Tag Archives: officially

Lazarus Group hacker charged in Wannacry, Sony attacks

The Department of Justice has officially charged one member of the North Korean Lazarus Group for his role in the Wannacry attacks, the Sony Pictures breach, theft on the SWIFT banking system and more.

Nathan Shields, special agent for the FBI, filed an affidavit of complaint against the Lazarus Group hacker, Park Jin Hyok, on June 8, 2018, but the charges were made public Sept. 6.

Park was charged with conspiring to commit “unauthorized access to computer and obtaining information, with intent to defraud, and causing damage, and extortion related to computer intrusion” and wire fraud.

“The evidence set forth herein was obtained from multiple sources, including from analyzing compromised victim systems, approximately 100 search warrants for approximately 1,000 email and social media accounts accessed internationally by the subjects of the investigation, dozens of orders issued … and approximately 85 formal requests for evidence to foreign countries and additional requests for evidence and information to foreign investigating agencies,” Shields wrote in the affidavit.

Shields wrote that the affidavit was “made in support of a criminal complaint against, and arrest warrant” for Park, but there is no indication the DoJ knows where Park is currently located. The last mention in the affidavit noted Park returned to North Korea in 2014 after spending three years working for North Korean company Chosun Expo in China.

Although Park was the lone Lazarus Group hacker named in the filing, the entire North Korean team was implicated in the 2014 Sony Pictures breach, the 2016 theft of $81 million from Bangladesh Bank via the SWIFT network, the 2017 Wannacry ransomware attack as well as “numerous other attacks or intrusions on the entertainment, financial services, defense, technology and virtual currency industries, as well as academia and electric utilities.”

“In 2016 and 2017, the conspiracy targeted a number of U.S. defense contractors, including Lockheed Martin, with spear-phishing emails. The spear-phishing emails sent to the defense contractors were often sent from email accounts that purported to be from recruiters at competing defense contractors, and some of the malicious messages made reference to the Terminal High Altitude Area Defense (THAAD) missile defense system deployed in South Korea,” the U.S. Attorney’s Office for the Central District of California wrote in its  press release. “The attempts to infiltrate the computer systems of Lockheed Martin, the prime contractor for the THAAD missile system, were not successful.”

Confirmation of North Korean involvement

Park is the first Lazarus Group hacker named and officially charged by the U.S. government, but the Lazarus Group and North Korea has been connected to attacks before.

As far back as Dec. 2014, the FBI stated there was enough evidence to conclude that North Korea was behind the attack on Sony Pictures. And, in Dec. 2017 both the U.S. and U.K. governments blamed the Wannacry attacks on North Korea.

The affidavit detailed the use of the Brambul worm, which was malware attributed to the Lazarus Group in a US-CERT security alert issued by the FBI and Department of Homeland Security in May 2018.

However, while the confirmation of North Korean involvement was generally praised by experts, not all were happy that Park was the only Lazarus Group hacker to be named and charged.

Jake Williams, founder and CEO of Rendition Infosec, based in Atlanta, wrote on Twitter that it was a “human rights issue” to charge Park because the Lazarus Group hacker “likely had zero choice in his actions.”

CIA attributes NotPetya attacks to Russian spy agency

An unreleased CIA report is alleged to officially name Russia’s top foreign spy agency as the source of the NotPetya ransomware and the initial attacks against Ukraine.

The CIA reportedly concluded in November 2017 that Russia’s GRU foreign intelligence agency was responsible for the NotPetya attacks in June 2017. According to The Washington Post, unnamed officials said the classified CIA report attributed the NotPetya attacks to Russia’s GRU and said the hackers that created the ransomware worked for the Russian military’s GTsST, or Main Center for Special Technology.

The NotPetya attacks began by targeting Ukrainian agencies but quickly spread through the use of the EternalBlue exploit developed by the NSA and used in the WannaCry ransomware attacks.

Attributing the attacks to Russia is not in itself surprising as security researchers in June said Russia was the likely threat actor given that the initial NotPetya attacks targeted Ukraine government agencies through multiple software backdoors in the M.E.Doc tax program. However, experts noted that the CIA likely wanted to be certain before making any statement.

Tim Erlin, vice president of product management and strategy at Tripwire, the information security company headquartered in Portland, Ore., said “attributing cyberattacks to specific attackers or groups can be a challenging task.”

“It’s not always possible to make a direct connect, and indirect inferences are required to come to a conclusion. Accurate attribution is broadly valuable. While organizations should focus on the solid application of foundational controls first, characterizing the threat environment in terms of changing attackers can help prioritize more advanced protections,” Erlin told SearchSecurity. “It’s hard to say why the CIA didn’t publish this information sooner, though it’s important to realize that a three-month delay in disclosing this kind of nation-state attribution isn’t a very long time.”

