Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/19/2014
05:00 PM
50%
50%

Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack

President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.

In remarks to the media, U.S. President Barack Obama today promised that the United States would respond to the cyber-attack against Sony Pictures "proportionately," but did not detail what that response would be.

The FBI officially named North Korea today as the culprit behind the attack.

"We will respond," Obama says. "We will respond proportionately and we'll respond in a place and time and manner that we choose. It is not something that I will announce here today at a press conference. More broadly though, this points to the need for us to work with the international community to start setting up some very clear rules of the road in terms of how the Internet and cyber operates."

He also called upon Congress to work with the White House to pass legislation that facilitates the sharing of cyber-threat information.

"If we don't put in place the kind of architecture that can prevent these attacks from taking place, this is not just going to be affecting movies, this is going to be affecting our entire economy in ways that are extraordinarily significant," he says.

According to the FBI, a technical analysis of the data-deletion malware used in the attack revealed links to other malware the FBI believes was developed by North Koreans. In addition, the FBI noticed what it called a significant overlap between the infrastructure used in the Sony attack and other malicious cyber activity that has been previously linked directly to North Korea. For example, several Internet Protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data-deletion malware used in the attack.

Finally, the tools used in the Sony attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea, according to the FBI. With blame officially placed on the country's government, the question now becomes about how the United States should respond.

"Instead of going on the offensive, I believe the better option is focus on defense," opines Ken Westin, security analyst for Tripwire. "It has become clear that Sony had woefully inadequate security policies and controls in place. Businesses need to start taking some responsibility for implementing better security, not just for their own business, but the impact it has on their community and nation as whole."

Economic sanctions would be the logical retaliatory measure, but in the case of North Korea, there's nothing to sanction, argues Michael Sutton, vice president of security research at Zscaler.

"You can…rest assured that offensive cyber operations are already underway, not so much for retaliation, but for intelligence gathering," Sutton says. "The extent of the [Sony Pictures Entertainment (SPE)] breach took everyone by surprise, the US government included, and there are a number of three-letter agencies that want to know the true capabilities of Unit 121, North Korea’s military unit focused on offensive cyber actions."

"The more likely immediate and overt repercussions from the SPE breach will come from independent groups, not nation states," he continues. "Hacktivists now have a very direct example of the power that they wield. The decision by SPE to pull The Interview from theaters will influence attackers from now on."

According to a report from CNN, investigators have gathered evidence that hackers stole the user credentials of a system administrator to get access to Sony's computer system. U.S. officials also reportedly told CNN that they do not believe the attack on Sony was an inside job, refuting suspicions that had arisen due to Sony's laying off employees in its technology unit earlier this year.

Obama said he is sympathetic to Sony's plight, but feels the corporation made a mistake in caving to the hackers' demands.

"We cannot have a society in which some dictator someplace can start imposing censorship here in the United States," he says, "because if somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary that they don't like, or news reports they don't like. Or even worse, imagine if producers and distributors and others start engaging in self-censorship because they don't want to offend the sensibilities of somebody whose sensibilities probably need to be offended."

"We'll engage with not just the film industry, but the news industry, the private sector, around these issues," Obama says. "We already have. We will continue to do so. But I think all of us have to anticipate occasionally there are going to be breaches like this. They are going to be costly. They are going to be serious. We take them with the utmost seriousness. But we can't start changing our patterns of behavior anymore then we stop going to a football game because there might be the possibility of a terrorist attack."

Brian Prince is a freelance writer for a number of IT security-focused publications. Prior to becoming a freelance reporter, he worked at eWEEK for five years covering not only security, but also a variety of other subjects in the tech industry. Before that, he worked as a ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/22/2014 | 1:31:29 PM
Re: Go offensive
"They must have being downloading data for a while in my view."

 

@DRT... reportedly over 100 terabyts... yeah, i'd say they were busy for a while.
ODA155
50%
50%
ODA155,
User Rank: Ninja
12/22/2014 | 1:28:11 PM
Re: Sony is just another company that is wide open
"Two weeks after we hear about the US malware efforts..."

@stevew928,... I'm sorry, what... did I miss something, what are you talking about, source please.  Thanks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:37:55 PM
Re: Sony is just another company that is wide open
In my view, there must be some convincing evidence for the president to talk about it. If they did not do it by themselves they must have supported it, or outsourced.
SgS125
50%
50%
SgS125,
User Rank: Ninja
12/22/2014 | 12:19:25 PM
Re: Sony is just another company that is wide open
Right, real eveidence.

You will never see any.

Both sides can use this to advantage.  

NK can say, oooo look how bad we are.  

US can say oooo look how bad they are.

In the meantime we can all forget about the malware that the US was caught sending out.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:16:25 PM
Re: Sony is just another company that is wide open
There must be real evidence that they do not share with public, you would not expect the president coming out this string if not, I say.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:14:09 PM
Re: Sony is just another company that is wide open
We should demand better protection as consumers however there is no checks and balances, we do not hear about it until we are already compromised. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
12/22/2014 | 12:11:55 PM
Go offensive
 

We need to be offensive when it comes to security. Defensive tactics are generally not working. We need to identify where the loopholes are and close them before exploited again. It is really suprising that one compromised admin user can create this mish damage. How did they captured these amount of information that brought whole company down without being noticed. They must have being downloading data for a while in my view. 
stevew928
100%
0%
stevew928,
User Rank: Strategist
12/22/2014 | 11:41:20 AM
Re: Sony is just another company that is wide open
Because the govt wants you to believe N. Korea is involved. It helps the sales of weapons to S. Korea.

I think it's pretty obvious the State Dept jumped the shark this time, but the press seems all on-board and the general public doesn't really care about the truth.
SgS125
50%
50%
SgS125,
User Rank: Ninja
12/22/2014 | 9:49:01 AM
Re: Sony is just another company that is wide open
Why does anyone actually beleive that NK had anything to do with SONY?  What a red herring.

Two weeks after we hear about the US malware efforts, it gets buried by the Sony hack.

Great timing indeed.  Nicely done.

Look over here at this shiny new news article, forget this old tired one.
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
12/20/2014 | 9:50:26 AM
Sony is just another company that is wide open
Sony is just another company that is wide open and did not secure personal data and other sensitive information. They made an earlier business decision to not secure their databases. And now some politics is involved.

I think that the successful attack at JP Morgan Chase surprised me more. The largest US bank lost personal information of 76 million households and it took several months to detect.

Unfortunately, current security approaches can't tell you what normal looks like in your own systems and the situation is getting worse according to Verizon. Verizon is reporting that this a growing issue. Less than 14% of breaches are detected by internal security tools according to the annual international breach investigations report by Verizon.  

So we need to protect our sensitive data itself with modern data centric security technology. As consumers, we must demand better protection from the companies we do business with.  

Ulf Mattsson, CTO Protegrity
<<   <   Page 2 / 2
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9447
PUBLISHED: 2020-02-28
The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename.
CVE-2019-10064
PUBLISHED: 2020-02-28
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
CVE-2019-8741
PUBLISHED: 2020-02-28
A denial of service issue was addressed with improved input validation.
CVE-2020-9399
PUBLISHED: 2020-02-28
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
CVE-2020-9442
PUBLISHED: 2020-02-28
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.