January 1st, 2015 • 3h 2m
Shownotes
Every new episode of No Agenda is accompanied by a comprehensive list of shownotes curated by Adam while preparing for the show. Clips played by the hosts during the show can also be found here.
TODAY
-------------------------------------------------------------------------------------------------------------
No Über surge pricing
West Texans
Expensive Fireworks
People from West Texas not so Happy New Year
Land rights not executed
Drilling pipe companies orders on hold or cancelled
Queso
-------------------------------------------------------------------------------------------------------------
Smith Mundt Act - A reminder that you are living in a Smith-Mudt Act repealed media landscape
NDAA and Overturning of Smith-Mundt Act
The National Defense Authorization Act for Fiscal Year 2013 (NDAA) allows for materials produced by the State Department and the Broadcasting Board of Governors (BBG) to be released within U.S. borders and strikes down a long-time ban on the dissemination of such material in the country.[14][15][16]
Propaganda in the United States - Wikipedia, the free encyclopedia
Sun, 21 Sep 2014 15:00
Propaganda in the United States is propaganda spread by government and media entities within the United States. Propaganda is information, ideas, or rumors deliberately spread widely to influence opinions. Propaganda is not only in advertising; it is also in radio, newspaper, posters, books, and anything else that might be sent out to the widespread public.
Domestic[edit]World War I[edit]The first large-scale use of propaganda by the U.S. government came during World War I. The government enlisted the help of citizens and children to help promote war bonds and stamps to help stimulate the economy. To keep the prices of war supplies down, the U.S. government produced posters that encouraged people to reduce waste and grow their own vegetables in "victory gardens." The public skepticism that was generated by the heavy-handed tactics of the Committee on Public Information would lead the postwar government to officially abandon the use of propaganda.[1]
World War II[edit]During World War II the U.S. officially had no propaganda, but the Roosevelt government used means to circumvent this official line. One such propaganda tool was the publicly owned but government funded Writers' War Board (WWB). The activities of the WWB were so extensive that it has been called the "greatest propaganda machine in history".[1]Why We Fight is a famous series of US government propaganda films made to justify US involvement in World War II.
In 1944 (lasting until 1948) prominent US policy makers launched a domestic propaganda campaign aimed at convincing the U.S. public to agree to a harsh peace for the German people, for example by removing the common view of the German people and the Nazi party as separate entities.[2] The core in this campaign was the Writers' War Board which was closely associated with the Roosevelt administration.[2]
Another means was the United States Office of War Information that Roosevelt established in June 1942, whose mandate was to promote understanding of the war policies under the director Elmer Davies. It dealt with posters, press, movies, exhibitions, and produced often slanted material conforming to US wartime purposes. Other large and influential non-governmental organizations during the war and immediate post war period were the Society for the Prevention of World War III and the Council on Books in Wartime.
Cold War[edit]During the Cold War, the U.S. government produced vast amounts of propaganda against communism and the Soviet bloc. Much of this propaganda was directed by the Federal Bureau of Investigation under J. Edgar Hoover, who himself wrote the anti-communist tract Masters of Deceit. The FBI's COINTELPRO arm solicited journalists to produce fake news items discrediting communists and affiliated groups, such as H. Bruce Franklin and the Venceremos Organization.
War on Drugs[edit]The National Youth Anti-Drug Media Campaign, originally established by the National Narcotics Leadership Act of 1988,[3][4] but now conducted by the Office of National Drug Control Policy under the Drug-Free Media Campaign Act of 1998,[5] is a domestic propaganda campaign designed to "influence the attitudes of the public and the news media with respect to drug abuse" and for "reducing and preventing drug abuse among young people in the United States".[6][7] The Media Campaign cooperates with the Partnership for a Drug-Free America and other government and non-government organizations.[8]
Iraq War[edit]In early 2002, the U.S. Department of Defense launched an information operation, colloquially referred to as the Pentagon military analyst program.[9] The goal of the operation is "to spread the administrations's talking points on Iraq by briefing ... retired commanders for network and cable television appearances," where they have been presented as independent analysts.[10] On 22 May 2008, after this program was revealed in the New York Times, the House passed an amendment that would make permanent a domestic propaganda ban that until now has been enacted annually in the military authorization bill.[11]
The Shared values initiative was a public relations campaign that was intended to sell a "new" America to Muslims around the world by showing that American Muslims were living happily and freely, without persecution, in post-9/11 America.[12] Funded by the United States Department of State, the campaign created a public relations front group known as Council of American Muslims for Understanding (CAMU). The campaign was divided in phases; the first of which consisted of five mini-documentaries for television, radio, and print with shared values messages for key Muslim countries.[13]
NDAA and Overturning of Smith-Mundt Act[edit]The National Defense Authorization Act for Fiscal Year 2013 (NDAA) allows for materials produced by the State Department and the Broadcasting Board of Governors (BBG) to be released within U.S. borders and strikes down a long-time ban on the dissemination of such material in the country.[14][15][16]
Ad Council[edit]The Ad Council, an American non-profit organization that distributes public service announcements on behalf of various private and federal government agency sponsors, has been labeled as "little more than a domestic propaganda arm of the federal government" given the Ad Council's historically close collaboration with the President of the United States and the federal government.[17]
International[edit]Through several international broadcasting operations, the US disseminates American cultural information, official positions on international affairs, and daily summaries of international news. These operations fall under the International Broadcasting Bureau, the successor of the United States Information Agency, established in 1953. IBB's operations include Voice of America, Radio Liberty, Alhurra and other programs. They broadcast mainly to countries where the United States finds that information about international events is limited, either due to poor infrastructure or government censorship. The Smith-Mundt Act prohibits the Voice of America from disseminating information to US citizens that was produced specifically for a foreign audience.
During the Cold War the US ran covert propaganda campaigns in countries that appeared likely to become Soviet satellites, such as Italy, Afghanistan, and Chile.
Recently The Pentagon announced the creation of a new unit aimed at spreading propaganda about supposedly "inaccurate" stories being spread about the Iraq War. These "inaccuracies" have been blamed on the enemy trying to decrease support for the war. Donald Rumsfeld has been quoted as saying these stories are something that keeps him up at night.[18]
Psychological operations[edit]The US military defines psychological operations, or PSYOP, as:
planned operations to convey selected information and indicators to foreign audiences to influence the emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals.[19]
The Smith-Mundt Act, adopted in 1948, explicitly forbids information and psychological operations aimed at the US public.[20][21][22] Nevertheless, the current easy access to news and information from around the globe, makes it difficult to guarantee PSYOP programs do not reach the US public. Or, in the words of Army Col. James A. Treadwell, who commanded the U.S. military psyops unit in Iraq in 2003, in the Washington Post:
There's always going to be a certain amount of bleed-over with the global information environment.[23]
Agence France Presse reported on U.S. propaganda campaigns that:
The Pentagon acknowledged in a newly declassified document that the US public is increasingly exposed to propaganda disseminated overseas in psychological operations.[24]
Former US Defense Secretary Donald Rumsfeld approved the document referred to, which is titled "Information Operations Roadmap." [22][24] The document acknowledges the Smith-Mundt Act, but fails to offer any way of limiting the effect PSYOP programs have on domestic audiences.[20][21][25]
Several incidents in 2003 were documented by Sam Gardiner, a retired Air Force colonel, which he saw as information-warfare campaigns that were intended for "foreign populations and the American public." Truth from These Podia,[26] as the treatise was called, reported that the way the Iraq war was fought resembled a political campaign, stressing the message instead of the truth.[22]
See also[edit]References[edit]^ abThomas Howell, The Writers' War Board: U.S. Domestic Propaganda in World War II, Historian, Volume 59 Issue 4, Pages 795 - 813^ abSteven Casey, (2005), The Campaign to sell a harsh peace for Germany to the American public, 1944 - 1948, [online]. London: LSE Research Online. [Available online at http://eprints.lse.ac.uk/archive/00000736] Originally published in History, 90 (297). pp. 62-92 (2005) Blackwell Publishing^National Narcotics Leadership Act of 1988 of the Anti''Drug Abuse Act of 1988, Pub.L. 100''690, 102 Stat. 4181, enacted November 18, 1988^Gamboa, Anthony H. (January 4, 2005), B-303495, Office of National Drug Control Policy '-- Video News Release, Government Accountability Office, footnote 6, page 3 ^Drug-Free Media Campaign Act of 1998 (Omnibus Consolidated and Emergency Supplemental Appropriations Act, 1999), Pub.L. 105''277, 112 Stat. 268, enacted October 21, 1998^Gamboa, Anthony H. (January 4, 2005), B-303495, Office of National Drug Control Policy '-- Video News Release, Government Accountability Office, pp. 9''10 ^Drug-Free Media Campaign Act of 1998 of the Omnibus Consolidated and Emergency Supplemental Appropriations Act, 1999, Pub.L. 105''277, 112 Stat. 268, enacted October 21, 1998^Office of National Drug Control Policy Reauthorization Act of 2006, Pub.L. 109''469, 120 Stat. 3501, enacted December 29, 2006, codified at 21 U.S.C. § 1708^Barstow, David (2008-04-20). "Message Machine: Behind Analysts, the Pentagon's Hidden Hand". New York Times. ^Sessions, David (2008-04-20). "Onward T.V. Soldiers: The New York Times exposes a multi-armed Pentagon message machine". Slate. ^Barstow, David (2008-05-24). "2 Inquiries Set on Pentagon Publicity Effort". New York Times. ^Rampton, Sheldon (October 17, 2007). "Shared Values Revisited". Center for Media and Democracy. ^"U.S. Reaches Out to Muslim World with Shared Values Initiative". America.gov. January 16, 2003.
-------------------------------------------------------------------------------------------------------------
EuroLand
Lithuania joins €uro
You can discuss tomorrow Lithuania joining € on January 1st 2015. Note that now between Germany and Finland only Poland lacks € but Poland and Poles are enemies of € so it may stay that way although are obliged by EU accession treaty to join € sooner or later. Other noteworthy info: 3-4 hundred years ago there was "United Kingdom of Poland and Lithuania" that was then 2nd largest country in Europe but nowadays apart from hatred towards Russia not much is common between Poland and Lithuania where Polish minority is persecuted still (they are forced to write names without Polish letters ąćęłóśżź, etc)
EU diktat on VAT could kill thousands of online firms | Daily Mail Online
Thu, 01 Jan 2015 16:01
All companies selling digital products must navigate new EU VAT system Law requires firms to charge VAT based on the country where buyer livesAims to stop firms undercutting rivals by setting up in low tax countries Critics say even the smallest businesses will be forced to hire accountants By Louise Eccles, Business Correspondent for the Daily Mail
Published: 17:49 EST, 31 December 2014 | Updated: 09:18 EST, 1 January 2015
443shares
614
Viewcomments
From today all companies selling digital products must navigate a hugely complicated VAT system (file picture)
Thousands of 'kitchen table' entrepreneurs could be forced out of business by a new EU tax law, it is claimed.
From today, all companies selling digital products '' including e-books, music downloads and even knitting patterns '' must navigate a hugely complicated VAT system.
Critics say even the smallest businesses may have to hire accountants and spend hours on paperwork, forcing many to close.
The new law requires firms to charge VAT based on the country where the buyer lives, rather than where the seller is based.
It aims to stop multinational corporations such as Amazon undercutting rivals by setting up headquarters in low-VAT countries such as Luxembourg.
But the clampdown means fledgling businesses must now record which European country each customer is from and charge their national VAT rate. They must also keep hold of customers' home and bank addresses for ten years.
Enterprise Nation, a campaign group which represents small and micro-businesses, believes around 250,000 companies will be affected by the change.
And Chas Roy-Chowdhury, of the Association of Chartered Certified Accountants, described the administrative burden on small firms as 'unacceptable'.
KPMG explains the changes of the new 2015 VAT system
'The Government must look at exempting the UK's smallest businesses from this, or risk them withdrawing from trading in Europe all together,' he said.
'Ministers must come up with an exemption and take it to the European Commission.'
HMRC has already introduced a scheme designed to ease the strain of the new law, called the VAT Mini One Stop Shop, or VAT MOSS.
It allows businesses to make a single quarterly VAT return, rather than having to register separately for VAT in each of the 28 EU member states.
HMRC has already introduced a scheme designed to ease the strain of the new law, called the VAT Mini One Stop Shop (file picture)
But entrepreneurs still say they are going to struggle. On a Facebook page dedicated to abolishing the new rules, photographer Martin Wilson said he will be closing the online part of his business.
'The administration burden, risk and cost of complying far outweighs the business I do with the EU. I don't want the hassle of being an unpaid tax collector,' he said.
Others said they were removing their own products from sale, while one businesswoman said she had spent months trying to understand the legislation.