The NotPetya attacks and Russian aggression

Tom Kellermann, CEO of Strategic Cyber Ventures LLC in Augusta, Ga., said the CIA likely “withheld attribution to prevent their sources and methods from being discovered.”

“The public announcement is significant as it is meant to warn the American public of the significant cyber threat posed by Russia,” Kellermann told SearchSecurity. “Cold War cyberattacks against the U.S. have dramatically increased over the past six weeks, as evidenced by the resurgence of Fancy Bear coming out of hibernation. We are under siege.”

Chris Morales, head of security analytics at Vectra Networks, a cybersecurity company based in San Jose, said the security industry felt comfortable attributing the NotPetya attacks to Russia “due to similarities of the NotPetya attack to prior attacks from Russia targeting the Ukraine.”

Cyberspace is the next major battle ground between major nation-states.
Chris Moraleshead of security analytics at Vectra Networks

“Russia has engaged in what the Pentagon calls ‘hybrid warfare’ against […] Ukraine, with three previously known attacks against the Ukrainian voting system and power grid dating back to 2014. With the CIA confirmation, NotPetya now looks like another attack in a succession of state-sponsored attacks,” Morales told SearchSecurity. “The bigger concern here for the U.S. is that we believe Russia is practicing and honing their craft against […] Ukraine, where they face little opposition from global powers. Cyberspace is the next major battle ground between major nation-states. Russia is arming themselves with cyber weapons that could be used against us or any other state as Russia would deem necessary in a bigger attack campaign. The irony of this attack is that it leveraged exploits developed by the NSA in their pursuit of weaponizing cyber space.”

Wanted – High-spec 13″ – 15” laptop

My five-year old Lenovo is officially knackered (speakers dead, keys missing, HDD dying), so think its time to get a new laptop.

I’m looking for a solid 15″ or smaller laptop with a dedicated graphics card that I can take travelling for work and do some gaming on. Budget is ¬GBP 800.

EDIT: Initially I was looking for a gaming laptop with a 1060 but have revised the post as doesn’t look like there are many out there at my price point.

Location: Oxford but can pick up in London too

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – High-spec 13″ – 15” laptop

My five-year old Lenovo is officially knackered (speakers dead, keys missing, HDD dying), so think its time to get a new laptop.

I’m looking for a solid 15″ or smaller laptop with a dedicated graphics card that I can take travelling for work and do some gaming on. Budget is ¬GBP 800.

EDIT: Initially I was looking for a gaming laptop with a 1060 but have revised the post as doesn’t look like there are many out there at my price point.

Location: Oxford but can pick up in London too

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – High-spec 13″ – 15” laptop

My five-year old Lenovo is officially knackered (speakers dead, keys missing, HDD dying), so think its time to get a new laptop.

I’m looking for a solid 15″ or smaller laptop with a dedicated graphics card that I can take travelling for work and do some gaming on. Budget is ¬GBP 800.

EDIT: Initially I was looking for a gaming laptop with a 1060 but have revised the post as doesn’t look like there are many out there at my price point.

Location: Oxford but can pick up in London too

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – High-spec 15” laptop

My five-year old Lenovo is officially knackered (speakers dead, keys missing, HDD dying), so think its time to get a new laptop.

I’m looking for a solid 15″ or smaller laptop with a dedicated graphics card that I can take travelling for work and do some gaming on. Ideally would have an i7 CPU. Budget is ¬GBP 800.

EDIT: Initially I was looking for a gaming laptop with a 1060 but have revised the post as doesn’t look like there are many out there at my price point.

Location: Oxford but can pick up in London too

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – Gaming laptop for ~GBP 800

My five-year old Lenovo is officially knackered (speakers dead, keys missing, HDD dying), so think its time to get a new laptop.

I’m looking for a solid15″ laptop that can handle some gaming, and have around GBP 800 to spend, including P&P.

Ideally looking for it to have one of the newer generation 1050/1060 cards and an SSD.

Location: Oxford but can pick up in London too

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

StorOne attacks bottlenecks with new TRU storage software

Startup StorOne this week officially launched its TRU multiprotocol software, which its founder claims will improve the efficiency of storage systems.

The Israel-based newcomer spent six years developing Total Resource Utilization (TRU) software with the goal of eliminating bottlenecks caused by software that cannot keep up with faster storage media and network connectivity.

StorOne developers collapsed the storage stack into a single layer that is designed to support block (Fibre Channel and iSCSI), file (NFS, SMB and CIFS) and object (Amazon Simple Storage Service) protocols on the same drives. The company claims to support enterprise storage features such as unlimited snapshots per volume, with no adverse impact to performance.

