DOCSLIB.ORG

The Hack on Sony Group Pictures Entertainment

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Hack on Sony Group Pictures Entertainment The Hack on Sony Group Pictures Entertainment The Anatomy of One of the Most Devastating Attacks in History How The Lazarus Group Executed the Compromise THE LAZARUS GROUP’S 2014 HACK ON SONY PICTURES ENTERTAINMENT Over the past few years, hacks against compa- weeks the hackers posted statements online nies and governments have continued to grow, containing links to data from Sony networks6 and their methods become more varied and including emails, salary information, movies that effective. Memorable hacks include the attack had not yet been released, as well as additional against Yahoo!, which compromised every active information.7 The malware also destroyed 70 account—a total of 3 billion,1 the Wannacry ran- percent of Sony’s laptops and computers.8 In somware attacks which struck across the globe, an historic move, the United States government most notably affecting England and Scotland’s formally attributed the hack to North Korea and National Health Service Hospital’s computers, charged a North Korean government hacker forcing hospitals to turn away patients,2 and the with the crime, based on a variety of indicators.9 2014 Sony hack, which unlike many other hacks These included the hacker’s call for Sony to not caused actual physical damage, and appeared to release the movie, “The Interview,” which was a have been directed by a nation state to achieve comedy about the assassination of Kim Jong-Un its political ends.3 (Sony eventually bent under the pressure and only released the movie for download).10 This While these attacks initially captured the atten- paper provides an overview of how the hack- tion of the world, they have become less inter- ers, members of what is commonly called the esting as time has passed, but past hacks can Lazarus Group,11 carried out the hack and how offer insights into dealing with IT security in the the hack was traced to North Korea. future. For example, the Sony hack has at least three very good lessons: first, it was one of the first times actual physical damage was done using a cyberattack, and it forecasts some of the greater damage some experts fear a cyberattack could wreak, second, the Sony attack used piec- es of the Wannacry ransomware, which shows how hackers can use old attacks to formulate new efforts. Third, some of the steps, like strong password protocols and data encryption or dele- tion, that would have helped to protect against the Sony hack are still important today, and still are not properly administrated. For these rea- sons, the Sony hack is a valuable case study, and it is worth a close examination. In September 2014, unbeknownst to Sony Pic- tures Entertainment (Sony), hackers broke into Sony’s networks and stole significant amounts of confidential data and planted malware.4 On the Monday before Thanksgiving, when Sony em- ployees tried to log into their computers a pic- ture of a red skeleton appeared on their comput- er screens with the words “’#Hacked by GOP#’” and a threat to release data later.5 In the coming Phishing for Access employees, including Michael Lynton, Sony There are two technical ways for hackers to CEO,19 had received phishing emails emails pre- obtained data that belongs to people or orga- tending to be from Apple.20 These emails asked nizations: break in and take it or intercept their users to verify their Apple IDs because of sup- data as it is transmitted and then decrypt it.12 posed unauthorized activity and provided them Social engineering is another way to get data— with a link to click on that took them to a form the hacker just asks for it in a way that tricks the that appeared to be from Apple but were fake, users into believing they should give their infor- when the Sony employees typed their creden- mation to the hacker. Often, before conducting tials into the fake forms the credentials fell into a phishing attack, hackers will search online for the hands of the individuals who sent the fake information about individuals whose information emails.21 It appeared that the phishing emails they hope to steal, and then use that informa- were especially directed at Sony employees who tion to specifically target that person, a method had “broad access to the company’s networks,” called spear-phishing.13 Often, hackers will copy information the hackers may have gathered by legitimate emails, but then replace the hyper- conducting surveillance about Sony employees links in those emails “with hyperlinks that would via LinkedIn.22 re-direct potential victims to infrastructure under the [hacker’s] control” where the hacker would Although experts cannot point to one specific then deliver malware to the victim’s computer.14 set of spear-phishing emails that gave the hack- The methods of tricking users into handing over ers the access they needed to infiltrate Sony’s their data are