Analyst: We underestimated North Korea

By Dana Ford, CNN



(CNN) - As the United States gets ready to blame the Sony hack on North Korea, a troublesome question is emerging: Just what is North Korea capable of?

Experts say the nation has spent scarce resources on building up a unit called "Bureau 121" to carry out cyber-attacks.

North Korea has been blamed in the past for attacks in South Korea, but the Sony hack - if indeed North Korea is behind it - would seem to represent an escalation of tactics.

"I think we underestimated North Korea's cyber capabilities," said Victor Cha, director of Asian Studies at Georgetown University. "They certainly didn't evidence this sort of capability in the previous attacks."

Cha was referring to attacks on South Korean broadcasters and banks last year.

In March 2013, South Korean police said they were investigating a widespread computer outage that struck systems at leading television broadcasters and banks, prompting the military to step up its cyber-alert level.

The South Korean communications regulator reportedly linked the computer failures to hacking that used malicious code, or malware.

An investigation found that many of the malignant codes employed in the attacks were similar to ones used by the North previously, said Lee Seung-won, an official at the South Korean Ministry of Science.

North Korea denied responsibility.

A spokesman for the General Staff of the Korean People's Army labeled the allegations "groundless" and "a deliberate provocation to push the situation on the Korean Peninsula to an extreme phase," according to KCNA, the North Korean state news agency.

North Korea has similarly denied the massive hack of Sony Pictures, which has been forced to cancel next week's planned release of "The Interview," a comedy about an assassination attempt on North Korean leader Kim Jong Un.

But KCNA applauded the attack.

"The hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK," it said, using the acronym of its official name, the Democratic People's Republic of Korea. "The hacking is so fatal that all the systems of the company have been paralyzed, causing the overall suspension of the work and supposedly a huge ensuing loss."

Experts point to several signs of North Korean involvement. They say there are similarities between the malware used in the Sony hack and previous attacks against South Korea. Both were written in Korean, an unusual language in the world of cyber crime.

"Unfortunately, it's a big win for North Korea. They were able to get Sony to shut down the picture. They got the U.S. government to admit that North Korea was the source of this and there's no action plan really, at least publicly no action plan, in response to it," said Cha. "I think from their perspective, in Pyongyang, they're probably popping the champagne corks."

CNN's Gregory Wallace, Brian Stelter, Evan Perez, K.J. Kwon and Jethro Mullen contributed to this report.

Sony hacks continue: PlayStation hit by Lizard Squad attack

By Alice MacGregor, CloserStill Media

Hacker group, Lizard Squad, has claimed responsibility for shutting down the PlayStation Network over Sunday night, the second large scale cyber-attack on the Sony system in recent weeks.

Users had been experiencing issues with log in overnight and into this morning, greeted by an error message reading “Page Not Found! It’s not you. It’s the Internet’s fault.”

PSN support acknowledged the downtime and confirmed that it had been investigating the issue. However, no details were shared as to the nature or cause of the issue.

“Thanks for your patience as we investigate,” the Japanese firm shared at midnight last night.
The company has now tweeted that the issue has been fixed: "If you had difficulties signing into PlayStation Network, give it a try now."

Although apparently unrelated, the outage comes just weeks after the much larger cyber-attack to the tech giant’s film studios Sony Pictures, which leaked confidential corporate information and unreleased movies.

An outfit calling themselves Guardians of Peace released the private data, including details on employees’ and actors’ salaries and addresses. Princess Beatrice was one of its victims, whose pay details and home address was forwarded to media firms across the U.S.

Speculations suggested that the Sony Pictures hack was linked to North Korea over its reported filmatic mocking of the national leader Kim Kong-Un. The country has denied engineering the attack, however the North Korean National Defence Commission released an official statement saying that the cyber-theft had been a “righteous deed.”

The group claiming to have taken down PSN today, Lizard Squad, first appeared earlier this year with another high-profile DDOS, or distributed denial of service attack, on Xbox Live and World of Warcraft in August.

Lizard Squad shared a link to a White Hose petition calling for the Obama Administration to “Stop the infamous DDOS hackers, and fake bomb threat callers, called Lizard Squad” – which currently counts 7,598 signatures.

The hacker collective claimed that this attack was just a taste and a ‘small dose’ of what was to come over the Christmas period.

Scam of the Day: PS4Jailbreaker dot com. More surveys for you, more money for them

By wololo · December 3, 2014

PS4Jailbreaker .com is a scam, they won’t “jailbreak” your PS4, they will just ask you to fill a survey for which they will get paid, and you won’t get anything in exchange. If you want the latest and greatest news about the possibility to hack your PS4, bookmark our “PS4 CFW for Dummies” page, which will have all the information needed, the day a hack is actually made public. Please share this information with your more gullible friends, who don’t know the difference between reputable scene websites, and stupid cash grab schemes.


