PatrickPretty.com

Tag: hacking incidents

  • URGENT >> BULLETIN >> MOVING: ‘North Korean Government’ Responsible For Sony Pictures Hack, FBI Says

    URGENT >> BULLETIN >> MOVING: The “North Korean government” is responsible for the catastrophic hack at Sony Pictures Entertainment last month, the FBI says.

    As pressure mounts for the United States to retaliate, President Obama is expected to take questions on the matter at 1:30 p.m. today.

    The FBI said it was “deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States.

    “Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.”

    Threats of 9/11-style terrorist attacks against movie patrons and theaters that screened a comedic film that mocks North Korea leader Kim Jong Un and depicts him as an assassination target first caused theaters to bail on “The Interview,” a Sony film scheduled to open Christmas Day. Sony itself later withdrew the film, triggering an avalanche of criticism that it had caved into the demands of terrorists.

    As the situation evolved, it became clear that the United States viewed the attack on Sony as an attack against the country itself.

    The actual hacking of Sony appears to have occurred in November, with “Guardians of Peace” taking credit. Troves of private emails and records were stolen, Sony and its employees were threatened and Sony’s computers effectively were rendered inoperable. Sony has been in PR damage-control mode for weeks, even as the firm’s intellectual property such as films not yet released fell into the hands of the hackers.

    Sony quickly reported the incident to the FBI, and the swiftness aided in the probe, the agency said.

    Here’s more from the FBI’s statement (italics added):

    As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

    • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
    • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
    • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

  • ALERT! On Heels Of SEC’s Complaint Against Alleged Latvian Hacker Accused Of Manipulating Stock Prices By Hijacking Brokerage Accounts, FINRA Warns Of Plots Targeting Email Accounts

    “Investors who suspect that their email account has been hacked should immediately notify their brokerage firm and other financial institutions, and anyone who suspects they have been defrauded should file a complaint with FINRA.” Gerri Walsh, vice president for Investor Education, Financial Industry Regulatory Authority, Jan. 26, 2012

    The Financial Industry Regulatory Authority (FINRA) yesterday issued an alert and regulatory notice, saying that it “has received an increasing number of reports involving investor funds being stolen by fraudsters who first gain access to the investor’s email account and then email instructions to the firm to transfer money out of the brokerage account.”

    FINRA’s announcement occurred on the same day the SEC charged that a 34-year-old Latvian trader “broke into” customers’ brokerage accounts between June 2009 and August 2010 and made trades to manipulate the prices of stock he owned to create a personal windfall while causing losses to customers and broker-dealers.

    In just one 32-minute period on Oct. 26, 2009, Igors Nagaicevs “generated more $14,000 in illegal profits” by twice taking a position a NYSE-listed security, driving up the stock price by purchasing shares through a hacked account and then “liquidating his position at a profit.”

    All in all, Nagaicevs repeated his fraudulent scheme 159 times over 14 months, manipulating the prices of “104 different NYSE and Nasdaq securities” and pocketing more than $850,000 in illegal profits, the SEC charged.

    Nagaicevs, in effect, caused his hacking targets to lose at least $2 million while passing the bill for the losses to broker-dealer firms, which reimbursed the affected customers, according to the SEC complaint in federal court.

    FINRA did not reference Nagaicevs in its alert yesterday, but warned that email intrusions were on the rise.

    “In some instances, the perpetrators appear to have obtained customers’ brokerage information by accessing customers’ email accounts and searching contact lists or emails sent from the account,” FINRA cautioned in its regulatory notice.

    After breaching the email accounts, FINRA said, the scammers typically “email brokerage firms from customers’ personal email accounts with instructions to wire funds to an account, often overseas, controlled by the perpetrator.”

    Document forgeries may follow the initial email chicanery, FINRA said.

    “The instructions may be accompanied or followed by fraudulent letters of authorization also emailed from compromised email accounts. In some instances, firms have released funds after unsuccessfully attempting to verify emailed instructions by phone. In at least one case, the fraudulent email stressed the urgency of the requested transfer, pressuring the firm to release the funds before verifying the authenticity of the emailed instructions.”

    Read the FINRA Alert.

    Read a new alert from the FBI, the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Internet Crime Complaint Center (IC3) that warns that scammers are using devious email plots to siphon cash from “banks, broker/dealers, credit unions and other institutions.”

    NOTE: If you follow the criminal madness on the various Ponzi-scheme boards, you’ll notice that the new alert from the FBI, FS-ISAC and IC3 cites the type of scam-talk frequently seen on the huckster forums.

    An outtake from the alert (emphasis added):

    “The excuse is typically based on an illness or death in the family which prevents the account holder from conducting business as usual.”

  • BULLETIN: Feds Say Romanian Hackers Breached Computers Of Subway Sandwich Restaurants And More Than 50 Other Retailers; Credit-Card Data Of 80,000 Customers Compromised And ‘Millions Of Dollars Of Unauthorized Purchases Have Been Made’

    BULLETIN: Three Romanian nationals have been arrested in the aftermath of a successful hacking bid that compromised the computer systems of Subway sandwich restaurants and 50 other retailers, the Justice Department, federal prosecutors in New Hampshire and the U.S. Secret Service said.

    One Romanian national remains at large. Authorities said credit-card data from tens of thousands of customers was compromised and that “millions of dollars of unauthorized purchases have been made using the compromised data.”

    Arrested were Adrian-Tiberiu Oprea, 27, of Constanta, Romania; Iulian Dolan, 27, of Craiova, Romania; and Cezar Iulian Butu, 26, of Ploiesti, Romania.

    Florin Radu, 23, of Rimnicu Vilcea, Romania, remains at large, U.S. officials said. The scam operated “from approximately 2008 until May 2011” and involved “U.S.-based merchants’ point-of-sale . . . or ‘checkout’ computer systems.’”

    Although the officials said the breach affected about 150 Subway outlets — less than 1 percent of the chain’s restaurants — the data theft from Subway and the other retailers affected more than 80,000 customers.

    Subway is a well-known international franchise based in Milford, Conn. The 46-year-old company is famous for its sandwiches — and also its television commercials featuring Jared Fogle. Fogle became famous in his own right after his weight ballooned to 425 pounds as a college freshman and he became trim again after losing nearly 250 pounds by eating healthy food from Subway.

    Subway is an internationally famous franchise that calls its service staff "Sandwich Artists." One of the firm's "Sandwich Artists" is Sara Manchipp, the reigning Miss Wales.

    All four of the suspects have been charged with conspiracy to commit computer fraud, wire fraud and access device fraud.

    Oprea was arrested last week in Romania and is detained there, prosecutors said.

    “Dolan and Butu were arrested upon their entry into the United States on Aug. 13 and Aug. 14, 2011,” prosecutors said.

    Details on why Dolan and Butu were arrested upon entry were not immediately clear. The hacking was performed “remotely,” officials said.