"The security break at Sony Pictures marks the second time that Sony Corporation had been targeted by hackers. In 2011, the online network for Sony's PlayStation game console was broken into, exposing names and credit card numbers for millions of customers. By the time damages from more than 50 class-action lawsuits had been paid, it's estimated that Sony spent more than $2 billion as a result of the breach.
"Further disturbing is that thus far the studio's IT experts have been unable to reverse the attack and get the computer system back to normal. “The IT department has absolutely no idea what hit them or if they can recover any of their files or operating systems, or even turn on their computers Monday,” said the insider. http://www.thewrap.com/sony-execs-working-on-chalkboards-while-hackers-claim-stolen-data-includes-stars-ids-budget-and-contract-figures/
and here you will find a good overview of what is lost (private keys, code, ID's, contracts,.....) and all other information you may need inside the discussion https://www.reddit.com/r/hacking/comments/2n9zhv/i_used_t...
the numbers speak for themselves
Fury is in the States in the theatres while annie still had to be released worldwide
“Fury,” a war film that stars Brad Pitt and Shia LaBeouf, has reportedly been downloaded by over 1.2 million unique IP addresses, while “Annie” has been downloaded by an estimated 206,000 unique IP’s, according to the piracy-tracking firm Excipio. http://conservativeblogscentral.com/archives/7389
this is a disaster
and proof that if you don't use anonimizing software your torrent traffic will be kept somewhere for some time
there are 5 ways to find anything online
first is Google
and than you have to make first a Google account so you can use the advanced search options
if the data or some of the data has disappeared from Google you should use BING
there are some operators "term" you use to find any data in which there is only that term
"mymailadres" will give you everything with your emailadres in it
than there is the period (last week, last 24hours, last month) but you always will have to use it without time indicator because that indicator doesn't work that well - it is only interesting to find links that have a good time indicator
you can also limit to a certain domain or site site:.....
another interesting is filetype:txt for example of .cvs or .pdf or .whatever
secondly there are torrents
here you will have to search at torrent search sites because many links aren't in the searchengines anymore
you will have to use several because there isn't a google for the torrents
thirdly there are the online forums; IRC and usenet
several of those forums are blocked off from Google and other search engines
you have to be member to be able to see the postings and in some cases you have to upload information that others like to have access to data yourself
for this you probably will need another identity
for USenet there are few interesting services that are free and for IRC you have really to be careful for viruses, for snoopers and that you have gone through several proxies because on pastebin you will find a whole lot of IRC logs with the full networkname of your identity.
fourth there is twitter with links to download dumps
so with the download file servers you will find thousands of files online on these servers
and they are not necessary on Google or they make no sense (who knows that xhx.avi is the latest film for example)
they are sometimes only on twitter links to such files so you will have to find the necessary twitter links
Fifth there is TOR where you need to download the client and than to follow our guide to find or search for the files - many services are invite only
due to a complaint from the lawyers of Mensura we are not allowed to post specific links to the data
we didn't even publish any direct links just how to find it and even than it was just a posting about using Google to find that data
things anybody with a little bit of intelligence and internetknowledge can do
well you have to learn it yourselfs because I am forbidden to write anything about how to find any particular set of data
so people will continue to think that their data is not online anymore
IT is still online
I know how to find it but I can't write about it
or this whole blog will disappear
which is just what mensura wants
to 'make believe' that the data is not online anymore
and that I am not allowed to publish anything anymore
nothing even not a hint
but believe me that data is ONLINE
"According to an approximation, 11,000 GB data was ripped off by the hackers and have warned if their demands are not met all this data would be released in the wild.
A thread on Reddit provided information on what hackers could have stolen from the Sony pictures system. According to the thread, the data might contain passport and visa information for cast and crew working on Sony movies, Outlook inboxes, documents detailing the company’s IT systems plus accounting and research information- but all this is just a small part of this gigantic breach.
and this is not a joke
"By Friday, it was believed that the staff at the company were forced to do their work with pen and paper and that it could take up to three weeks to completely get out of the massive breach http://thehackernews.com/2014/11/sony-pictures-movies-leaked.html
and these are the five unreleased films that you will find on torrents
how do you do that ?