A spokesman for HMRC said they were providing help for businesses and would be monitoring the impact of the changes.
Case study: Interior designer's petition over new tax legislation
Interior designer: Issy Zinaburg has spent months working on a new venture selling online courses
Interior designer Issy Zinaburg has spent months working on a new venture selling online courses.
At eight months' pregnant, the designer had hoped the downloadable guide on how to decorate your home would allow her to earn some money while on maternity leave.
But now, new tax legislation introduced by the European Union could render this part of her business untenable.
The law requires that all businesses '' however small '' must track where each customer is from and charge them their national rate of VAT.
The rate varies wildly across the 28 EU member states and will require significant administrative work to maintain, she says.
Mrs Zinaburg started a petition in protest which has since gathered more than 21,000 signatures.
The designer says the new legislation will 'cripple, and potentially force into closure, thousands of micro-businesses across the UK'.
The 33-year-old, who lives with her husband Amir in Suffolk, said: 'I have a traditional interior design business but I am currently pregnant and I had hoped that taking my business online would be more flexible around childcare.
'Offering online courses would allow me to take some time off after the baby is born so that I am not working all the time.
'I had a number of courses planned which would include PDFs, pre-recorded videos and worksheets to show people how to do their own home. But I have now had to scrap a number of products.'
Mrs Zinaburg, of the EU VAT Action group, believes that she may be able to circumvent the changes if she includes enough 'human interaction' in her tutorials and online courses, but says that understanding how the new rules will work has been a huge headache.
She said: 'Everyone agrees that the loopholes used by the big companies like Amazon should be closed, but the unintended consequence is the impact on small businesses. The administrative burden on micro-businesses is huge.
'For some micro-businesses, it might be that they only need to charge £10 VAT a year, but the work involved in recording where the money is coming from and where it should go is just not worth it for them.'
Share or comment on this article
Caliphate!
DJ catches evergreen clip anomaly
I just realized after hearing that Feinstein clip 20 times over the years that when the first guy responds to her question he quickly reframes what she asks, basically asking himself a different question out loud so that the other 3 guys are actually answering his question, not hers. She asks "how likely" is an attack in the next 3-6 months, but he precedes his answer with "... the priority, is certain". So they all agree with him that (for the terrorists) "the priority" of an attack is certain rather than the actual carrying out of one, so they have a built in out when one never happened. Looking at it that way the dude looks like a total pro.
CYBER!
Regin Malware Platform
Regin: Nation-state ownage of GSM networks - Securelist
Tue, 30 Dec 2014 13:20
Motto: "Beware of Regin, the master! His heart is poisoned. He would be thy bane...""The Story of Siegfried" by James Baldwin Introduction, historyDownload our full Regin paper (PDF).
In the spring of 2012, following a Kaspersky Lab presentation on the unusual facts surrounding the Duqu malware, a security researcher contacted us and mentioned that Duqu reminded him of another high-end malware incident. Although he couldn't share a sample, the third-party researcher mentioned the "Regin" name, a malware attack that is now dreaded by many security administrators in governmental agencies around the world.
For the past two years, we've been tracking this most elusive malware across the world. From time to time, samples would appear on various multi-scanner services, but they were all unrelated to each other, cryptic in functionality and lacking context.
It's unknown exactly when the first samples of Regin were created. Some of them have timestamps dating back to 2003.
The victims of Regin fall into the following categories:
Telecom operatorsGovernment institutionsMulti-national political bodiesFinancial institutionsResearch institutionsIndividuals involved in advanced mathematical/cryptographical researchSo far, we've observed two main objectives from the attackers:
Intelligence gatheringFacilitating other types of attacksWhile in most cases, the attackers were focused on extracting sensitive information, such as e-mails and documents, we have observed cases where the attackers compromised telecom operators to enable the launch of additional sophisticated attacks. More about this in the GSM Targeting section below.
Perhaps one of the most publicly known victims of Regin is Jean Jacques Quisquater (https://en.wikipedia.org/wiki/Jean-Jacques_Quisquater), a well-known Belgian cryptographer. In February 2014, Quisquater announced he was the victim of a sophisticated cyber intrusion incident. We were able to obtain samples from the Quisquater case and confirm they belong to the Regin platform.
Another interesting victim of Regin is a computer we are calling "The Magnet of Threats". This computer belongs to a research institution and has been attacked by Turla, Mask/Careto, Regin, Itaduke, Animal Farm and some other advanced threats that do not have a public name, all co-existing happily on the same computer at some point.
Initial compromise and lateral movementThe exact method of the initial compromise remains a mystery, although several theories exist, which include man-in-the-middle attacks with browser zero-day exploits. For some of the victims, we observed tools and modules designed for lateral movement. So far, we have not encountered any exploits. The replication modules are copied to remote computers by using Windows administrative shares and then executed. Obviously, this technique requires administrative privileges inside the victim's network. In several cases, the infected machines were also Windows domain controllers. Targeting of system administrators via web-based exploits is one simple way of achieving immediate administrative access to the entire network.
The Regin platformIn short, Regin is a cyber-attack platform which the attackers deploy in the victim networks for ultimate remote control at all possible levels.
The platform is extremely modular in nature and has multiple stages.
Regin platform diagram
The first stage ("stage 1") is generally the only executable file that will appear in victim' systems. Further stages are stored either directly on the hard drive (for 64 bit systems), as NTFS Extended Attributes or registry entries. We've observed many different stage 1 modules, which sometimes have been merged with public sources to achieve a type of polymorphism, complicating the detection process.
The second stage has multiple purposes and can remove the Regin infection from the system if instructed so by the 3rd stage.
The second stage also creates a marker file that can be used to identify the infected machine. Known filenames for this marker are:
%SYSTEMROOT%\system32\nsreg1.dat%SYSTEMROOT%\system32\bssec3.dat%SYSTEMROOT%\system32\msrdc64.datStage 3 exists only on 32 bit systems - on 64 bit systems, stage 2 loads the dispatcher directly, skipping the third stage.
Stage 4, the dispatcher, is perhaps the most complex single module of the entire platform. The dispatcher is the user-mode core of the framework. It is loaded directly as the third stage of the 64-bit bootstrap process or extracted and loaded from the VFS as module 50221 as the fourth stage on 32-bit systems.
The dispatcher takes care of the most complicated tasks of the Regin platform, such as providing an API to access virtual file systems, basic communications and storage functions as well as network transport sub-routines. In essence, the dispatcher is the brain that runs the entire platform.
A thorough description of all malware stages can be found in our full technical paper.
Virtual File Systems (32/64-bit)The most interesting code from the Regin platform is stored in encrypted file storages, known as Virtual File Systems (VFSes).
During our analysis we were able to obtain 24 VFSes, from multiple victims around the world. Generally, these have random names and can be located in several places in the infected system. For a full list, including format of the Regin VFSes, see our technical paper.
Unusual modules and artifactsWith high-end APT groups such as the one behind Regin, mistakes are very rare. Nevertheless, they do happen. Some of the VFSes we analyzed contain words which appear to be the respective codenames of the modules deployed on the victim:
legspinv2.6 and LEGSPINv2.6WILLISCHECKv2.0HOPSCOTCHAnother module we found, which is a plugin type 55001.0 references another codename, which is U_STARBUCKS:
GSM TargetingThe most interesting aspect we found so far about Regin is related to an infection of a large GSM operator. One VFS encrypted entry we located had internal id 50049.2 and appears to be an activity log on a GSM Base Station Controller.
From https://en.wikipedia.org/wiki/Base_station_subsystem
According to the GSM documentation (http://www.telecomabc.com/b/bsc.html): "The Base Station Controller (BSC) is in control of and supervises a number of Base Transceiver Stations (BTS). The BSC is responsible for the allocation of radio resources to a mobile call and for the handovers that are made between base stations under his control. Other handovers are under control of theMSC."
Here's a look at the decoded Regin GSM activity log:
This log is about 70KB in size and contains hundreds of entries like the ones above. It also includes timestamps which indicate exactly when the command was executed.
The entries in the log appear to contain Ericsson OSS MML (Man-Machine Language as defined by ITU-T) commands.
Here's a list of some commands issued on the Base Station Controller, together with some of their timestamps:
2008-04-25 11:12:14: rxmop:moty=rxotrx;2008-04-25 11:58:16: rxmsp:moty=rxotrx;2008-04-25 14:37:05: rlcrp:cell=all;2008-04-26 04:48:54: rxble:mo=rxocf-170,subord;2008-04-26 06:16:22: rxtcp:MOty=RXOtg,cell=kst022a;2008-04-26 10:06:03: IOSTP;2008-04-27 03:31:57: rlstc:cell=pty013c,state=active;2008-04-27 06:07:43: allip:acl=a2;2008-04-28 06:27:55: dtstp:DIP=264rbl2;2008-05-02 01:46:02: rlstp:cell=all,state=halted;2008-05-08 06:12:48: rlmfc:cell=NGR035W,mbcchno=83&512&93&90&514&522,listtype=active;2008-05-08 07:33:12: rlnri:cell=NGR058y,cellr=ngr058x;2008-05-12 17:28:29: rrtpp:trapool=all;
1
2
3
4
5
6
7
8
9
10
11
12
13
2008-04-2511:12:14:rxmop:moty=rxotrx;
2008-04-2511:58:16:rxmsp:moty=rxotrx;
2008-04-2514:37:05:rlcrp:cell=all;
2008-04-2604:48:54:rxble:mo=rxocf-170,subord;
2008-04-2606:16:22:rxtcp:MOty=RXOtg,cell=kst022a;
2008-04-2610:06:03:IOSTP;
2008-04-2703:31:57:rlstc:cell=pty013c,state=active;
2008-04-2706:07:43:allip:acl=a2;
2008-04-2806:27:55:dtstp:DIP=264rbl2;
2008-05-0201:46:02:rlstp:cell=all,state=halted;
2008-05-0806:12:48:rlmfc:cell=NGR035W,mbcchno=83&512&93&90&514&522,listtype=active;
2008-05-0807:33:12:rlnri:cell=NGR058y,cellr=ngr058x;
2008-05-1217:28:29:rrtpp:trapool=all;
Descriptions for the commands:
rxmop - check software version type;rxmsp - list current call forwarding settings of the Mobile Station;rlcrp - list off call forwarding settings for the Base Station Controller;rxble - enable (unblock) call forwarding;rxtcp - show the Transceiver Group of particular cell;allip - show external alarm;dtstp - show DIgital Path (DIP) settings (DIP is the name of the function used for supervision of the connected PCM (Pulse Code Modulation) lines);rlstc - activate cell(s) in the GSM network;rlstp - stop cell(s) in the GSM network;rlmfc - add frequencies to the active broadcast control channel allocation list;rlnri - add cell neightbour;rrtpp - show radio transmission transcoder pool details;The log seems to contain not only the executed commands but also usernames and passwords of some engineering accounts:
sed[snip]:Alla[snip]hed[snip]:Bag[snip]oss:New[snip]administrator:Adm[snip]nss1:Eric[snip]
In total, the log indicates that commands were executed on 136 different cells. Some of the cell names include "prn021a, gzn010a, wdk004, kbl027a, etc...". The command log we obtained covers a period of about one month, from April 25, 2008 through May 27, 2008. It is unknown why the commands stopped in May 2008 though; perhaps the infection was removed or the attackers achieved their objective and moved on. Another explanation is that the attackers improved or changed the malware to stop saving logs locally and that's why only some older logs were discovered.
Communication and C&CThe C&C mechanism implemented in Regin is extremely sophisticated and relies on communication drones deployed by the attackers throughout the victim networks. Most victims communicate with another machine in their own internal network, through various protocols, as specified in the config file. These include HTTP and Windows network pipes. The purpose of such a complex infrastructure is to achieve two goals: give attackers access deep into the network, potentially bypassing air gaps and restrict as much as possible the traffic to the C&C.
Here's a look at the decoded configurations:
17.3.40.101 transport 50037 0 0 y.y.y.5:80 ; transport 50051 217.y.y.yt:44317.3.40.93 transport 50035 217.x.x.x:443 ; transport 50035 217.x.x.x:44350.103.14.80 transport 27 203.199.89.80 ; transport 50035 194.z.z.z:808051.9.1.3 transport 50035 192.168.3.3:445 ; transport 50035 192.168.3.3:932218.159.0.1 transport 50271 DC ; transport 50271 DC
17.3.40.101transport5003700y.y.y.5:80;transport50051217.y.y.yt:443
17.3.40.93transport50035217.x.x.x:443;transport50035217.x.x.x:443
50.103.14.80transport27203.199.89.80;transport50035194.z.z.z:8080
51.9.1.3transport50035192.168.3.3:445;transport50035192.168.3.3:9322
18.159.0.1transport50271DC;transport50271DC
In the above table, we see configurations extracted from several victims that bridge together infected machines in what appears to be virtual networks: 17.3.40.x, 50.103.14.x, 51.9.1.x, 18.159.0.x. One of these routes reaches out to the "external" C&C server at 203.199.89.80.
