Group, led by Gery Shalon, charged in theft of hundreds of millions


Three Jewish men, two of them Israeli citizens, are among those charged with hacking the website of JPMorgan Chase & Co. and stealing hundreds of millions of dollars.

The indictments of Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein in U.S. District Court, Southern District of New York were unsealed Tuesday. The 23-count indictment encompasses the Chase hack along with numerous alleged crimes targeting 12 other companies, including nine financial service companies and The Wall Street Journal, Reuters reported.

Prosecutors said the three had been working together since 2007 and that their crimes include artificially inflating stock prices, an illegal bitcoin exchange, operating online casinos and creating at least 75 shell companies around the world.

“By any measure, the data breaches at these firms were breathtaking in scope and in size,” U.S. Attorney Preet Bharara said at a news conference.

According to Reuters, Tuesday’s charges are the first tied to the JPMorgan attack, which compromised information in 83 million customer accounts and was the largest theft of customer data from an American financial institution.

Shalon, 31, and Orenstein, 40, are Israeli citizens who were arrested in July. Aaron, 31, is a U.S. citizen who has lived in Moscow and Tel Aviv. Another defendant, Anthony Murgio, was also charged in the bitcoin exchange.

The charges depict Shalon as the leader of the group.

For North Korea’s cyber army, long-term target may be telecoms, utility grids


The hacking attack on Sony Pictures may have been a practice run for North Korea's elite cyber-army in a long-term goal of being able to cripple telecoms and energy grids in rival nations, defectors from the isolated state said.

Non-conventional capabilities like cyber-warfare and nuclear technology are the weapons of choice for the impoverished North to match its main enemies, they said.

Obsessed by fears that it will be over-run by South Korea and the United States, North Korea has been working for years on the ability to disrupt or destroy computer systems that control vital public services such as telecoms and energy utilities, according to one defector.

“North Korea's ultimate goal in cyber strategy is to be able to attack national infrastructure of South Korea and the United States,” said Kim Heung-kwang, a defector from the North who was a computer science professor and says he maintains links with the community in his home country.

“The hacking of Sony Pictures is similar to previous attacks that were blamed on North Korea and is a result of training and efforts made with the goal of destroying infrastructure,” said Kim, who came to the South in 2004.

The North's most successful cyber-attack to date may be the hacking at Sony Corp that led to the studio cancelling a comedy on the fictional assassination of North Korean leader Kim Jong Un.

Although not officially accused by Washington, U.S. government sources said on Wednesday that investigators had determined the attack was “state sponsored” and thatNorth Korea was the government involved.

“They have trained themselves by launching attacks related to electronic networks,” said Jang Se-yul, a defector from North Korea who studied at the military college for computer sciences before escaping to the South six years ago, referring to the North’s cyber warfare unit.

For years, North Korea has been pouring resources into a sophisticated cyber-warfare cell called Bureau 121, run by the military's spy agency and staffed by some of the most talented computer experts in the country, he and other defectors have said.

Most of the hackers in the unit are drawn from the military computer school.

“The ultimate target that they have been aiming at for long is infrastructure,” Jang said.

 

ATTACKS ON THE SOUTH

In 2013, South Korea blamed the North for crippling cyber-attacks that froze the computer systems of its banks and broadcasters for days.

More than 30,000 computers at South Korean banks and broadcast companies were hit in March that year, followed by an attack on the South Korean government's web sites.

An official at Seoul's defense ministry, which set up a Cyber Command four years ago, said the North's potential to disrupt the South's infrastructure with cyber-attacks is an emerging threat but declined to give details.

South Korea's intelligence agency declined to comment on networks that remain vulnerable to North Korean hacking. Its national police, which runs an anti-cyber crimes operation, also did not have comment.

But officials at the country's gas utility and the operator of 23 nuclear reactors that supply a third of the electricity for Asia's fourth largest economy said contingency plans are in place to counter infiltration.

“We have been more vigilant since last year’s hacking on banks,” an official at the state-run Korea Hydro & Nuclear Power Co Ltd said. “We have separated networks for internal use from the outside.”

An official for Korea Gas Corp, the world's largest corporate buyer of liquefied natural gas, said it has been working with the National Intelligence Service against potential cyber threats.

But highlighting the vulnerability to hacking, the network of Korea Hydro & Nuclear Power was recently compromised, resulting in the leak of personal information of employees, the blueprints of some nuclear plant equipment, electricity flow charts and estimates of radiation exposure on local residents.

