It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Malware believed to hit Sony studio contained a cocktail of badness

page: 1
10

log in

join
share:

posted on Dec, 21 2014 @ 09:26 AM
link   

The highly destructive malware believed to have hit the networks of Sony Pictures Entertainment contained a cocktail of malicious components designed to wreak havoc on infected networks, according to new technical details released by federal officials who work with private sector security professionals.

An advisory published Friday by the US Computer Emergency Readiness Team said the central malware component was a worm that propagated through the Server Message Block protocol running on Microsoft Windows networks. The worm contained brute-force cracking capabilities designed to infect password-protected storage systems. It acted as a "dropper" that then unleashed five components. The advisory, which also provided "indicators of compromise" that can help other companies detect similar attacks, didn't mention Sony by name. Instead, it said only that the potent malware cocktail had targeted a "major entertainment company." The FBI and White House have pinned the attack directly on North Korea, but so far have provided little proof.



Source Link


Link to article with more tech details.

Fairly complex piece of work. One of those addresses appears to be on RoadRunner in NY state.

I have the feeling someone paid for this malware and it's deployment. It might be NK and they just keep saying they didn't create it or do it - maybe they just contracted it out. Might be many others.

Another time of US pointing fingers but never giving any proof. I no longer buy that line.
edit on 12/21/2014 by roadgravel because: Add another link




posted on Dec, 21 2014 @ 09:31 AM
link   
a reply to: roadgravel


Another time of US pointing fingers but never giving any proof. I no longer buy that line.

Did you hear that everyone? This thread is about the virus, not the US blame game.

Carry on.
edit on 21-12-2014 by intrptr because: change



posted on Dec, 21 2014 @ 09:39 AM
link   
a reply to: roadgravel


The worm contained brute-force cracking capabilities designed to infect password-protected storage systems.

Something I was wondering about…

During the recent DDOs attack lots of websites were under attack. Were there any other websites hacked and infected with this particular virus or was it just Sony?

Was this a known virus?



posted on Dec, 21 2014 @ 09:46 AM
link   
Kind of like keeping your eye on the pea .

The tools to hack the company are well known and in the public domain. The company, Sony, had lousy internal network security and had been hacked before. The hackers probably had some inside knowledge. They used servers in Bolivia, China and South Korea to infiltrate. There is zero public evidence in the known that the hack was state sponsored.

But the U.S. is claiming that the event is a "national security matter". Who's national security? Japan's? Canada's? Why? A private Japanese entertainment(!) company left the doors open and had some equipment vandalized and some of its private property stolen. Why, again, is that of U.S. "national interest"? Why would the U.S. even consider some "proportional response"?

The White House is anonymously accusing the state of North Korea of having done the hack. It provides no evidence to support that claim and the government of North Korea denied any involvement. The FBI and Sony say they have no evidence for such a claim.

Still the New York Times editors eat it all up:

North Korean hackers, seeking revenge for the movie, stole millions of documents, including emails, health records and financial information that they dished out to the world.
www.informationclearinghouse.info...



posted on Dec, 21 2014 @ 09:49 AM
link   

We also found the attackers were using the Korean language in the systems they used to compile some of the pieces of malware we have found."


That's an interesting bit of info if correct. But that could also be planted as a diversion.



posted on Dec, 21 2014 @ 09:53 AM
link   

Sophos added protection against the wiper's dropper late on December 3. In the company's analysis of the dropper, designated as "Troj/Destover-C," researchers found calls to a number of additional Japanese IP addresses during installation.


Link to Troj/Destover-C at Sophos.

Protection available since: 03 Dec 2014 21:39:48 (GMT)
Type: Trojan
Last Updated: 20 Dec 2014 21:07:36 (GMT)

Looks new. Maybe Sony has been the initial target.



posted on Dec, 21 2014 @ 10:03 AM
link   
a reply to: the2ofusr1

Thanks for that "pea". I didn't have to get into any of the fur balls associated with this, any dogma or agenda, just read that bit of truth after all the smoke about it.



posted on Dec, 21 2014 @ 10:03 AM
link   
a reply to: roadgravel NK says it wasn't them but then says that it will get worse and that this was just the beginning. The say that the 'citadels' of the evil US will be attacked. If it wasn't them, how would they know this?

They claim that this movie was secretly supported by the US government and they are out to get even but they didn't do anything. They are worried about their image, I think.

Sub-title the movie in as many languages as possible and put it on the net. Use super viruses to plant it in the NK server[s] and overwrite all NK propaganda movie files without removing the titles. Broadcast the movie on all NK TV channels 24/7 for a month or so. Be sure to provide DVD's to the South Koreans as these things have a way of slipping over the border. Mail copies to all NK leaders to show them that it was merely a comedy about people with no sense of humor and a delusional leader with a deity complex.



posted on Dec, 21 2014 @ 10:12 AM
link   
a reply to: pteridine



NK says it wasn't them but then says that it will get worse and that this was just the beginning. The say that the 'citadels' of the evil US will be attacked. If it wasn't them, how would they know this?


