SONY HACK WAS WAR says FBI, and 'we're still struggling to hire talent'

Cybercrims may be safe at home, but Feds dare them to go on holiday

Cloudsec Yesteryear's hack of Sony Pictures was an act of war, stated FBI Supervisory Special Agent Timothy Wallach, who delivered the FBI's gradation system of cybercriminals to net security conference Cloudsec on Thursday, 17 September.

US agencies have fingered the North Korean government for the Sony attack repeatedly, initially to much scorn as the nation is popularly believed to be residing in the technical dark ages.

However, the Norks role in the breach has been increasingly accepted, as information about the NSA's role in attribution has been made public.

Presenting the act of war at one end of the spectrum, with hacktivists at the other end, FBI Supervisory Special Agent Timothy Wallach told Cloudsec about the agency's ongoing efforts to deal with cybercrime.

Wallach made it clear the FBI distinguished hacktivists – a term he suggested covered ideological actors, including everyone from LOIC and Lizard Stresser ego-hackers, through to those defacing police websites following the shootings of young African American men – from those cybercriminals who were motivated by financial gain or espionage.

The hack of Sony pictures, he suggested, was an act of warfare, though it remains unclear how it might be considered a military act of sabotage, other than its nation-state backing.

According to Wallach, who is currently assigned to lead the Cyber Task Force in the Seattle Field Office of the FBI, reports of breaches increased by 55 per cent between 2013 and 2014.

These breaches often targeted personal identifiable information, although an increasing number went after healthcare information, which Wallach regards as a larger target.

Intellectual property espionage from China remains an issue, especially from the People's Liberation Army (PLA) advanced persistent threat Unit 61398, which was exposed by Mandiant in 2013. Unit 61398 had been known by the codename "Byzantine Candor" by US intelligence agencies since 2002.

The five-man strong PLA hacking team is unlikely to face attention while residing in China, Wallach stated, although they would be picked up were they to travel outside of the country.

$3m bounty for capture. Also known as "Slavik" and "lucky12345".

Also mentioned was one Evgeniy Mikhailovich Bogachev, also known as Slavik and Lucky12345. The creator of the GameOver Zeus trojan has a $3m bounty on his capture, which Wallach encouraged attendees to have a think about.

A criminal complaint (PDF) filed in the District Court of Nebraska states that Bogachev "has been a member of a long-running conspiracy to employ widespread computer intrusions, malicious software, and fraud to steal millions of dollars from numerous bank accounts in the United States and elsewhere".

Research delivered at Blackhat earlier this year, and produced by a coalition of Fox IT, Crowdstrike, and the FBI, suggested that Bogachev "had obtained a level of protection [from the Russian security agencies], and was able to get away with certain crimes as long as they were not committed against Russia".

In his book Spam Nation, Brian Krebs offered details about the criminal conspiracy, called the Russian Business Network, which Bogachev is alleged to be a member of. Krebs' focus is on spammers who enjoyed FSB protection via donations made to a volleyball league.

The spammers' bread-and-butter was in attracting people to purchase drugs through unlicensed online pharmacies, which were sold at much lower prices than they retailed for in the US. This may offer an explanation as to why healthcare information is becoming such a large target for hackers, although this was not suggested by Wallach.

Other stories you might like

  • A peek into Gigabyte's GPU Arm for AI, HPC shops
    High-performance platform choices are going beyond the ubiquitous x86 standard

    Arm-based servers continue to gain momentum with Gigabyte Technology introducing a system based on Ampere's Altra processors paired with Nvidia A100 GPUs, aimed at demanding workloads such as AI training and high-performance compute (HPC) applications.

    The G492-PD0 runs either an Ampere Altra or Altra Max processor, the latter delivering 128 64-bit cores that are compatible with the Armv8.2 architecture.

    It supports 16 DDR4 DIMM slots, which would be enough space for up to 4TB of memory if all slots were filled with 256GB memory modules. The chassis also has space for no fewer than eight Nvidia A100 GPUs, which would make for a costly but very powerful system for those workloads that benefit from GPU acceleration.

    Continue reading
  • GitLab version 15 goes big on visibility and observability
    GitOps fans can take a spin on the free tier for pull-based deployment

    One-stop DevOps shop GitLab has announced version 15 of its platform, hot on the heels of pull-based GitOps turning up on the platform's free tier.

    Version 15.0 marks the arrival of GitLab's next major iteration and attention this time around has turned to visibility and observability – hardly surprising considering the acquisition of OpsTrace as 2021 drew to a close, as well as workflow automation, security and compliance.

    GitLab puts out monthly releases –  hitting 15.1 on June 22 –  and we spoke to the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, about what will be added to version 15 as time goes by. During a chat with the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, The Register was told that this was more where dollars were being invested into the product.

    Continue reading
  • To multicloud, or not: Former PayPal head of engineering weighs in
    Not everyone needs it, but those who do need to consider 3 things, says Asim Razzaq

    The push is on to get every enterprise thinking they're missing out on the next big thing if they don't adopt a multicloud strategy.

    That shove in the multicloud direction appears to be working. More than 75 percent of businesses are now using multiple cloud providers, according to Gartner. That includes some big companies, like Boeing, which recently chose to spread its bets across AWS, Google Cloud and Azure as it continues to eliminate old legacy systems. 

    There are plenty of reasons to choose to go with multiple cloud providers, but Asim Razzaq, CEO and founder at cloud cost management company Yotascale, told The Register that choosing whether or not to invest in a multicloud architecture all comes down to three things: How many different compute needs a business has, budget, and the need for redundancy. 

    Continue reading

Biting the hand that feeds IT © 1998–2022