The numbers right after the "transport" indicate the plugin that handles the communication. These are in our case:
27 - ICMP network listener using raw sockets50035 - Winsock-based network transport50037 - Network transport over HTTP50051 - Network transport over HTTPS50271 - Network transport over SMB (named pipes)The machines located on the border of the network act as routers, effectively connecting victims from inside the network with C&Cs on the internet.
After decoding all the configurations we've collected, we were able to identify the following external C&Cs.
C&C server IPLocationDescription61.67.114.73Taiwan, Province Of China TaichungChwbn202.71.144.113India, ChetputChennai Network Operations (team-m.co)203.199.89.80India, ThaneInternet Service Provider194.183.237.145Belgium, BrusselsPerceval S.a.One particular case includes a country in the Middle East. This case was mind-blowing so we thought it's important to present it. In this specific country, all the victims we identified communicate with each other, forming a peer-to-peer network. The P2P network includes the president's office, a research center, educational institution network and a bank.
These victims spread across the country are all interconnected to each other. One of the victims contains a translation drone which has the ability to forward the packets outside of the country, to the C&C in India.
This represents a rather interesting command-and-control mechanism, which is guaranteed to raise very little suspicions. For instance, if all commands to the president's office are sent through the bank's network, then all the malicious traffic visible for the president's office sysadmins will be only with the bank, in the same country.
Victim StatisticsOver the past two years, we collected statistics about the attacks and victims of Regin. These were aided by the fact that even after the malware is uninstalled, certain artifacts are left behind which can help identify an infected (but cleaned) system. For instance, we've seen several cases where the systems were cleaned but the "msrdc64.dat" infection marker was left behind.
So far, victims of Regin were identified in 14 countries:
AlgeriaAfghanistanBelgiumBrazilFijiGermanyIranIndiaIndonesiaKiribatiMalaysiaPakistanRussiaSyriaIn total, we counted 27 different victims, although it should be pointed out that the definition of a victim here refers to a full entity, including their entire network. The number of unique PCs infected with Regin is of course much, much higher.
From the map above, Fiji and Kiribati are unusual, because we rarely see such advanced malware in such remote, small countries. In particular, the victim in Kiribati is most unusual. To put this into context, Kiribati is a small island in the Pacific, with a population around 100,000.
More information about the Regin victims is available through Kaspersky Intelligent Services. Contact: intelreports@kaspersky.com
AttributionConsidering the complexity and cost of Regin development, it is likely that this operation is supported by a nation-state. While attribution remains a very difficult problem when it comes to professional attackers such as those behind Regin, certain metadata extracted from the samples might still be relevant.
As this information could be easily altered by the developers, it's up to the reader to attempt to interpret this: as an intentional false flag or a non-critical indicator left by the developers.
More information about Regin is available to Kaspersky Intelligent Services' clients. Contact: intelreports@kaspersky.com
ConclusionsFor more than a decade, a sophisticated group known as Regin has targeted high-profile entities around the world with an advanced malware platform. As far as we can tell, the operation is still active, although the malware may have been upgraded to more sophisticated versions. The most recent sample we've seen was from a 64-bit infection. This infection was still active in the spring of 2014.
The name Regin is apparently a reversed "In Reg", short for "In Registry", as the malware can store its modules in the registry. This name and detections first appeared in anti-malware products around March 2011.
From some points of view, the platform reminds us of another sophisticated malware: Turla. Some similarities include the use of virtual file systems and the deployment of communication drones to bridge networks together. Yet through their implementation, coding methods, plugins, hiding techniques and flexibility, Regin surpasses Turla as one of the most sophisticated attack platforms we have ever analysed.
The ability of this group to penetrate and monitor GSM networks is perhaps the most unusual and interesting aspect of these operations. In today's world, we have become too dependent on mobile phone networks which rely on ancient communication protocols with little or no security available for the end user. Although all GSM networks have mechanisms embedded which allow entities such as law enforcement to track suspects, there are other parties which can gain this ability and further abuse them to launch other types of attacks against mobile users.
Full technical paper with IOCs.
Kaspersky products detect modules from the Regin platform as: Trojan.Win32.Regin.gen and Rootkit.Win32.Regin.
If you detect a Regin infection in your network, contact us at: intelservices@kaspersky.com
h+ Magazine | Raoul Chiesa Dishes On Regin - h+ Magazine
Tue, 30 Dec 2014 13:24
In this phase it is quite impossible to attribute precisely the development of the Regin malware to a specific category of threat actors.
I have contacted one of the most popular security researcher in the world, Raoul Chiesa, who is President, Head of Information Superiority for MoD Unit at Security Brokers and advisor to several Institutions, including UNICRI, ENISA and member of the board of Directors for ISECOM, CLUSIT, OPSI-AIP.
I asked to Raoul to share with me his view on the Regin case trying to explain whether it is possible to speculate on the involvement of cybercriminal organizations.
Pierluigi: Hi Raoul, you have declared that Regin could be the product of a criminal organization. In your opinion, which are the elements that distinguish the Regin platform from other identified in the past, as Flame or Duqu?
Raoul: As usual happen in these cases, there aren't sufficient elements in this phase to express an objective judgment. In several interviews that I released to the media agencies, I have highlighted that in my humble opinion Regin seems a product of the Organized Crime rather than Intelligence.
Given this, it is important to analyze two aspects of my comment: first, the fact that Regin also implements a credential stealing functionality that allowed attackers to syphon login credentials for social networks, and this can be part of Intelligence information gathering, but also for online banking services. In this second case, the scenario most plausible is obviously the cybercrime.
Second, the reference to the telecommunication companies (mobile operators): I'm conducting penetration tests for 20 years, I'm a member of the TSTF (Telecom Security Task Force) and I have a deep knowledge of the complexity for a mobile infrastructure. I think that it is not possible to automatize an attack against these systems, it could result too complex due to the presence of Network Elements produced by different vendors.
In several cases, when specific industries are targeted, spear phishing is an evergreen attack vector. With a spear phishing attack hackers can compromise a machine inside the targeted infrastructure to move the attack from the workstation usually used an OSS operator. But, again, automate the data exfiltration is really too complicated. Let's think to the billing (CDR, Call Detail Records), which is also the privileged target of an intelligence agency, in complex infrastructure the overall operations are the result of activities executed by software from different vendors and the integration of a large number of complex Database Management Systems.
I read many posts that compared Regin to Stuxnet, well, even if it can seem absurd, a Telco infrastructure is much more complex than systems within an energy plant, consider also that the ''SCADA word'' is still more insecure of the telecommunication industry, despite the number of zero-day specific for Telco equipment is very high.
Analyzing the Regin case it could be very interesting to understand if the targeted mobile operators were using the same technologies for their network infrastructure. This would be a first important factor for a serious assessment.
Pierluigi: The reports published by Symantec and Kaspersky highlights the high level of complexity of the Regin malware, another element very unusual is the attack against the GSM infrastructure. Assuming that there is a criminal organization behind Regin, which are their means and resources? In my experience probably only the RBN (Russian Business Network) was able to support a huge investment in research and resources, like the one behind Regin. Do you think that there is a new similar organization in the wild?
Raoul: Well Pierluigi, I'm currently at the Defcamp where I had the opportunity to speak with my friend and colleague Mika Lauhde at ENISA PSG, and former Global Chief Security Officer at Nokia.Mika told me that some confidential sources from an important Antivirus vendor, revealed that they have discovered traces of Regin in 2003, in 2005, e and after 2005 it disappeared.
This information changes my point of view and let me think that Regin is a probably a product of the Intelligence instead the cybercrime.
Regarding your question, as you correctly said, the RBN was a really complex organization, flexible and with significant financial resources. The security landscapeis completely changed since the alleged disappearance of the RBN, today the Intelligence Agencies have a primary interest in mobile operator data. In this sense, I can agree with those experts that consider Regin as a product of the Intelligence, mobile operators are a privileged target for the Intelligence, today everyone has a mobile phone that collects his data, that has information on his social network and contacts, that traces his position everywhere he goes.
Gain the access to the CDR, to the billing, to the SMS is nearly ''priceless'', butinvestmentare impressing. But, here there is the concretization of my thought, why so huge investments to automate a hacking platform that needs to be tailored every time?
It is more convenient for the attackers use a dedicated team of hackers that operatesmanually in stealth way and that is able to exfiltrate just the data the Intelligence agencies need.Automated attacks are surely more noisily than tailored operations.
Speaking with Mika I had information about other factors that suggests the involvement of a government, but I cannot disclose further data. As I told you the information let me to believe that Regin was designed by an Intelligence agency, probably the US one.
If confirmed the news that the first traces of Regin was dated 2003 and 2005, well, I was not aware of cyber criminal gangs active for so long.
I would like to do other assessments, linked the SO-CALLED ''object of interest'', which is not 'just' data of Telco companies, but also financial. But as I said, to date I cannot say more because I signed an ''NDA from Gentlemen's Agreement''.
Pierluigi: Raoul, it's my opinion that we run the serious risk that an incorrect attribution can trigger a series of diplomatic crisis and hacking campaigns in the cyberspace that can destabilize some balances. I have seen too many experts to express too hasty judgment on Regin. What is your opinion?
Raoul: You are right. When experts express their opinion too hasty, not specifying that they are making hypotheses on the events (as I showed myself with ANSA and other media), is dangerous. I made clear that the Attribution is the greatest difficulty when it comes to date breaches, malware and any other kind of cyber attack.
We let's see what will happen. I do not care to ''be right'' or not, I consider important to avoid spreading wrong alarms and that every scenario, every threat actor and every motivation behind the attack must be carefully analyzed.
The detailed analysis is available on the Infosec Institute
Trains Good Planes Bad (whoo hop)
AirAsia flight's behaviour 'on the edge of logic' | Stuff.co.nz
Thu, 01 Jan 2015 15:36
Getty Images
Indonesian soldiers carry coffins containing victims of the AirAsia crash at the Indonesian Air Force Military Base, Surabaya.
The AirAsia jet in which 162 people lost their lives this week behaved in ways "bordering on the edge of logic" according to Indonesian aviation analyst Gerry Soejatman citing leaked information from the air crash investigation team.
The Airbus 320-200 climbed in a way that was impossible to achieve by the pilot, adding that it subsequently "didn't fall out of the sky like an aeroplane", he told Fairfax Media.
"It was like a piece of metal being thrown down. It's really hard to comprehend '... The way it goes down is bordering on the edge of logic".
Leaked information on AirAsia flight QZ8501 from the air crash investigation team, provided by Indonesian aviation analyst Gerry Soejatman.
* Divers prepare to enter AirAsia wreck * Passengers 'probably unconscious'
But Australian aviation expert, Peter Marosszeky, from the University of NSW, disputed some of the figures cited, saying the descent figures particularly were "highly unlikely".
Soejatman said that at least as baffling was "the extremely low ground speed" which was as low as 61 knots during the descent. This would suggest the plane was heading almost straight down, explaining why it was found in the water just 10km from its last point of radar contact.
The new claims lend weight to the impression that the plane was subject to extraordinary forces from the weather. AirAsia chief executive Tony Fernandes said earlier this week that preliminary investigations suggested the jet encountered "very unique" weather on its flight last Sunday morning from Surabaya to Singapore.
Soejatman, a respected analyst in Indonesia, said the extremity of the forces on the plane meant the "black box" flight recorder would be of less use in explaining what happened than forensic examination of the pieces of wreckage currently lying in about 50m of water in the Karimata Strait between Borneo and the Belitung Islands off Sumatra.
"We are fortunate that it crashed in shallow water so we can find physical evidence outside the black box. It puts great emphasis on the importance of recovering pieces of the wreckage," he said.
Navy and search and rescue divers were at the scene for the first time today.
AP
Indonesian navy divers prepare to search of the site of the AirAsia crash on January 1.
Soejatman said the plane was equipped with a Mode S radar, a relatively new piece of equipment which sends more comprehensive information, in real time, from aircraft to ground.
Leaked figures show the plane climbed at a virtually unprecedented rate of 6000 to 9000 feet per minute, and "you can't do that at altitude in an Airbus 320 with pilot action".
The most that could normally be expected would be 1000 to 1500 feet on a sustained basis, with up to 3000 feet in a burst, he said.
APAPReutersReutersGetty ImagesGetty Iamges
Indonesian Air Force Operational Command Rear Marshall Dwi Putranto shows airplane parts and a suitcase found floating on the water near the site where AirAsia flight 8501 disappeared.