Get 11.000 GB of information past a firewall and security and logs and monitors and people who are supposed to look at those screens without anything or anybody seeing anything
do you understand how MUCH information that is ?
even with a normal trafficvolumemonitor (how much a connection, server or accounts transports normally) you would have seen that something is not right and an alert would have gone off (this is very efficient to leave videostreaming open but blocking downloads of movies)
so we will have new Sony movies and mailboxes of filmstars and pics of them and so on very soon.... except if they pay up (and they hardly have any choice don't they)
- "Still Alice" starring Julianne Moore, Alec Baldwin – US release date: Jan 16, 2015
- "Mr Turner" starring Timothy Spall. – US release date: Dec 19, 2014
- "Annie" starring Jamie Foxx and Cameron Diaz. – US release date: Dec 19, 2014
- "Fury" starring Brad Pitt – US release date: Oct 17, 2014
- "To Write Love on Her Arms" – US release date: March 2015
it is also astonishing that after the massive lulzsec breaches they weren't capable over the last 2 years to upgrade their security to an acceptable level which means that they didn't make any new big investments, didn't install new monitor rooms and didn't extend their staff and procedures
it also means that they don't have any system of Data leakage prevention
even stranger that it came from North Korea - how the hell do you accept an 11 terrabyte download to North Korea ?
follow the information about this hack
"Confidential plans seen by the SZ and broadcasters WDR and NDR show that the BND said it would spend €4.5 million to help it find security holes in the Secure Sockets Layer (SSL) protocol used by millions of web services to protect personal information. There is a lively grey market online among hackers and security researchers for "zero day" exploits, so called because they are undiscovered and internet users have had no time to prepare for them.
But rather than fixing the security problems, the spies want to use them for surveillance.The programme to penetrate SSL, codenamed Nitidezza, would also target the HTTPS protocol which is the standard for many banks, online shops, webmail providers and social networks.
“Holes in SSL need to be patched [fixed] because it is ubiquitous and everyone depends on it for their security," said Jim Killock of London-based digital rights NGO Open Rights Group."There is a real risk that failing to fix problems means criminal gangs will seek to obtain the same data using the same defects."
"Dr Stefan Burbaum, who worked at the BND from 2000 to 2005, said that some Germans were targeted as “office holders”, a legal loophole the spies used to circumvent the law that protects Germans citizens from being spied on by its own intelligence agency.
Normally, the intelligence agencies must overcome high legal hurdles laid out in the so-called “G10 law” to spy on German citizens, including when they live abroad.Otherwise, information regarding German citizens has to be filtered out from any foreign communications intercepted by the BND.
But the German spies argue that a citizen working for a foreign company abroad is only protected in his private life, not in his professional communications, Burbaum told the Bundestag inquiry committee into National Security Agency (NSA) mass spying."The office holder is the legal person," Burbaum said. "It's a small exception. But a German citizen can function as an office holder in a foreign organization."The decisive thing is whether he's communicating as a citizen or as an office holder."
just get a bit legally creative
if you are one of the 5 eyes you are on so much more than any other partner
this is typical for a spy operation, always spies have in history get the positions and information of the other parties to the other negotatiors at the table. It was always seen as strategic information
google translate of http://derstandard.at/2000008742912/Spionagesoftware-Regin-nahmAtomenergiebehoerde-in-Wien-ins-Visier
When you are watching the Dutroux Documentary on VTM you will see from time to time pictures that come from the judicial files that were used during the trial.
first it is strange that pieces of a trail are used because I am sure if those files are public
but secondly there is a reason for this and I know very well why there is a reason for it
those pictures probably come from the DVDroms that the journalists received during the trial to make it more easy for them to follow the trial and to do their reporting
only there was no protection on those DVDroms - not on how to access them (password) not on the files themselves (encryption eventually with timebomb)
in other words these files of this trial where easily copied and distributed and if you knew how to strip away the source of the files than you could do that without any danger
I have always found that enormously dangerously and even though there seems to be some law that makes it a crime to distribute these files they could be found in a newspaper or with any interested people or on the internet (part of it on wikileaks)
and it is not that the parliament doesn't know because they have a copy of these DVDroms to show how dangerously it is that these kind of documents is distributed freely without any protection (especially if it isn't that hard or expensive to put impose those protections).
