While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
Security experts investigating the devastating hack against Sony Pictures appear to be moving away from the theory that the attack was a carried out by North Korea, focusing instead on disgruntled former employees of the firm.
Researchers at Norse cybersecurity claim that six former employees could have compromised the company’s networks, arguing that accessing and navigating selective information would take a detailed knowledge of Sony’s systems.
Norse is not part of the official FBI investigation, but did brief the government on Monday, the company said. Though noting that the findings are “hardly conclusive”, Norse senior vice president Kurt Stammberger told the Security Ledger that nine researchers had begun to explore the theory that an insider with motive against Sony would be best placed to execute a hack.
“The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks,” said writer Bruce Schneier. “This sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the ‘evidence’ to suit the narrative they already have worked out in their heads.”
Schneier also said that diplomatically, it may suit the US government to be “overconfident in assigning blame for the attack” to try and discourage future attacks by nation states.
He also pointed to comments by Harvard law professor Jonathan Zittrain, who said Sony might be encouraged to present the hack as an act or terrorism to help fend of likely lawsuits from current and former employees damaged by leaked material.
“If Sony can characterize this as direct interference by or at the behest of a nation-state, might that somehow earn them the kind of immunity from liability that you might see other companies getting when there’s physical terrorism involved, sponsored by a state?” Zittrain told AP.
After over 100 celebrities had their sensitive photos exposed this week, here are some tips on keeping yours safe from hackers
This week, nude photos of over 100 celebrities were posted online by an anonymous source who may have have got them by hacking the Apple iCloud online storage service, or guessing the security questions needed to gain access to each individual account.
Either way it has got many people wondering about the safety of their own photos, nude or otherwise, and about whether any snapshot taken on or shared via a digital device can ever be considered secure.
So how can you keep your own images away from uninvited viewers? Here are some quick pointers.
Passwords and personal data were stolen in eBay’s cyberattack. Here’s how to protect your information against future hacks
Ebay suffering the biggest hack of all time led to the exposure of lots of personal data including postal addresses, dates of birth and phone numbers for millions of people around the world.
While the company insists no financial information was stolen, private personal data still holds a lot of value.
But what options do users have when a site demands personal information as a condition of use, with no way of determining how secure that data will be?
“We have to take care of our data, but in many circumstances if we want to use a service we have no choice but to surrender data, stuff that is very difficult to change,” Rik Ferguson, global vice president of security research at security software firm Trend Micro, told the Guardian in the wake of the hack.
“It’s all very well telling everyone to go out and change their passwords, but you can’t go and change your postal address, telephone number, name and date of birth.”
Shopping services need your postal address to deliver goods, for instance, media services need your date of birth to verify age, and a taxi firm will need your phone number to alert you when its car arrives outside your door.
“All organisations that are hold any sort of private or financial information should absolutely be encrypting that data at all times – there is no excuse for not doing so,” says Ferguson.
Unfortunately, eBay’s hack has proved that not all companies are as good at protecting your personal data as they should be.
“All data that is shared should be done so in the knowledge that it absolutely is at risk from targeted attack. All of that data has financial value to the attacker, and they will continue to go after it.”
27 de Marzo de 2013
Expertos aseguran que la embestida lleva una semana en curso y que proviene de una firma holandesa online a la que antes habían acusado de servir de plataforma para enviar “spam”.
por BBC Mundo
El tráfico de Internet en todo el mundo se está viendo afectado por lo que expertos en seguridad han denominado el mayor ataque cibernético de su tipo en la historia.
Una organización denominada Spamhaus, que combate el envío de correo eléctronico no deseado, dice que sus servidores han sido objeto de un ataque a escala inusitada.
Spamhaus asegura que el ataque, que lleva una semana y no ha terminado aún, proviene de Cyberbunker, una firma holandesa en la web a la que habían acusado de servir de plataforma de “spam”, correos no deseados.
El corresponsal de tecnología de la BBC Rory Cellan Jones, dijo que algunos expertos están llamando a la unión de esfuerzos internacionales para luchar contra este tipo de actividad.