Bodies and debris seen floating in Indonesian waters on Tuesday.
A relative who collapsed on hearing the news that the plane's wreckage and bodies had been found.
Family members of passengers pray at a waiting area in Juanda International Airport, Surabaya, Indonesia.
An aerial view of Belitung, the search area for the missing plane.
Indonesian search and rescue team coordinating the search area.
The plane then fell at an even more incredible rate: 11,000 feet per minute with bursts of up to 24,000 feet per minute.
He said the Air France A330 Airbus that crashed in 2009 killing 228 passengers also reached dizzying ascent and descent rates, but some of the figures cited by Soejatman are higher.
"We can't rule out that the data is wrong," he said, but added that they came from the aircraft itself, transmitted over the Mode S radar.
As for an explanation, he said it was a "mystery".
"One possibility is a strong updraft followed by strong ground draft, or structural failure of the aircraft."
Marosszeky, a Research Fellow at the University of NSW School of Aviation, said a climb rate of 6000 feet per minute would indicate "a severe weather event", because that rate of climb was "a domain for jet fighters". It was possible at this height in the tropics, he said.
He said the black box flight recorder would still provide investigators with "very useful data", and that it was unlikely that the Mode S radar would give misreadings.
He was sceptical, however, that the figure cited of up to 24,000 feet per minute descent was possible, saying that terminal velocity is nowhere near that speed.
In the Air France case, an investigation revealed that pilot error had compounded difficult weather conditions to cause the crash.
In the AirAsia case, Captain Iriyanto, the pilot, was a respected former airforce pilot and pilot trainer with 23,000 hours flying experience, 6000 of them for AirAsia. His plane was six years old and had last been through routine maintenance in November.
AirAsia chief executive Tony Fernandes said earlier this week he had "full confidence in my fleet and crew". Without giving details, he steered blame towards the weather, saying his airline would continue business as usual, but suggesting that climate change was making weather worse and flying riskier, particularly in the tropics.
- SMH
SONY
Your Friendly North Korean Network Observer by nknetobserver
Thu, 01 Jan 2015 16:11
IntroductionOn 17 December 2011, Kim Jong Un became the leader of North Korea. Two days later, on 19 December 2011, I started my first scan of North Korean Internet space. I was curious to see if their new leader would result in change on their Internet. That was three years ago. I've been keeping an eye on that network now and again.
Ever been curious about what North Korea's Internet looks like? People seem to be interested in that country's use of computers on the Internet more these days for some reason...
Back up a second, how does North Korea get Internet, anyway?North Korea's Internet access is as unique as many other things about the country are. The country is said to have a fairly large internal domestic internet disconnected from the rest of the world. Most citizens with access to computers are only allowed to access this network, not the global computer network the rest of us connect to. But North Korea isn't completely cut off from the world, select people in North Korea, including government officials, visitors, journalists and other select people, have access to the same network the rest of us do.
Since only a small portion of the country has access to this network, North Korea has an extremely small presence on the Internet. All traffic in and out of North Korea, from computers inside the country to computers anywhere else on the globe, goes through a very limited set of connections. Generally, on a physical level, North Korean access to the Internet has been through a connection on the border with China, or through satellite links.
All IP addresses come in blocks and those blocks come in two flavors: allocated or assigned. Generally, allocated IP addresses are given to a network directly and are under complete control of that network. North Korea's direct IP allocation consists of 1024 IP addresses, which is where most of their Internet-visible network exists today, these are the addresses I scanned.
The allocated North Korean network range is 175.45.176.0/22:
inetnum: 175.45.176.0 - 175.45.179.255netname: STAR-KPdescr: Ryugyong-dongdescr: Potong-gang Districtcountry: KPstatus: ALLOCATED PORTABLEmnt-by: APNIC-HMmnt-lower: MAINT-STAR-KPmnt-routes: MAINT-STAR-KPchanged: 20091221source: APNICNorth Korea also has two more blocks that are assigned to it, which means that another network has ultimate control over the addresses, but North Korea's computers are allowed to use them:
210.52.109.0/24 '-- this block is assigned to North Korea through China Unicom and was their original source of IP addresses before they were allocated their first block:inetnum: 210.52.109.0 - 210.52.109.255netname: KPTCcountry: CNdescr: Customer of CNCstatus: ASSIGNED NON-PORTABLEchanged: 20040803mnt-by: MAINT-CN-ZM28source: APNIC77.94.35.0/24 '-- this block is assigned to North Korea by SatGate, a Russian Satellite company, and is the only block of known North Korea IPs under the European RIPE Registry as opposed to APNIC, the registry for the Asian Pacific region:inetnum: 77.94.35.0 - 77.94.35.255netname: SATGATE-FILESTREAMdescr: Korean networkcountry: KPadmin-c: AVA205-RIPEadmin-c: EVE7-RIPEtech-c: PPU4-RIPEtech-c: ANM47-RIPEstatus: ASSIGNED PAmnt-by: SATGATE-MNTsource: RIPE
As you can see on the coverage map for SatGate, service to North Korea isn't likely coming from SatGate's known satellite beams. Instead, while the IP address allocation is coming through SatGate, the Internet service itself is likely coming through IntelSat. There's a number of IntelSat Satellites which could be providing service. IntelSat 22 has a good coverage pattern of the area:
But a bunch of their other satellites also provide coverage to parts of the Korean Peninsula with varying degrees of strength.
Most of the data we have, particularly the data gathered by the excellent Dyn Research (ne(C) Renesys), seems to indicate that almost all North Korean traffic routes through China Unicom. The satellite connection is just a backup.
Anyway, long story short. My port scans focus solely on the 1024 IP addresses allocated to North Korea directly. This also appears to be the addresses the North Korean Internet services are actively using.
MethodsI've been doing some scans for a while. Unfortunately not all of them completed, for various reasons. I've included the ones that got a good section of the IP space. Three of them (March 2012, June 2014 & September 2014) are complete scans of the block. The rest are partial scans, usually hitting 80% of the block or so, before the log was truncated. All my scans were generated using the following commands with the well-known nmap port scanner:
nmap -p1-65535 -sV -O 175.45.176.0/22 -T4 > nk.scan &nmap -p1-65535 -sV -O 175.45.176.0/22 -T4 -Pn > nkall.scan &Essentially, I scanned every port on every IP address, asking nmap to do its best with service detection and OS detection.
Raw DataFeel free to browse through the scan logs. You can find them here. Share what you find.
There's also a filtered.scan file in each directory which has some basic filtering away of non-essential information. Feel free to browse through that instead of the raw logs.
Some things I've noticedOne of the things I was most interested in is trying to determine whether or not the number of visible computers on the Internet increased in North Korea after the power transition from Kim Jong Il to Kim Jong Un. The answer there is that for the most part, it hasn't increased much in terms of number of directly visible hosts, but if you look at the scans, you get the impression they're using it more.
InfrastructureYou can also tell a bit about what North Korea's infrastructure looks like and how they run things. First off, most of North Korea's infrastructure runs on Linux. This probably isn't a huge surprise, since we know North Korea has their own Linux distro, Red Star OS, so it's easy to guess they might be fans. Luckily, Apache tends to report the flavor of Linux. And indeed, starting in scans this year, you see that some of their public facing web servers are running RedStar:
Nmap scan report for naenara.com.kp (175.45.176.67)PORT STATE SERVICE VERSION80/tcp open http Apache httpd 2.2.15 ((RedStar 3.0) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips)The latest scan includes three RedStar machines. Interestingly, the Red Hat machines they had running in earlier scans disappeared about this time, so it might be they deployed Red Star OS to replace their Red Hat machines.
They also use CentOS (4 in the latest scan, more than RedStar), a number of machines that don't report the flavor used and one machine which merely reports (Unix).
North Korea generally wants your new software stacks to get off their lawn. They haven't embraced the Web 2.X rails chop shop style web development popular in some other countries. Instead their webservers have active modules or services for JSP, PHP, Perl and Python. Their choice of server software is similar: Apache for HTTP (web), BIND for DNS and Cisco equipment at the border. For SMTP (email), they expose a bunch of different services, from Cisco PIX smptd running on their routers, to sendmail on a machine. Their mailservers sometimes expose Cyrus on POP3's port. Oh, they're also into Icecast for their streaming media servers, though it's unclear whether they're still using the same thing now. They've also had some Windows machines running IIS, (up until about 2013 or so) so they've got a more diverse infrastructure environment going on than just Linux machines everywhere.
For the most part, their infrastructure hasn't changed a whole bunch over the period I've been scanning them. Though North Korea does seem to bring up an increasing number of sites running on the various webservers they have on their slice of the Internet.
One of their routers appear to be configurable remotely, which is one of those things likely to catch eyes:
Nmap scan report for 175.45.178.129Not shown: 65523 closed portsPORT STATE SERVICE VERSION22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)23/tcp open telnet Cisco router telnetd80/tcp open http Cisco IOS http config443/tcp open ssl/http Cisco IOS http configSo that's a quick view of some of the visible infrastructure-y parts of their network. I just grabbed the highlights, leaning towards the more current scans. There's a bunch of different services running, browse through the full scans for more.
Client MachinesMore interesting is the computers that show up on their network, even for brief periods of time. It seems that while most computers in North Korea are kept behind the edge infrastructure, some computer does show up right on the public Internet.
Apples apples everywhere, but not a bite to eatIn a 20 March 2012 scan, I saw MacBook Air that reported itself as 4,1 model which means it was a "Late 2008" model. It's got a pretty unusual networking footprint, not something you see out of the box:
map scan report for 175.45.177.38Host is up (0.35s latency).Not shown: 65521 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 5.6 (protocol 2.0)88/tcp open kerberos-sec Microsoft Windows kerberos-sec135/tcp filtered msrpc136/tcp filtered profile137/tcp filtered netbios-ns138/tcp filtered netbios-dgm139/tcp filtered netbios-ssn445/tcp filtered microsoft-ds548/tcp open afp?593/tcp filtered http-rpc-epmap3689/tcp open rendezvous?4444/tcp filtered krb5244488/tcp open unknown5900/tcp open vnc Apple remote desktop vnc1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :SF-Port548-TCP:V=5.50%I=7%D=3/20%Time=4F687DAA%P=x86_64-redhat-linux-gnu%rSF:(SSLSessionReq,223,"\x01\x03\0\0Q\xec\xff\xff\0\0\x02\x13\0\0\0\0\x000\SF:0>\0b\0\0\x9f\xfb\x1badministrator\xd5s\x20MacBook\x20Air\0\x9b\0\xab\0SF:\xff\x01p\x01\x8f\rMacBookAir4,1\x05\x06AFP3\.4\x06AFP3\.3\x06AFP3\.2\xSF:06AFP3\.1\x06AFPX03\x06\tDHCAST128\x04DHX2\x06Recon1\rClient\x20Krb\x20SF:v2\x03GSS\x0fNo\x20User\x20Authent\x15\+\xc3\xd9\xf9Q\[\xc7\xa1\x02\xa7SF:D\x88D\xb2\(\x05\x08\x02\xaf-\xb1&\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0\x0SF:2\0\0\xff\xfe\0\r\x06\x02\$\x14\x07\xfe\x80\0\0\0\0\0\0b\xc5G\xff\xfe\xSF:03\[f\x02\$\x14\x07\xfd\0e\x87R\xd7!\xa4b\xc5G\xff\xfe\x03\[f\x02\$\x0fSF:\x04175\.45\.177\.38\x01oafpserver/LKDC:SHA1\.AA6C3E197C870B839764D57E8SF:9AF4A940C95B060@LKDC:SHA1\.AA6C3E197C870B839764D57E89AF4A940C95B060\0\xSF:1dadministrator\xe2\x80\x99s\x20MacBook\x20Air\0\0\0\x80`~\x06\x06\+\x0My guess is this means the MacBook was running RECON Suite which is apparently some sort of enterprise system management software. I'm not too familiar with it.
Bottom line: there are MacBooks in North Korea. This one might be some journalist's machine, which seems like a likely explanation. Though there are really more services running on it than one would think would be a good idea. VNC? On public North Korean IP space? You sure that's a good idea?
VirtualizationLest you think that North Korea is completely backwards and can't get keep up with new technologies, let's set something straight right now. They've totally got VMware:
Nmap scan report for 175.45.178.134Not shown: 65534 filtered portsPORT STATE SERVICE VERSION912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed portDevice type: general purpose|phoneRunning: Microsoft Windows 2008|Phone|Vista|7OS CPE: cpe:/o:microsoft:windows_server_2008::beta3 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7OS details: Microsoft Windows Server 2008 Beta 3, Microsoft Windows Phone 7.5, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008This looks like your standard Windows machine running in a VM. I didn't see evidence of these on the network until September 2014 or so. Which means exposing virtual machines on the public Internet may be a newer thing for them. But even so, they've probably been playing with it inside their internal network for awhile now.
