Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/19/2014
05:00 PM
50%
50%

Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack

President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.

In remarks to the media, U.S. President Barack Obama today promised that the United States would respond to the cyber-attack against Sony Pictures "proportionately," but did not detail what that response would be.

The FBI officially named North Korea today as the culprit behind the attack.

"We will respond," Obama says. "We will respond proportionately and we'll respond in a place and time and manner that we choose. It is not something that I will announce here today at a press conference. More broadly though, this points to the need for us to work with the international community to start setting up some very clear rules of the road in terms of how the Internet and cyber operates."

He also called upon Congress to work with the White House to pass legislation that facilitates the sharing of cyber-threat information.

"If we don't put in place the kind of architecture that can prevent these attacks from taking place, this is not just going to be affecting movies, this is going to be affecting our entire economy in ways that are extraordinarily significant," he says.

According to the FBI, a technical analysis of the data-deletion malware used in the attack revealed links to other malware the FBI believes was developed by North Koreans. In addition, the FBI noticed what it called a significant overlap between the infrastructure used in the Sony attack and other malicious cyber activity that has been previously linked directly to North Korea. For example, several Internet Protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data-deletion malware used in the attack.

Finally, the tools used in the Sony attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea, according to the FBI. With blame officially placed on the country's government, the question now becomes about how the United States should respond.

"Instead of going on the offensive, I believe the better option is focus on defense," opines Ken Westin, security analyst for Tripwire. "It has become clear that Sony had woefully inadequate security policies and controls in place. Businesses need to start taking some responsibility for implementing better security, not just for their own business, but the impact it has on their community and nation as whole."

Economic sanctions would be the logical retaliatory measure, but in the case of North Korea, there's nothing to sanction, argues Michael Sutton, vice president of security research at Zscaler.

"You can…rest assured that offensive cyber operations are already underway, not so much for retaliation, but for intelligence gathering," Sutton says. "The extent of the [Sony Pictures Entertainment (SPE)] breach took everyone by surprise, the US government included, and there are a number of three-letter agencies that want to know the true capabilities of Unit 121, North Korea’s military unit focused on offensive cyber actions."

"The more likely immediate and overt repercussions from the SPE breach will come from independent groups, not nation states," he continues. "Hacktivists now have a very direct example of the power that they wield. The decision by SPE to pull The Interview from theaters will influence attackers from now on."

According to a report from CNN, investigators have gathered evidence that hackers stole the user credentials of a system administrator to get access to Sony's computer system. U.S. officials also reportedly told CNN that they do not believe the attack on Sony was an inside job, refuting suspicions that had arisen due to Sony's laying off employees in its technology unit earlier this year.

Obama said he is sympathetic to Sony's plight, but feels the corporation made a mistake in caving to the hackers' demands.

"We cannot have a society in which some dictator someplace can start imposing censorship here in the United States," he says, "because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don't like, or news reports they don't like. Or even worse, imagine if producers and distributors and others start engaging in self-censorship because they don't want to offend the sensibilities of somebody whose sensibilities probably need to be offended."

"We'll engage with not just the film industry, but the news industry, the private sector, around these issues," Obama says. "We already have. We will continue to do so. But I think all of us have to anticipate occasionally there are going to be breaches like this. They are going to be costly. They are going to be serious. We take them with the utmost seriousness. But we can't start changing our patterns of behavior anymore then we stop going to a football game because there might be the possibility of a terrorist attack."

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
12/20/2014 | 9:50:26 AM
Sony is just another company that is wide open
Sony is just another company that is wide open and did not secure personal data and other sensitive information. They made an earlier business decision to not secure their databases. And now some politics is involved.

I think that the successful attack at JP Morgan Chase surprised me more. The largest US bank lost personal information of 76 million households and it took several months to detect.

Unfortunately, current security approaches can't tell you what normal looks like in your own systems and the situation is getting worse according to Verizon. Verizon is reporting that this a growing issue. Less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report by Verizon.  

So we need to protect our sensitive data itself with modern data centric security technology. As consumers, we must demand better protection from the companies we do business with.  

Ulf Mattsson, CTO Protegrity
SgS125
50%
50%
SgS125,
User Rank: Ninja
12/22/2014 | 9:49:01 AM
Re: Sony is just another company that is wide open
Why does anyone actually beleive that NK had anything to do with SONY?  What a red herring.

Two weeks after we hear about the US malware efforts, it gets buried by the Sony hack.

Great timing indeed.  Nicely done.

Look over here at this shiny new news article, forget this old tired one.
stevew928
100%
0%
stevew928,
User Rank: Strategist
12/22/2014 | 11:41:20 AM
Re: Sony is just another company that is wide open
Because the govt wants you to believe N. Korea is involved. It helps the sales of weapons to S. Korea.

I think it's pretty obvious the State Dept jumped the shark this time, but the press seems all on-board and the general public doesn't really care about the truth.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:11:55 PM
Go offensive
 

We need to be offensive when it comes to security. Defensive tactics are generally not working. We need to identify where the loopholes are and close them before exploited again. It is really suprising that one compromised admin user can create this mish damage. How did they captured these amount of information that brought whole company down without being noticed. They must have being downloading data for a while in my view. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:14:09 PM
Re: Sony is just another company that is wide open
We should demand better protection as consumers however there is no checks and balances, we do not hear about it until we are already compromised. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:16:25 PM
Re: Sony is just another company that is wide open
There must be real evidence that they do not share with public, you would not expect the president coming out this string if not, I say.
SgS125
50%
50%
SgS125,
User Rank: Ninja
12/22/2014 | 12:19:25 PM
Re: Sony is just another company that is wide open
Right, real eveidence.

You will never see any.

Both sides can use this to advantage.  

NK can say, oooo look how bad we are.  

US can say oooo look how bad they are.

In the meantime we can all forget about the malware that the US was caught sending out.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:37:55 PM
Re: Sony is just another company that is wide open
In my view, there must be some convincing evidence for the president to talk about it. If they did not do it by themselves they must have supported it, or outsourced.
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/22/2014 | 1:28:11 PM
Re: Sony is just another company that is wide open
"Two weeks after we hear about the US malware efforts..."

@stevew928,... I'm sorry, what... did I miss something, what are you talking about, source please.  Thanks.
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/22/2014 | 1:31:29 PM
Re: Go offensive
"They must have being downloading data for a while in my view."

 

@DRT... reportedly over 100 terabyts... yeah, i'd say they were busy for a while.
Page 1 / 2   >   >>
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8813
PUBLISHED: 2020-02-22
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVE-2020-9039
PUBLISHED: 2020-02-22
Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).
CVE-2020-8860
PUBLISHED: 2020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. T...
CVE-2020-8861
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue ...
CVE-2020-8862
PUBLISHED: 2020-02-22
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the ...