Posts

North Korean military hackers indicted in cyber plot to rob banks, attack companies


Three North Korean computer programmers have been charged in Los Angeles with conspiring to steal and extort more than $1 billion in a sweeping array of cyberattacks against banks, other companies and cryptocurrency traders around the world, federal authorities announced Wednesday.



Kotaro Koizumi et al. posing for the camera: From left, Park Jin Hyok, Kim Il and Jon Chang Hyok are accused of conspiring to steal more than $1 billion in a sweeping array of cyberattacks. (U.S. Justice Department)


© (U.S. Justice Department)
From left, Park Jin Hyok, Kim Il and Jon Chang Hyok are accused of conspiring to steal more than $1 billion in a sweeping array of cyberattacks. (U.S. Justice Department)

The hackers were working for a North Korean military agency, the Reconnaissance General Bureau, and pursuing strategic and financial goals of the country’s leader, Kim Jong Un, authorities said.

In an indictment unsealed Wednesday, a federal grand jury in Los Angeles charged that Jon Chang Hyok, Kim Il and Park Jin Hyok attacked banks, entertainment companies, online casinos, defense contractors, energy utilities and others in the U.S., Bangladesh, Mexico, Indonesia, Britain, Vietnam, Pakistan and other countries.



a group of people walking down a street next to a sign: Federal authorities say embarrassing emails of Sony executives were hacked by North Korean computer programmers and made public as revenge for the studio's release of "The Interview," a comedy that mocked North Korea's leader, Kim Jong Un. (Christopher Polk / Getty Images)


© (Christopher Polk / Getty Images)
Federal authorities say embarrassing emails of Sony executives were hacked by North Korean computer programmers and made public as revenge for the studio’s release of “The Interview,” a comedy that mocked North Korea’s leader, Kim Jong Un. (Christopher Polk / Getty Images)

The victims included Sony Pictures Entertainment Inc. Embarrassing emails sent by Sony executives were made public in 2014, allegedly in retaliation for the studio’s release of “The Interview,” a comedy film that depicted the fictional assassination of Kim Jong Un. One of the accused hackers, Park, was charged in the Sony attack in 2018, and now the other two men are accused of having a hand in the incursion as well.

Beyond the Sony attack, the indictment announced Wednesday alleges a broader scheme to carry out various cybercrimes, including the attempted theft of $1.2 billion from banks across the globe, wide distribution of malicious cryptocurrency apps and spear-phishing campaigns to penetrate computer systems of U.S. defense contractors, the Pentagon and the U.S. State Department.

“As laid out in today’s indictment, North Korea’s…

Source…

Demystifying Cyber Security


Recent cyber attacks to the US Government, the IMO, Maersk, amongst others has caused the world to pay attention to criminal cyber activities by foreign states, terrorists, and criminals.  The cyber attack against CMA CGM shut down services for close on two weeks.  Two days later, on October 30th the IMO was held hostage by a cyber attack. These attacks follow attacks earlier this year against MSC and COSCO.

As of January 1, 2021 all vessels that have a safety management system must address cyber security in order to maintain ISM certification. The IMO guidelines for cyber security can be found in MSC-FAL.1/Circ.3. This high-level guidance is just the foundation for a proper cyber security program for owners/operators. The circular highlights the importance of protecting vulnerable systems such as:

  1. Bridge systems;
  2. Cargo handling and management systems;
  3. Propulsion and machinery management and power control systems;
  4. Access control systems;
  5. Passenger servicing and management systems;
  6. Passenger facing public networks;
  7. Administrative and crew welfare systems; and
  8. Communication systems.

The thought of having cyber security responsibilities can be chilling to some and burdensome to others. Personally, whenever I think of cyber security I think of some college kid in their parent’s basement trying to get the password to my bank account, which is incidentally empty. Or Even better, Matthew Broderick in War Games.  The truth is that hacking scenario, while it still exists is not the predominant cyber crime in the world today. Cyber crimes may be conducted by organized crime, nation states, terrorists, or industrial espionage. On the other side of the fence are the “white hat” hackers whose responsibility and job it is, is to find the weak links in a corporate cyber security chain. They expose weaknesses without exploiting them.

One does not need to be versed in code and hacking to be an efficient cyber security officer. Cyber security is as much about the protection of the system through the hardware as it is through the software. To demystify this field, I checked in with Cyber Security Specialist Cliff Neve, who retired from the USCG Cyber Security unit.  
The…

Source…

Czech Republic turns to war-games to build cyber defences


The Czech Republic is carrying out war-gaming exercises with companies to strengthen its critical industries against cyber attacks, supply chain disruption and ownership bids by hostile states such as China and Russia.

The war-games, thought to be the first such contingency exercises in the world, have drawn the attention of Nato allies seeking to protect themselves from aggression in the so-called “grey zone” between peaceful relations and formal armed conflict. Concern about grey zone activities have intensified since a significant hacking campaign against US government systems — attributed to a Russian group — was discovered in December.

Tomas Kopecny, deputy minister for industrial co-operation in the Czech Ministry of Defence and Armed Forces, has started contingency exercises with the country’s five largest defence companies and hopes to expand the programme to other industries including energy, IT, healthcare and food production later this year.

“We see industrial policy as part of not only economic welfare, but geopolitics and also defence and security”, Kopecny told the Financial Times. “This exercise is basically about creating [a] nexus between the military and civilian, between the government and private side.”

Tomas Kopecny, deputy minister for industrial co-operation in the Czech Ministry of Defence © Michal Krumphanzl/CTK/Alamy

He added that the rise of China as a “systemic rival” to the EU meant industry was increasingly on the front line of attempts by foreign investors to steal intellectual property or exert control over competitor companies.

“The very strategy that is being applied by Chinese state-affiliated investors is something that is targeting [Europe’s] critical and strategic technologies,” Kopecny said. “It’s definitely something that is decreasing our capability to defend ourselves, through us losing our technologies that are essential for defence.”

The UK government had to intervene last year to prevent an investor linked to the Chinese state from seizing control of the board of British chipmaker, Imagination Technologies. The FT has also revealed that China is exploring limiting the…

Source…

Our People Make What We Do Possible – Cyber Security