Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/19/2014
05:00 PM
50%
50%

Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack

President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.

In remarks to the media, U.S. President Barack Obama today promised that the United States would respond to the cyber-attack against Sony Pictures "proportionately," but did not detail what that response would be.

The FBI officially named North Korea today as the culprit behind the attack.

"We will respond," Obama says. "We will respond proportionately and we'll respond in a place and time and manner that we choose. It is not something that I will announce here today at a press conference. More broadly though, this points to the need for us to work with the international community to start setting up some very clear rules of the road in terms of how the Internet and cyber operates."

He also called upon Congress to work with the White House to pass legislation that facilitates the sharing of cyber-threat information.

"If we don't put in place the kind of architecture that can prevent these attacks from taking place, this is not just going to be affecting movies, this is going to be affecting our entire economy in ways that are extraordinarily significant," he says.

According to the FBI, a technical analysis of the data-deletion malware used in the attack revealed links to other malware the FBI believes was developed by North Koreans. In addition, the FBI noticed what it called a significant overlap between the infrastructure used in the Sony attack and other malicious cyber activity that has been previously linked directly to North Korea. For example, several Internet Protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data-deletion malware used in the attack.

Finally, the tools used in the Sony attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea, according to the FBI. With blame officially placed on the country's government, the question now becomes about how the United States should respond.

"Instead of going on the offensive, I believe the better option is focus on defense," opines Ken Westin, security analyst for Tripwire. "It has become clear that Sony had woefully inadequate security policies and controls in place. Businesses need to start taking some responsibility for implementing better security, not just for their own business, but the impact it has on their community and nation as whole."

Economic sanctions would be the logical retaliatory measure, but in the case of North Korea, there's nothing to sanction, argues Michael Sutton, vice president of security research at Zscaler.

"You can…rest assured that offensive cyber operations are already underway, not so much for retaliation, but for intelligence gathering," Sutton says. "The extent of the [Sony Pictures Entertainment (SPE)] breach took everyone by surprise, the US government included, and there are a number of three-letter agencies that want to know the true capabilities of Unit 121, North Korea’s military unit focused on offensive cyber actions."

"The more likely immediate and overt repercussions from the SPE breach will come from independent groups, not nation states," he continues. "Hacktivists now have a very direct example of the power that they wield. The decision by SPE to pull The Interview from theaters will influence attackers from now on."

According to a report from CNN, investigators have gathered evidence that hackers stole the user credentials of a system administrator to get access to Sony's computer system. U.S. officials also reportedly told CNN that they do not believe the attack on Sony was an inside job, refuting suspicions that had arisen due to Sony's laying off employees in its technology unit earlier this year.

Obama said he is sympathetic to Sony's plight, but feels the corporation made a mistake in caving to the hackers' demands.

"We cannot have a society in which some dictator someplace can start imposing censorship here in the United States," he says, "because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don't like, or news reports they don't like. Or even worse, imagine if producers and distributors and others start engaging in self-censorship because they don't want to offend the sensibilities of somebody whose sensibilities probably need to be offended."

"We'll engage with not just the film industry, but the news industry, the private sector, around these issues," Obama says. "We already have. We will continue to do so. But I think all of us have to anticipate occasionally there are going to be breaches like this. They are going to be costly. They are going to be serious. We take them with the utmost seriousness. But we can't start changing our patterns of behavior anymore then we stop going to a football game because there might be the possibility of a terrorist attack."

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
12/20/2014 | 9:50:26 AM
Sony is just another company that is wide open
Sony is just another company that is wide open and did not secure personal data and other sensitive information. They made an earlier business decision to not secure their databases. And now some politics is involved.

I think that the successful attack at JP Morgan Chase surprised me more. The largest US bank lost personal information of 76 million households and it took several months to detect.

Unfortunately, current security approaches can't tell you what normal looks like in your own systems and the situation is getting worse according to Verizon. Verizon is reporting that this a growing issue. Less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report by Verizon.  

So we need to protect our sensitive data itself with modern data centric security technology. As consumers, we must demand better protection from the companies we do business with.  

Ulf Mattsson, CTO Protegrity
SgS125
50%
50%
SgS125,
User Rank: Ninja
12/22/2014 | 9:49:01 AM
Re: Sony is just another company that is wide open
Why does anyone actually beleive that NK had anything to do with SONY?  What a red herring.

Two weeks after we hear about the US malware efforts, it gets buried by the Sony hack.

Great timing indeed.  Nicely done.

Look over here at this shiny new news article, forget this old tired one.
stevew928
100%
0%
stevew928,
User Rank: Strategist
12/22/2014 | 11:41:20 AM
Re: Sony is just another company that is wide open
Because the govt wants you to believe N. Korea is involved. It helps the sales of weapons to S. Korea.

I think it's pretty obvious the State Dept jumped the shark this time, but the press seems all on-board and the general public doesn't really care about the truth.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:11:55 PM
Go offensive
 

We need to be offensive when it comes to security. Defensive tactics are generally not working. We need to identify where the loopholes are and close them before exploited again. It is really suprising that one compromised admin user can create this mish damage. How did they captured these amount of information that brought whole company down without being noticed. They must have being downloading data for a while in my view. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:14:09 PM
Re: Sony is just another company that is wide open
We should demand better protection as consumers however there is no checks and balances, we do not hear about it until we are already compromised. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:16:25 PM
Re: Sony is just another company that is wide open
There must be real evidence that they do not share with public, you would not expect the president coming out this string if not, I say.
SgS125
50%
50%
SgS125,
User Rank: Ninja
12/22/2014 | 12:19:25 PM
Re: Sony is just another company that is wide open
Right, real eveidence.

You will never see any.

Both sides can use this to advantage.  

NK can say, oooo look how bad we are.  

US can say oooo look how bad they are.

In the meantime we can all forget about the malware that the US was caught sending out.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:37:55 PM
Re: Sony is just another company that is wide open
In my view, there must be some convincing evidence for the president to talk about it. If they did not do it by themselves they must have supported it, or outsourced.
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/22/2014 | 1:28:11 PM
Re: Sony is just another company that is wide open
"Two weeks after we hear about the US malware efforts..."

@stevew928,... I'm sorry, what... did I miss something, what are you talking about, source please.  Thanks.
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/22/2014 | 1:31:29 PM
Re: Go offensive
"They must have being downloading data for a while in my view."

 

@DRT... reportedly over 100 terabyts... yeah, i'd say they were busy for a while.
Page 1 / 2   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...