TRU software is designed to run on commodity hardware and support hard disk drives; faster solid-state drives (SSDs); and higher performance, latency-lowering NVMe-based PCI Express SSDs on the same server. The software installs either as a virtual machine or a physical server.

StorOne CEO and founder Gal Naor said the TRU software-defined storage fits use cases ranging from high-performance databases to low-performance workloads, such as backup and data archiving.

‘Dramatically less resources’

“We need dramatically less resources to achieve better results. Results are the key here,” said Naor, whose experience in storage efficiency goes back to his founding of real-time compression specialist Storwize, which IBM acquired in 2010.

StorOne CTO Raz Gordon said storage software has failed to keep up with the speed of today’s drives and storage networks.

“We understood that the software is the real bottleneck today of storage systems. It’s not the drives. It’s not the connectivity,” said Gordon, who was the leading force behind the Galileo networking technology that Marvell bought in 2001.

The StorOne leaders are sparse on details so far about the product’s architecture and enterprise capabilities, beyond unlimited storage snapshots.

Marc Staimer, senior analyst at Dragon Slayer Consulting, said StorOne’s competition would include any software-defined storage products that support block and file protocols, hyper-converged systems, and traditional unified storage systems.

“It’s a crowded field, but they’re the only ones attacking the efficiency issue today,” Staimer said.

“Because of TRU’s storage efficiency, it gets more performance out of fewer resources. Less hardware equals lowers costs for the storage system, supporting infrastructure, personnel, management, power and cooling, etc.,” Staimer added. “With unlimited budget, I can get unlimited performance. But nobody has unlimited budgets today.”

StorOne user interface
TRU user interface shows updated performance metrics for IOPS, latency, I/O size and throughput.

Collapsed storage stack

The StorOne executives said they rebuilt the storage software with new algorithms to address bottlenecks. They claim StorOne’s collapsed storage stack enables the fully rated IOPS and throughput of the latest high-performance SSDs at wire speed.

“The bottom line is the efficiency of the system that results in great savings to our customers,” Gordon said. “You end up with much less hardware and much greater performance.”

StorOne claimed a single TRU virtual appliance with four SSDs could deliver the performance of a midrange storage system, and an appliance with four NVMe-based PCIe SSDs could achieve the performance and low latency of a high-end storage system. The StorOne system can scale up to 18 GBps of throughput and 4 million IOPS with servers equipped with NVMe-based SSDs, according to Naor. He said the maximum capacity for the TRU system is 15 PB, but he provided no details on the server or drive hardware.

“It’s the same software that can be high-performance and high-capacity,” Naor said. “You can install it as an all-flash array. You can install it as a hybrid. And you’re getting unlimited snapshots.”

Naor said customers could choose the level of disk redundancy to protect data on a volume basis. Users can mix and match different types of drives, and there are no RAID restrictions, he said.

StorOne pricing

Pricing for the StorOne TRU software is based on physical storage consumption through a subscription license. A performance-focused installation of 150 TB would cost 1 cent per gigabyte, whereas a capacity-oriented deployment of 1 PB would be $0.0006 per gigabyte, according to the company. StorOne said pricing could drop to $0.002 per gigabyte with multi-petabyte installations. The TRU software license includes support for all storage protocols and features.

StorOne has an Early Adopters Program in which it supplies free on-site hardware of up to 1 PB.

StorOne is based in Tel Aviv and also has offices in Dallas, New York and Singapore. Investors include Seagate and venture capital firms Giza and Vaizra. StorOne’s board of directors includes current Microsoft chairman and former Symantec and Virtual Instruments CEO John Thompson, as well as Ed Zander, former Motorola CEO and Sun Microsystems president.

Will Arnett is hosting MINECON Earth!

MINECON Earth officially has its co-host! Ace actor Will Arnett will be joining Lydia Winters in Atlanta for a show streaming live all over the world! Click on the above video to see how he convinced us to give him the job.

Will’s appeared in tons of movies and TV shows, like A Series of Unfortunate Events, Despicable Me, Teenage Mutant Ninja Turtles and this year’s excellent LEGO Batman. Plus, if you Google ‘Will Arnett dressed as a banana’ the results are as delightful as you’d hope. Will tells us he’s keen to develop his Minecraft skills and what better way to do that than co-hosting MINECON? Actually, we can think of lots of better ways, but we’re still thrilled that he’s co-hosting with Lydia!

For more info about MINECON Earth, including where you can watch it and how to register your own viewing party, check out the official MINECON Earth page by clicking here!