Farewell!Enjoy the scans, have fun, let folks know if you see anything interesting.
Credits, Sources, etc.Your friendly North Korean network observer: nknetobserverExcellent routing analysis: Renesys (now Dyn Research)Other analysis of North Korea's network space: HP Security ResearchSatGate coverage map: http://satgate.net/images/new_maps/map_index.jpgIntelSat coverage maps: http://exnetapps.intelsat.com/flash/coverage-maps/index.html
South Korea proposes talks with North on 'reunification issues' | The Japan Times
Tue, 30 Dec 2014 02:17
SEOUL '' South Korea on Monday proposed talks with North Korea to discuss what it calls a range of issues needed to prepare for the unification of the divided countries '-- an overture that comes amid heightened diplomatic tension after Seoul's key ally the United States blamed the North for a cyberattack on Sony Pictures Entertainment.
North Korea has denied responsibility for the hack against the U.S.-based film studio arm of Sony Corp., which distributed a comedy film featuring an assassination plot against the North's leader, Kim Jong Un.
Pyongyang subsequently blamed Washington for its own Internet outages, and has denied involvement in recent system breaches into South Korea's state nuclear power operator.
Seoul's unification minister said the South had sent a letter to Pyongyang seeking negotiations, which it hopes to hold in January and would cover issues including reunions for families separated by the 1950-1953 Korean war and possible co-operation projects.
It is unclear if Pyongyang would accept Seoul's offer as the country has viewed South Korea's unification plans an attempt to take it over. North Korea wants a unified Korea with Pyongyang in charge.
Unification Minister Ryoo Kihl-jae told a televised news conference that South Korea wants talks in January to discuss exchange programs, joint projects and laws needed for a unified Korea. Ryoo said South Korea hopes the proposed talks would also discuss resuming reunions of families separated by the 1950-53 Korean War.
The North had accepted the letter but had yet to respond, South Korean Unification Minister Ryoo Kihl-jae told a news briefing.
''I don't think we will have any particular agenda, but our position is to discuss everything that South and North have mutual interests in,'' said Ryoo, noting that 2015 marks the 70th anniversary of Korea's independence from Japan.
Seoul launched a government committee on the unification in July, six months after President Park Geun-hye told a New Year's press conference that unifying with North Korea would bring an economic ''bonanza,'' not massive financial costs.
A delegation of high-level North Korean officials made a surprise visit in October to the closing ceremony of the Asian Games hosted by the South, and promised to reopen dialogue between the two. However, the two sides failed to hold follow-up talks as tension persisted, with the North lashing out at the South over anti-Pyongyang propaganda leaflets sent to the North via balloon by activist groups.
Military officials from North and South Korea met in October to discuss border altercations, including exchanges of fire, but they did not resolve their differences.
South Korea imposed a broad set of sanctions on Pyongyang in 2010 following the sinking of a South Korean corvette that killed 46 sailors. South Korea blamed the North, while Pyongyang denied it was responsible, and the issue has been an obstacle to re-engagement ever since.
Ryoo said South Korea would explain to the North its inter-Korean cooperation plans, including a peace park at the demilitarized zone, adding that it was seeking a fresh round of reunions for families separated by the Korean War before the Lunar New Year holidays in February.
The Koreas share the world's most heavily fortified border as the Korean War ended with an armistice, not a peace treaty. Animosities deepened when their troops traded gunfire along the border twice in October.
The two Koreas have remained technically at war for more than six decades as the Korean War ended in an armistice, not a peace treaty. Reunification of the Korean peninsula has been a priority for South Korean President Park Geun-hye.
FBI briefed on alternate Sony hack theory - Tal Kopan - POLITICO
Tue, 30 Dec 2014 12:56
FBI agents investigating the Sony Pictures hack were briefed Monday by a security firm that says its research points to laid-off Sony staff, not North Korea, as the perpetrator '-- another example of the continuing whodunit blame game around the devastating attack.
Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn't quieted a chorus of well-qualified skeptics who say the evidence just doesn't add up.
Story Continued Below
Researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn't point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.
The FBI says it is standing by its conclusions, but the security community says they've been open and receptive to help from the private sector throughout the Sony investigation.
Norse, one of the world's leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.
Norse's senior vice president of market development said that just the quickness of the FBI's conclusion that North Korea was responsible was a red flag.
''When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it's really hard to pin this on anyone within days of the attack,'' Kurt Stammberger said in an interview as his company briefed FBI investigators Monday afternoon.
He said the briefing was set up after his company approached the agency with its findings.
Stammberger said after the meeting the FBI was ''very open and grateful for our data and assistance'' but didn't share any of its data with Norse, although that was what the company expected.
The FBI said Monday it is standing behind its assessment, adding that evidence doesn't support any other explanations.
''The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector,'' a spokeswoman said in a statement. ''There is no credible information to indicate that any other individual is responsible for this cyber incident.''
The spokeswoman had no comment on further inquiries about the briefing and whether the FBI found Norse's case convincing.
A source who had been briefed on the FBI's investigation said the agency had considered an insider as a possible explanation for the attack, but it wasn't supported by the evidence.
The FBI won't comment further on an open investigation, referring questions to the initial update on the investigation the agency released 10 days ago. That unusual release cited similarities between the malware and infrastructure behind the Sony attack and previous attacks attributed to North Korea as well as technical links to known North Korean-developed malware.
But many security researchers have found that evidence to be thin and unconvincing.
In addition to Norse's analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean.
Security expert Bruce Schneier called the evidence ''circumstantial at best'' and considered a number of other possible explanations. CloudFlare principal researcher and DefCon official Marc Rogers wrote that the FBI's indicators seem to rely on malware that is widely available for purchase and IP addresses easily hijacked by any bad guy. Errata Security's Robert Graham also noted the hacker underground shares plenty of code, calling the FBI's evidence ''nonsense.''
But the doubters leave open the possibility that the government has other intelligence supporting the idea that it's North Korea that they don't have access to, and a U.S. official told POLITICO it is likely the U.S. has access to information it is choosing to not release.
The official said law enforcement is still treating the incident as an ''active criminal investigation'' but that may or may not lead to a prosecution built on evidence that goes beyond a reasonable doubt.
''I think the intent was to release the information because this is the new normal, not to tuck away information and hide it as we have in the past,'' the official said, calling the quick preliminary release ''unprecedented.''
Stammberger said that if there is more information out there, it should be released to companies like his and others that are also investigating the attack.
''Whenever we see some indicators or leads that North Korea may be involved, when we follow those leads, they turn out to be dead ends,'' Stammberger said. ''Do I think it's likely that [officials] have a smoking gun? '... We think that we would have seen key indicators by now in our investigation that would point to the North Koreans: We don't see those data points. So if they've got them, they should share some of them at least with the community and make a more convincing case.''
Norse - IPViking Live ATTACK MAP
Thu, 01 Jan 2015 14:16
Every second, Norse collects and analyzes live threat intelligence from darknets in hundreds of locations in over 40 countries. The attacks shown are based on a small subset of live flows against the Norse honeypot infrastructure, representing actual worldwide cyber attacks by bad actors. At a glance, one can see which countries are aggressors or targets at the moment, using which type of attacks (services-ports).
Hovering over the Attack Origins, Attack Targets, or Attack Types will highlight just the attacks emanating from that country or over that service-port respectively. Hovering over any bubble on the map, will highlight only the attacks from that location and type. Press s to toggle table sizes.
Norse exposes its threat intelligence via high-performance, machine-readable APIs in a variety of forms. Norse also provides products and solutions that assist organizations in protecting and mitigating cyber attacks.
For more information, please contact: inquiry@norse-corp.com
vsn2014 (C) Norse Corp. - All Rights Reserved
Norse - Board of Directors
Thu, 01 Jan 2015 14:10
Bandel L. CaranoBandel joined Oak Investment Partners in 1985 and became a General Partner in 1987. Bandel's investment focus is on Clean Energy and Information Technology. Bandel is currently on the Boards of Airspan Networks, Aurora Algae, Boston Power, Centric Software, eSolar, FirstRain, Good Technology, Kratos Defense & Security Solutions, Mimosa Networks, MobiTV, NeoPhotonics, Nexant, nLight Photonics, Plastic Logic, Protean Electric, ReliOn, SmartDrive, Solarflare Communications, Stretch, and Sundrop Fuels. Prior to Oak, Bandel joined Morgan Stanley's Venture Capital Group in 1983. He was responsible for advising Morgan Stanley on high-tech new business development, as well as sponsoring venture investments.
Jason ClarkJason Clark is a high performing executive with more than 20 years of experience building and executing successful strategic security programs. As chief security and strategy officer for Accuvant, Clark is responsible for developing and delivering a comprehensive suite of strategic services and solutions that help CXO executives change their security strategies through innovation to ensure success while aligning to business goals; and creating the Office of the CISO to bring value to the security executive community. Prior to joining Accuvant, Clark was the chief security and strategy officer for Websense, where he was a driving force behind the company's transformation into a strategic player and provider of critical technology for chief security officers (CSOs). In his previous role as chief information security officer (CISO) and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company's risk by developing and executing on a successful security program for 140,000 employees across 1,500 locations. He has served as CISO for The New York Times, senior manager of security and infrastructure architecture for EverBank, and has held technical leadership positions of increasing responsibility for BB&T and the U.S. Army.
Clark, a well-known thought leader and highly requested speaker, hosts 20 CISO roundtables per year and has been ranked as a top 10 Global Security Leader by ExecRank. He has been quoted in and published by multiple media outlets and has presented at or keynoted more than 40 conferences worldwide, including RSA, Gartner Security Summit, CSO Perspectives, CSO Security Standard, Evanta CISO Summit and ISSA events. Clark earned his master's degree from Olin Business School at Washington University and his bachelor's degree in business management from the University of Florida.
Robert F. LentzRobert Lentz, president of Cyber Security Strategies, is the former CISO for the U.S. DoD, where he oversaw the department's $3 billion cybersecurity program. He transformed the program by establishing the first comprehensive IA/cyber-architecture supply-chain risk management strategy and operationalizing the world's most robust identity management system. He also played a key role in leading the U.S. National Cyber Initiative. Lentz serves on the boards of several leading technology companies. He has served in various capacities over his 34-year career with The Office of the Assistant Secretary of Defense, the U.S. DoD and the National Security Agency (NSA).
Howard A. Bain IIIHoward Bain III has expertise in all aspects of software and hardware corporate operations and finance. He is currently chairman of the board of Violin Memory and serves on the board of directors of Nanometrics Inc. (NASDAQ: NANO); Learning Tree International, Inc. (NASDAQ: LTRE); and several privately and venture-capital financed companies. Bain has held chief financial officer positions at several public companies, including Portal Software, Vicinity Corporation , Informix and Symantec. He is also a National Association of Corporate Directors (NACD) Governance Fellow.
Henry MarxHenry is the President of Big Deal Records, LLC and The Music Force Publishing Co., LLC. With over 40 years in the independent record industry, Henry's management expertise has guided the careers of artists as diverse as Bobby Caldwell, Laura Branigan, and Tower of Power, and his marketing expertise has guided many artists to the top of the Billboard Charts. Henry has earned a number of BMI Multi-Platinum Radio Airplay and ASCAP Awards in addition to over sixty Gold and Platinum albums, generating over 100 million record sales and more than 35 million record and song downloads sold to date, including #1 Billboard Pop hits with Peter Cetera and Amy Grant (co-written by Henry Marx/Bobby Caldwell/Paul Gordon), Neil Diamond, Boz Scaggs, Anita Baker, Alicia Keys, John Legend and Tracy Byrd, among many others. Sample hits include Tupac, Notorious BIG, Master P, Drake, and others with a total of an additional 35 million sales and downloads thus far.
Mark WilliamsMr. Mark Williams is a recognized security expert with over 20 years of industry experience. As Chief Security Officer of Microsoft Federal, Mr. Williams is the preeminent thought leader for security and compliance strategy across the Microsoft portfolio within the Federal market. Since joining Microsoft Federal, Mr. Williams' contributions has helped Microsoft's Federal government business achieve significant growth and attain the highest customer satisfaction ratings in North America. Previously, Mr. Williams served as Director of Security for Microsoft Online Services, overseeing end to end security for Microsoft's cloud services including: Exchange Online, SharePoint, LiveMeeting, and Office 365. Prior to joining Microsoft, Mr. Williams held security leadership roles at CMS Energy and iDEFENSE. Mr. Williams is a published author and frequent speaker at industry events.