Preliminary investigations have found no evidence that the nuclear reactor control system was hacked but an added layer of alert against cyber infiltration has been ordered for major energy installations, the Industry and Energy Ministry said on Friday.

Although North Korea diverts much of its scarce resources to the military, its outdated Soviet-era tanks, planes and small arms are at a stark disadvantage to next-generation capabilities of its adversaries. 

It has, however, invested significant time and money in its asymmetric warfare capabilities, which include a vast fleet of mini-submarines and thousands of state-sponsored hackers.

“When you look at military capabilities, there are various aspects like nuclear and conventional. But with the economic environment and difficulties (the North) faces, there is bound to be limitation in raising nuclear capabilities or submarines or conventional power,” said Lim Jong-in, dean of the Korea University Graduate School of Information Security in Seoul.

“But cyber capability is all about people…I believe it is the most effective path to strengthening the North's military power.”

U.S. blames N.Korea for Sony cyberattack, vows ‘consequences’


The U.S. government on Friday blamed North Korea for a devastating cyberattack against Sony Pictures, calling it an unacceptable act of intimidation and vowing to impose “costs and consequences” on those responsible.

It was the first time the United States had directly accused another country of a cyberattack of such magnitude on American soil and sets up a possible new confrontation between longtime foes Washington and Pyongyang.

The destructive nature of the attack, and threats from the hackers that led the Hollywood studio to pull a comedy movie depicting the assassination of North Korea's leader, set it apart from previous cyber intrusions, the FBI said.

President Barack Obama was expected to address the issue at a 1:30 p.m. (1830 GMT) end-of-year news conference, but his options for responding to the attack by the impoverished state appeared limited.

North Korea has been subject to U.S. sanctions for more than 50 years, but they have had little effect on its human rights policies or its development of nuclear weapons. It has become expert in hiding its often criminal money-raising activities, largely avoiding traditional banks.

“As a result of our investigation, and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” the FBI said in a statement.

“North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” it said. “Such acts of intimidation fall outside the bounds of acceptable state behavior.”

NORTH KOREAN MALWARE

The FBI said technical analysis of malware used in the Sony attack found links to malware that “North Korean actors” had developed and found a “significant overlap” with “other malicious cyber activity” previously linked to Pyongyang.

North Korea has previously denied involvement, and a North Korean U.N. diplomat on Thursday declined to comment on the accusation that Pyongyang was responsible.

“Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states who use cyber means to threaten the United States or U.S. interests,” said the FBI, the Federal Bureau of Investigation.

It stopped short of threatening specific U.S. action.

U.S. experts say U.S. options could include cyber retaliation, financial sanctions, criminal indictments against individuals implicated in the attack or even a boost in U.S. military support to South Korea to send a stern message to North Korea.

But the effect of any response could be limited given North Korea's isolation and the fact that it is already heavily sanctioned over its disputed nuclear program.

The attack on Sony, more than three weeks ago, was conducted by hackers calling themselves “Guardians of Peace.”

It brought down the computer network at Sony Pictures Entertainment, prompted the leak of embarrassing emails, and led to Sony's cancellation of the Christmas Day release of “The Interview,” which culminates in a scene depicting the assassination of President Kim Jong Un.

U.S. movie theaters had said they would not show the film after hackers made threats against cinemas and audiences. Many in Hollywood and Washington criticized Sony's cancellation as caving in to the hackers.

“CRIMINAL ACT”

Former Senator Chris Dodd, now the head of the Motion Picture Association of America, called the cyberattack on Sony Pictures, a unit of Sony Corp, a “despicable, criminal act.”

Obama's national security team is seeking a response tough enough to get its message across but not so extreme as to provoke North Korea to engage in further cyberwarfare.

A dilemma for the administration is how much evidence it could make public without divulging the technological means it has to trace cyberattacks back to the source.

“This is unprecedented,” said Dmitri Alperovitch, chief technology officer of cybersecurity firm CrowdStrike. “We have a dictatorial regime that attacked a private company on U.S. soil. Will we see a response from the U.S. government?”

Some of Hollywood's biggest names howled over the cancellation of the $44 million film, which stars James Franco and Seth Rogen, the latter also a co-director of the movie with partner Evan Goldberg.

The hacking of Sony appeared to mark a new phase in already-fraught relations between the United States and the reclusive government in Pyongyang, which have largely centered on U.S. efforts to rein in Pyongyang's nuclear weapons program.