only limited by hackers’ ingenuity networks, it is quite clear the hackers used and users’ credulity. spear-phishing to gain the initial information necessary to stage the hack. The hackers who participated in the 2014 Sony hack had a variety of possibilities for phishing Infrastructure Used in the Hack attacks, according to the FBI investigation. For To carry out the Sony hack, the actors used example, Facebook sends emails to users to various infrastructure components including alert them when a computer with a new IP ad- certain IP addresses, compromised hop point dress signs into their account, and contain links computers, proxy IP address services, and Dy- to follow-up on the sign-in.15 In this instance, namic Domain Name System, or DDNS. An IP the hackers copied these legitimate emails, address (Internet Protocol address) is “a set of but changed the hyperlinked text for logging four numbers…ranging from 0 to 255 and sep- in to Facebook to the link http://www.fancug. arated by a period…that is used to route traffic com/link/facebok_en.html, which likely would on the internet.”23 Each device that uses the have sent the user to malicious infrastructure internet has an IP address that can be used to (although the hyperlink was not active by the identify it and send data to the device. The FBI time the FBI obtained access to the email).16 The investigation of the Sony hack found malicious hackers also created emails that looked like they activity related to the hack originating from sev- came from Google to try to gain access to Sony eral IP addresses assigned to North Korea.24 The workers’ computers, one email, for example, pur- IP addresses associated with the activity come ported to “welcome a recipient to Google’s Drive in two blocks: the first, “is a block of IP addresses, service” but included a link to http://.[[DOMAIN 175.45.176.0-175.45.179.255,” and are registered to REDACTED].com/x/o?u=2cfb0877-eaa9-4061- a company in North Korean, and the second is a bf7e-a2ade6a30d32&c=374814 which was block of addresses, “210.52.109.0—210.52.109.255” also likely to have sent the user to a malicious which are registered to a Chinese company, but file.17 Another email claimed to be from Google, have been used or leased by North Korean since alerting the user that “’malicious activities are before 2009.25 From the devices associated with detected’” but the Google hyperlinks offering these addresses, the hackers carried out activity information about how to mitigate malicious ac- directed against Sony. tivities and Google’s terms of service contained URLs that were not related to Google, and in- The hackers also used hop point computers stead were likely malicious.18 to help hide their identity and location. A hop point conceals a user’s original IP address be- A private researcher found a number of Sony cause it acts as an intermediary between the original IP address and the victim’s network, so Proxy services were another infrastructure com- the victim can only see the address of the hop ponent the hackers used to hide their identity.37 point computer.26 Hop point computers usually Proxy servers act much like hop points, in that belong to innocent users who are not involved they are an intermediary between the original in the hack, but use their devices without know- user and the end computer, but unlike hop ing hackers have compromised their comput- points which are formed using hacked com- ers.27 In this case, the hackers used a particular puters, proxy servers are offered by businesses piece of malware called the “Brambul” worm to to consumers who want to avoid sending their compromise computers and use them as hop IP address across the internet for good, or bad points.28 Malware is a piece of software, or code, reasons.38 The proxy service user can still use which is designed to take control away from the their original computer, but their request for legitimate owner of the computer, and give it to data gets routed through another, intermediate another, usually without the legitimate owner server, who then contacts the end destination, knowing about it.29 This piece of malware came effectively obscuring the original IP address.39 in the form of a worm, which tries “to progres- The Sony hackers used proxy services as another sively infect computers, typically by exploiting way to disguise their identity. a vulnerability in the victim’s computers or by ‘brute force’ attacks upon victim computers.’”30 The Brambul worm spread itself using “self-repli- cation by infecting new victim systems via brute force attacks on the victim’s Server Message Block (‘SMB’) Protocol.”31 A brute force attack is an attack that tries to log in to a computer using a list of combinations
Load more

Recommended publications
  • Advanced Persistent Threats