It’s been a while since I last debunked one of those fake “Vita iso” or “PS4 iso” websites.
Yesterday one of these sites had the audacity of posting a link to their *** directly in the comments of my blog. So I decided I’d thank them, by calling them out publicly for their scammy website.

The website involved here is fake website ps4jailbreaker .com. PS4Jailbreaker .com is a scam website, put in place to make a quick buck on some fake download.



The site is an unoriginal and typical scam (I guess people still fall for these, so next time someone asks you if this is real, kindly point them to this article). PS4Jailbreaker .com pretend to offer a free jailbreak of your PS4, all you have to do is complete a survey to get your download. The surveys will take some of your precious time, and the owners of the site will get paid for each complete survey.

The chances of you actually getting your download at the end of the survey are slim at best. The possibility of you actually being able to “jailbreak” (hack) your PS4 with whatever you end up downloading, is 0.

It is not possible at the time of this writing to fully hack a PS4. When something looks too good to be true, it’s because it’s too good to be true. You can avoid scams such as PS4Jailbreaker .com by simply using this thing that us human beings call a brain: If there existed a method to hack the PS4 like these guys pretend to offer, all major scene websites would be talking about it, *before* you even realize the method exists. We have a community of thousands of people here, looking daily for all possible news related to hacking the PS4. It is statistically impossible that you could find out a “revolutionary” technique that we haven’t heard of.

The day a hack of the PS4 will exist, it will be on the front page of this website and other major scene websites. Heck, it will probably also be in the news of mainstream technology sites. So, don’t feel clever because you only just found out about the fake claims of PS4Jailbreaker .com, you’re actually on the verge of netting these guys $5 of your time, for nothing in return.

When a hack for the PS4 is truly available, it will be explained in details on our “PS4 CFW for dummies” page. That’s the page you need to bookmark for news on that.

Besides this very easy way to detect scam websites such as PS4Jailbreaker .com, you can also see that the techniques used on their website are fairly obvious: newly created website for the purpose of the product (the only people doing this are people selling a new hardware mod such as Sky3DS or trueblue.

When it comes to software hacks, you will usually hear about those on a hacker’s blog, twitter account, and here, before anyone thinks of even creating a dedicated websites. Hackers are too busy actually hacking, they usually won’t create a brand new website for one of their releases!)

Very typical of these websites too is the suspicious “did this hack work for you” vote system. Again, real hackers wouldn’t care about putting such a dumb thing in place.

Again, whenever a hack comes for the PS4, you’ll hear about it almost instantly on this site and other reputable sources. Don’t try and think you’re more clever than everybody else because you found an unvisited dark corner of the intertubes: most likely you’ll get mugged. This is the case with the scam on PS4Jailbreaker .com, a site that will basically steal your time to fulfill a survey, make money out of it, and leave you with nothing. Not dangerous per se, but definitely not worth your time.


(For the conspiracy theorists out there, feel free to actually try. You’ll give these guys the money from your survey, and will end up with nothing in exchange. That will be a great life lesson for you)

FBI secretly seeking legal power to hack any computer, anywhere

By Cory Doctorow

The Bureau is seeking a rule-change from the Administrative Office of the US Courts that would give it the power to distribute malware, hack, and trick any computer, anywhere in the world, in the course of investigations; it's the biggest expansion of FBI spying power in its history and they're hoping to grab it without an act of Congress or any public scrutiny or debate.

But under the proposed amendment, a judge can issue a warrant that would allow the FBI to hack into any computer, no matter where it is located. The change is designed specifically to help federal investigators carry out surveillance on computers that have been “anonymized” – that is, their location has been hidden using tools such as Tor.

The amendment inserts a clause that would allow a judge to issue warrants to gain “remote access” to computers “located within or outside that district” (emphasis added) in cases in which the “district where the media or information is located has been concealed through technological means”. The expanded powers to stray across district boundaries would apply to any criminal investigation, not just to terrorist cases as at present.

Were the amendment to be granted by the regulatory committee, the FBI would have the green light to unleash its capabilities – known as “network investigative techniques” – on computers across America and beyond. The techniques involve clandestinely installing malicious software, or malware, onto a computer that in turn allows federal agents effectively to control the machine, downloading all its digital contents, switching its camera or microphone on or off, and even taking over other computers in its network

FBI demands new powers to hack into computers and carry out surveillance [Ed Pilkington/The Guardian]

(Thanks, Melted_Crayons!)

Vita hack: the webkit exploit fully explained (+ more code for you to look at!)

By wololo · November 2, 2014

This was kind of out of the blue: Developer acez  just posted an article on his blog explaining all the details of the Webkit exploit that was recently revealed for the Vita, including how he and a group of friends leveraged it.

The read is extremely interesting, and I won’t pretend I’m able to summarize it in a way that would do it any justice, so I suggest you just read it.

A cynical summary for people like me who have been in the PSP hacking scene previously would be: “ha, the security on the PSP was a joke, now we’re talking”. The article truly shows that the exploit was not only about digging for CVE's and quickly and dirtily implement them on the Vita.

