By announcing that US and Chinese ships are in "active combat"
Hackers appear to have infiltrated the Twitter accounts of two news organizations Friday to announce a fictional battle between China and the United States.
Identical tweets posted to the feeds of the New York Post and news agency United Press International about “active combat” between U.S. and Chinese navy vessels in the South China sea appear to be the work of hackers:
The New York Post announced they had been hacked in a follow-up tweet:
UPI’s Twitter also posted a tweet saying that Pope Francis had declared “World War III has begun,” also presumably the work of hackers.
The U.S. Navy confirmed to the Military Times that the USS George Washington was in port, and not engaged in battle in the South China Sea.
Hacking remains closer to your Facebook and email passwords than you may think
This story was originally published at the Daily Dot.
Online security is increasingly an issue rich for headlines as everyone from movie studios and celebrities to major retailers and CENTCOM find themselves the victims of digital infiltrators. However, “hacking” is also a very technical issue and, like many technical issues, one the media often gets wrong.
So as a citizen of the 21st century, it’s increasingly important to arm yourself with some basic facts about hacking, cybersecurity, and the real threats they pose, as well as those they don’t. With that in mind, here are seven common misconceptions you might have about hacking.
1) Taking down a site is akin to hacking that site
One of the most common headline-grabbing moves by so-called hackers is to take down their site through a DDoS attack. A group calling itself Lizard Squad has been using this method to take down the networks of Playstation and Xbox Live. It’s a common method of protest by the hacker collective Anonymous, which has used it against such varied entities as the Westboro Baptist Church and, most recently, French jihadists.
These are not “hacks,” however, in the traditional sense of the term. A “hacker” is defined by the National Initiative for Cybersecurity as “an unauthorized user who attempts to or gains access to an information system.” Taking down a website or even a server does not take so much effort and certainly doesn’t demand infiltrating the host of the target. All you need is a simple distributed denial of service, or DDoS.
A DDoS is a network of computers all sending data packets towards one server with the goal of overloading said server. Far from many individuals sending data from their computers, however, the most common form of DDoS consists of networks of computers—typically hacked for this purpose without their owners knowing—all being used to flood a particular target.
CEO broke weeks of silence about 'The Interview' hack on Monday+ READ ARTICLE
Sony’s chief executive offered his first public comments about the December cyberattack that exposed his company’s inner workings, and ultimately sabotaged the worldwide premiere of The Interview.
CEO Kazuo Hirai called the attack one of the most “vicious and malicous” hacks in recent history, CNN reports. He broke his silence during a speech at the Consumer Electronics Show in Las Vegas on Monday, adding, “I am very proud of all the employees, and certainly the partners that we work with as well, who stood up against some of the extortionist efforts of the criminals.”
American history is littered with examples of classified information pointing us towards aggression against other countries—think WMDs—only to later learn that the evidence was wrong
When you’re attacked by a missile, you can follow its trajectory back to where it was launched from. When you’re attacked in cyberspace, figuring out who did it is much harder. The reality of international aggression in cyberspace will change how we approach defense.
Many of us in the computer-security field are skeptical of the U.S. government’s claim that it has positively identified North Korea as the perpetrator of the massive Sony hack in November 2014. The FBI’s evidence is circumstantial and not very convincing. The attackers never mentioned the movie that became the centerpiece of the hack until the press did. More likely, the culprits are random hackers who have loved to hate Sony for over a decade, or possibly a disgruntled insider.
On the other hand, most people believe that the FBI would not sound so sure unless it was convinced. And President Obama would not have imposed sanctions against North Korea if he weren’t convinced. This implies that there’s classified evidence as well. A couple of weeks ago, I wrote for the Atlantic, “The NSA has been trying to eavesdrop on North Korea’s government communications since the Korean War, and it’s reasonable to assume that its analysts are in pretty deep. The agency might have intelligence on the planning process for the hack. It might, say, have phone calls discussing the project, weekly PowerPoint status reports, or even Kim Jong Un’s sign-off on the plan. On the other hand, maybe not. I could have written the same thing about Iraq’s weapons-of-mass-destruction program in the run-up to the 2003 invasion of that country, and we all know how wrong the government was about that.”
