Tag Archives: cyber

How the U.S. thinks Russians hacked the White House

How the U.S. thinks Russians hacked the White House

By Evan Perez and Shimon Prokupecz, CNN

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.

Ben Rhodes, President Barack Obama’s deputy national security adviser, said the White House’s use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers.

“We do not believe that our classified systems were compromised,” Rhodes told CNN’s Wolf Blitzer on Tuesday.

“We’re constantly updating our security measures on our unclassified system, but we’re frankly told to act as if we need not put information that’s sensitive on that system,” he said. “In other words, if you’re going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it’s not on the classified system.”

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over formerSecretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address​ now at the center of controversy: hdr22@clintonemail.com. The address is no longer in use.

Serious FREAK flaw could undermine the Web’s encryption

Serious FREAK flaw could undermine the Web’s encryption

The vulnerability affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security

By

identity theft crime internet

Experts are warning of a serious security flaw that has apparently gone undetected for years and can weaken encrypted connections between computers and websites, potentially undermining security across the Internet.

The flaw, which has been dubbed FREAK, affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security, and can allow an attacker to intercept supposedly encrypted traffic as it moves between clients and servers.

The flaw affects many popular websites, as well as programs including Apple’s Safari browser and Google’s Android mobile OS, security experts say. Applications that use a version of OpenSSL prior to 1.0.1k are also vulnerable to the bug, detailed in this advisory.

An Apple spokesman said Tuesday that software updates for iOS and OS X will be released next week. Google said it has distributed a patch to its partners that will protect Android’s connection to vulnerable websites.

The problem stems from export restrictions imposed by the U.S. government in the early 1990s, which prohibited software makers from shipping products with strong encryption overseas, wrote Ed Felten, professor of computer science and public affairs at Princeton University.

That meant some companies shipped a version of their products with weaker encryption keys for use overseas. When the law was changed and it became legal to export stronger encryption, “the export mode feature was not removed from the protocol because some software still depended on it,” Felten wrote.

The vulnerability that has come to light now essentially allows attackers to downgrade the security of connections from strong encryption to that of the weaker, export-grade encryption.

Servers and devices that use OpenSSL, an open-source encryption program, are vulnerable, including many Google and Apple devices, embedded systems and other products, according to an advisory. Servers or clients that accept the RSA_EXPORT cipher suites are at risk. FREAK stands for Factoring attack on RSA-EXPORT Keys.

The keys can be downgraded by performing a man-in-the-middle attack that interferes with the set-up process of an encrypted connection. Although there are defenses in the SSL/TLS protocol to prevent such tampering, they can be worked around. The weaker, 512-bit key can be revealed using today’s powerful computers, and the data traffic can then be decrypted.

Today’s protocols use longer encryption keys, and the standard is 2,048-bit RSA. The 512-bit keys were considered secure two decades ago, but an attacker could recover the key they need quite easily today using a public cloud service.

“Back in the ’90s, that would have required a heavy-duty computation, but today it takes about seven hours on Amazon EC2 and costs about $100,” Felten wrote.

Companies are moving fast to fix the issue. Akamai, a content delivery network that supports a high number of websites, said it has distributed a fix for its network.

However, some clients may still be vulnerable, wrote Bill Brenner of Akamai.

“We can’t fix those clients, but we can avoid the problem by disabling export ciphers,” he wrote. “Because this is a client side issue, we’ve reached out to our customers and are working with them to make this change.”

The vulnerability was discovered by Karthikeyan Bhargavan of INRIA, a French science and technology research institute, and by Microsoft Research. A technical paper describing FREAK is due to be presented at the IEEE’s Security and Privacy conference in San Jose, California, in May.

Massive breach at health care company Anthem Inc.

Massive breach at health care company Anthem Inc.

Elizabeth Weise, USATODAY
AP EARNS ANTHEM F FILE USA IN

SAN FRANCISCO – As many as 80 million customers of the nation’s second-largest health insurance company, Anthem Inc., have had their account information stolen, the company said in a statement.

“Anthem was the target of a very sophisticated external cyber attack,” Anthem president and CEO Joseph Swedish said in astatement posted on a website the company created for information about the incident.

The hackers gained access to Anthem’s computer system and got information including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data, Swedish said.

The affected database had records for approximately 80 million people in it, “but we are still investigating to determine how many were impacted. At this point we believe it was tens of millions,” said Cindy Wakefield, an Anthem spokeswoman.

That would make it “the largest health care breach to date,” said Vitor De Souza, a spokesman for Mandiant, the computer security company Anthem has hired to evaluate its systems.

