Bounty for Chromebook Hack Doubled to $100,000

Many companies seek to outsource the finding of vulnerabilities in their products to external hackers, offering monetary rewards in exchange for details on successful hacks that they can fix. In a show that should both display their faith in the security of the Chromebook as well as entice more hackers and security experts to probe the laptops for vulnerabilities, Google has doubled the previous bounty offered for a Chromebook hack to $100,000.

This new and larger reward has a high bar set for anyone wishing to challenge the Chromebook’s security. In order to qualify for the full $100,000 bounty, a hack must be demonstrated that is delivered through a web page accessed in guest mode and have the compromise persist in guest mode, even between boots of the device. The reason this hack is challenging is that while in guest mode, a Chromebook is employing its highest levels of security. A guest user can download files, but is forbidden from installing apps, even those officially released from Google’s store, which circumvents one of the major angles of attack that are used by hackers. Chromebooks are also set to automatically install updates, runs all of its software in sandboxed environments and even has a “verified boot” function, which can detect if the OS is compromised by malware on boot and roll it back to a clean version.

“Since we introduced the $50,000 reward, we haven’t had a successful submission,” Google wrote on their security blog. “That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.” Whether that means that no-one can hack the Chromebook or simply not enough people have tried remains to be seen, but we will have to see whether anyone will be able to claim this bounty in the near future

GCHQ Admits £1b Investment in Cyber Security “Hasn’t Worked”

Over the last five years, UK intelligence service GCHQ has spent nearly £1 billion on its cyber security initiative, but the civil servant in charge of the program has admitted, “the bottom line is it hasn’t worked.”

Alex Dewedney, Director of Cyber Security for CESG (Communications-Electronics Security Group) – a division within GCHQ – told the audience at the RSA security conference in San Francisco last week that, in order to fight cyber security threats to businesses, services, and governments, GCHQ needs more manpower, not money.

“I think the best way to sum up the challenge we face is that while we’ve done a lot over the past five years and spent quite a lot of money as a government, particularly in those years of austerity we’ve been through, the bottom line is it hasn’t worked,” Dewedney said, according to Computing.

“[People believe that] if we keep doing that, then somehow it will magically cause improvement to happen. That approach by itself is not sufficient,” he added. “We can’t just pass information on threats to businesses and tell them to go and deal with it themselves.”

Chancellor of the Exchequer George Osborne has, despite a fiscal policy of austerity, announced plans to double GCHQ’s cyber security budget to £1.9 billion by 2020, but Dewedney thinks that throwing money at the problem is the wrong approach, saying that it’s “not so much a money issue as it is a human resources issue.”

One place that the government should be spending money, argues Dewedney, is on upgrading IT systems. “Not […] spending money on fixing legacy IT issues […] is killing us.”

“I’ve tried to make this argument to my bosses that surely you have to start [with legacy] before you try to do anything more sophisticated,” he said. “But the response has been ‘I’m not spending cyber security programme money to subsidise other departments’ IT budgets’.”

Hacker Releases 17.8GB of Data From Turkish Police Server

A hacker going by the online alias ROR[RG] has released a large amount of data that belonged to a Turkish National Police database and is thought to contain large amounts of sensitive private information. ROR[RG] is aligned with the Anonymous hacktivist group and has leaked the data that was supposedly stolen from Turkish General Directorate of Security (EGM) onto a number of peer-to-peer sites for anyone to download and examine.

The data was released through The Cthulu website, which has been a host of a number of leaks by members of Anonymous in the past, including a serious hack against a US Police union last month. A statement released with the data explains that the data was taken from the EGM and that “the source has had persistent access to various parts of the Turkish Government infrastructure for the past 2 years.” It went on to explain that “in light of various government abuses in the past few months, has decided to take action against corruption by releasing this.”

Based on examination of the files in the leak, they appear to originate from a MySQL database, which Reddit confirms. A number of users on the world news subreddit (including some Turkish posters) loaded up the leaked database, finding that it was from the MERNIS system and contained a directory of an enormous amount of Turkish citizens, including ID numbers and full addresses. Exactly how much of the Turkish population this data covers is currently unknown, but this looks to be a disastrous breach for the Turkish government.