this based upon analysis of the NSA documents and of information that was leaked during the Belgacom investigation
* we are not sure that there is no more recent version of Regin than the one of 2008 - 2011 and we still have to be sure that the version 2013 was installed before or after discovery and what are the differences between them
* we are not sure either that there is only a windows Regin and that there is no version or no files for the other OS - as you remember the NSA was talking in her slides about a virtual component that was placed on the harddisk BEFORE the OS whatever the OS and that also unix machines were attacked
there is no clear proof of both things but we are searching
so don't feel too safe now
because that may have been the intention
remember it is a spyoperation by spies for spies
"Stage 1 files, 32 bit:
Unusual stage 1 files apparently compiled from various public source codes merged with malicious code:
Stage 1, 64-bit system infection:
Stage 2, 32 bit:
Stage 2, 64 bit:
Stage 3, 32 bit:
Stage 4, 32 bit:
Stage 4, 64 bit:
Note: Stages 2, 3, and 4 do not appear on infected machines
THis is one of the places where samples are being uploaded (I know several people (not me) have a sample of the BGC infection)
Just to be sure that you understand what you are up to if you download this
* there is no clear definition of what a Regin package is, there are several different packages with different plugins and different timestamps so many antiviruses don't see it
this means that if you download it your securitydefenses may not discover it or some of the new or additional code and functions. You should therefore only place it in a sandbox and handle it on a nonconnected computer (don't use USB use a CDROM and throw it away or place it somewhere else (absolutely not safe)
* it is not because it is called Regin that it is Regin
* some of the samples have personal information about their victims and their employees in the logfiles (if you are a legal expert you will have to destroy these files or inform the local police that you seem to have proof of an infection).
* As the discovery for the latest samples is quite low, antivirus firms will have to go hunting for real and imaginary Regin samples
* if you don't have the knowledge and tools to handle this atombomb of code, stay far away - you will have seen nothing like this
In my view it is urgent for the big antivirus-securityfirms to set up a working group to collect all the different samples and information to get a whole picture and to be sure that all companies and networks have sufficient protections independent of their antivirus-securitytool.
this is much cheaper than installating rogue GSM receivers together with jammers that will block the official normal GSM receivers
not that there is much information
it was because of an international operation against local police websites
but the attackers seems amateurs
important the snort rule against Regin Snort Rules: 32621-32624
and the command and the control servers were .......
220.127.116.11 Taiwan, Province Of China Taichung Chwbn
18.104.22.168 India Chetput Chennai Network Operations (team-m.co)
22.214.171.124 India Thane Internet Service Provider
126.96.36.199 Belgium Brussels Perceval S.a.
because that won't be found suspicous, going to India or Taiwan for traffic going out in Belgacom could have been found suspicous
remember this is a spy operation so all the classical techniques and reflexes by spies are used - even covering up your tracks .....
this is the list 24/55 don't find the 64bits Belgacom Regin infection
AegisLab 20141125 Agnitum 20141124 Antiy-AVL 20141125 Avast 20141125 Avira 20141125 Baidu-International 20141125 Bkav 20141120 ByteHero 20141125 CMC 20141124 ClamAV 20141125 Cyren 20141125 DrWeb 20141125 ESET-NOD32 20141125 F-Prot 20141125 Fortinet 20141125 Jiangmin 20141124 Kingsoft 20141125 Malwarebytes 20141125 McAfee-GW-Edition 20141125 NANO-Antivirus 20141125 Panda 20141125 Qihoo-360 20141125 Rising 20141124 SUPERAntiSpyware 20141125 Tencent 20141125 TheHacker 20141124 TotalDefense 20141125 VBA32 20141125 ViRobot 20141125 Zillya 20141124 Zoner 20141125
this is also why it is interesting to write 64bits viruses, many antiviruses can't cope with them yet
so even if an upgrade to 64bits kills millions of 32bits viruses and secures access to your machine it makes it an absolute necessity to close your machine down, harden it and buy a really professional antivirus that works native in an 64bits environment
especially if you have found the following three or one of them
and don't forget the servers
and don't forget to go back into time