    THREAT RESEARCH Defending Against Advanced Persistent Threats Introduction As the name “Advanced” suggests, APT (advanced persistent threat) is one of the most sophisticated and organized forms of network attacks that keep cybersecurity professionals up at night. Unlike many hit & run traditional cyberattacks, an APT is carried out over a prolonged period of time by skilled threat actors who strategize multi-staged campaigns against their targets, employing clandestine tools & techniques such as Remote Administration Tools (RAT), Toolkits, Backdoor Trojans, Social Engineering, DNS Tunneling etc. These experienced cybercriminals are mostly backed & well-funded by nation states and corporation-backed organizations to specifi cally target high value organizations with the following objectives in mind: a Theft of Intellectual Property & classifi ed data i.e. Cyber Espionage a Access to critical & sensitive communications a Access to credentials of critical systems a Sabotage or exfi ltration of databases a Theft of Personal Identifi able Information (PII) a Access to critical infrastructure to perform internal reconnaissance To achieve the above goals, APT Groups use novel techniques to obfuscate their actions and easily bypass traditional security barriers that are not advancing at the same rate as the sophisticated attack patterns of cybercriminals. To understand the evolved behavioral pattern of APT Groups in the year 2020, a review of their latest activities revealed interesting developments and a few groundbreaking events¹: a Southeast Asia
    [Show full text]
  • PARK JIN HYOK, Also Known As ("Aka") "Jin Hyok Park," Aka "Pak Jin Hek," Case Fl·J 18 - 1 4 79
    AO 91 (Rev. 11/11) Criminal Complaint UNITED STATES DISTRICT COURT for the RLED Central District of California CLERK U.S. DIS RICT United States ofAmerica JUN - 8 ?018 [ --- .. ~- ·~".... ~-~,..,. v. CENT\:y'\ l i\:,: ffl1G1 OF__ CAUFORN! BY .·-. ....-~- - ____D=E--..... PARK JIN HYOK, also known as ("aka") "Jin Hyok Park," aka "Pak Jin Hek," Case fl·J 18 - 1 4 79 Defendant. CRIMINAL COMPLAINT I, the complainant in this case, state that the following is true to the best ofmy knowledge and belief. Beginning no later than September 2, 2014 and continuing through at least August 3, 2017, in the county ofLos Angeles in the Central District of California, the defendant violated: Code Section Offense Description 18 U.S.C. § 371 Conspiracy 18 u.s.c. § 1349 Conspiracy to Commit Wire Fraud This criminal complaint is based on these facts: Please see attached affidavit. IBJ Continued on the attached sheet. Isl Complainant's signature Nathan P. Shields, Special Agent, FBI Printed name and title Sworn to before ~e and signed in my presence. Date: ROZELLA A OLIVER Judge's signature City and state: Los Angeles, California Hon. Rozella A. Oliver, U.S. Magistrate Judge Printed name and title -:"'~~ ,4G'L--- A-SA AUSAs: Stephanie S. Christensen, x3756; Anthony J. Lewis, x1786; & Anil J. Antony, x6579 REC: Detention Contents I. INTRODUCTION .....................................................................................1 II. PURPOSE OF AFFIDAVIT ......................................................................1 III. SUMMARY................................................................................................3
    [Show full text]
  • Wikileaks and the Institutional Framework for National Security Disclosures
    THE YALE LAW JOURNAL PATRICIA L. BELLIA WikiLeaks and the Institutional Framework for National Security Disclosures ABSTRACT. WikiLeaks' successive disclosures of classified U.S. documents throughout 2010 and 2011 invite comparison to publishers' decisions forty years ago to release portions of the Pentagon Papers, the classified analytic history of U.S. policy in Vietnam. The analogy is a powerful weapon for WikiLeaks' defenders. The Supreme Court's decision in the Pentagon Papers case signaled that the task of weighing whether to publicly disclose leaked national security information would fall to publishers, not the executive or the courts, at least in the absence of an exceedingly grave threat of harm. The lessons of the PentagonPapers case for WikiLeaks, however, are more complicated than they may first appear. The Court's per curiam opinion masks areas of substantial disagreement as well as a number of shared assumptions among the Court's members. Specifically, the Pentagon Papers case reflects an institutional framework for downstream disclosure of leaked national security information, under which publishers within the reach of U.S. law would weigh the potential harms and benefits of disclosure against the backdrop of potential criminal penalties and recognized journalistic norms. The WikiLeaks disclosures show the instability of this framework by revealing new challenges for controlling the downstream disclosure of leaked information and the corresponding likelihood of "unintermediated" disclosure by an insider; the risks of non-media intermediaries attempting to curtail such disclosures, in response to government pressure or otherwise; and the pressing need to prevent and respond to leaks at the source. AUTHOR.