Between the absence of a debugger, ASLR, sandboxing, no JIT, and other bumps in the road, acez’s post clearly explains this was not easy. At all.

From the scene’s perspective, it’s interesting to see that the main people behind this work (freebot, acez, and John The Ropper) are – as far as I know – not people from the PSP or PS3 scene. They seem to be, however, very, very well seasoned hackers (at least acez seems to be a regular CTF – The hacking ones, not the Quake ones – contestant). The things they pulled off, which I understand where very helpful, behind the scene, to some of the releases we’ve seen over the past few days, were not an easy thing.

Credits

Johntheropper and freebot worked with acez directly on the exploit. In addition, he credits Yifanlu and Josh_Axey for their help on the Vita, as well as Acid_Snake and Codelion, and everyone else who “made this possible”.

Downloads

The exploit and all related work can be found on acez’s github. At this point I assume this is more or less the same work that has been released in CodeLion’s recent memtools_vita, but it is worth checking it.

What’s next?

Let’s hope that the interest of acez, JhonTheRopper, and freebot for the Vita will stay for a while. As mentioned in the blog article, there’s still a lot to do: Webkit is sandboxed, and without additional exploits, the scene will not be able to gain “full” native access to the Vita. From a personal point of view though, I would surely be happy to start seeing a simple SDK, and some simple homebrew, in the sandboxed Webkit exploit. Just for the sake of it.

Source: acez.re

Anonymous’ Twitter account suspended in conjunction with Ferguson protests

Anonymous had threatened to reveal private information about a man they claimed to be Michael Brown's shooter  

By Joanna Rothkopf
 

(Credit: Reuters/Nacho Doce)

Hacking group Anonymous’ Twitter account (@TheAnonMessage) was suspended on Thursday. The group claimed to reveal the name of Michael Brown’s shooter via the social media website and threatened to publish his home address and photo if the Ferguson Police Department did not confirm the allegation.

According to NBC News, Chief Angel Jimenez of the St. Ann Police Department in Missouri said that the person accused by Anonymous is actually a dispatcher, not a police officer. “At no time has he ever been involved in a shooting in Ferguson or elsewhere,” said Jimenez.

While Twitter does not comment on individual accounts, when asked for comment, a representative pointed to the social media website’s rules, which states that Twitter does not permit users to  ”publish or post other people’s private and confidential information” or “publish or post direct, specific threats of violence against others.” Anonymous had done both.

Anonymous has since switched to a backup account.

Twitter has suspended my main account. The powers that be will stop at nothing to silence us. #Anonymous #Ferguson
— TheAnonMessage2 (@TheAnonMessage2) August 14, 2014

Censoring us is an act of war. #Ferguson #TheAnonMessage
— TheAnonMessage2 (@TheAnonMessage2) August 14, 2014

---

---

HANDS UP, DON'T SHOOT. #Ferguson #TwitterSuspension #Anonymous pic.twitter.com/tX93g6lWM1
— TheAnonMessage2 (@TheAnonMessage2) August 14, 2014

ANNOUNCEMENT: We are ceasing any future dox releases until further notice. #Anonymous #Ferguson
— TheAnonMessage2 (@TheAnonMessage2) August 14, 2014

Joanna Rothkopf is an assistant editor at Salon, focusing on sustainability. Follow @JoannaRothkopf or email jrothkopf@salon.com.

Anonymous To Ferguson Police: Expect Us

By karoli

Anonymous published a list of demands in response to the police shooting of Michael Brown in Ferguson, Missouri.



Anonymous has stepped into the Ferguson, Missouri police shooting of a young unarmed black man and they have done so with firm resolve.

In their video above, they demand that elected representatives for that area introduce legislation defining clear standards of conduct for police in situations like the one that resulted in the shooting of Mike Brown Saturday.

They further state that if this demand isn't met, they will hack into police department databases and publish confidential data they obtain.

Whether one agrees or disagrees with Anonymous' operating tactics, what they're asking for is not outrageous. There is a point where a line in the sand is needed, and where everyone should stop pretending the police are always right and the people are always wrong. That right/wrong view seems to be the one that prevails when black or brown people are the ones protesting in the street.

That kid lay in the street for hours while they beefed up their militarized presence in Ferguson, as if to invite violence. I'm not sure I'm buying the "official account" of how Brown came to be shot eight times, either. If he allegedly attacked the cop sitting in the car, how did he come to fall 35 feet away while the cop never got out of the car?

As a writer, it's difficult to balance a desire not to slam police, who have a difficult and demanding job against sympathy for an unarmed kid dead in the street. In some cases, criticism just lives in the situation. This is one of those times.

Ferguson's elected officials should take Anonymous' demands seriously.

(As a side note, Twitter killed the #OpFerguson hashtag and suspended the @OpFerguson account. I'm sure glad they believe in free speech. I guess for them that's only for conservatives.)