Iranian hackers used Visual Basic malware to wipe Vegas casino’s network

Stop us if this sounds familiar: a company executive does something that makes a foreign government’s leadership upset. A few months later, hackers break into the company’s network through a persistent cyber attack, and plant malware that erases the contents of hard drives, shuts down e-mail servers and phone systems, and brings operations to a screeching halt.

That’s not just what happened to Sony Pictures Entertainment in late November—it’s also what happened to Las Vegas Sands Corp., owners of the Sands, Venetian and Palazzo hotels and casinos in a cyber attack that began last January. The attack and the damage it did were kept quiet by the company until it was reported in a story by Bloomberg Businessweek today.

Attempts to reach Las Vegas Sands Corp. have gone unanswered, and a spokesperson for Dell SecureWorks—which was brought in to clean up the mess afterward and determine its cause—declined to speak about the article as it is the company’s policy not to discuss work done for a customer. But according to Bloomberg’s sources, the Sands attack was undertaken by “hacktivists” who were responding to a speech by Sands majority owner Sheldon Adelson. The billionaire 52-percent owner of the Sands and Israeli media mogul made an October 2013 appearance on a panel at the Manhattan campus of Yeshiva University, where he called for a nuclear attack on Iran to get the country to abandon its own nuclear program.

Read 4 remaining paragraphs | Comments

Sony hackers could have slipped past 90% of defenses, FBI director says

The malware that thoroughly penetrated Sony Pictures Entertainment was so sophisticated it likely would have worked against nine out of 10 security defenses available to companies, a top FBI official told members of Congress.

The comments, made under oath Wednesday by Joseph Demarest, assistant director of the FBI's cyber division, are the latest to largely let Sony officials off the hook. Last month's rooting of servers operated by Sony's movie division is believed to have exposed more than 100 gigabytes of data, including not only unreleased movies but, more importantly, personal details on tens of thousands of employees. Speaking before the Senate Banking, Housing, and Urban Affairs Committee, Demarest's apologist comments closely resembled those reported earlier this week from the CEO of Mandiant, the security firm investigating the breach on behalf of Sony.

"The level of sophistication is extremely high and we can tell...that [the hackers] are organized and certainly persistent," Demarest said, according to IDG News. "In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably gotten past 90% of Net defenses that are out there today in private industry and [likely] challenged even state government."

Read 1 remaining paragraphs | Comments

Sony fights spread of stolen data by using “bad seed” attack on torrents

Those trying to download files and films from the recent Sony Pictures Entertainment leak are being widely frustrated thanks to a large number of Torrent filesharing nodes that advertise fake “seeds." These files are offered via the Bittorrent file sharing protocol, and they match the signature of the stolen data while containing no usable content. Instead the bad seeds, which now may outnumber the computers actively sharing the actual files stolen from Sony, provide a download of corrupted or fake versions of the archive files for the vast majority of individuals attempting to access them.

According to a source at Sony that spoke with Re/Code, the company was using Amazon Web Services to run hundreds of virtual machines and distribute fake file versions to disrupt the Guardians of Peace (GoP) file dumps. That is supported by analysis from security firm Adallom, which tracks the signature of files on torrent streams and other sources in order to watch for data breaches from client companies.

Tal Klein, vice president of strategy at Adallom, told Ars that starting yesterday, “all of a sudden we saw files matching the SHA1 signatures of the Sony torrents starting to be populated across all the torrent sites.” He said that the files were intelligently designed to have the same signature as the GoP file torrents—unlike earlier opportunistic attempts by malware distributors who packaged malware using the same filenames used by the GoP file dumps.

Read 4 remaining paragraphs | Comments