Because no actual medical information appears to have been stolen, the breach would not come under HIPAA rules, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information.

No credit card information was obtained, the company said in a statement e-mailed to USA TODAY.

The hackers were probably not interested in medical information about Anthem’s customers, said Tim Eades, CEO of computer security firm vArmour in Mountain View, Calif.

“The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday and broke it,” he said.

Both current and former customers were hit, Swedish said.

Anthem has established a website, www.anthemfacts.com, where members can access information about the breach. There is also a toll-free number for current and former members to call, 877-263-7995.

“Anthem’s own associates’ personal information — including my own — was accessed during this security breach. We join in your concern and frustration and I assure you that we are working around the clock to do everything we can to further secure your data,” Swedish said.

Anthem discovered the breach itself last week. “That is very good news, as two-thirds of the time when we respond, the victim was notified by someone else,” said Vitor De Souza, spokesman for FireEye, which owns Mandiant.

Anthem has contacted the FBI and is working with Mandiant, Swedish said.

“The FBI is aware of the Anthem intrusion and is investigating the matter,” said FBI spokesman Joshua Campbell.

“Anthem’s initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances. Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible,” he said.

Customers whose information has been stolen should report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center atwww.ic3.gov, Campbell said.

“The Anthem insurance company breach is another in a long line of breaches that continue to have a deep and disheartening effect on consumer behavior and the smooth flow of commerce both here at home and worldwide,” said Rep. Bennie Thompson, D-Miss., ranking member of the Committee on Homeland Security.

Anthem Inc. was previously known as WellPoint Inc. It was formed when Anthem Insurance Company bought WellPoint Health Networks in 2004.

Anthem has customers in 14 states.

North Korea Says US Govt Behind Making ‘The Interview’, Threaten To Blow Up WH and Pentagon

North Korea Says US Govt Behind Making ‘The Interview’, Threaten To Blow Up WH and Pentagon

North Korea The Interview Sony movie

North Korean officials released a statement on Sunday claiming that the American government not only conceived the idea for the film The Interview, but was also behind its production.

The statement, which was released by the Korean Central News Agency, also threatened action against the White House and the Pentagon, as well as the U.S. homeland, in reaction to reported speculation that President Obama may retaliate for the Sony cyber attack.

A translation of the statement by CNN partially read:

The DPKR has clear evidence that the U.S. administration was deeply involved in the making of such dishonest and reactionary movie…

Nothing is more serious miscalculation than guessing that just a single movie production company is the target of this counteraction…

Our target is all the citadels of the U.S. imperialists who earned the bitterest grudge of all Koreans…

The army and people of the DPKR are fully ready to stand in confrontation with the U.S. in all war spaces including cyber warfare space to blow up those citadels…

Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the ‘symmetric counteraction’ declared by Obama…

The Interview was scheduled to open nationwide on Christmas Day, but Sony canceled its release after terroristic threats were made against theaters ready to show the film.

The KCNA statement reportedly went on to state that U.S. government officials “went the lengths of urging the movie makers to keep all scenes insulting the dignity of the North Korean supreme leadership in the movie, saying it is needed to ‘vex the North Korean government.’”

The White House promised to respond to the menacing message.

“We will respond; we will respond proportionally, and we will respond in a place and time that we choose,” President Obama said in a statement Friday, after the FBI blamed the attack on North Korea.

 

Sony exec fires back at President Obama “We Have Not Caved”

Sony exec fires back at President Obama “We Have Not Caved”

By Frank Pallotta   @frankpallotta, NEW YORK (CNNMoney)

Sony Entertainment CEO Michael Lynton, denying that the studio had “caved” by scrapping next week’s opening of “The Interview,” fired back Friday after President Obama said the studio had “made a mistake.”

In an interview with CNN’s Fareed Zakaria, Lynton also reopened the door to a future release of the controversial comedy, saying the company is considering some sort of release on the Internet.

Sony followed up on Lynton’s remarks with a statement that read, in part, “It is still our hope that anyone who wants to see this movie will get the opportunity to do so.”

The company declined to comment on whether any distributors have agreed to help the company with that.

In his CNN interview, Lynton said “the president, the press and the public are mistaken” about what actually led to Sony’s decision to shelve the “The Interview.”

“We do not own movie theaters,” Lynton said. “We cannot determine whether or not a movie will be played in movie theaters.” (Watch the entire interview on “Fareed Zakaria GPS” Sunday at 10 am or 1 pm.)