It is worrying for the information security of the Turkish government that such a leak was allowed to take place. Not just this, but the fact that the hacker had supposedly had continuous access to government systems for at least two years prior to the leak. The potential consequences of this leak are huge too, as it provides a treasure trove of personal data for criminals to use. Hopefully, the Turkish government will have an answer for this leak, however, it may be too-little-too-late for those whose personal data is already in the public domain.

Hackers Hit Hollywood Hospital With Ransomware

It seems that no system is beyond the reach of hackers out to line their own pockets. For almost an entire week, the Hollywood Presbyterian Memorial Medical Center has been without its computer systems, due to the system being taken down by a hack that is described as ransomware.

Without their computer systems, the staff at the hospital have been forced to switch back to pen and paper to take patient records and logs. More worrying is the inability to access medical records of patients which could heavily affect the care they receive. Those patients that require specific care, such as lab tests, scans or pharmacy tasks have been temporarily transferred to other nearby facilities as all of these are currently impaired by the hack.

The hack is currently under investigation by both the LAPD and FBI, however, there is yet to be any conclusive evidence about the culprit. The exact extent of the hack is currently unclear, but it is known that the attackers are demanding the sum of 9000 bitcoin, or around $3.5 million for the encryption key to regain access to the hospital systems. President and CEO at the hospital Allen Stefanek has come out stating that the attack was believed to be random and not maliciously directed at the facility.

It is shocking that a facility as important to the lives of many as a hospital can be affected by such a hack, with no backups available or a swifter way of tackling the issue. This could come as a wake-up call to other hospitals to toughen up their cyber security, or they could befall the same fate and put the lives of their patients at risk.

eBay Vulnerability Exposes Users to Data Theft and Phishing Attacks

The eBay site is used by millions of people and as a result, has a level of trust with its users buying and selling countless items each day. Imagine then, how lucrative a target this massive user base could be for an attacker. Check Point’s security researchers have found just such a vulnerability in eBay that allows malicious users to bypass the code validation that is in-place and remotely control the vulnerable code to execute malicious Javascript code on the browsers of targetted users.

Check Point warn that leaving the flaw unpatched will expose the online marketplace’s huge userbase to the risk of data theft and phishing attacks while eBay believes that the actual risk of a malicious attack is very low. eBay was made aware of the vulnerability on December 15th, but they are yet to issue a complete patch for the weakness, instead claiming to have implemented additional security filters based on the report to reduce the risk.

eBay told Security Week “eBay is committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.”

One of the ways that an attacker could target eBay users is by first sending them to a legitimate page which contains the malicious code. By setting up an eBay store and adding malicious code to the description section of items, users can be tricked by attackers into visiting pages containing harmful code. This code could do a number of things once opened, from phishing for data or even downloading binaries to the computer or device. eBay report that as few as two in a million items listed on their site use active content, making the chance of being targeted by malicious content is low. Despite this, Check Point stated that they have demonstrated a proof-of-concept for the attack to the eBay security team, with them able to bypass restrictions and deploy malicious code to their seller page without any difficulty.

The finding was made public by Check Point public on Tuesday, hoping that it may push the e-commerce site to patch the vulnerability quickly. This is a good example of how even the sites that seem the most trustworthy can hide potential danger. Until a patch is released, taking care when using eBay may just be the best bet.

D-Link Wi-Fi Webcam Turned into a Network Backdoor

Vectra Networks researchers today released an article demonstrating how they turned a $30 D-Link Wi-Fi webcam into a backdoor onto its owner’s network. Installing a device like a networked webcam may seem like a riskless action, but when the device can allow hackers to access the same network it becomes far more worrying.

Typically, attacks on Internet of Things devices are considered a waste of time due to their lack of valuable onboard data and lack of resources to manipulate. Vectra showed that should hackers focus on and be able to compromise a device’s flash ROM, they could replace the running code with their own tools such as those to create a backdoor. It doesn’t have to be a remote hack either, with the report stating “Once we have such a flash image, putting it in place could involve ‘updating’ an already deployed device or installing the backdoor onto the device somewhere in the delivery chain – i.e. before it is received and installed by the end customer.”