The NSA is extremely reluctant to reveal its intelligence capabilities — or what it refers to as “sources and methods” — against North Korea simply to convince all of us of its conclusion, because by revealing them, it tips North Korea off to its insecurities. At the same time, we rightly have reason to be skeptical of the government’s unequivocal attribution of the attack without seeing the evidence. Iraq’s mythical weapons of mass destruction is only the most recent example of a major intelligence failure. American history is littered with examples of claimed secret intelligence pointing us toward aggression against other countries, only for us to learn later that the evidence was wrong.
Cyberspace exacerbates this in two ways. First, it is very difficult to attribute attacks in cyberspace. Packets don’t come with return addresses, and you can never be sure that what you think is the originating computer hasn’t itself been hacked. Even worse, it’s hard to tell the difference between attacks carried out by a couple of lone hackers and ones where a nation-state military is responsible. When we do know who did it, it’s usually because a lone hacker admitted it or because there was a months-long forensic investigation.
Second, in cyberspace, it is much easier to attack than to defend. The primary defense we have against military attacks in cyberspace is counterattack and the threat of counterattack that leads to deterrence.
What this all means is that it’s in the U.S.’s best interest to claim omniscient powers of attribution. More than anything else, those in charge want to signal to other countries that they cannot get away with attacking the U.S.: If they try something, we will know. And we will retaliate, swiftly and effectively. This is also why the U.S. has been cagey about whether it caused North Korea’s Internet outage in late December.
It can be an effective bluff, but only if you get away with it. Otherwise, you lose credibility. The FBI is already starting to equivocate, saying others might have been involved in the attack, possibly hired by North Korea. If the real attackers surface and can demonstrate that they acted independently, it will be obvious that the FBI and NSA were overconfident in their attribution. Already, the FBI has lost significant credibility.
The only way out of this, with respect to the Sony hack and any other incident of cyber-aggression in which we’re expected to support retaliatory action, is for the government to be much more forthcoming about its evidence. The secrecy of the NSA’s sources and methods is going to have to take a backseat to the public’s right to know. And in cyberspace, we’re going to have to accept the uncomfortable fact that there’s a lot we don’t know.
Bruce Schneier is a security technologist, a fellow at the Berkman Center for Internet and Society at Harvard Law School and the CTO of Co3 Systems Inc. He blogs at schneier.com and tweets at @schneierblog.
TIME Ideas hosts the world's leading voices, providing commentary and expertise on the most compelling events in news, society, and culture. We welcome outside contributions. To submit a piece, email email@example.com.
Two days after a Christmas hack downed Sony's Playstation and Microsoft's Xbox online networks
Sony’s Playstation network is “gradually coming back online,” the company announced early Saturday, two days after a hacking group claimed responsibility for downing it.
A group known as “Lizard Squad” said they hacked both the Playstation network and Microsoft’s Xbox Live just as new users were launching consoles they received on Christmas. The console’s networks allow users to play games with an online community.
On Friday, the Xbox network was “up and running,” according to NBC News.
"All of us have to adapt to the possibility of cyber attacks"
President Obama said he does not believe the Sony hack is an act of war, defending his position that Sony made a mistake in pulling The Interview.
“I don’t think [the hack] was an act of war. I think it was an act of cyber vandalism that was very costly, very expensive. We take it very seriously,” Obama said during CNN’s State of the Union, which aired Sunday.
Obama said in an earlier press conference Friday that he wished Sony Pictures, which suffered a devastating hack last month, had consulted him before deciding to cancel the film’s slated release. The fictional comedy starring Seth Rogen and James Franco is about an assassination attempt on North Korean dictator Kim Jong-un. Terror threats surfaced last week targeting theaters who planned to screen the movie.
