Sony hacking signals emerging threat

The hacking of Sony Pictures Entertainment points to a type of attack security experts have long dreaded: One that uses the sophistication of a foreign government to destroy systems rather than just steal data.

There have been a handful of such incidents around the world and they are likely to grow more common, either to further a political agenda or hide evidence of theft or espionage, said Michael Chertoff, former secretary of the US Homeland Security Department.

“Either for political or economic reasons, at some point sophisticated actors are going to be more willing to use destructive malware,” Chertoff, co-founder and executive chairman of The Chertoff Group, a global security consultancy based in Washington, said in an interview.

The attack at Sony Corp’s entertainment unit, announced on November 25, crippled computer systems and gave the perpetrators access to confidential employee information including executive salaries. It also put unreleased films including “Annie”, set for theatres on December 19, on file-sharing sites.

The breach occurred a month before Sony’s scheduled release of “The Interview”, a comedy about a CIA plot to kill North Korea’s leader.

The attack used a so-called wiper virus that erases data and can bring down networks with thousands of computers and prevent companies from being able to conduct business.

Attacks using malware that cripple computers is one of the top concerns cited by National Security Agency Director Michael Rogers and other senior Obama administration officials, while Mountain View, California-based cybersecurity company SentinelOne predicts in a new report that such attacks will shut down power grids and other critical computers in 2015.

Cyber Weapons

The Sony attack demonstrates that not only critical infrastructure is at risk, Chertoff said. “The potential for cyber weapons to be deployed continues to increase,” he said.

Most US companies confront an unfair fight when it comes to defending against malicious software that can cause physical damage, especially if the hackers are well-resourced foreign governments or their hired guns using powerful attack tools, he said.

Cybersecurity companies say they are bracing for more destructive attacks in the months ahead.

“If attacks like those against Sony continue against other US companies, 2015 will be a year of disrupted services,” said Ron Gula, chief executive officer for Tenable Network Security Inc., based in Columbia, Maryland.

Pure Destruction

“Most US-based companies have been preparing to avoid an embarrassing and financially damaging loss of sensitive data,” Gula said in an e-mail. “They are not prepared for pure destruction of data.”

Sony investigators have found malware that contained Korean language code and have linked the attack to a group associated with North Korea known as DarkSeoul, a person familiar with the investigation said.

That group wiped out the computers of South Korean banks and broadcasters in March 2013.

Prior to the Sony attack, destructive malware had been used in attacks inside the US, said a law enforcement official knowledgeable about ongoing investigations.

Destructive malware has more often been found in private networks than in critical infrastructure in the US, the official said. When asked if the malware could cause damage similar in scope to a 2012 attack on Saudi Aramco that crippled 30 000 computers, the official said it’s possible.

The official declined to cite any specific examples and cautioned that weaponised malware hasn’t been seen on a wide scale inside the US.

FBI Alert

The FBI sent a five-page alert to US companies about destructive malware on December 1. The malware, designed by unknown operators, has the ability to overwrite data files, including what’s called the master boot record, making computers unusable, the FBI said.

“The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods,” according to the alert. It mentioned the malware uses Korean language but didn’t link it directly to the Sony attack.

US Response

Trends point to less-sophisticated nations and groups increasingly using cyber-warfare and digital espionage tactics that traditionally have only been used by sophisticated foreign governments, said Ryan Sherstobitoff, principal research analyst for McAfee Inc’s labs.

“You could call it sore-loser espionage.” Sherstobitoff said in an e-mail.

“The emphasis is on spying on your political adversaries or business competitors, avoiding detection to sustain long-term espionage campaigns, identifying and stealing relevant information, and trying to wipe out entire systems if these campaigns are detected.”

Hackers from the Chinese, Russian and Iranian governments have gained access to vital US computers and could launch destructive attacks that include shutting down power grids, Representative Mike Rogers, a Michigan Republican and chairman of the House intelligence committee, said during a November 20 hearing.

The Defence Department created the US Cyber Command in 2010 with teams of specialists.

“These forces are also capable, if properly requested from another US agency with the authority, to assist private companies with cyber security,” according to an e-mail from the command.

US Role

A decision to deploy the teams to help private companies would have to be made by the president or defence secretary.

However, exactly what role the US government will play and how far it will go in helping private companies deal with hacking attacks continues to be a matter of debate, said Chertoff, the former Homeland Security secretary.

He doubted the government would intervene directly to protect a private company like Sony from a cyber-attack. Companies also are hesitant to allow the government access to their computers due to privacy and other concerns, he said.

“It’s hard to see the government taking a step to actively intervene with respect to a private company,” he said. Instead, agencies can help share information about cyber threats, as well as help investigate and prosecute the attackers, Chertoff said.

To be sure, destructive attacks are by far still the exception, as most hackers are driven by profit motives, said Trey Ford, global security strategist for Boston-based software security company Rapid7 LLC.

The Sony attack should cause companies to take “a hard look” at their disaster recover plans, Ford said in an e-mail. “Few organisations were thinking about this last week — many more are right now,” he said. — Bloomberg.

 

facebookShare on Facebook
TwitterPost on X
FollowFollow us
PinterestSave

Related Posts

DeliverED! . . . Zim lands UN Security Council seat . . . President hails diplomatic milestone
DeliverED! . . . Zim lands UN Security Council seat . . . President hails diplomatic milestone

Innocent Madonko and Zvamaida Murwira-Herald Reporters PRESIDENT Mnangagwa has described as a “significant diplomatic milestone”, Zimbabwe’s huge victory which secured the country a non-permanent seat on the United Nations Security…

Continue reading
CAB3 gets overwhelming public support
CAB3 gets overwhelming public support

Nyore Madzianike-Senior Reporter THE Constitutional Amendment No.3 Bill has received overwhelming support with more than 530 000 written submissions to Parliament in its favour, while 2 935 were against it,…

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

×
×