Non-conventional capabilities such as cyberwarfare and nuclear technology are the weapons of choice for the impoverished North to match its main enemies, defectors from the isolated state said in Seoul.

They said the Sony attack may have been a practice run for North Korea's elite cyberarmy as part of its long-term goal of being able to cripple telecommunications and energy grids in rival nations.

Fearing cyberattack, Israel curbs government Web sites’ foreign traffic


Israel will temporarily suspend some of its government Web sites' international traffic to fend off a potential mass-cyber attack by pro-Palestinian hackers, an Israeli security source said on Thursday, without elaborating on the threat.

The precautionary measure would be in place from Friday through Monday, the source said, and include refusal of electronic payment from abroad for government services.

Some routine reprogramming of Web sites was also on hold, the source said.

The Walla news site said Israeli civil servants had also been instructed not to open emails received from foreigners.

Israeli officials declined to comment.

In January, an Israeli cyber security firm said hackers had broken into a Defence Ministry computer via an email attachment tainted with malicious software that looked like it had been sent by the country's Shin Bet security service.

Writing by Dan Williams; Editing by Sonya Hepinstall

Jewish groups facing ‘concerted’ cyber attacks, security network warns


U.S. Jewish groups face “a more concerted and aggressive effort” from Internet hackers, the national community’s security arm said in an alert.

“It is imperative that all IT departments understand how to mitigate the threat and are up-to-date on the necessary technologies and processes to use in order to be proactive and prevent these incidents,” said an alert Tuesday from the Secure Community Network, an affiliate of the Jewish Federations of North America and of the Conference of Presidents of Major American Jewish Organizations.

“It is apparent that we are currently facing a more concerted and aggressive effort by those attempting to disrupt and deface organizations’ websites and networks,” the alert said.

The alert cited three recent cyber attacks. In one case, an organization’s website was “replaced by a Palestinian flag with the superimposed image of an apparent jihadist displaying a rifle.” The group claiming responsibility called itself CoIDZ.

In another, the alert said, “a group referring to itself as the ‘Blackbirds’ hacked the website of a school and defaced it with anti-Israel rhetoric.” And in a third incident, a Jewish organization’s website redirected to pornography.

Separately, the alert reported that two Jewish federations had been targeted by a credit card scam.

In one case, it said, “the Federation received an $8,100 donation from someone named Davon White. The ‘donor’ then indicated that they made an error and their intention was to provide a gift for $810.00. The alleged donor then requested a refund to a credit card they provided.”

In such cases, SCN urged targets to inform credit card agencies and the FBI.

Adelson company’s website hacked


The website of a casino operator owned by Jewish billionaire Sheldon Adelson was hacked by unidentified vandals who criticized his support for Israel.

The hackers on Tuesday took over the home page of websites run by the Las Vegas Sands Corp., the world’s largest casino operator, owned by Adelson. In addition to criticizing Adelson over comments he made in October about Iran and its nuclear program, the hackers also posted personal information about employees including e-mail addresses and social security numbers, according to The Morning Call newspaper based in Allentown, Pa.

The company e-mail system also reportedly was not working, and the Sands’ corporate website and the sites of its resorts in Las Vegas; Macau, China; and Singapore did not function.

The Las Vegas Sands websites were down on Wednesday, with messages saying they were undergoing maintenance.

During the hacking incident, the homepage of the website of the Sands Casino Resort in Bethlehem, Pa., showed a photo of Adelson standing next to Israeli Prime Minister Benjamin Netanyahu and dialogue saying “Damn A, don’t let your tongue cut your throat. Encouraging the use of weapons of mass destruction, under any condition, is a crime.” It was signed by the Anti-WMD team, according to The Morning Call.

The page also showed a map of the world with flames where Sands has casinos in the United States.

Saudi-Israel hacker war heats up


The hacker war between Israel and Saudi Arabia is continuing, with the release of the credit card details of more Israelis.

A Saudi hacker, who has already released thousands of Israeli credit card numbers, along with the personal details of the cardholders, on Wednesday released the details of 200 more Israeli credit cards. He has threatened to release 200 more numbers every day.

The new release by the Saudi hacker was in retaliation for the release earlier this week by an Israeli hacker of Saudi credit card numbers, he told Israeli media in a message.

The Saudi hacker, a member of the Saudi hacking group Group-XP named OxOmar, said last week in an Internet message that he has hacked some 80 Israeli websites and will release a total of 1 million credit card numbers with personal information. He has released about 50,000 numbers so far. He also threatened to release documents from military contractors and companies that manufacture surveillance equipment.