Sony Entertainment CEO Michael Lynton appeared on CNN shortly after Obama’s Friday statement, and said that Obama and the public “are mistaken as to what actually happened.” Lynton said that The Interview was pulled because many major theater chains decided not to show the film.
In Sunday’s interview, Obama reinforced his sympathy for Sony’s cancellation of the film for practical reasons, but stressed again that Sony had nonetheless set a precedence for self-censorship in several sectors.
“What happens if in fact there’s a breach in CNN‘s cyberspace?” Obama said during the broadcast. “Are we going to suddenly say, ‘Well, we better not report on North Korea?’ So the key here is not to suggest that Sony was a bad actor. It’s making a broader point that all of us have to adapt to the possibility of cyber attacks.”
"We have not given up," Michael Lynton said after his studio cancelled the movie under pressure+ READ ARTICLE
Sony Pictures Entertainment CEO Michael Lynton defended his company’s decision to cancel the release of The Interview on Friday, even as the company refused to rule out releasing the movie in other ways.
Lynton said Sony’s decision was prompted by movie theaters opting not to show the film after hackers, who U.S. officials believe are linked to North Korea and who have wreaked havoc on the studio by disclosing emails and other company information, threatened 9/11-style attacks. Moments earlier, President Barack Obama had called the move to cancel the Christmas Day release a “mistake.”
“The unfortunate part is in this instance the President, the press, and the public are mistaken as to what actually happened,” Lynton said on CNN. “When it came to the crucial moment… the movie theaters came to us one by one over the course of a very short period of time. We were completely surprised by it.”
Sony said in a statement later Friday that its decision was only about the Christmas Day release.
“After that decision, we immediately began actively surveying alternatives to enable us to release the movie on a different platform,” the studio said. “It is still our hope that anyone who wants to see this movie will get the opportunity to do so.”
Obama told reporters he wished Sony had reached out to him before canceling the film’s Christmas day release. It depicts a fictional assassination attempt against North Korean leader Kim Jong Un.
“We cannot have a society where some dictator someplace can start imposing censorship here in the United States,” he said. “Imagine if producers and distributors and others start engaging in self-censorship because they don’t want to offend the sensibilities of someone who’s sensibilities probably need to be offended.”
Lynton denied the studio had given into the hackers’ threats.
“We have not caved. We have not given up,” he said. “We have always had every desire to have the American public see this movie.”
Norton anti-virus technology is now available in stretch denim
A wearable tech firm has joined forces with Norton to develop a new pair of jeans that prevent “digital pickpockets” from scanning your credit cards and passports as you walk by.
The pockets in Betabrand’s “Ready Active Jeans” are lined with a specially designed fabric that blocks RFID (radio-frequency identification) signals, which are used in a growing number of credit cards and passports to enable secure wireless scanning. Betabrand, however, says identity thieves armed with handheld scanners have exploited the technology in upwards of 10 million heists a year.
“That’s why we partnered with with global information-protection authority Norton to create the world’s first RFID-blocking jeans,” Betabrand wrote in an announcement of the new jeans.
The jeans are currently selling for $151, and can be purchased with a matching, RFID-repellant blazer. Machine wash cold.
It's not sexy, but it shows how bad things really are
The hacking of vast amounts of internal Sony data continues to generate headlines. On Dec. 8, the aliases of nearly a dozen Hollywood celebrities were leaked. That is in addition to unreleased films, employee salaries, scripts, and other sensitive documents spilling out online. The hackers responsible are reportedly making increasingly threatening demands on the company.
The episode is likely to continue given the sheer volume of data obtained. And that may be the most significant aspect of the leak itself. According to security expert Brian Krebs, the scope of the breach is enormous:
According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. What’s more, it’s beginning to look like the attackers may have destroyed data on an unknown number of internal Sony systems. Several files being traded on torrent networks seen by this author include a global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals.
To get a sense of the size, consider this filetree posted by Krebs, included in the leaked data. It’s not juicy like a celebrity’s secret code name or the musing of Sony employees about Adam Sandler’s career. But this mere skeleton of some of the information stolen is shocking in its scope.