12/03/2014

#sonyhack : a multistrategy attackplan combining the best of everything

There was a massive DDOS attack but nobody is sure where that came from.

There were infections through emailattachments

There seems to be some physical penetration.

There seems to be some employees that have helped the hackers. 

BUT

before reading the quote you have to remember the following thing before jumping to conclusions

If this comes from North Korea, than it is an intelligence operation.

If this is an intelligence operation, than the operative methods of intelligence operations have to be taken into account.

One of the most important aspects in this is to hide your sources, your methods and your identity.

Secondly if by sending false information you can get an organisation to become totally paranoid and begin investigating every possibility and so to lose attention for the real sources, methods and you because they are investigating tens or hundreds of internal employees looking for the mole - than you have hit the organisation a second time and this time big time because it will be gone into purges and paranoia and even in total disintegration (like MI5 when they were hunting for the 5th Russian spy who was never found if there was ever one)

so this is the quote, but it can be just a diversion 

I hope some people helping Sony have some intelligence background and are capable of playing the mindgames that the hackers seem to be playing 

nevertheless, the physical security has to be integrated into the total securityplan of your organisation and people should wander freely around the building or offices (as is the case in some military headquarters.....)

"In a statement to The Verge, 'Lena' referenced the need for equality once again, adding that Sony didn't want such a thing, and that it was "an upward battle."

"Sony doesn't lock their doors, physically, so we worked with other staff with similar interests to get in. Im sorry I can't say more, safety for our team is important [sic]," 'Lena' told The Verge.

"If the claims are true, and the GOP had help from the inside in order to accomplish their aims, this is a disaster for Sony. It's one thing for an attacker to gain access from the outside; it's another when they can physically touch the environment. http://www.csoonline.com/article/2851649/physical-security/hackers-suggest-they-had-physical-access-during-attack-on-sony-pictures.html

in the article the claim is that some disgruntled people from Sony helped the hackers because she wanted more equality which means that probably some female employees are really pissed off and were manipulated by the hackers (intelligence operatives) to lend them some information (without really knowing what the impact would be and probably thinking it would be like another lulzsec attack). That is, if this is not a diversion.

if you take one and one together, you are at disgruntled female employees with high credentials who can bring external people inside the building without being double checked and with access to the backup 

if this is the case, than some-one has taken or a server of a number of tera of several harddisks and copied this directly (at the high rate of the internal networks and not through the firewall so this explains why they didn't see it) If this is the case (I repeat, to be sure).

in such environments you would have to work with the information you have and make some assumptions about the possible scenario's and sometimes you can eliminate some of them immediately while other continue to be working scenario's for which you are looking for evidence to close it down as a dead end or something that is still plausible

if we go from a multistrategy attackplan than it is even possible that the infectionattacks are seperate from the copying of the backup and the intranet - even if they seem to be done by the same group

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.