Samuel M. GlinesSam, who is also our Chief Executive Officer, is a native of St. Louis and graduated from St. Louis University in 1995 with a double major in Accounting and MIS. Upon graduation, he went to work for Accenture (then Anderson Consulting) where he spent 13 years leading technology teams and helping clients around the world such as Anheuser-Busch, BMW, Caterpiller, United Technologies, and Kraft improve their bottom lines through innovative technologies. After leaving Accenture in 2008 to pursue more entrepreneurial interests, Sam met our CTO Tommy Stiansen while working together at a startup digital media protection firm. Sam and Tommy co-founded Norse Corporation in April 2010. Sam is responsible for strategy, talent acquisition, and financing activities.
Tommy StiansenTommy, who is also our Chief Technology Officer, attended HiB (the University of Bergen) in Norway, studying computer science. He worked at Scandinavian Airlines Systems, until leaving to pursue entrepreneurial interests, launching some of the early stage Internet companies in Norway. There, he invented Charon, a telecom billing software system that was nominated for the Most Innovative Product at the World Billing Awards in 2004. In 2006, Tommy came to the United States and worked for federal government agencies, including the Department of Homeland Security, on classified Internet security matters. He later met Sam Glines while working at a digital media startup company, and Tommy and Sam co-founded Norse Corporation in April 2010. As CTO, Tommy is responsible for ensuring our technology strategy serves its business strategy. Tommy is considered a thought leader with world-class expertise in Internet protocols and their security.
Cybersecurity Firm Identifies Six In Sony Hack '-- One A Former Company Insider - Yahoo News
Wed, 31 Dec 2014 14:00
HomeMailSearchNewsSportsFinanceWeatherGamesAnswersScreenFlickrMobileMoreCelebrityMoviesMusicTVGroupsHealthStyleBeautyFoodParentingDIYTechShoppingTravelAutosHomesUpgrade to the new Firefox >>Sign InMailHelpAccount InfoHelpSuggestions
F-Russia
Russia's Gazprom buys 50% stake in South Stream Transport BV to become its 100% owner
Mon, 29 Dec 2014 19:09
MOSCOW, December 29. /TASS/. Russia's gas giant Gazprom said in a release on Monday it had signed a deal with Eni, Wintershall and EDF on the purchase of 50% of shares in South Stream Transport BV.
Thus, Gazprom will be a 100% owner of the company.
Commenting on the decision to sell its stake in South Stream Transport BV, Wintershall said participants in the project had decided to close it since there were no guarantee permits for the South Stream further construction could be issued soon whereas economic impacts of delays in the project implementation could hardly be calculated.
South Stream Transport B.V. is an international joint venture set up to do the planning and construction works and to operate the seabed South Stream pipeline that was supposed to be laid across the Black Sea. Gazprom's share in the company was 50%, Italy's Eni held a 20% stake, France's EDF - 15% and Germany's Wintershall Holding GmbH - also 15%
Russian President Vladimir Putin announced the decision on Russia's withdrawal from the project on December 1 while on visit to Turkey. South Stream was Gazprom's global infrastructural project of a gas pipeline system with a capacity of 63 billion cubic meters across the Black Sea stretching from Russia to Bulgaria and through Serbia, Hungary and Slovenia further to Austria. Vladimir Putin blamed the EU and Bulgarian authorities for lack of cooperation. According to the South Stream Transport Company, European companies will suffer direct losses valued at no less than '¬2.5 billion due to the termination of the project.
Instead of South Stream, Gazprom will build a gas hub on the Turkey-Greece border under a new 63 billion cubic meter pipeline project. Gazprom CEO Alexey Miller said the construction of a gas pipeline to Turkey will make it possible to reduce the risks linked with natural gas transit through Ukraine. Russia's steel pipe manufacturers hope that all their products originally meant for the South Stream project will be redirected to the new gas pipeline project.
TASS: World - Former US firm Blackwater to train Ukrainian military for street fighting '-- source
Tue, 30 Dec 2014 19:51
MOSCOW, December 30. /TASS/. The US private military company Academi (formerly known as Blackwater) has confirmed its readiness to start training a Ukrainian battalion for street fighting, a military-diplomatic source told TASS on Tuesday.
''The private military company Academi has confirmed to the Kiev authorities its readiness to start training an experimental battalion of 550 men as of January at the request of Ukraine's General Staff,'' the source said.
According to the source the month-long program includes training in marksmanship, operations by assault groups in urban conditions, close combat and combat and logistics support for the battalion.
The cost of instruction is estimated at $3.5 million.
''Ukraine has said it is ready to pay the money on the condition of assistance from the Ukrainian association Patriot, providing technical and financial support for the project,'' the source said.
The Ukrainian military will be trained at the Yavorov centre.
Earlier this week Russia published a new version of the military doctrine, which for the first time identified the activity of foreign private military companies near Russian borders as a foreign threat. According to media reports US firms were involved in events in the south-east of Ukraine on the side of the Kiev authorities. The White House has repeatedly denied the presence of private US military companies in Ukraine.
Putin Goes Medieval on the Opposition | RealClearWorld
Wed, 31 Dec 2014 14:50
For the second year in a row, Russian President Vladimir Putin has left it until the end of the year to make a surprising decision concerning a major political opponent. In 2013, he suddenly let former oil magnate Mikhail Khodorkovsky out of prison and allowed him to fly to Germany -- because, Putin explained, Khodorkovsky's mother was dying in a Berlin hospital and they needed time together. Today, a Moscow court handed corruption-fighting lawyer Alexei Navalny a surprisingly lenient 3 1/2-year suspended sentence -- but sent his brother, Oleg Navalny, to prison for the same term.
ISND
Lying on Facebook profiles can implant false memories, experts warn - Telegraph
Wed, 31 Dec 2014 04:38
"Being competitive and wanting to put our best face forward - seeking support or empathy from our peers- is entirely understandable,'' said Dr Sherry.
"However, the dark side of this social conformity is when we deeply lose ourselves or negate what authentically and compassionately feels to be 'us'; to the degree that we no longer recognise the experience, our voice, the memory or even the view of ourselves.
"When this starts to happen, feelings of guilt and distaste towards ourselves can create a cognitive trap of alienation and possibly even a sense of disconnection and paranoia.''
Dr Sherry said that social media had the power to 'undermine the coherence between our real, lived lives and memories.'
The study was commissioned by the world's first anonymous online journal repository Pencourage which aims to preserve true life chronicles by allowing users to anonymously post 200 words every day to their personal journal.
Dr Sherry added: "Studies show that memories are actually modified and less accurate whenever we 'retrieve' them from our minds, to the point of entirely changing their nature over time.
"So recording our experiences through whatever medium, to later reminisce or revisit lessons we learned, is not only acceptable but desirable. In fact, looking back at our own past - however embarrassing or uncomfortable - is not just healthy but can be enjoyable."
Shut Up Slave!
Poll: Most Americans Want to Criminalize Pre-Teens Playing Unsupervised - Reason.com
Wed, 31 Dec 2014 13:51
Capture Queen / Flickr
RELATED ARTICLESMORE ARTICLES BY Lenore SkenazyCorrection: A previous version of this piece published results about 9- and 12-year-olds that reflected a subset of the poll's total sample. These numbers have been corrected and now reflect the total sample.
A whopping 68 percent of Americans think there should be a law that prohibits kids 9 and under from playing at the park unsupervised, despite the fact that most of them no doubt grew up doing just that.
What's more: 43 percent feel the same way about 12-year-olds. They would like to criminalize all pre-teenagers playing outside on their own (and, I guess, arrest their no-good parents).
Those are the results of a Reason/Rupe poll confirming that we have not only lost all confidence in our kids and our communities'--we have lost all touch with reality.
"I doubt there has ever been a human culture, anywhere, anytime, that underestimates children's abilities more than we North Americans do today," says Boston College psychology professor emeritus Peter Gray, author of Free to Learn, a book that advocates for more unsupervised play, not less.
In his book, Gray writes about a group of 13 kids who played several hours a day for four months without supervision, though they were observed by an anthropologist. "They organized activities, settled disputes, avoided danger, dealt with injuries, distributed goods... without adult intervention," he writes.
The kids ranged in age from 3 to 5.
Of course, those kids were allowed to play in the South Pacific, not South Carolina, where Debra Harrell was thrown in jail for having the audacity to believe her 9-year-old would be fine by herself at a popular playground teeming with activity. In another era, it not only would have been normal for a child to say, "Goodbye, mom!" and go off to spend a summer's day there, it would have been odd to consider that child "unsupervised." After all, she was surrounded by other kids, parents, and park personnel. Apparently now only a private security detail is considered safe enough.
Harrell's real crime was that she refused to indulge in inflated fears of abduction and insist her daughter never leave her side. While there are obviously many neighborhoods wrecked by crime where it makes more sense to keep kids close, the country at large is enjoying its lowest crime level in decades.
Too bad most people reject this reality. The Reason/Rupe Poll asked "Do kids today face more threats to their physical safety?" and a majority'--62 percent'--said yes. Perhaps that's because the majority of respondents also said they don't think the media or political leaders are overhyping the threats to our kids.
But they are. "One culprit is the 24 hour news cycle," said Richard Louv, author of Last Child in the Woods, when I asked him why so few kids are outside these days. Turn on cable TV, "and all you have to do is watch how they take a handful of terrible crimes against children and repeat that same handful over and over," he said. "And then they repeat the trial over and over, and so we're conditioned to live in a state of fear."
Rationally understanding that we are living in very safe times is not enough to break the fear, he added.
So what is?
Experience. Through his Children and Nature Network, Louv urges families to gather in groups and go on hikes or even to that park down the street that Americans seem so afraid of. Once kids are outside with a bunch of other kids, they start to play. It just happens. Meanwhile, their parents stop imagining predators behind every bush because they are face to face with reality instead of Criminal Minds. They start to relax. It just happens.
Over time, they can gradually regain the confidence to let their kids go whoop and holler and have as much fun as they themselves did, back in the day.
Richard Florida, the urbanist and author of The Rise of the Creative Class, is one of the many parents today who recalls walking to school solo in first grade. He was in charge of walking his kindergarten brother the next year. The age that the Reason/Rupe respondents think kids should start walking to school without an adult is 12.
That's the seventh grade.
Florida has intensely fond memories of riding his bike "everywhere" by the time he was 10. Me too. You too, I'm guessing. Why would we deny that joy to our own kids? Especially when we're raising them in relatively safer times?
"Let your kids play in the park, for God's sake," Florida pleads. "We'll all be better for it."
Why should South Pacific toddlers have all the fun?
Lenore Skenazy is host of the reality show ''World's Worst Mom'' on the Discovery Life Channel, starting Jan. 22. She is also a public speaker and founder of the book and blog Free-Range Kids.
Obama Nation
Accenture wins $563 million contract for healthcare.gov | Managed Healthcare Executive
Wed, 31 Dec 2014 16:43
The Centers for Medicare & Medicaid Services (CMS) announced that it has selected Accenture Federal Services for a five-year, $563 million contract to continue Accenture's work on the federally facilitated marketplace in support of healthcare.gov.
''This is a strong statement of confidence in Accenture to continue their success with the exchange,'' said MHE Advisor Don Hall, a former health plan CEO, is principal, Delta Sigma LLC, in Littleton, Colorado. ''For health plans this is a relief to see that there will be no change in the vendor.''
Accenture, a consulting and technology services company with 281,000 employees and $28.6 billion in revenue, was awarded a one-year contract in January 2014 to make improvements to healthcare.gov. The consultant was tasked with 24/7 support of the Marketplace application, eligibility and enrollment functions, and the generation and transition of enrollment forms.
Accenture mobilized more than 500 people in six weeks to develop and execute the work identified in the letter contract and to assist CMS in defining the work necessary to enhance healthcare.gov.
''Accenture has been an essential member of our team as we focused on delivering a positive consumer experience through healthcare.gov. We are pleased that Accenture will continue to support healthcare.gov, as we work together to help millions of Americans sign up for quality, affordable health insurance,'' said CMS Administrator Marilyn Tavenner in a press release.
Accenture delivered technology solutions and systems to support this year's enrollment, expanded outreach to issuers, and supported the Small Business Health Options Program (SHOP), including:
Completing all transition activities in an accelerated timeline;
Executing architecture changes to increase capacity;
Implementing usability improvements and re-enrollment capability to support the 2015 enrollment period.
READ: HHS-OIG leads probe into healthcare.gov hacking
As the 2014 enrollment period closed, work began to prepare for the 2015 enrollment. Accenture focused on simplifying the process for issuers to update plans, and implemented tools and processes to expedite the resolution of citizen inquiries. At the same time, Accenture worked with CMS to find new ways to streamline and improve the customer experience.
