As the Sony hack investigation unfolds, revelations regarding its possible origin, type of hack used, and the damage it is purported to have caused, are starting to be revealed. Several news outlets including the New York Times, NBC, Associated Press and CNN are now reporting that US intelligence officials have linked the North Korean government to the Sony Pictures hack and that there is strong evidence that the 'wiper malware' attack originated from North Korea hackers using compromised systems across Europe, Asia, and the Middle East. Current estimates are escalating as to the damage caused by this hack but experts are already calling this the worst cooperate hack in US history.
The type of attack used is being called a 'wiper malware' that is engineered to wipe data from systems it infects. The code is closely related to attacks made in 2012 to Saudi oil companies and in 2013 to South Korean banks and TV broadcasters. The exact method for infecting a machine is not known but this type of infection requires a host program so it is in essence a Trojan virus. The next time some hacking group gets code on our servers we should be able to stop it because we know the footprint of the code. The problem is the footprint may change between or even during an active infection on a machine. Another issue is this latest threat seems to be platform independent so the underlying operating system is not a barrier.
What if we knew the footprint because our best programmers engineered it and used OUR network of hackers to distribute it and cross-stitch the code so we don't have to chase our tails looking for artifacts because we know the origin and path of delivery by using an embedded tracer we built in the code. What if the next DDoS was stopped in its track because of an intricate network of routers, switches, servers, and some specialized telemetry, to intercept, reroute, and back-trace the network of zombie computers, reflectors, and the origin hacker.
There is a change in threat complexity, including crippling hardware and using cyber espionage as an extension to and a part of terrorist groups spreading of fear and physical reprisal to advance religious and political views. Surprisingly, we have seen a lack of publicized convictions or acknowledgment of specific individuals involved in recent cooperate and government hacking reports. Instead of a massive sustained offensive of intelligence gathering in the hacking community there seems to be only a peripheral establishment of any concerted effort. One might consider that there is much we don't know because of secret and clandestine operations but one only needs to read the headlines to understand that whatever is being done is negligible when compared to the victories made by hacking groups. There needs to be a change in the complexity in how we deal with this threat.
by Jim Atkins 'thedosmann'