The unusual suspects: ex-employees, Lizard Squad may have aided Sony hack

All sorts of theories about who really made off with terabytes of Sony Pictures Entertainment’s corporate data and then set off malware erasing the company’s hard drives have emerged over the past week in the wake of Sony’s release of The Interview. While the FBI is insistent that the responsibility for the Sony breach and cyber-defenstration rests solely on the Democratic People’s Republic of Korea, security analysts who have conducted their own examination of the malware and other information suggest that the attack was at least partially an inside job.

But there’s been another strange twist in the Sony Pictures saga: now Lizard Squad, the DDoS attackers involved in the Christmas denial-of-service attacks against Sony’s PlayStation Network and Microsoft’s Xbox Live network, have claimed they were tangentially involved in the breach. Someone claiming to represent Lizard Squad told the Washington Post’s Brian Fung that Lizard Squad had sold Sony Pictures usernames and passwords to the Sony attackers (the "Guardians of Peace"). Fung said that his contact confirmed his identity by posting something to the group’s Twitter feed.

"We handed over some Sony employee logins to them," said Fung's source. "For the initial hack. We came by them ourselves. It was a couple."

Read 9 remaining paragraphs | Comments

NSA has VPNs in Vulcan death grip—no, really, that’s what they call it

The National Security Agency’s Office of Target Pursuit (OTP) maintains a team of engineers dedicated to cracking the encrypted traffic of virtual private networks (VPNs) and has developed tools that could potentially uncloak the traffic in the majority of VPNs used to secure traffic passing over the Internet today, according to documents published this week by the German news magazine Der Speigel. A slide deck from a presentation by a member of OTP’s VPN Exploitation Team, dated September 13, 2010, details the process the NSA used at that time to attack VPNs—including tools with names drawn from Star Trek and other bits of popular culture.

OTP’s VPN exploit team had members assigned to branches focused on specific regional teams, as well as a “Cross-Target Support Branch” and a custom development team for building specialized VPN exploits. At the regional level, the VPN team representatives acted as liaisons to analysts, providing information on new VPN attacks and gathering requirements for specific targets to be used in developing new ones.

While some VPN technologies—specifically, those based on the Point-to-Point Protocol (PPTP)—have previously been identified as being vulnerable because of the way they exchange keys at the beginning of a VPN session, others have generally been assumed to be safer from scrutiny. But in 2010, the NSA had already developed tools to attack the most commonly used VPN encryption schemes: Secure Shell (SSH), Internet Protocol Security (IPSec), and Secure Socket Layer (SSL) encryption.

Read 6 remaining paragraphs | Comments

South Korean operator finds worm in its nuclear plant control systems

A few weeks back, the company that operates South Korea's nuclear plants suffered a major security breach, in which personnel records and reactor designs were obtained from its computer systems and posted online. At the time, the company said that the breach didn't affect any of the hardware that controls its nuclear plants, which are not accessible from the Internet. The breach, however, appears to have motivated Korea Hydro and Nuclear Power to audit its control systems, at which point it found a computer worm had infested those systems.

Reuters is reporting that company security experts found the worm in "devices connected to some nuclear plant control systems." The experts suspect that the worm is completely unrelated to the attacks on its outward-facing systems, which the company CEO said are continuing. Instead, authorities have identified unauthorized use of USB devices as its most likely route of infection; the worm has since been removed.

The company says it is responding to the attacks by adding security experts to its staff.

Read on Ars Technica | Comments

Newly published NSA documents show agency could grab all Skype traffic

A National Security Agency document published this week by the German news magazine Der Spiegel from the trove provided by former NSA contractor Edward Snowden shows that the agency had full access to voice, video, text messaging, and file sharing from targeted individuals over Microsoft’s Skype service. The access, mandated by a Foreign Intelligence Surveillance Court warrant, was part of the NSA’s PRISM program and allowed “sustained Skype collection” in real time from specific users identified by their Skype user names.

The nature of the Skype data collection was spelled out in an NSA document dated August 2012 entitled “User’s Guide for PRISM Skype Collection.” The document details how to “task” the capture of voice communications from Skype by NSA’s NUCLEON system, which allows for text searches against captured voice communications. It also discusses how to find text chat and other data sent between clients in NSA’s PINWALE “digital network intelligence” database.

The full capture of voice traffic began in February of 2011 for “Skype in” and “Skype out” calls—calls between a Skype user and a land line or cellphone through a gateway to the public switched telephone network (PSTN), captured through warranted taps into Microsoft’s gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communications—meaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft through the PRISM warrant request.

Read 7 remaining paragraphs | Comments