CMS later expanded Accenture's scope of work to include enhancements and additional functionality of the federally facilitated marketplace, the SHOP and state-based exchange transitions. All of these efforts helped create a successful launch of the 2015 Open Enrollment cycle that continues through February 15, 2015.
NA Book Club / Sacred Texts Email
In the morning to you Adam Tiberius Curry and thank you for your courage!
The Christmas episode was great. Because of the Christmas episode, I bought Confessions of an Economic Hitman on Audible. Now, I finally know what you guys are talking about when you talk about economic hitmen.
Fantastic book. What other sacred texts are there now that I’m done with this one? I also got Brave New World and Babbit. Any other suggestions?
Also, is the No Agenda show based on Confessions of an Economic Hitman? At the end of the book, he starts talking about how we have to ask the important questions and such. The whole audiobook seems like No Agenda Show #0. That’s number zero, not hashtag zero.
Do you think that’s what happening in the EU? Toward the end, he talks about how the whole thing relies on the U.S. dollar being the most important currency and if another currency came along that was stronger than the dollar, the whole system would fall apart. Then he said that that currency is the euro. Do you think that’s what started all of the troubles over there? The jackals?
-Rich
FEMA Region II
http://fortheloveoftech.com
NA-Tech News
Miss the Hiss email
Listening to the xmas show on the drive to work this morning.
First, I enjoy learning about how you actually produce the show, what hardware and software combinations you use. What you've done to fine tune things to make it sound like the best podcast in the universe.
But I MISS THE HISS!
And this is important, why I miss the hiss... Dead silence is great, but it causes problems with blue-fucking-tooth!
Do you know what happens when there is dead air, (I mean, all zeros, as you eloquently put it) on Bluetooth audio? It stops streaming. To preserve battery it stops streaming, and when audio comes back it resumes streaming.
I noticed this with my car audio, at a dead silence, the logo on my car dash that says "STREAMING!" goes away with silence, and comes back when you pick back up. Which isn't too bad because there's no noticeable cut...
But it's noticeable when it came to my new shower Bluetooth, so I don't waste time in the shower, I wanted to be more productive and listen to the show...
But the shower Bluetooth device, has a slow ramp uptake on streams. I presume it's so a jarring punch of loud music doesn't just come on over the Bluetooth... but the silence cuts the audio stream, the Bluetooth speaker has a slow response, and it cuts seconds of time out of the podcast, making the show UNLISTENABLE! (Normally it's when John is talking.)
I've actually been meaning to tell you this for some time, but never thought about it till you mentioned it in the show. You are intentionally going for the "all zeros" effect.
Maybe, just maybe, instead of all zeros, you can put an offset of the audio so it's streaming all 0.01db at dead silence? Audibly it sounds like all zeros, but digitally it's sending an audio stream.
Just something to think about.
Keep up the fantastic show. I've been meaning to donate again, but money is tight still, and it makes me sad that I can't.
James
Real News
Taylor Swift's Gift Giving of 2014 - YouTube
Tetrodotoxin Poisoning Outbreak from Imported Dried Puffer Fish '-- Minneapolis, Minnesota, 2014
Thu, 01 Jan 2015 15:23
Jon B. Cole, MD1,2, William G. Heegaard, MD2, Jonathan R. Deeds, PhD3, Sara C. McGrath, PhD3, Sara M. Handy, PhD3 (Author affiliations at end of text)
On June 13, 2014, two patients went to the Hennepin County Medical Center Emergency Department in Minneapolis, Minnesota, with symptoms suggestive of tetrodotoxin poisoning (i.e., oral paresthesias, weakness, and dyspnea) after consuming dried puffer fish (also known as globefish) purchased during a recent visit to New York City. The patients said two friends who consumed the same fish had similar, although less pronounced, symptoms and had not sought care. The Minnesota Department of Health conducted an investigation to determine the source of the product and samples were sent to the Food and Drug Administration (FDA) Center for Food Safety and Applied Nutrition for chemical and genetic analysis. Genetic analysis identified the product as puffer fish (Lagocephalus lunaris) and chemical analysis determined it was contaminated with high levels of tetrodotoxin. A traceback investigation was unable to determine the original source of the product. Tetrodotoxin is a deadly, potent poison; the minimum lethal dose in an adult human is estimated to be 2''3 mg (1). Tetrodotoxin is a heat-stable and acid-stable, nonprotein, alkaloid toxin found in many species of the fish family Tetraodontidae (puffer fish) as well as in certain gobies, amphibians, invertebrates, and the blue-ringed octopus (2). Tetrodotoxin exerts its effects by blocking voltage-activated sodium channels, terminating nerve conduction and muscle action potentials, leading to progressive paralysis and, in extreme cases, to death from respiratory failure. Because these fish were reportedly purchased in the United States, they pose a substantial U.S. public health hazard given the potency of the toxin and the high levels of toxin found in the fish.
Case ReportsPatient 1. A man aged 30 years went to the emergency department (ED) with his sister (patient 2), concerned that they both might have puffer fish poisoning. The patient stated that he had purchased dried fish described as globefish from a street vendor in New York City and transported the fish to Minnesota himself. Six hours before he came to the ED, he rehydrated some fish and consumed it with his sister and two friends. Thirty minutes after consumption, he experienced perioral and tongue numbness, numbness and weakness in his extremities, extreme fatigue, and dyspnea. He also complained that "my teeth can't feel themselves." Despite self-induced vomiting, his symptoms did not resolve, after which he went to the ED. He noted that his two friends, who also consumed the fish but did not go to the ED, had similar symptoms that resolved over several hours.
At the ED, his temperature was 98.1°F (36.7°C), pulse 75 beats/min, respiratory rate 24 breaths/min, blood pressure 160/87 mmHg, and blood oxygen saturation 100% on room air. Physical examination was unremarkable; respiratory effort, mental status, and strength testing were normal. The patient was observed in the ED for 6 hours, during which time his hypertension and tachypnea resolved and his symptoms improved. Laboratory results were as follows: hemoglobin, 15.8 g/dL (normal range = 13.1''17.5), white blood cell count, 9,020/µL (normal = 4,000''10,000), platelets 221,000 (normal = 150,000''400,000), sodium 138 mEq/L (normal = 135''148), potassium 3.4 mEq/L (normal = 3.5''5.3), chloride 100 mEq/L (normal = 100''108), carbon dioxide 27 mEq/L (normal = 22''30), creatinine 0.66 mg/dL (normal = 0.7''1.25), ionized calcium, 4.68 mg/dL (normal = 4.4''5.2). Overnight observation was recommended; however, the patient elected to leave against medical advice.
Patient 2: A woman aged 33 years, who went to the ED with her brother (patient 1), also consumed the fish 6 hours before arrival at the ED and also complained of perioral and tongue numbness, numbness and weakness in her extremities, extreme fatigue, dyspnea, and the feeling that "my teeth can't feel themselves," all beginning 30 minutes after consuming the rehydrated fish. Her temperature was 98.1°F (36.7°C), pulse 71 beats/min, respiratory rate 16 breaths/min, blood pressure 110/74 mmHg, and blood oxygen saturation 100% on room air. Her physical examamination was unremarkable; respiratory effort, mental status, and strength testing were normal.
Laboratory results were as follows: hemoglobin, 14.4 g/dL (normal range = 13.1''17.5), white blood cell count, 6,080/µL (normal = 4,000''10,000), platelets 179,000/µL (normal = 150,000''400,000), sodium 141 mEq/L (normal = 135''148), potassium 3.6 mEq/L (normal = 3.5''5.3), chloride 105 mEq/L (normal = 100''108), carbon dioxide 29 mEq/L (normal = 22''30), creatinine 0.57 mg/dL (normal = 0.7''1.25), and ionized calcium, 4.9 mg/dL (normal = 4.4''5.2). After 6 hours of observation in the ED, the patient's symptoms began to improve. Overnight observation was recommended but she also left against medical advice.
Laboratory AnalysisSeven of the dried, dressed fish (Figure 1) purchased by patient 1 were provided to the ED staff by the patients on arrival. Samples were transferred to the FDA Center for Food Safety and Applied Nutrition for analysis. Samples of dried muscle (10 mg) were taken from each fish for genetic analysis. A portion of the cytochrome c oxidase I (COI) mitochondrial gene was amplified and compared with COI sequences from FDA-authenticated reference standards for various species of puffer fish (3). The genetic analysis determined that all samples were Lagocephalus lunaris (Figure 2). For the toxin analysis, samples of dried muscle (2 g) were taken from each fish and rehydrated overnight at 39.2°F (4.0°C) using 10 mL of 1% acetic acid in water. After rehydration, tissues were homogenized, centrifuged, decanted, and samples were extracted a second time with an additional 9 mL of 1% acetic acid in water. Combined extracts were brought up to a total volume of 20 mL. Aliquots of each extract (2 mL) were de-fatted with 8 mL of chloroform, filtered (0.22 µm) and diluted 1:200 using 50/50 acetonitrile/1% acetic acid in water.
Samples were analyzed for tetrodotoxin by liquid chromatography-electrospray ionization-multiple reaction monitoring mass spectrometry (4). All seven samples were found to contain significant concentrations of tetrodotoxin with a mean of 19.8 ppm and a range of 5.7''72.3 ppm (Table). FDA has not established a guidance level for tetrodotoxin, but for comparison, the guidance level for the paralytic shellfish toxin saxitoxin, another alkaloid toxin with similar pharmacology and potency, is 0.8 ppm (5).
Actions TakenSeveral attempts were made to contact patient 1 and patient 2 by telephone; however, none were successful. Visits to the two patients' home were made by both public health officials and law enforcement; however, current residents of the home stated that they had no knowledge of the patients' whereabouts. There was no labeling on the fish packaging, and all attempts to determine the source of the fish were unsuccessful. The Minnesota Department of Health and Department of Agriculture notified the New York City Department of Health and Department of Agriculture of the outbreak. However, with no specific information available about the source of the fish, no further investigation was feasible.
DiscussionThe puffer fish (sometimes called globefish, fugu, or blowfish) is highly prized in many Asian cultures and is consumed safely in some countries (e.g., Japan). Consumption is safe, however, only with specialized training regarding which species to prepare and how to prepare them because the concentration and tissue distribution of toxin varies greatly among the >180 known species. Regulatory authorities in the United States do not provide this training, nor is tetrodotoxin testing routinely conducted; therefore, only the frozen meat, skin, and male gonad from one species of puffer fish (Takifugu rubripes) from Japan, processed according to Japanese safety guidelines, is permitted to be imported into the United States a limited number of times per year, pursuant to an FDA/Japanese government agreement established in 1988 (6). All other imported puffer fish products are prohibited (7). For domestic sources of puffer fish, only nontoxic species are recommended by FDA for consumption.* FDA regulates domestically sourced puffer fish through the Seafood Hazard Analysis and Critical Control Points regulation (5). Selected states have established additional requirements for controls for puffer fish from certain areas because of potential toxicity (8).
Lagocephalus lunaris is an Indo-Pacific species of puffer fish and is one of the only species known to contain high concentrations of tetrodotoxin naturally in the meat, making safe preparation of this product impossible (9). In its native region, it has been confused with similar looking, nontoxic species, resulting in numerous illnesses (10). This is the same species that was illegally imported and responsible for illnesses in California, Illinois, and New Jersey in 2007 (4).
The presence of this puffer fish species in a U.S. market represents a substantial public health threat given the potentially lethal toxin and the high concentration of the toxin in the flesh of these fish. However, because the two patients provided limited information, the source of the fish and how it was imported, in violation of current FDA import restrictions, could not be determined. Medical professionals who work in EDs or with persons from countries with a tradition of puffer fish consumption should be aware of this potential public health threat and collaborate with local poison centers and health departments to investigate any outbreaks of tetrodotoxin poisoning to determine the source of the product and block additional sales to prevent additional illnesses. FDA recently released materials, including instructions for the collection and submission of meal remnants, for several fish-related illnesses, including puffer fish poisoning. These materials are available on CDC's Epidemic Information Exchange.'
AcknowledgmentsMinnesota Department of Health; Minnesota Department of Agriculture; Roseville, Minnesota, Police Department.
