achieving its goals. Rather than isolating Qatar, it has deepened Qatari ties with regional powers Turkey and Iran. Oman and Kuwait, two other states in the Gulf Cooperation Council, have not joined in. Food supplies and other goods are still flowing into Qatar’s docks and airports. And, no matter the White House’s mixed messaging, American diplomats appear to be pushing for conciliation and compromise with Qatar rather than seeking Doha’s acquiescence to the Saudi and Emirati demands.

“As with their disastrous war in Yemen, Saudi Arabia and the UAE radically overstated their prospects for success and failed to have a plausible plan B in case things did not go to plan,” wrote Marc Lynch, a Middle East expert at George Washington University. “The anti-Qatar quartet seems to have overestimated Qatari fears of isolation from the GCC and their own ability to inflict harm on their neighbor.”

 

A new Washington Post report this week added to the awkwardness facing the blockaders. According to unnamed U.S. intelligence officials, the UAE was behind a controversial late-May hack of Qatari government news and social media sites that helped trigger the crisis. The hack attributed false quotes to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, that had him celebrating Iran as an “Islamic power” and praising Palestinian Islamist group Hamas.

Image result for Sheikh Tamim Bin Hamad al-Thani,, photos

Sheikh Tamim Bin Hamad al-Thani

Despite Doha’s vociferous denials, the furor led Saudi Arabia, the UAE, Bahrain and Egypt to ban Qatari media, then later break relations with Doha and impose their trade and diplomatic boycott. U.S. officials “became aware last week that newly analyzed information gathered by U.S. intelligence agencies confirmed that on May 23, senior members of the UAE government discussed the plan and its implementation,” my colleagues Karen DeYoung and Ellen Nakashima reported. “The officials said it remains unclear whether the UAE carried out the hacks itself or contracted to have them done.”

In a statement, the UAE’s ambassador to Washington, Yousef al-Otaiba, rejected these claims. “The UAE had no role whatsoever in the alleged hacking described in the article,” he said, before reiterating his country’s complaints about Qatar’s maverick foreign policy. “What is true is Qatar’s behavior. Funding, supporting, and enabling extremists from the Taliban to Hamas … Inciting violence, encouraging radicalization, and undermining the stability of its neighbors.”

There is plenty of precedent for rumors and murky innuendo fueling tensions in this part of the world: A rupture in relations in 2014 saw false news reports proliferate about Saudi and Emirati citizens being banned from Harrods, the London department store owned by Qatar’s sovereign wealth fund.

Analysts explain that the current impasse is an extension of long-running disagreements and tensions with Qatar, which has irritated its larger neighbors by using its riches to play an outsized role on the world stage. At issue are squabbles over support for different proxies in conflicts from Syria and Libya, as well as the provocative work of Qatari-funded network Al Jazeera, which Riyadh and Abu Dhabi want to see shut down.

The Qataris have also charted a different diplomatic path from their neighbors, playing host to political offices for groups such as the Taliban and Hamas in a bid to mediate regional conflicts. “Against a backdrop of purring limousines and dhows moored in the bay, Doha has become home to an exotic array of fighters, financiers and ideologues, a neutral city with echoes of Vienna in the Cold War, or a Persian Gulf version of the fictional pirate bar in the Star Wars movies,” wrote Declan Walsh of the New York Times.

“It’s always been this place where waifs and strays and unwanted people ended up,” said David B. Roberts, the author of “Qatar: Securing the Global Ambitions of a City-State,” to the Times. “There was no overarching power on the peninsula, so if you were wanted by a sheikh, you could escape to Qatar and nobody would bother you.”

So the crisis among the wealthy Persian Gulf states rumbles on. Last week, Secretary of State Rex Tillerson carried out a fitful round of shuttle diplomacy in Kuwait, Qatar and Saudi Arabia in an attempt to defuse the situation. The squabbling countries are all U.S. allies – Qatar hosts the United States’ largest military base in the Middle East – and Tillerson would prefer everyone calm down and get back to other issues, notably the fight against the Islamic State. But his efforts have yet to bear much fruit.