    [Show full text]
  • LAZARUS UNDER the HOOD Executive Summary
    LAZARUS UNDER THE HOOD Executive Summary The Lazarus Group’s activity spans multiple years, going back as far as 2009. Its malware has been found in many serious cyberattacks, such as the massive data leak and file wiper attack on Sony Pictures Entertainment in 2014; the cyberespionage campaign in South Korea, dubbed Operation Troy, in 2013; and Operation DarkSeoul, which attacked South Korean media and financial companies in 2013. There have been several attempts to attribute one of the biggest cyberheists, in Bangladesh in 2016, to Lazarus Group. Researchers discovered a similarity between the backdoor used in Bangladesh and code in one of the Lazarus wiper tools. This was the first attempt to link the attack back to Lazarus. However, as new facts emerged in the media, claiming that there were at least three independent attackers in Bangladesh, any certainty about who exactly attacked the banks systems, and was behind one of the biggest ever bank heists in history, vanished. The only thing that was certain was that Lazarus malware was used in Bangladesh. However, considering that we had previously found Lazarus in dozens of different countries, including multiple infections in Bangladesh, this was not very convincing evidence and many security researchers expressed skepticism abound this attribution link. This paper is the result of forensic investigations by Kaspersky Lab at banks in two countries far apart. It reveals new modules used by Lazarus group and strongly links the tools used to attack systems supporting SWIFT to the Lazarus Group’s arsenal of lateral movement tools. Considering that Lazarus Group is still active in various cyberespionage and cybersabotage activities, we have segregated its subdivision focusing on attacks on banks and financial manipulations into a separate group which we call Bluenoroff (after one of the tools they used).
    [Show full text]
  • Council Decision (Cfsp)
    L 246/12 EN Offi cial Jour nal of the European Union 30.7.2020 COUNCIL DECISION (CFSP) 2020/1127 of 30 July 2020 amending Decision (CFSP) 2019/797 concerning restrictive measures against cyber-attacks threatening the Union or its Member States THE COUNCIL OF THE EUROPEAN UNION, Having regard to the Treaty on European Union, and in particular Article 29 thereof, Having regard to the proposal from the High Representative of the Union for Foreign Affairs and Security Policy, Whereas: (1) On 17 May 2019 the Council adopted Decision (CFSP) 2019/797 (1). (2) Targeted restrictive measures against cyber-attacks with a significant effect which constitute an external threat to the Union or its Member States are among the measures included in the Union’s framework for a joint diplomatic response to malicious cyber-activities (the cyber diplomacy toolbox) and are a vital instrument to deter and respond to such activities. Restrictive measures can also be applied in response to cyber-attacks with a significant effect against third States or international organisations, where deemed necessary to achieve common foreign and security policy objectives set out in the relevant provisions of Article 21 of the Treaty on European Union. (3) On 16 April 2018 the Council adopted conclusions in which it firmly condemned the malicious use of information and communications technologies, including in the cyber-attacks publicly known as ‘WannaCry’ and ‘NotPetya’, which caused significant damage and economic loss in the Union and beyond. On 4 October 2018 the Presidents of the European Council and of the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy (the ‘High Representative’) expressed serious concerns in a joint statement about an attempted cyber-attack to undermine the integrity of the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands, an aggressive act which demonstrated contempt for the solemn purpose of the OPCW.
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • Wikileaks, the First Amendment and the Press by Jonathan Peters1
    WikiLeaks, the First Amendment and the Press By Jonathan Peters1 Using a high-security online drop box and a well-insulated website, WikiLeaks has published 75,000 classified U.S. documents about the war in Afghanistan,2 nearly 400,000 classified U.S. documents about the war in Iraq,3 and more than 2,000 U.S. diplomatic cables.4 In doing so, it has collaborated with some of the most powerful newspapers in the world,5 and it has rankled some of the most powerful people in the world.6 President Barack Obama said in July 2010, right after the release of the Afghanistan documents, that he was “concerned about the disclosure of sensitive information from the battlefield.”7 His concern spread quickly through the echelons of power, as WikiLeaks continued in the fall to release caches of classified U.S. documents. Secretary of State Hillary Clinton condemned the slow drip of diplomatic cables, saying it was “not just an attack on America's foreign policy interests, it [was] an attack on the 1 Jonathan Peters is a lawyer and the Frank Martin Fellow at the Missouri School of Journalism, where he is working on his Ph.D. and specializing in the First Amendment. He has written on legal issues for a variety of newspapers and magazines, and now he writes regularly for PBS MediaShift about new media and the law. E-mail: [email protected]. 2 Noam N. Levey and Jennifer Martinez, A whistle-blower with global resonance; WikiLeaks publishes documents from around the world in its quest for transparency, L.A.