The first step of the attack on the webcam was to dump the flash memory from the device for analysis. It could then be determined that the ROM contains a u-boot and a Linux kernel and image with software used to update the firmware. With this, the steps used to verify firmware updates could be reverse engineered to allow it to accept a rogue update containing a Linux proxy service while also disabling the ability to reflash in future so the back door could not be removed. With all this in place, the hacker would be able to inject his own attacks into the rest of the network and use it as a pipeline to extract stolen data.

Such a compromise would be incredibly hard to detect by the user as long as the backdoor code did not interfere with the device’s normal operations. Even then, there would be no way for the device to be recovered and would instead have to be disposed of and replaced with a clean one. D-Link is yet to issue a patch for this vulnerability, but it is not expected they will, as a true fix would require specialist chips to verify updates or a Trusted Platform Module.

It is worrying that as we bring so many more tiny networked computers into our homes, they are far more of a risk than they seem. Vulnerabilities in even the smallest network device can compromise the security of an entire network and should not be overlooked.

Hacking Group Threatens to Attack Gaming Networks During Christmas

The hacking group, Lizard Squad targeted the poor security on Xbox Live and PlayStation Network last year and caused major disruption during the holiday period. This meant many new console owners couldn’t play games online with their friends and spoilt the festive cheer for three long days. In the past year, the National Crime Agency has made arrests and targeted Lizard Squad’s cyber criminal activities. However, being anti-establishment can inspire other disaffected people to create a similar organization. Sadly, this is the case, and a new group entitled, Phantom Squad is threatening to shut down Xbox Live and PlayStation Network during Christmas:

https://twitter.com/OfficialSegma/status/675784451977289729

Not only that, the group plans to switch the servers offline for a week and ruin people’s excitement to play games during their time off. This really is pathetic, and illustrates how petty human beings can be. I’m not entirely convinced if the group can perform this hack as it might just be trolls engaging in attention seeking. Although, if any kind of mass outage occurred, both Microsoft and Sony have to answer questions about their investment in online security. Hopefully, this isn’t a sign of things to come and only shows how bitter some people are in the modern world. If you’re frustrated with society, trying to ruin other people’s lives to make your own self-image improve is a flawed line of thinking.

One Java With An Added PUP Please

Critical security updates to applications are essential to maintain a patched system from the many exploits which attempt to infiltrate ones PC. Certain software companies need patching more than others and this is no less evident with both Adobe Flash and Oracle Java, the aforementioned needs fixing every five minutes and the latter, well, is probably better uninstalled altogether. On the subject of Java, many websites are using a trick which promises an update but also bundles are PUP for good measure.

So, what are the tricks, well, when a user attempts to view content which requires a Java plugin on certain websites, a pop up appears stating that they should update their version of Java. By following the prompt the user lands on various pages unconnected with Java, for example one page is coined “Media Downloader”. The user is then asked to both downloaded and install a “setup.exe” file which turns out to be a PUP.  Quick tangent here, a novice computer user once asked me if it would download a dog, I replied PUP not Puppy, not joking either.

There are other techniques too, one masquerades on a webpage as a standard Java pop up update notification, further examination shows this is in fact a background image and not a pop up. If you click on this you might receive among others a bundler which offers Java but also others including Norton 360 (terrible program) PC Mechanic and for some reason Stormfall Age of War. This though can be avoided by checking the UAC prompt which lists this .exe file as from Verified Publisher “Super IS Fried Cookie Ltd”, sounds about as authentic as a fast food burger, mentioning no names.

As standard, make sure any software applications are downloaded from authentic sources, if you visit a page that promises an update, be cautious, check the URL and as an extra precaution, always scan downloaded files with a reputable Anti-Virus and if possible a Malware scanner as well. Quick side note, these days viruses are becoming harder to detect by AV companies, therefore, while it’s essential to have these suites available, always download from authentic sources and be sceptical.

