Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Why North Korea Hacks
Newest First  |  Oldest First  |  Threaded View
Technocrati
Technocrati,
 User Rank: Ninja
1/19/2015 | 1:55:38 PM
Re: North Korea and Sony: Asking the Wrong Questions ?

Sony hack could be a blueprint for terrorism in the cyber domain.

@Mike    I do agree.   Sony's ineptness has opened a whole new world of possibilities.  Instead of panic, actual leadership skills were needed and those at the top of Sony's Film Division came up short.   

It really is discouraging to see individuals  ( Sony Entertainment  Management ) who earn a considerable amount of money show they are not worth it.  Of course Sony is not alone - but  they certainy subscribe to the philoshpy that " you don't have to really know what you are doing to be paid well".  The top management at Sony are prime examples of the "corporate disconnect" that has been fostered for the past two decades(at least).    

So now Sony becomes a text book case for many things, just add "What not to do with cyber blackmail" to it.

Just don't tell Sony - they will want licensing and residuals from it.

Technocrati
Technocrati,
 User Rank: Ninja
1/19/2015 | 1:45:00 PM
Re: North Korea and Sony: Asking the Wrong Questions ?

"..With regard to the Sony hack, assuming the FBI is correct (I have no reason to think they arent), then my thought is that the leader of North Korea is lashing out at Sony for producing the movie in question."

 

@Mike    Thank you for the clarification.  Well I am not so quite persuaded by the FBI's claims, which are at best obvious and at worst " a little late" as well.  This is a multifaceted  issue of course but even this basic point is up for some debate.

 

But since you have no reason not to believe the FBI then I can understand your premise and the resulting argument that comes from it.    Not that I agree of course but at least I understand your position.

mwallsedgewave
mwallsedgewave,
 User Rank: Author
1/18/2015 | 9:31:08 PM
Re: North Korea and Sony: Asking the Wrong Questions ?
The intent of the blog is to suggest possible motivations behind North Korean cyber activity.  With regard to the Sony hack, assuming the FBI is correct (I have no reason to think they arent), then my thought is that the leader of North Korea is lashing out at Sony for producing the movie in question.

Regarding this being an act of terror, I'm only suggesting that the Sony hack could be a blueprint for terrorism in the cyber domain.  Whether intended as terrorism or extrotion, whomever is behind the hack has demonstrated an ability to make a major corporation capitulate to specific demands.  The point I am making is that terror groups are watching, and are learning from the hack.  

I hope that clarifies things a bit and I thank you for the comments!

 

 
Technocrati
Technocrati,
 User Rank: Ninja
1/18/2015 | 9:17:24 PM
North Korea and Sony: Asking the Wrong Questions ?

I am not sure what to conclude from this Blog,  the act against Sony was an act of terror ?  The reason N. Korea responded was because their leader is immature ?   What was the motivation ?   You mentioned nothing about Sony which does bare some ( and some might argue most ) of responsibility for their breech.  

 

I must have missed the point of this Blog because I don't get the point at all. 

mwallsedgewave
mwallsedgewave,
 User Rank: Author
1/16/2015 | 12:19:33 PM
Re: Future Forecast
In traditional warfighting we think of kinetic capabilities as those that result in obvious physical damage e.g. bombs destroying buildings.  While cyber capabilities can certainly create damaging physical effects on networks, military professionals tend to view cyber as a non-kinetic capability, essentially because we dont see things blowing up when cyber is employed. 

However, understanding of the cyber environment is rapidly changing. By that I mean, military professionals are beginning to understand where the cyber domain fits in the group of traditional warfighting domains (land, sea, air).  My thought is that we will get to the point very soon where the cyber domain is recognized in the same way as the traditional warfighting environments, and at that time the term kinetic will mean something different. I hope that helps.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/16/2015 | 8:01:51 AM
Re: Future Forecast
So the question I see is...what do alliances really mean in the Cyber world?