1Hennepin Regional Poison Center, Minneapolis, Minnesota; 2Hennepin County Medical Center, Minneapolis, Minnesota; 3Center for Food Safety and Applied Nutrition, Food and Drug Administration (Corresponding author: Jonathan R. Deeds, jonathan.deeds@fda.hhs.gov, 240-402-1474)
ReferencesNoguchi T, Ebesu JSM. Puffer poisoning: epidemiology and treatment. J Toxicol Toxin Rev 2001;20:1''10.Cavazzoni E, Lister B, Sargent P, Schibler A. Blue-ringed octopus (Hapalochlaena sp.) envenomation of a 4-year-old boy: a case report. Clin Toxicol (Phila) 2008;46:760''1.Handy SM, Deeds JR, Ivanova NV, et al. A single laboratory validated method for the generation of DNA barcodes for the identification of fish for regulatory compliance. J AOAC Int 2011;94:201''10.Cohen NJ, Deeds JR, Wong ES, et al. Public health response to puffer fish (tetrodotoxin) poisoning from mislabeled product. J Food Prot 2009;72:810''7.Food and Drug Administration. Fish and fisheries products hazards and controls guidance. 4th ed. US Department of Health and Human Services, Food and Drug Administration; 2014. Available at http://www.fda.gov/Food/GuidanceRegulation/GuidanceDocumentsRegulatoryInformation/Seafood/ucm2018426.htm.Food and Drug Administration. Exchange of letters between Japan and the US Food and Drug Administration regarding puffer fish. US Department of Health and Human Services, Food and Drug Administration. Available at http://www.fda.gov/InternationalPrograms/Agreements/MemorandaofUnderstanding/ucm107601.htm.Food and Drug Administration. Import alert no. 16-20: detention without physical examination of puffer fish and foods that contain puffer fish. US Department of Health and Human Services, Food and Drug Administration; 2014. Available at http://www.accessdata.fda.gov/cms_ia/importalert_37.html.Deeds JR, White KD, Etheridge SM, Landsberg JH. Concentrations of saxitoxin and tetrodotoxin in three species of puffers from the Indian River Lagoon, Florida, the site of multiple cases of saxitoxin puffer fish poisoning from 2002''2004. Trans Am Fish Soc 2008;137:1317''26.Yang CC, Liao SC, Deng JF. Tetrodotoxin poisoning in Taiwan: an analysis of poison center data. Vet Hum Toxicol 1996;38:282''6.Hwang DF, Hsieh YW, Shiu YC, Chen SK, Cheng CA. Identification of tetrodotoxin and fish species in a dried dressed fish fillet implicated in food poisoning. J Food Prot 2002;65:389''92.What is already known on this topic?
The puffer fish (family Tetraodontidae; also known as globefish, fugu, or blowfish) is considered a delicacy in many parts of the world. Certain species of puffer fish naturally contain levels of the alkaloid toxin tetrodotoxin that are harmful to humans, requiring specialized training on safe methods of preparation and knowledge of which species can be safely consumed. Because of the risks, the importation of puffer fish products into the United States is highly restricted by the Food and Drug Administration.
What is added by this report?
Four cases of puffer fish poisoning in Minneapolis, Minnesota, resulted from consumption of dried globefish. Toxin analysis showed the product to be highly contaminated with tetrodotoxin, and a DNA analysis identified the fish as Lagocephalus lunaris, which is not allowed for import because naturally occurring toxin in its meat make safe preparation of this species impossible. Lack of product labeling and limited information provided by two persons who went to the emergency department prevented determination of the exact source of the product and how it was illegally imported into the country.
What are the implications for public health practice?
The presence of Lagocephalus lunaris in a U.S. market represents a public health threat given the potential lethal nature of the toxin and the high concentration of the toxin in the meat of these fish. Health care providers who work in emergency departments or with persons from countries with a tradition of puffer fish consumption should be aware of this potential public health threat and coordinate with local poison centers and health departments to investigate any suspected cases of puffer fish poisoning to determine the source of the fish, whether it was legally imported, and whether additional contaminated product needs to be removed from commerce.
FIGURE 1. Dried, dressed fillets of puffer fish (Lagocephalus lunaris) obtained from patients in a tetrodotoxin poisoning outbreak '-- Minneapolis, Minnesota, 2014
Alternate Text: The figure above is a photograph of dried, dressed fillets of puffer fish (Lagocephalus lunaris) obtained from patients in a tetrodotoxin poisoning outbreak in Minneapolis, Minnesota, in 2014.
FIGURE 2. Genetic analysis* of dried puffer fish samples involved in a tetrodotoxin poisoning outbreak '-- Minneapolis, Minnesota, 2014
Abbreviations: MN = Minnesota; PFP = puffer fish poisoning; IL = Illinois; FDA = Food and Drug Administration.
Alternate Text: The figure above is an unweighted pair-group method with arithmetic mean (UPGMA) tree showing the genetic analysis of dried puffer fish samples involved in a tetrodotoxin poisoning outbreak in Minneapolis, Minnesota, in 2014. The genetic analysis determined that all samples were Lagocephalus lunaris.
Sample
Amount of toxin
Species identification
Dried fish 1
7.7 ppm
Lagocephalus lunaris
Dried fish 2
17.4 ppm
Lagocephalus lunaris
Dried fish 3
16.1 ppm
Lagocephalus lunaris
Dried fish 4
72.3 ppm
Lagocephalus lunaris
Dried fish 5
12.4 ppm
Lagocephalus lunaris
Dried fish 6
5.7 ppm
Lagocephalus lunaris
Dried fish 7
6.7 ppm
Lagocephalus lunaris
All MMWR HTML versions of articles are electronic conversions from typeset documents. This conversion might result in character translation or format errors in the HTML version. Users are referred to the electronic PDF version (http://www.cdc.gov/mmwr) and/or the original MMWR paper copy for printable versions of official text, figures, and tables. An original paper copy of this issue can be obtained from the Superintendent of Documents, U.S. Government Printing Office (GPO), Washington, DC 20402-9371; telephone: (202) 512-1800. Contact GPO for current prices.
**Questions or messages regarding errors in formatting should be addressed to mmwrq@cdc.gov.
VIDEO-CLIPS-DOCS
VIDEO-Kim Jong Un says he is open to resuming peace talks with S Korea | euronews, world news
Thu, 01 Jan 2015 15:37
"If the atmosphere and environment changes, there is no reason not to hold high level talks"
North Korea's leader has used a New Year speech to announce that he is open to resuming peace talks with South Korea.
As the north remains under the spotlight over claims of cyber threats against the US, Kim Jong Un spoke on state television.
''We can resume the high level talks that have been suspended and hold partial talks if the South Korean government has a sincere will to talk to improve the relationship between North and South,'' he said.
''In addition, if the atmosphere and environment changes, there is no reason not to hold the high level talks.''
The comment comes days after South Korea proposed to restart dialogue.
Pictures of North Korea's New Years Eve celebrations have been released by the country's state news agency.
As well as fireworks in a main square in Pyongyang, senior officials watched performances in what is known as the Central Youth Hall.
VIDEO-Doubts on N. Korea claim? FBI briefed on theory Sony hack was inside job | Fox News
Thu, 01 Jan 2015 13:59
A security firm has brought new evidence to the FBI that it claims points to a laid-off employee and others as the hackers behind the massive cyber-breach at Sony, even as the bureau publicly stands by its explanation that North Korea executed the attack.
Kurt Stammberger, senior vice president for market development at cyber intelligence firm Norse, told FoxNews.com that his company was turning over "raw data" to the FBI on Tuesday. He said the company also briefed the FBI for "two or three hours" on Monday during a meeting in St. Louis.
"They were very open" to the new information, Stammberger said.
Among other details, he said Norse has data about the malware samples that point to "super, super detailed insider information" that only a Sony insider would have.
The briefing by Norse is the latest example of the doubts being raised by private cybersecurity analysts about the FBI's claim that Kim Jong-un's regime was behind the attack. Skeptics for days have described the evidence cited by the FBI as inconclusive and circumstantial. And they've questioned whether Pyongyang had the motive, or the ability, to scramble Sony's systems.
The most popular alternative theory, it seems, is that the hack was carried out by disgruntled former Sony employees.
The FBI, though, stood by its original announcement on Tuesday.
"The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment," the FBI said in a statement. "Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector."
The bureau added: "There is no credible information to indicate that any other individual is responsible for this cyber incident."
A State Department spokesman on Tuesday also stood by the conclusion that North Korea was responsible.
Some in the private sector have defended the FBI's case.
Dmitri Alperovitch, with security firm CrowdStrike, recently told Wired that the U.S. has more evidence proving North Korean involvement, and the government can't release it yet.
But Stammberger said he's confident the FBI will investigate further.
"They're smart folks. They will follow the evidence of the data trail, I'm confident of that," he said.
A post on Norse's company blog on Monday explained that their own investigation has focused on a group of at least six people who "may have worked to compromise the company's networks, including at least one ex-employee who had the technical background and system knowledge to carry out the attack."
According to the post, the researchers "tracked the activities of the ex-employee on underground forums." Investigators at Norse believe disgruntled workers or former workers "may have joined forces with pro-piracy hacktivists, who have long resented the Sony's anti-piracy stance."
Stammberger explained Tuesday that the information points to at least one American -- the former Sony employee, who according to Stammberger lost their job earlier this year -- as well as individuals from Canada, Singapore and Thailand.
He acknowledged the FBI could have a "smoking gun" piece of evidence that they haven't shared, but said the private intelligence community has seen nothing connecting the attack to a nation state.
"The fact that nobody has seen any data that connected this to North Korea is a little strange," he said. "Also strange was the speed at which the FBI ... pinned it on them."
Other security analysts have floated a similar theory.
David Kennedy, CEO of information security firm TrustedSec, told FoxNews.com last week that he thinks an angry insider at Sony was behind the attack.
"They were going for destroying the company," he said. He noted Sony had massive layoffs earlier this year, "a lot of them in the systems administrator field."
The FBI has not shared all its evidence, leaving open the possibility that the bureau has stronger evidence linking the hack to North Korea.
The FBI, in originally claiming Pyongyang was behind the hack, alleged the following:
Analysis of the malware "revealed links to other malware that the FBI knows North Korean actors previously developed." The FBI observed "significant overlap between the infrastructure used in this attack and other malicious cyber activity" previously linked to North Korea, like North Korea-tied IP addresses that allegedly communicated with IP addresses tied to the Sony attack. The "tools" used in the Sony attack were similar to an attack in March 2013 by North Korea against South Korean companies. But some have noted that the malware code has already leaked and is used by others, meaning its use in this attack doesn't necessarily point to North Korea.
"It's kind of like saying the bank robbers used a Ford Focus as a getaway car. Your grandmother uses a Ford Focus. Therefore, your grandmother is the bank robber," Stammberger said.
And skeptics have questioned the notion that the attack was North Korean retaliation for "The Interview" -- the comedy where Seth Rogen and James Franco play two reporters hired to take out North Korea's leader. Though North Korea had objected to the film, critics say the initial messages from the apparent hackers did not cite the movie. That connection came later.
North Korea, for its part, denies responsibility for the attack.
VIDEO-Mall fights prompt security policy questions | abc7chicago.com
Mon, 29 Dec 2014 13:30
CHICAGO (WLS) --
It has been a chaotic weekend at shopping malls across the United States, including in the Chicago area, as fights involving groups of teenagers have forced shoppers to flee.The brawl that broke out Saturday night at Chicago Ridge Mall is another example of why some people are asking what can be done to improve security and safety.
Fortunately no one was injured as a result of Saturday's incident at the Chicago Ridge Mall, but the fight highlighted an issue that is becoming an increasing problem nationwide. It is forcing some malls to rethink their policies regarding underage, unacompanied teenagers.
Everything was back to normal at the Chicago Ridge Mall Sunday, one day after having to shut down early as a result of a fight that broke out between a large group of teens. The fight prompted a large police response after initial reports went out that a shooting had taken place.
Fights like these are not new to shopping malls. Just this past week police were called to malls in Tennessee, Pennsylvania and Missouri for similar situations.
Some malls are already taking action. In May of 2013 North Riverside Park became the first shopping center in Illinois to implement what is known as a youth escort policy. It restricts anyone under 17 years old from entering the mall after six p.m. on Fridays and Saturdays unless they are accompanied by an adult over 21.
"We feel it's an excellent tool that's at our disposal to help keep the shopping environment pleasant," said mall manager Harvey Ahitow. "It's meant to be a shopping environment and not a social environment."
North Riverside says the policy has eliminated the problem of teen fights inside the mall, and patrons appreciate it.
While the management at Chicago Ridge Mall was not talking Sunday, Saturday's fight prompted other shopping centers in the area to step up security, including Orland Square.
"There's uniformed police officers in and around the mall," said Commander John Keating, Orland Park Police. "There's no direct threat that we've received. However just as a preventive measure you'll see more police (Sunday)."
No arrests were made at Chicago Ridge Mall Saturday night.
Chicago Ridge police issued a statement late Sunday explaining that the gunshots reported were in fact a merchant in the food court banging a large metal pot in an effort to disperse the crowd gathered in front of his business.
(Copyright (C)2014 WLS-TV/DT. All Rights Reserved.)