Of course, if you don’t use Java then it might be better to uninstall it considering the amount of security issues it has faced over the last few years.

Image courtesy of limewheel

TalkTalk Website Struck by Cyber-Attack

The Metropolitan Police Cyber Crime unit has launched an investigation after the major UK internet and phone provider was hit by a “significant and sustained cyberattack” on Wednesday. At the current time, it is unclear as to the full extent of the attack, however, TalkTalk has released a guide with more information on the attack and advise their customers to be aware that some data may have been leaked. Alarmingly among this list are credit card and bank details, which when correlated with other potentially leaked account details such as names and email addresses could expose many of TalkTalk’s 4 million strong customer base to unauthorized access to finances and other identity fraud.

This isn’t the first time this year that TalkTalk has been affected cyber attacks that resulted in theft of customer data, when its associated firm Carphone Warehouse was the target of an attack that resulted in close to half a million TalkTalk Mobile customers being affected.

All of this is bad news for TalkTalk, which is already struggling with poor customer satisfaction, its Broadband division scoring only 48% in Which? magazines latest customer satisfaction survey. And while TalkTalk now assure customers their site is once again secure, the recurring leaks of data by the company are sure to hurt trust with their customers.

Are you a TalkTalk customer who has been affected by these attacks and are you concerned about the security of your details with the company in future? Let us know in the comments below and remember to check out Talk Talk’s advice on the incident.

Cooler Master US Site Hacked and Defaced

As companies are bombarded everyday by malicious attacks, more and more data breaches have been popping up in the news. Cooler Master is no exception and looks to be learning a lesson about security as their US website was taken down by hackers and defaced.

Going by the tag “xMr.Goreman404_IDx”, we have no news yet about the extent of the breach and what if any data was taken. xMr.Goreman404_IDx looks to be cruising the web looking for sites with vulnerabilities to take down, with a number of other sites suffering from similar attacks. Given the Inodenisan flag in both the logo and waving in the background, it can be interpreted that xMr.Goreman404_IDx is from Indonesia. It’s also possible that the flag is just a diversion for investigators though.

At this point, it does not look like the site is being used to host any malicious payload nor spread any propaganda other than slamming Cooler Master for their poor security. For now, it would not be advisable for anyone to visit the site until Cooler Master restores control. First notification about the hack took place at around 12PM PDT and as of this time, the site is unreachable and Cooler Master have yet to make a statement.

Images courtesy of Nineshadow

Hacking Team Release Ludicrous Statement

This story is so preposterous that I am going to play a little game called; “who are the hypocrites here.” Hacking Team, who recently fell to a cyber attack have released a statement claiming to be victims and have bluntly claimed that they have “always operated with the law and regulation in an ethical manner.”

You heard it right, when government officials start inventing ludicrous laws which state that hacking citizen’s phones and computers for data is actually legal, you arrive at the juncture where the Italian spyware firm claim that “there was only one Violation of Law in this entire event, and this was “the massive cyber attack on the Hacking Team”

Now I don’t condone hacking, well I do in this case where rival decent hackers exposed nearly 50GB of data, this included internal documents such as internal emails, hacking tools zero day exploits, surveillance tools, source code for Spyware and a spreadsheet listing and every government client with date of purchase and amount paid.

Out of balance and to be fair to Hacking Team, I have viewed their statement and what really stands out is the following few lines.

“The company has always sold strictly within the law and regulation as it applied at the time any sale was made. That is true of reported sales to Ethiopia, Sudan, Russia, South Korea and all other countries”

Well, those are true democracies which really do underpin Hacking Teams morals. The scary thing is, if you give a despot surveillance tools, this could have well led to deaths and suffering of citizens.

There are no winners in these revelations with perceived democratic countries also using these tools along with many dodgy dictators. Hacking Team also state that “there had not been “access to the data collected by company’s clients using purchased spying software, as such information is only stored on the customer’s systems and can’t be accessed by the company itself.”