Excellent point -- and an issue that is very much TBD.

I'm also curious about your use of the word "kinetic." Wondering if you could explain to a neophyte what you mean by kinetic in this context. 
mwallsedgewave
mwallsedgewave,
 User Rank: Author
1/15/2015 | 5:33:24 PM
Re: Future Forecast
Thats a great question and a topic worth exploring in its own right!

The question is interesting because we tend to view "alliances" in a militarty context.  

In the modern era we have formal treaties like the North Atlantic Treaty Organization (NATO), the "Five Eyes" (an intelligence focused alliance between the US, UK, Canada, Australia and New Zealand), and the South East Asia Treaty Organization (SEATO) to name a few.

If we look at Nations that we (the "Free World") have in recent history (70 years) viewed as adversaries, the picture is a little less clear but we can still discern informal alliances by actions of countries on the geo-politcical scene.  For instance, we know that the Russians are cooperating with the Iranians on nuclear capability; we know that the Iranians and the North Koreans have traded military arms; we know that when there is an international incident, we can generally anticipate how the permanent members of the UN Security Council (the countries with veto power) will vote.  Typically we see the US, UK and France aligned to one point of view, and Russiia and China aligned with an opposing point of view.

So why is this interesting...In the kinetic world, the rules of the game are relatively clear.  If Country A attacks Country B, and there is a formal miltary alliance or implied realtionship between them as Ive described above, the choices are clear for countries aligned with the Countries in question.  In other words, If Germany were attacked by a convential military force, member countries of NATO would be obligated to come to the defense of Germany. In less formal relationships we cant be certain of how a particular country will react, but there is a higher probability that countries in those relationships will respond militraily if one partner is attacked.

In the non-kinetic world, the Cyber Domain, we have already seen how the picture is much less clear.  Imagine if a country attacked a major US corporation, on US soil, with conventional weapons (think the SONY attack with bombs).    It is reasonable to assume that the US would have responded to the attack militarily Fast forward to 2014...same scenario but a cyber attack rather than bombs.  The response was much different.  Sanctions, condemnations, and political posturing...no clear cyber response by the US.

So the question I see is...what do alliances really mean in the Cyber world?
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
1/15/2015 | 4:16:13 PM
Re: Future Forecast
I suppose you will get into this in the remaining installments of the series,, but curious.Are there many alliances between nation-state threat actors?
mwallsedgewave
mwallsedgewave,
 User Rank: Author
1/15/2015 | 3:56:08 PM
Re: Future Forecast
Thanks and great questions!

We know that China has maintained a relationship since the Korean Conflict, so it is possible that the 2 countries could collaborate on cyber activities targeting entities that each country may see as either threats, or rich targets of opportunity.  But here is a point to think about...

We know that the Chinese Government has been targeting other Nations for quite some time (reference my last piece on China).  But the question is, "why would China risk what has arguably been a tremendous record of successful exploitation in the cyber domain, by partnering with what is widely considered as a Country with unsohisticated cyber capability, and a completey erratic pattern of behavior on the global geo-political scene?"  I think the answer is, the Chinese Government wouldn't. 
swreynolds92
swreynolds92,
 User Rank: Strategist
1/15/2015 | 2:03:19 PM
Future Forecast
With all the buzz surrounding North Korea hacking Sony, and Admiral Rogers saying China has the ability to shut down our infrastructures, is it possible we could see a cyber collaboration between the two countries in an effort to cripple the US? Should we be fearful considering North Korea injected itself into a huge corporation like Sony Pictures, and China at any point can flip the switch and it seems like we'd be in big, big trouble?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1809
PUBLISHED: 2022-05-21
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-31267
PUBLISHED: 2022-05-21
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "#admin"' value.
CVE-2022-31268
PUBLISHED: 2022-05-21
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
CVE-2022-31264
PUBLISHED: 2022-05-21
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
CVE-2022-31259
PUBLISHED: 2022-05-21
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).