    [Show full text]
  • Forces Shaping the Cyber Threat Landscape for Financial Institutions
    SWIFT INSTITUTE SWIFT INSTITUTE WORKING PAPER NO. 2016-004 FORCES SHAPING THE CYBER THREAT LANDSCAPE FOR FINANCIAL INSTITUTIONS WILLIAM A. CARTER PUBLICATION DATE: OCTOBER 2, 2017 The views and opinions expressed in this paper are those of the authors. SWIFT and the SWIFT Institute have not made any editorial review of this paper, therefore the views and opinions do not necessarily reflect those of either SWIFT or the SWIFT Institute. 1 Contents I. Executive Summary II. Introduction III. Consumer fraud: New defenses and mobile banking are transforming the landscape a) New defenses are transforming consumer fraud and carding b) As consumer bank fraud becomes harder, business customers are being targeted c) Mobile malware is the new frontier of consumer bank fraud d) ICT4C: Financial inclusion is creating new threats in the developing world IV. Targeted Attacks on Bank Networks: What is changing? a) Attackers are becoming more sophisticated, persistent b) Law enforcement still struggling to keep up c) Banks in Asia are top targets d) Vectors of compromise – new twists on old themes. e) Attacks are changing V. Conclusion: More Threats, More Complexity, More Sophistication 2 I. Executive Summary Financial institutions have long been the leading targets for cybercrime, but the tools and tactics used are changing. New technologies are increasingly incorporated into financial networks and the broader internet, transforming the attack surface that adversaries can exploit. The incentives for attackers are also shifting, forcing banks to face more numerous and sophisticated adversaries. And as cyber awareness grows in the financial sector and firms continue to invest billions in new defenses, attackers are changing their approaches to stay one step ahead.
    [Show full text]
  • An Oft Overlooked Response Option to Hostile Cyber Operations
    The Plea of Necessity: An Oft Overlooked Response Option to Hostile Cyber Operations Louise Arimatsu and Michael N. Schmitt 97 INT’L L. STUD. 1171 (2021) Volume 97 2021 Published by the Stockton Center for International Law ISSN 2375-2831 The Plea of Necessity Vol. 97 The Plea of Necessity: An Oft Overlooked Response Option to Hostile Cyber Operations Louise Arimatsu∗ and Michael N. Schmitt∗∗ CONTENTS I. Introduction ........................................................................................... 1172 II. Uncertainty and Limitations in the Law of Self-Defense ............... 1175 III. Uncertainty and Limitations in the Law of Countermeasures ....... 1179 IV. Necessity as a Response Option ......................................................... 1181 A. Threshold .................................................................................... 1183 B. Limitations................................................................................... 1191 C. Assistance by Other States? ...................................................... 1194 D. Geography ................................................................................... 1197 V. Concluding Thoughts ........................................................................... 1198 ∗ Distinguished Policy Fellow, Centre for Women, Peace and Security, London School of Economics. ∗∗ Professor of International Law, University of Reading; Francis Lieber Distinguished Scholar, U.S. Military Academy at West Point; Charles H. Stockton Distinguished Scholar- in-Residence,
    [Show full text]
  • Stuxnet, Schmitt Analysis, and the Cyber “Use-Of-Force” Debate
    Members of International Telecommunications Union and UN Institute for Training and Research confer on cyber security UN (Jean-Marc Ferré) UN (Jean-Marc Stuxnet, Schmitt Analysis, and the Cyber “Use-of-Force” Debate By ANDREW C. FOLTZ All Members shall refrain in ne of the many seemingly advance the specific criteria states will use in intractable legal issues sur- making such determinations. their international relations rounding cyberspace involves As discussed in this article, several ana- from the threat or use of force O whether and when peacetime lytic frameworks have been developed to help against the territorial integ- cyber operations constitute a prohibited use of assess when cyber operations constitute a use force under Article 2(4) of the United Nations of force.3 One conclusion these frameworks rity or political independence (UN) Charter. Notwithstanding a significant share is that cyber operations resulting in of any state, or in any other body of scholarly work on this topic and physical damage or injury will almost always manner inconsistent with extensive real-world examples from which to be regarded as a use of force. When these draw, there is no internationally recognized frameworks were developed, however, there the Purposes of the United definition of a use of force.2 Rather, what has were few, if any, examples of peacetime, state- Nations. emerged is a general consensus that some sponsored cyber coercion. More importantly, cyber operations will constitute a use of force, the prospect of cyber attacks causing physical —Article 2(4), Charter of the but that it may not be possible to identify in damage was largely theoretical.4 Beginning United Nations1 Lieutenant Colonel Andrew C.