This is the tip of a seedy and unethical Iceberg, which in the long run, will not protect against every terrorist eventuality, but to only virtually incarcerate the whole world. Anyone who sells spying software to countries which have a habit of executing dissenters is either desperate for cash or completely void of conscious. A sale is possibly within the law, but so is selling a pint of beer to a 16-year-old if bought by an adult with a meal. The only difference is, a pint normally does not result in potential war crimes and more… usually.

Thank you to Hacker News for providing us with this information

Image courtesy of ilquotidianoitaliano

A New Kind Of ProxyHam Coming to DefCon

Ok you now think I have been lying in 35 degree heat all day and have crossed a privacy tool with a local butcher. I can assure you I am not hallucinating and that purple leprechaun agrees with me, only kidding, it’s green. I am quite sane and am here to talk about a possible new proxy tool which could be a game changer for privacy conscious Individuals.

At the upcoming DefCon hacker conference in Las Vegas, a new tool by the name of ProxyHam is set to be unveiled, this device has been invented and developed by an individual by the name of Ben Caudill who aims to make it that little bit harder for network spies. This device is essentially a hardware proxy which is designed to use a radio frequency. By utilizing this form of connection, the device adds a physical layer of obfuscation to an internet user’s location

According to Google, obfuscation is defined as making something obscure which means your location is not transmitted over the Internet. This invention has been built for $200 dollars (£128) but the clever bit is still to come, the device connects wirelessly from a 900 megahertz antenna which is plugged into the Ethernet port of a PC, to a Raspberry Pi box which has been placed in a different location via a radio connection. This in turn means that any traceable location data is not from a person’s physical location, but from the ProxyHam box said individual has placed somewhere else.

This means that if the FBI come knocking or any other malevolent with power organization, they will think you live within a 2.5 mile radius of your actual address, and this means if you placed the box in Burger King, the fast food joint will be raided and not you. Here at eTeknix we are impartial and therefore would like to point out there are many other corrupt governments with which to be spied on and fast food joints with which to enlarge your liver.

At this stage these devices are still very much at the development and improvement stage, but if it can capture the mainstream, expect many boxes to pop up with confused officials staring at them to a town near you soon.

Thank You Wired for providing this information

Toshiba Developing New Encryption?

Encryption is an essential and fundamental way to keep people safe online, Hear that world governments! ESSENTIAL! From keeping information away from hackers in the banking sector to assisting journalists in their exceptional work exposing corruption within various forms, encryption is imperative.

But it does have its weaknesses which have been highlighted by many cases involving individuals who would rather all information be freely available within many communications outlets. Encryption is in need of a revamp which might be a reality thanks to tech company Toshiba who will be undertaking verification testing on a new form of encryption technique which the Tokyo based firm says is “unbreakable”

Toshiba are naming this project a testing of Quantum Cryptographic Communication System. So what is a Quantum Cryptographic system? Well according to Toshiba’s website this technique uses quantum physics to ensure that genomic data encrypted with digital keys remains secret. This differs from standard communications which are being intercepted by measuring a part of the optical signal, Toshiba aims to bring this project to market within five years of full development.

Sounds promising, but Toshiba also states that potential users will be public agencies and also medical institutions, as yet it’s unclear if Mr Average Jo will benefit from this potential innovation. It also remains to be seen if this technique is “unbreakable” as this definition is open to interpretation.

Thank You Toshiba for providing us with this information

Image Courtesy of Bloomberg Business

North Korea’s State Operating System Looks Like OS X

We’ve all been captivated recently by the massive hack upon Sony Pictures that was supposedly carried out by North Korea. However, not many of us know what using a computer is like in the ‘self-reliant’ hermit kingdom.

Well now we do. Ex-Google employee Will Scott previously visited one of the country’s top universities and bought a copy of the operating system they were using while he was there. He somehow managed to sneak that back to the states and provided screenshots for us all to see.

Now, obviously their OS isn’t going to be anything built by Microsoft, Apple or Google or any other Western company, so they’ve built their own. Well, sort of their own, because it bears a startling resemblance to Apple’s OS X.