Lynton said he would be “fibbing” to say he “wasn’t disappointed” in Obama’s remarks.

“I don’t know exactly whether he understands the sequence of events that led up to the movie not being shown in the movie theaters,” Lynton said. “Therefore I would disagree with the notion that it was a mistake.”

Lynton’s response came just hours after a White House press conference where Obama criticized Sony’s decision.

Obama: Sony made a 'mistake'

Obama: Sony made a ‘mistake’

The president said that pulling the film could set a dangerous precedent.

“We cannot have a society in which some dictators someplace can start imposing censorship here in the United States,” Obama said. “Imagine what they start doing once they see a documentary that they don’t like or news reports that they don’t like.”

The press conference came after the FBI confirmed Friday that North Korea was behind last month’s cyberattack that caused a devastating breach of Sony’s data.

Earlier this week, Sony canceled the film’s Christmas Day release after major movie chains pulled out one day after a threat by the hackers invoking September 11th. The hackers then sent a message to Sony executives saying they had made a “very wise” decision not to show the movie.

In Friday’s CNN interview, Lynton went on to say that Sony had not “caved” to the hackers.

“We have not given in. And we have not backed down. We have always had every desire to have the American public see this movie,” Lynton said.

Since the cancellation on Wednesday, many have speculated that Sony could release the film online. The company owns an online video site called Crackle, though it is only ad-supported and does not have the capability to charge subscriptions, an option Sony almost certainly wants so that it can recoup some of the costs of the movie.

Lynton told CNN that Sony had “a number of options open to us and we have considered those and are considering them.”

But he also said that no “major video on demand distributor” has been “willing to distribute” the film. “We don’t have that direct interface with the American public, so we need to go through an intermediary to do that.”

Lynton’s comments were the first public confirmation that Sony had, indeed, pursued a digital release.

Sony’s statement later on Friday said that after the theaters rejected the film, “we immediately began actively surveying alternatives to enable us to release the movie on a different platform.”

“It is still our hope that anyone who wants to see this movie will get the opportunity to do so,” the statement said.

Netflix, one obvious possibility, declined to comment on any talks with Sony on Friday afternoon.

Other potential distributors did not immediately respond to requests for comment.

Staples: Personal details of 1.2 million customers exposed in data breach

Staples: Personal details of 1.2 million customers exposed in data breach

The State Column

Staples: Personal details of 1.2 million customers exposed in data breach
The retailer announced it was looking into a potential breach of credit card data back in October.

About 1.2 million customers of Staples may have had their payment cards exposed to a data security breach earlier this year, the company said.

In October, the retailer announced it was looking into a potential breach of credit card data, the latest incident of cyberattackers accessing customer information, according to an Associated Press report.

Staples said its investigation revealed that criminals used malware to access transactions at 115 of its 1,400 U.S. stores, getting details such as names, card numbers, expiration dates, and verification codes that could be used to make fraudulent purchases.

Customers who at risk will receive free identity protection services from the company, including credit monitoring and identity theft insurance.

Staples said it was “committed” to protecting customer data and that it was sorry for any inconvenience caused, and it would take steps to improve security at its point-of-sale systems, including new methods of encryption.

Staples said that affected customers won’t be held responsible for any fraudulent charges.

Shares of Staples have been up more than 40 percent since news of the breach in October surfaced, according to Fortune.com.

Cyber security has been a volatile issue in recent months, especially with the hack of Sony Pictures Entertainment, which led to the release of many embarrassing emails and ultimately the cancellation of the film “The Interview” over threats of violence against theaters that would show it due to its depiction of North Korea’s leader, Kim Jong-Un, getting assassinated.

Target, Home Depot, and Kmart have also been the victim of hack attacks affecting millions of customers. JPMorgan Chase revealed in October that hackers had accessed the contact information of 76 million households and 7 million small businesses.

CNN: Hackers Sent Message to Sony Thanking Them for Cowering to Their Demands

CNN: Hackers Sent Message to Sony Thanking Them for Cowering to Their Demands

BY:

CNN media correspondent Brian Stelter reported Friday that the group behind the Sony e-mail hack sent a message to Sony Pictures thanking them for cowering to their demands to pull The Interviewfrom theaters.

“It’s very wise that you have made a decision to cancel the release of the interview. it will be very useful for you,” the e-mail to Sony executives read. “We ensure the security of your data unless you make additional trouble.”

Stelter said the group claimed to still be in possession of “private and sensitive data.”

“That is an intent of terrorism, right? To instill fear,” Stelter said. “And certainly fear was instilled this week.”

