Category Archives: Vulnerabilities

Analysis of Vulnerabilities

SK Bithumb Cryptocurrency breach of 30k customers

Names, mobile numbers, and email addresses of approximately 30,000 South Korean Bithumb exchange customers were exposed from an employee's home computer.  Bithum has indicated no passwords were stolen but some customers have claimed to have lost their funds as a result.  Bithumb is one of the largest bitcoin exchanges and the amount affected is estimated to be billions of SK Won (almost $1M US Dollars.)

Bithumb has promised to pay 100k Won ($87 USD) to each member whose information was exposed.  Once again, the cost savings of bring your own device (BYOD) has proven not to be equal to the reputation and financial costs to a company which should retain workstation security controls and ownership.
 

87 weaknesses in 7 FDA systems

The Government Accounting Office (GAO) was asked to examine and assess seven key Food and Drug Administration (FDA) information systems.  The assessment was based on the effectiveness to which the FDA may have implemented information security controls intended to protect the confidentiality, integrity, and availability of information.  In the assessment, security policies, procedures, reports, and other documents were reviewed along with an examination of the FDA network infrastructure and interviews of FDA personnel.

The findings by GAO specifically state that the FDA did not always 

  1. adequately protect the boundaries of its network
  2. consistently identify and authenticate system users
  3. limit users’ access to only what was required to perform their duties
  4. encrypt sensitive data
  5. consistently audit and monitor system activity
  6. conduct physical security reviews of its facilities
# of GAO identified weaknesses at FDA
Control Area # of weaknesses # of recommendations
Access Controls 58 122
Configuration Management 23 37
Contingency Planning 5 6
Media protection 1 1
Total 87 166

 

NorQuest College woes of alleged harassment in IT data theft

NorQuest College is in Edmonton, Alberta and Clarence Orleski was the manager of technology infrastructure until being terminated on December 4, 2012 by executives Shawn Terlson and John Smith.  Apparently, Orleski did not get along with Smith and on a September 20, 2012 morning of a planned meeting Smith received an email from Orleski stating:

"I've been wanting to touch base with you and get the name (and contact info) of the lady you introduced to me back in the late fall last year…

I forget her name, but she is the one that you and her thought no one was in the office at the time. I was going to interrupt the two of you, but I felt I might be intruding on something, so I just hung around for a while. đź™‚

…I think her name was (woman's name)"

Orleski then went to the meeting and exclaimed he couldn't stand the sight of Smith and requested to work from home until his planned retirement of March 2013.  The request was denied and Orleski was given a disciplinary warning.

The next day, September 21, Orleski allegedly ran DBAN on his NorQuest work laptop to wipe his hard disk.  A few days later, Orleski was reprimanded by Smith for a $10,000 phone bill on his work phone and iPad while on vacation in Europe.  Smith told Orleski that he was not expected to be available (i.e. not to expect the college to pay the bill.)  Orleski then went on sick leave for two months until his firing.

January 21, 2013, NorQuest college then terminated Terlson.  Terlson then received an email:

"I guess what I'm trying to figure out is which one are you? 'Dumb' or 'Dumber'… Don't worry, Mr. pretty boy (Smith) won't be far behind you…

On February 19, 2013, dozens of executives and staff at NorQuest college received an email full of PDFs which started with:

"What you're about to read is correspondence of a sexual nature between myself (John Smith) and my little playful sweetie"

On March 1st, 2013, a court order was issued and Orleski's personal computer, iPad, phone, and other storage were confiscated by that afternoon.  A $2 million claim of damages was made by the college but a settlement was made in 2015 and the lawsuit ended in January 2016.  In the end, a privacy breach was uncovered of unrelated materials stored on the 2.4 gigabytes of 45,920 files in a folder on Orleski's computer including financial data, employee personnel information, and an employment contract of the college president. 

FBI concludes: North Korean government responsible in SPE cyber terrorism

While the semantics of the term “cyber terrorism” are still being argued, it is apparent to the FBI that Sony Pictures Entertainment has been the victim of great economic impact outside the bounds of acceptable state behavior.
TheInterview
And most recently on Tuesday, December 16, 2014, the “Guardians of Peace” posted a message threatening 9/11-type attacks on theaters that screen The Interview. The note was posted on Pastebin labeled “Christmas gift: Michael lynton.”  Lynton is the CEO of Sony Pictures’.  The message read:

Warning

We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.

Soon all the world will see what an awful movie Sony Pictures Entertainment has made.

 The world will be full of fear.

Remember the 11th of September 2001.

We recommend you to keep yourself distant from the places at that time.

(If your house is nearby, you’d better leave.)

Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.

All the world will denounce the SONY.

SonyHack-Screen-Shot-2014-11-24-at170249PM
Following the threat, a number of major theater companies announced they would not show the film. The East Coast premiere of the comedy was then subsequently canceled.

Today, the FBI released a followup statement reinforcing the determination that the recent intrusion into Sony Pictures Entertainment (SPE) by a group calling itself the “Guardians of Peace” leads a trail directly to the North Korean government.  In the statement, it was noted

…The FBI takes seriously any attempt—whether through cyber-enabled means, threats of violence, or otherwise—to undermine the economic and social prosperity of our citizens…

The biggest clues are based on other previously identified malware developed by North Korean actors and the similar lines of code, encryption algorithms, data deletion methods, and infrastructure used such as IP addresses.  Some previous incidents involve last year’s South Korean bank hacks in March which were identified to have been performed by the North Korean government.

FBI-UpdateOnSonyHack