From log in screen to the iconic dock and menu bar, it’s a complete rip-off of what appears to be OS X 10.5 Leopard. This image of file manager could easily be mistaken for an old version of Apple’s Finder.

Take a look at the browser – a modded Firefox perhaps?

You can see more of the OS at the source link.

Source: Business Insider Images: Will Scott

Defector to Send USB Copies of ‘The Interview’ into North Korea Via Balloons

A defector of North Korea has announced that he intends to send 100,000 USB drive and DVD copies of ‘The Interview’ into North Korea via balloons. With the support of the US Human Rights Foundation, the copies have been edited to include Korean subtitles.

In an interview to the Associated Press, Park Sang-hak said that the ballon drop would help the “idolization of leader Kim” break down.

“Park said foundation officials plan to visit South Korea around Jan. 20 to hand over the DVDs and USBs, and that he and the officials will then try to float the first batch of the balloons if weather conditions allow.

“North Korea’s absolute leadership will crumble if the idolization of leader Kim breaks down,” Park said by telephone.” 

Similar efforts have been carried out before by the same man and by other groups – dropping leaflets, posters, pictures and DVDs of other films. Copies of news programming have also been sent via balloons, often showing the toppling of other dictators like Muammar Gaddafi and videos of uprisings like those seen in Egypt.

Sony Pictures was the subject of “the biggest cyber attack in history” last month after it’s believed North Korean hackers had their revenge in response to ‘The Interview’ – a movie about the assassination of leader Kim Jong-Un.

Source: Associated Press

The Interview is Sony’s Most Downloaded Movie – Making $15m

The Interview is doing alright online, raking back a third of its crazy $44 million budget. It’s also Sony’s most downloaded movie ever.

“Considering the incredibly challenging circumstances, we are extremely grateful to the people all over the country who came out to experience The Interview on the first day of its unconventional release,” – Rory Bruer, Sony’s President of Global Distribution in a statement to The Wrap following the movie’s opening.

Sony will certainly be interested in these figures. Analysts have suggested that the company could lose billions of dollars due to the hack – something an already struggling Sony doesn’t need. It’s questionable as to how much money the movie will make online and in such a limited number of cinemas.

This figure also poses something else – what will the non-theatrical release of this major motion picture mean for the future of cinema? We’ve seen movies released to DVD/Blu-Ray and downloads sooner and sooner following their theatrical release. We’ve also seen movie studios expressing interest in cutting out cinema releases altogether in an attempt to curb piracy. So does the modestly successful online release of The Interview further compound the beliefs of those who think we should say goodbye to cinema?

Source: BBC News

iTunes to Offer The Interview Too

Just a few days after it was reported that Apple declined streaming ‘The Interview’, Apple has just confirmed that it will indeed be offering the movie.

According to Re/code, an Apple representative informed them that the movie will be available from 1pm EST for streaming and downloading. This means that the movie will be available on many of the big streaming platforms, including iTunes, Google Play and YouTube.

Sony said that they intended to deliver the movie on a “different platform” following their decision to pull it from its Christmas Day release. The company did say that no streaming or download service had initially come forward with an offer to provide the movie, but now that’s obviously a different story. The movie did also see its cinematic release, but only in  handful of venues.

Source: Re/code

Apple Reportedly Declined to Show ‘The Interview’ on iTunes

In Sony Pictures’ hunt to find a place to show ‘The Interview’, they reportedly asked Apple, who supposedly declined the offer.

According to The New York Times, Sony apparently asked the White House to help them get it on iTunes, but Apple was having none of it, “at least not on a speedy timetable”.

“It remained unclear, however, whether any on-demand service would take “The Interview.” According to people briefed on the matter, Sony had in recent days asked the White House for help in lining up a single technology partner — Apple, which operates iTunes — but the tech company was not interested, at least not on a speedy time table. An Apple spokesman declined to comment.”

We reported yesterday on the news that the movie will now see its original Christmas Day release, showing at a handful of cinemas, but it’s still unclear as to how everybody will be able to see it.