N. Korea pitches collaboration with U.S. on Sony cyberattack

N. Korea pitches collaboration with U.S. on Sony cyberattack

By Holly Yan and Kyung Lah, CNN

STORY HIGHLIGHTS

  • North Korea warns of “serious consequences” if the U.S. keeps tying it to the attack
  • “We will not tolerate the people who are willing to insult our supreme leader,” it says
  • “But even when we retaliate, we will not conduct terror against innocent moviegoers”
  • Sony Pictures canceled the release of “The Interview” after a cyberattack blamed on North Korea

(CNN) — North Korea slammed U.S. claims that the regime is responsible for a cyberattack on Sony Pictures — and then proposed the two countries work together.

“Whoever is going to frame our country for a crime should present concrete evidence,” the state-run Korean Central News Agency reported Saturday.


RELATED:  The US May Be Behind The Sonly Hacking Attack


“America’s childish investigation result and its attempt to frame us for this crime shows their hostile tendency towards us.”

But in a rare move, the North Korean regime said both countries should work together.

“While America has been criticized by its own public and continues to point the finger at us, we suggest mutual investigation with America on this case,” KCNA said.

“If America refuses our proposal of mutual investigation, continues to link us to this case, and talk about actions in response, they (America) will be met with serious consequences.”

FBI pinpoints North Korea

The FBI announced Monday North Korea is responsible for the cyberattack on Sony Pictures. An FBI investigation linked the malware, infrastructure and techniques used by a group of hackers called “Guardians of Peace” in the Sony attack to previous North Korean cyberattacks.

The hackers broke into Sony’s servers, published private emails and information, and threatened to attack movie theaters screening “The Interview,” a comedy film about an assassination plot on North Korean leader Kim Jong Un.

“I am sympathetic to the concerns that they face,” Obama said Friday. “Having said all that, yes, I think they made a mistake. Let’s not get into that way of doing business.”

North Korea rejected the notion that it would attack “innocent moviegoers.”

“We will not tolerate the people who are willing to insult our supreme leader, but even when we retaliate, we will not conduct terror against innocent moviegoers,” KCNA said.

“The retaliation will target the ones who are responsible and the originators of the insults. Our army has the intention and ability to do (so).”

He said the decision to pull back from the planned December 25 release was based on major movie theater companies telling Sony that they would not screen the film.

“We have not caved. We have not given in,” Lynton said. “We have persevered, and we have not backed down. We have always had the desire to have the American public see this movie.”

And despite enduring what he called “the worst cyberattack in American history,” Lynton said his studios would make the movie again. But in retrospect, he may have “done some things slightly differently.”

FBI warns U.S. companies of malware after Sony attack

FBI warns U.S. companies of malware after Sony attack

Screenshot from a hacked Sony computer shows a message from the unknown cyber attackers, which call themselves GOP, or Guardians of Peace.

WASHINGTON — The FBI sent an alert to U.S. businesses on Monday warning them of malicious software just days after a cyber attack against Sony Pictures brought the company’s computers down, sources tell CBS News.

The five-page FBI alert provides technical details about the software, noting the bug is capable of erasing hard drives and crashing networks, reports CBS News correspondent Bob Orr. The bulletin does not specifically mention Sony Pictures, but the warning appears to describe the type of cyber weapon used in the recent attack on Sony’s computers.

The FBI says it “routinely advises private industry of various cyber threat indicators observed during… investigations.” According to the agency, data is provided to corporations to “help systems administrators guard against the actions of persistent cyber criminals.”

Last week, cyber-attackers identifying themselves as “Guardians of Peace” hacked into — and brought down — Sony Pictures’ computer system. Four unreleased Sony films were leaked to the web, plus an illegal copy of “Fury,” a Brad Pitt movie which is still in theaters.

On Monday, a senior editor for the cable channel Fusion said he received a spreadsheet from an anonymous e-mailer containing the salaries of more than 6,000 Sony Pictures employees, including the company’s top executives.

The cyber attack came with the release of another Sony film looming on the horizon.

“The Interview” — in which TV journalists played by Seth Rogen and James Franco are recruited to assassinate North Korean leader Kim Jong Un — is set for release on Christmas day.

Tech website Re/code reported Monday that Sony was looking at North Korea as a possible suspect in the attack.

Sony has not yet said publicly who or what might have been behind the attack, but company officials say they’re working with law enforcement in the investigation.

According to Reuters, the FBI alert says the malware overrides data on the hard drives of infected computers, and can be costly if not impossible to fix.