As North Korean internet suffered massive outage yesterday, it is difficult not to wonder whether this is the ‘proportional response’ President Obama warned about. While, massive DDoS of DPKR’s network seems almost too blunt instrument, considering sophisticated capabilities of targeted operations available to NSA, it would be appropriate as a “warning shot” – showing how easily (in matter of less than week) whole Korean internet infrastructure can be disabled. It has to be noted though that officially American administration ruled out possibility of demonstration strike. Regarding if North Korea is really source of the attacks, jury is still out. According to FBI, evidence strongly backs this theory, however some researchers, including Bruce Schneier, remains unconvinced. Those opinions however, often does not fully embrace the fact that FBI press release may purposefully present very general overview of evidence gathered, in order to not give heads up to actual attacker.
Until more informations will be available two issues may already discussed – to some degree who could be responsible for Korea’s internet outage and whether it is proper to engage in cyberwar over attack on corporation.
Regarding first question, recent write-up about state of DPKR‘s internet access and hosts identified reveals interesting state of DPRK’s network and perhaps potential attractive targeted attack for hackers. Legal status of such activities also remains in grey area – it is hard to judge whether authorities would decide to prosecute someone trying to breach into North Korean network, even if strictly speaking most provisions included in criminal codes does not differentiate between targets of breach. Also given possibility that Sony attacks originated from Korea, countries might not want to have leading back to them. Revealed IP address include even login page for Cisco router (http://220.127.116.11/) – possibly tempting target for anyone curious. However, scale of the outage suggests rather organised effort and no hacker group yet claimed responsibility. Interesting theory involves China intervention – perhaps escalation of affairs caused its involvement in order to prevent further embarrassment.
Unfortunately, due to approaching finals lack of time is killing, so instead of full blown post, I’d like to present ‘bits of news’ that in my opinion are worth checking out:
Whistleblower Daniel Ellsber answers questions on reddit – this just came in as I started to write this post, and even though it’s not really an information piece it is a must for anyone interested in privacy / government transparency. For those of you how are unfamiliar wit Mr Ellsber – he was the man who in 1971 released so called ‘Pentagon Papers’ which revealed that US administration knew that Vietnam war is unwinnable yet did not informed public opinion about it and continued with military operations.
Mozilla asks user to audit code of Firefox in order to prevent surveillance – it is well known that open-source software is one of many requirements for users who would like to keep their privacy. Ability to check the code and prevent installation of backdoors is, as cooperations between NSA and various software and hardware producers became known, invaluable. Mozilla is quite known now for their privacy oriented business strategy – let’s just mention project lightbeam.
European Union opens consultation program regarding changes in copyright laws (here interactive online version) – it seems that European legal authorities become aware of massive problems arising from current state of copyright laws which are related to all sort of problems – from instrumental use of public prosecutors in war on piracy to limited access to literary works even if author is already deceased. What will be actual result of this action is yet to be known, however it’s definitely move in good direction.
Target’s data theft affects 70 millions customers – as expected story of massive data breach at American retail network unwinds. Furthermore as it turns out, Target wasn’t the only affected retailer. Neiman Marcus and maybe three others companies were also attacked, timing of the attack correlating with that of Target’s – totaling to over 100 millions possibly affected customers. Also details regarding method of the POS attack are slowly getting to light. Apparently malware used for attacks is modified version of BlackPOS – popular and available for sale designed to be installed on POS devices. As reported by Krebs on Security after installing malware attackers gained persistent access to network by logging to remote server. Analysis by McAfee labs suggests involvement of known among cybercrimes forums user ‘Rescator’. According to Seculert malware downloaded 11 GBs of data in over two weeks of its activity. Stolen data were then uploaded to FTP servers.
President Obama announces curbing NSA spying program – as planned earlier today Barack Obama made a public appearance regarding sweeping data collection programs. Unfortunately, nothing more than expected promises of limiting scope of surveillance resulted form the speech. Whether any changes towards civil liberties will happen, or just programs will be better concealed is yet to be seen (hopefully).
I hope that my timetable will allow to soon come back to ‘normal’ form of the posts. In the meantime wish me luck, and keep following lawsec.net!