Source: The New York Times Via MacRumors

 

Sony Threatens Legal Action Against Twitter Over Hack Leaks

In an interesting turn of events, Sony has delivered one of those threatening letters to Twitter. Sony Pictures has asked the social network to delete accounts that have been sharing leaked material, that’s if they don’t want to face legal action.

Motherboard says that it has seen a letter addressed to Twitter’s general counsel Vijaya Gadde from David Boies, the lawyer given the job of helping clear up Sony’s mess. It says essentially the same things that the one delivered to news outlets says, asking people to stop disseminating or publishing “stolen information”.

“SPE does not consent to Twitter’s or any Twitter account holder’s possession, review, copying, dissemination, publication, uploading, downloading, or making any use of the Stolen Information, and to request your cooperation in suspending the Account Holder’s Twitter account and the account of any other user seeking to disseminate the Stolen Information via Twitter”.

Oddly, the same letter has been delivered directly to a Twitter user, namely Val Broeksmit, who has extensively shared portions of the leaked e-mails on his Twitter account.

Source: Motherboard

The Interview To Be Released in Select Cinemas on Christmas Day

Well after everything Sony has authorised a select number of US cinemas to release ‘The Interview’ on Christmas Day.

Alamo Drafthouse founder Tim League has offered his cinemas to show the movie, a request which Sony has granted.

A cinema in Atlanta has also been allowed to show the movie.

It’s not yet clear exactly how many cinemas will show the movie yet, but we are sure of one thing – against North Korea’s will, ‘The Interview’ will now be released.

Source: The Verge

The Interview Becomes One of The Highest Rated Movies on The Web

Despite nobody having seen ‘The Interview’ yet, it has already become one of the highest rated films on the web. The Verge reports that the unreleased film has achieved a perfect 10/10 rating on IMDB, after over 22,000 people gave it such high praise.

22,607 IMDB users rated the movie a perfect 10 out of 10 stars, with 28,000 people giving it a 96% “want to see” rating on Rotten Tomatoes. All of this easily makes ‘The Interview’ one of the highest rated movies on the internet, despite professional critics who have seen the movie describing it as a “dumbing-down of the audience that began decades ago” with a “slob aesthetic”.

While not exactly the highest rated movie ever, it has certainly took the record for the highest ever rated movie nobody has actually seen.

Source: The Verge

North Korea Threatens The White House, Acknowledges Cyber Warfare

North Korea has delivered a threat to the United States over its accusations that it was behind the Sony Pictures hack. They’ve warned that they will attack the White House and “the whole US mainland, that cesspool of terrorism”.

They accused the US government of being behind the “vicious and dastardly” plot of ‘The Interview’.

“Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole US mainland, the cesspool of terrorism, by far surpassing the ‘symmetric counteraction’ declared by Obama.”

They said that they also plan to take down “US citadels” using their armed forces and, rather interestingly, cyber warfare – their first public acknowledgement of their intention to use the internet to attack other countries.

“Our target all the citadels of the US imperialists who earned the bitterest grudge of all Koreans, the army and people of the DPRK are fully ready to stand in confrontation with the US in all war spaces, including cyber warfare to blow up those citadels,”

North Korea is no stranger to delivering heavy handed statements like this, but most of the time they never transpire to anything major. However, now they’ve publicly acknowledged “cyber warfare”, it’ll be interesting to see whether there are any more hacks on the horizon.

Source: The Guardian

 

BitTorrent has Offered to Stream ‘The Interview’

Popular torrent service BitTorrent has said that they’ll gladly stream ‘The interview’ – the movie said to be behind the massive North Korea hack attack on Sony Pictures.

Sony has said that they intend to deliver the movie on a “different platform” following their decision to pull it from its Christmas Day release. The company did say that no streaming or download service had come forward with an offer to provide the movie, but now one has.

In a statement to VentureBeat, BitTorrent said:

“BitTorrent Bundle is in fact the very best way for Sony to take back control of their film, to not acquiesce to terrorist threats, and to ensure a wide audience can view the film safely. It would also strike a strong note for free speech.”