That might support the 'hired contractor' theory, using the word game that we didn't actually do it. Much like the head guy always pays someone else to wack a person so their hands are 'clean'.



posted on Dec, 21 2014 @ 10:18 AM
link   

The inside knowledge of Sony Pictures' network infers that attackers either had inside help, or had a long-running penetration of Sony's network.

Sean Sullivan, security advisor at F-Secure, said, "My bet is on a “watering hole attack” (or perhaps spear phishing) rather than an inside job."

He also said that while North Korea's involvement "seems implausible," it's still a possibility, as "we now live in 'interesting times.'"



posted on Dec, 21 2014 @ 10:25 AM
link   
a reply to: roadgravel
I had similar thoughts about contracting it out to the Chinese or Russian military. They would do it for the price of NK taking the blame as a test run to see what their worm could really do. Russia has a grudge because Putin is holding the reins while Russia crumbles. NK wants to be seen as a serious player.

Many of our online systems may be isolated in the future as closed systems where a saboteur would have to physically access the server to insert malware or activate sleeper programs. This would be a return to the world before the internet for power plants, refineries, dams, transportation systems, and such.



posted on Dec, 21 2014 @ 10:31 AM
link   
a reply to: pteridine

I am leaning toward the theory of someone wanting it to look like NK and using contracted deployment. The basic tools have been around a long time and can be rewritten or modified and recompiled to give a different looks to the source. That would make it difficult to pin the source down.



posted on Dec, 21 2014 @ 10:52 AM
link   
a reply to: roadgravel Possibly, Fearless Leader was made aware of the movie and then offered a free, face saving cyber attack. The only motive would be to be able to blame NK for all future attacks. Seems plausible.

Is the US pretending to fall for this and spreading disinformation? It would be interesting to be in the President's briefing about this.



posted on Dec, 21 2014 @ 11:04 AM
link   
Given sony's lack of a decent security policy it seems like it wouldn't be hard for anyone to get inside as all you probably need is a bored janitor and a network point thats live and in a few days you'll probably have half the system open to abuse



posted on Dec, 21 2014 @ 11:10 AM
link   
a reply to: pteridine

Notice how the NSA, despite their obvious capabilities and broad access to data, is never mentioned in these situations. I usually believe much more is known then ever mentioned. If not, what an enormous waste of funds.



posted on Dec, 21 2014 @ 12:24 PM
link   

originally posted by: roadgravel

We also found the attackers were using the Korean language in the systems they used to compile some of the pieces of malware we have found."


That's an interesting bit of info if correct. But that could also be planted as a diversion.

And, as far as I know, it's the same language used in South Korea.



posted on Dec, 21 2014 @ 12:37 PM
link   

originally posted by: Maxatoria
Given sony's lack of a decent security policy it seems like it wouldn't be hard for anyone to get inside as all you probably need is a bored janitor and a network point thats live and in a few days you'll probably have half the system open to abuse


I don't get this. Sony had a lack of a decent security policy? You would have thought that a person like Philip Reitinger would have put into place some pretty high-powered security before he left.

From a post I made yesterday:


Another interesting tidbit. May be worthy, may not be. But, ATSers can file it away in the margins of our minds while we peel back the layers of this fishy mess. Sony earlier this year lost its top security expert, Philip Reitinger, who was previously with the Department of Homeland Security. He quit to launch his own company, Vision Spear LLC. He also used to work for Microsoft. Hmmmm.... Let me add that he also worked for the Department of Defense's Cyber Crime Center and the Department of Justice according to this article.



posted on Dec, 21 2014 @ 12:52 PM
link   
Not a lot that can be done if people visit a malicious site sent to them in an email.



posted on Dec, 21 2014 @ 01:17 PM
link   
a reply to: roadgravel

Clearly, some outfit had a total mean-on for Sony. Let's first wonder who doesn't like Sony? Yes, NK certainly has a good reason for disliking that movie, but did this whole package of Sony-slaying malware suddenly blossom overnight by executive order from the little, round boy? What a waste of cyber resources to attack Sony so completely for a film. Maybe the attack in some portion is intended for Japan, the parent of Sony?

Is there any other government or group of individuals that wanted to destroy the company for other reasons? Sony is relatively new to Hollywood. Is there any animosity in that community that could have the resources or help to do the multiple hatchet-job hacks (no pun intended!) on Sony with a vengeance?
edit on 21-12-2014 by Aliensun because: (no reason given)



posted on Jan, 3 2015 @ 10:21 AM
link   
December 21, 2014 — Marc Rogers' Why I *still* dont think it’s likely that North Korea hacked Sony.


I am no fan of the North Korean regime. However I believe that calling out a foreign nation over a cybercrime of this magnitude – something serious enough to go to war over – should not be taken lightly. The evidence used to attribute a nation state in such a case should be solid enough that it would be both admissible and effective in a court of law. As it stands, I do not believe we are anywhere close to meeting that standard.


Ethics, truth, reality - lost in the 21th century




top topics



 
10

log in

join