    [Show full text]
  • Cyber Warfare: Surviving an Attack
    14 Cyber Warfare: Surviving an Attack By Devabhaktuni Srikrishna Cyberspace is a new domain of warfare. Created to minimize the vulnerability of United States communications networks to a crippling nuclear first strike by the Soviet Union, the Internet that was originally envisioned to enhance U.S. security is turning into a battlefield 1 for nations or sub-national groups to launch virally spreading attacks 2 and induce network failures potentially involving critical infrastructure systems.3 Cyber warfare and cyberoffense 4 have been a part of U.S. military operations for decades.5 Treaties and rules of engagement define what is off-limits during a cyberwar.6 The more vulnerable the system is, the more policy is necessary to deter adversarial nations from launching attacks, and vice-versa. Some cyberattacks are analogous to air forces probing one anotherʼs defenses or perhaps to espionage during the Cold War, which occurred though there was no official war and no physical harm. Cyberespionage largest recent cyberattacks in their book, but due to a gap in theory and practice. operations of China, for example, against the United States and its allies Cyber War: The Next Threat to National Organizations are vulnerable to the extent have been going on for years and will Security and What to Do About It. Once a they want to be and to how much they want never really end.7 virus or malware is inadvertently to spend to address vulnerabilities. 14 And downloaded onto a networked personal cyber vulnerabilities can be completely U.S. Air Force General Kevin Chilton, computer (PC) by a user9, the PC can be eliminated -- unlike conventional, nuclear, former Commander-in-Chief of commandeered to perform cyberattacks chemical, or biological which are permanent Strategic Command, has stated that ranging from electronic banking crimes, vulnerabilities due to laws of nature.
    [Show full text]
  • Wikileaks: a Guide for American Law Librarians*
    LAW LIBRARY JOURNAL Vol. 104:2 [2012-20] WikiLeaks: A Guide for American Law Librarians* James p. Kelly, Jr.** In posting confidential and classified information, WikiLeaks has become one of the world’s most controversial web sites. This paper examines the federal law concerning WikiLeaks and the use of WikiLeaks as an information source. It raises questions librarians must ask themselves as technology advances and leaks continue. Background . .246 Legal Troubles. .248 Financial Troubles . .249 The Espionage Act. 250 New York Times Co. v. United States. .251 United States v. Rosen. .253 Other Relevant Statutes . .254 18 U.S.C. § 641. 254 50 U.S.C. § 421. 254 18 U.S.C. § 1030(a)(1). 254 Prosecuting WikiLeaks Under Current Law. .254 Proposed Legislation. 255 Cases Involving WikiLeaks. .257 A Host of Research Problems. .258 The Congressional Research Service and the Library of Congress. 258 Reliability and Moral Quandaries. .259 Conclusion . 261 ¶1 WikiLeaks has become one of the world’s most controversial web sites. In posting confidential and classified information from governments, businesses, and organizations around the world, it has become a target for those in power. Others have vigorously defended the web site, saying it promotes and defends the ideals of a free press and free speech that are vital to democracy. For librarians generally, WikiLeaks represents a new source for information that might otherwise be unavailable. However, how this information was acquired can present significant legal and ethical problems for its users. ¶2 This article examines WikiLeaks from a legal and a library perspective. While the legal status or problems of WikiLeaks in other countries is occasionally * © James P.
    [Show full text]