It would certainly be interesting if Sony Pictures did decide to go with BitTorrent, a service so commonly linked to movie piracy. If they don’t go with them, how could they release it? The PlayStation Network is a way, but I don’t think Sony wants to risk that with yet another hack. We shall soon find out.

Source: VentureBeat Via: Gizmodo

Kim Jong Un Game Still Going Ahead, Gets Sony Pictures Level

‘Glorious Leader!’ a game about Kim Jong Un, is still going ahead despite the potential threat from North Korea following the Sony cyber attack.

It’s creator, Jeff Miller, is reportedly even more motivated than ever. He’s since set up a crowdfunding campaign requesting $55,000 to get the game finished. Speaking to NBC News, Miller said “I should probably ask for more funds now to beef up our cybersecurity, we didn’t know things were going to get this weird.”

The game features Kim Jong Un with superpowers overcoming the “evil imperialist” United States, taking down drones and soldiers that get in his path. Its creator now says that it will also feature a special Sony Pictures stage following the recent events.

Take a look at the game bellow.

Source: NBC News

North Korea Wants Joint US Investigation on Sony Hack

The BBC reports that North Korea has demanded a joint investigation with US authorities over the Sony hack. The secretive state denied US allegations that the country was behind the massive hack upon Sony Pictures. 

The country said there would be “grave consequences” if the US did not oblige, saying that “the United States is spreading groundless allegations and slandering us”. 

“We propose a joint investigation with it into this incident. Without resorting to such tortures as were used by the US CIA, we have means to prove that this incident has nothing to do with us.”

The news comes after the FBI yesterday officially announced that North Korea was directly linked to the hack. Following this, President Obama delivered a statement affirming the allegations, accusing the country of attempting to impose censorship upon the US, “we cannot have a society in which some dictator someplace can start imposing censorship”.

Source: BBC News

FBI Releases Statement Linking Sony Hack to North Korea

Seen as an end to all speculation, the FBI has released an official statement linking North Korea to the Sony hack. 

They said ”we are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there,”.

They added that the attack was consistent with previous hacks from North Korea as “there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,”. 

Ever since the massive hack on Sony Pictures, many have sought to speculate as to who may be behind it. Some rebuffed the idea that it my be North Korea, suggesting that it could be hacker group operating under a disguise, while others have gone to the lengths to suggest that it could all be a clever marketing campaign for ‘The Interview’. 

Well this statement brings much of that to an end, giving us a definite link to the secretive state. President Obama is expected to speak later today with an official response to North Korea. 

Read the full statement bellow –

“Today, the FBI would like to provide an update on the status of our investigation into the cyber attack targeting Sony Pictures Entertainment (SPE). In late November, SPE confirmed that it was the victim of a cyber attack that destroyed systems and stole large quantities of personal and commercial data. A group calling itself the “Guardians of Peace” claimed responsibility for the attack and subsequently issued threats against SPE, its employees, and theaters that distribute its movies.

The FBI has determined that the intrusion into SPE’s network consisted of the deployment of destructive malware and the theft of proprietary information as well as employees’ personally identifiable information and confidential communications. The attacks also rendered thousands of SPE’s computers inoperable, forced SPE to take its entire computer network offline, and significantly disrupted the company’s business operations.

After discovering the intrusion into its network, SPE requested the FBI’s assistance. Since then, the FBI has been working closely with the company throughout the investigation. Sony has been a great partner in the investigation, and continues to work closely with the FBI. Sony reported this incident within hours, which is what the FBI hopes all companies will do when facing a cyber attack. Sony’s quick reporting facilitated the investigators’ ability to do their jobs, and ultimately to identify the source of these attacks.

As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions. While the need to protect sensitive sources and methods precludes us from sharing all of this information, our conclusion is based, in part, on the following:

  • Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
  • Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there. Further, North Korea’s attack on SPE reaffirms that cyber threats pose one of the gravest national security dangers to the United States. Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets it apart. North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves. Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens.

The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information. Further, the FBI will continue to work closely with multiple departments and agencies as well as with domestic, foreign, and private sector partners who have played a critical role in our ability to trace this and other cyber threats to their source. Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests.”

Source: The Verge