Tillerson made a public gambit in Doha, signing a memorandum of understanding in which Qatar pledged to do more to block funding for extremist groups in the Middle East and elsewhere. It quickly became a farce. “The Qataris boasted that they were the first in the region to sign such a pact and urged the Arabs allied against them to do the same,” my colleague Carol Morello wrote. “The four countries heading the embargo claimed credit for pressuring Qatar into signing, and simultaneously dismissed it as ‘insufficient’ to end their embargo.”

The Saudi Embassy tweeted, “President Trump: Qatar ‘Known as a Funder of Terrorism'”

On Monday, as the Emiratis were rejecting the hacking allegations, the Saudi Embassy in Washington tweeted lines from an interview with President Trump where he had lashed out at Qatar. It was yet another illustration of the dissonance between the White House and State Department over the crisis – and yet another reminder that the quarrel in the Gulf won’t stop anytime soon.

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)

**************************************

Al Jazeera

Qatar considers seeking damages over Gulf blockade

Economy minister discusses compensation with trade officials in Geneva as legal team prepares to study the sanctions.

Qatar’s defence minister says Doha could take its case before the World Court [Reuters]

Qatar has announced that it is considering legal action against four Arab countries led by Saudi Arabia and the UAE, demanding compensation for losses incurred owing to the ongoing blockade.

Ahmed bin Jassim Al Thani, Qatar’s economy minister, met on Tuesday the heads of international trade organisations in Geneva, Switzerland, to discuss the case for compensation.

Qatar has contracted a specialised legal team to study the actions taken by the blockading countries against it, according to a statement from the economy ministry in Doha.

READ MORE: France calls for lifting of sanctions on Qatar citizens

Separately, Khalid bin Mohammed al-Attiyah, Qatar’s defence minister, said the country may even its case to the International Court of Justice (ICJ), also known as the World Court, at The Hague.

Because of its financial reserves and as long as it can continue exporting liquefied natural gas, Qatar has avoided any crippling economic crisis because of the blockade.

But it has been forced to rely on planes to import food, after Saudi Arabia and the UAEblocked shipment of goods into Qatar.

Several other businesses were also disrupted, including the country’s national flag carrier Qatar Airways, whose flights to Saudi Arabia, the UAE, Egypt and Bahrain remain suspended.

Legal measures

The development comes a day after Qatar officials said the government was considering “legal measures” locally and internationally over the alleged hacking of the state news agency.

Speaking to Al Jazeera on Tuesday, Marwan Kabalan of the Doha Institute said that over the past weeks, Qatar has been trying to use “different tools to undermine the blockade”.

The “balance of power” within the Gulf region is now “tilting towards Qatar”, particularly after the Washington Post revelation of UAE’s role in the hacking that precipitated the crisis.

Qatar Airways flights to Saudi Arabia, the UAE, Egypt and Bahrain remain suspended [Reuters]

With the Gulf crisis entering its eighth week, however, there is no sign of the dispute being resolved soon.

Earlier, Mohammed Cherkaoui, professor of conflict resolution at George Mason University in Virginia, told Al Jazeera that regional and international mediation have faced “several setbacks”. Saudi Arabia, the UAE, Bahrain and Egypt imposed a land, sea and air blockade on Qatar on June 5.

The quartet accuse Qatar of funding “terrorism”, an accusation Qatar rejects as “baseless”.

On June 22, the Saudi-led group issued a 13-point list of demands, including the shutdown of Al Jazeera, limiting ties with Iran and expelling Turkish troops stationed in the country, as a prerequisite to lift the sanctions.

Qatar rejected the demands and the countries now consider the list “null and void”.

Kuwait is trying to mediate in the dispute, and countries such as the US and France have urged the parties to engage in direct talks.

Qatar and several countries have called for the lifting of the sanctions before face-to-face talks can proceed.

Daniel Hannan, a Conservative British member of the European Parliament who visited Qatar on Monday, said the continuing blockade on Qatar is not helpful in resolving the crisis.

“There is almost no situation in the world that isn’t made worse by an economic blockade,” Hannan told Al Jazeera.

Hannan said an “immediate lifting” of the sanctions could pave the way for talks, saying: “It is very difficult to negotiate with a gun to your head.”

Source: Al Jazeera and news agencies

http://www.aljazeera.com/news/2017/07/qatar-weighs-seeking-damages-gulf-blockade-170718145928093.html