North Korea says: No, We Didn’t Hack Sony.

Recently a new cyber crime story gets reported every week. This week’s news on cybercrime is about an attack at Sony Pictures Entertainment, among other problems making movies publicly available, and creating substantial damage.

Cute dog and girl, most likely from movie.
Picture from linked web page., most likely from movie

An important aspect of most cyber crime is the fact that hacks usually cannot be attributed to the real source. Just because a computer was attacked by another computer, maybe in North Korea or maybe somewhere else doesn’t confirm the real source. That computer may itself be an innocent victim and may have been used by another computer in some other part of the world. There can be a chain of tens and more computers. Even aunt Emma’s computer may be part of such a chain. Therefore it is a very bad idea for most people to start counterattacking cyber criminals by themselves.

This attack is different from old fashioned cyber-crime in what it tries to do. It is not simply stealing some money were the loss of the victim matches the gains of the criminal; it is not simply leaking credit card numbers. The loss to Sony is “strategic”: The loss for Sony isn’t what is gone and has been stolen. The loss in this case is directly hurting Sony in its ability to do further business. As of today, such crimes are common place in newspaper talk about state-actors, cyber-“terrorism” and in hype like cyber-“war”. What is new and unusual here is that such losses are inflicted on normal, commercial business enterprises.

Adding several layers of protection could significantly minimize the risk of such attacks. Obfuscation of your code as provided by White Hawk Software can be one of these protective layers.

For more about this incident see:

Cyber security for consumers and other people

White Hawk Software provides serious high end protections. Our solutions are aimed at software producers. This post, while serious, is however aimed at individuals and families, with and without security background.

closed_gate
Closed gate. Origin of pic is not known.

https://twitter.com/Readygov
In the event of an emergency are you prepared? Know who to Call, where to Meet, what to Pack.
This is about the real world; nothing virtual or cyber.

http://staysafeonline.org
The Internet is a powerful and useful tool, but in the same spirit that you shouldn’t drive without buckling your seat belt or ride a bike without a helmet, you shouldn’t go online without taking some basic precautions.

http://www.onguardonline.gov
Avoid scams. Secure your computer. Protect kids online. Be smart online and more.

http://www.lookstoogoodtobetrue.com
Looks Too Good To Be True.com
Every day consumers receive offers that just sound too good to be true. In the past, these offers came through the mail or by telephone. Now the con-artists and swindlers have found a new avenue to pitch their frauds — the Internet.

http://www.dhs.gov/stopthinkconnect-toolkit
Stop. Think. Connect. Toolkit
The majority of cybercriminals are indiscriminate**; they target vulnerable computer systems regardless of whether the systems are part of a Fortune 500 company, a small business, or belong to a home user. Cybersecurity is a shared responsibility in which all have a role to play. This toolkit provides basic resources just for that.
(**In contrast: White Hawk Software addresses the much smaller, much more sophisticated, and possibly very discriminating segment of cyber criminals.)

http://www.ic3.gov/default.aspx
Internet Crime Complaint Center (IC3)
The IC3 accepts online Internet crime complaints from either the actual victim or from a third party.

https://www.us-cert.gov/ncas/tips
Useful and comprehensive advice about common security issues also for non-technical computer users.

http://www.pbs.org/wgbh/nova/labs/lab/cyber/
“Cybersecurity Lab ” (Public Broadcasting Service, a television network )
Practice lab to take cybersecurity into your own hands. You’ll defend a company that is the target of increasingly sophisticated cyber attacks. Your task is to strengthen the cyber defenses and thwart the attackers by completing a series of cybersecurity challenges. You’ll crack passwords, craft code, and defeat malicious hackers.

https://twitter.com/Bruce_Schneier
Bruce Schneier is one of the most vocal but also most knowledgeable people in the cyber security arena.

http://cve.mitre.org
CVE is a dictionary of publicly known information security vulnerabilities and exposures.

http://www.fbi.gov
When you really need help…

https://www.infragard.org
InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

https://www.us-cert.gov/security-publications
United States Computer Emergency Readiness Team
The big guns.

http://www.dhs.gov/topic/cybersecurity
Cybersecurity at Homeland Security.

http://www.whitehawksoftware.com
Our favorite company on serious tamper-proofing software when security really matters.

zero_one