Bacteria could be rich source for making terpenes

If you've ever enjoyed the scent of a pine forest or sniffed a freshly cut basil leaf, then you're familiar with terpenes. The compounds are responsible for the essential oils of plants and the resins of trees. Since the discovery of terpenes more than 150 years ago, scientists have isolated some 50,000 different terpene compounds derived from plants and fungi. Bacteria and other microorganisms are known to make terpenes too, but they've received much less study.



New research at Brown University, published in the Proceedings of the National Academy of Sciences, shows that the genetic capacity of bacteria to make terpenes is widespread. Using a specialized technique to sift through genomic databases for a variety of bacteria, the researchers found 262 gene sequences that likely code for terpene synthases -- enzymes that catalyze the production terpenes. The researchers then used several of those enzymes to isolate 13 previously unidentified bacterial terpenes.


The findings suggest that bacteria "represent a fertile source for discovery of new natural products," the researchers write.


David Cane, a professor of chemistry at Brown and one of the authors on the new paper, began working about 15 years ago to understand how bacteria make terpenes.


"At that time, the first genomic sequences of certain classes of bacteria were just beginning to come out," he said. "We had this idea that maybe you could find the enzymes responsible for making terpenes by looking at the sequences of the genes that were being discovered."


To do that, Cane searched through the genome data gathered for a group of bacteria called Streptomyces, looking for sequences similar those known to produce terpene synthases in plants and fungi. Eventually, he found that Streptomyces did indeed have genes encoding terpene synthases and that those enzymes could be used to make terpenes.


The verified bacterial sequences found by Cane and others enabled researchers to refine subsequent searches for additional terpene synthase genes. "Instead of using plant sequences or fungal sequences as your search query, we can now use bacterial sequences, which should yield a greater degree of similarity," he said. "So now we're fishing in the right waters with the right kind of bait, and you can find more matches."


This latest paper made use of the third generation of iterative searches and a powerful search technique developed by Haruo Ikeda of Kitasato University in Japan. Previous work had identified 140 probable sequences for terpene synthases. This latest work expanded that to 262.


The next step was to verify that these sequences did indeed code for enzymes capable of making terpenes. Testing all 262 wasn't practical, so the team chose a few they thought might give them the best chance of finding terpene compounds that hadn't previously been identified. They looked for sequences that didn't seem to fit clearly into previously known categories of terpenes.


After they had selected a few, the team made use of a genetically engineered Streptomyces bacterium as a bio-refinery to generate the terpene products.


"What Professor Ikeda did, in collaboration with us, is develop a variant of a very well-studied Streptomyces system," Cane said. "He eliminated the genes that were responsible for making most of its native products, but he left behind all of the capacity to provide the starting materials and handle the accumulation of products."


By taking some of the gene sequences they found and splicing them into their test organism, the researchers could let the organisms generate the product using the instructions from the newly introduced gene. Using this method, they were able to make 13 previously unknown terpenes, their structures verified by mass spectrometry and nuclear magnetic resonance spectroscopy.


"It's a big step forward in the area in that it provides a paradigm for how one could go about discovering many new substances," Cane said. "It's a good example of how one can use sequence analysis to identify genes of interest and then apply molecular genetic and microbiological techniques to produce the chemical substances of interest."


The work also suggests that there may be many new terpene products as yet undiscovered hiding in the genomes of bacteria.




Story Source:


The above story is based on materials provided by Brown University . Note: Materials may be edited for content and length.



Buffer zone guidelines may be inadequate to protect produce from feedlot contamination

The pathogen Escherichia coli O157:H7 can spread, likely airborne, more than one tenth mile downwind from a cattle feedlot onto nearby produce, according to a paper published ahead of print in Applied and Environmental Microbiology. The high percentages of leafy greens contaminated with E. coli suggest great risk for planting fresh produce 180 m [590 feet] or less from a feedlot," the investigators write. That suggests that current buffer zone guidelines of 120 meters [400 feet] from a feedlot may be inadequate. This is the first comprehensive and long-term study of its kind, says first author Elaine D. Berry, of the U.S. Department of Agriculture, Agricultural Research Service, U.S. Meat Animal Research Center, in Clay Center, Nebraska.



In the study, the investigators sampled leafy greens growing in nine plots; three each at 60, 120, and 180 meters downwind from the cattle feedlot at the research center, over a two year period. The rate of contamination with the pathogenic E. coli O157:H7 declined with distance from an average of 3.5 percent of samples per plot at 60 meters to 1.8 percent at 180 meters.


The researchers sampled the produce six times between June and September of each year. They also sampled the feedlot surface manure in 10 feedlot pens for E. coli O157:H7, finding it in an average of 71.7 to 73.3 percent of samples in 2012 and 2011, respectively. Moreover, the study's long-term nature enabled sampling under a greater diversity of weather conditions.


A variety of conditions can affect the level of contamination, says Berry. For example, following a period of high cattle management activity when the feedlot was dry and dusty, including removal of around 300 head of cattle for shipping, the rate of total non-pathogenic E. coli-contaminated samples per plot at 180 meters shot up to 92.2 percent. Conversely, total E. coli-positive leafy green samples were notably lower on one August sample date than on any other date, a finding the investigators attribute to cleaning and removal of feedlot surface manure from the nearby pens a few weeks earlier.


The investigators also found E. coli in air samples at 180 meters from the feedlot, though the instruments were not sensitive enough to pick up E. coli O157:H7. However, the presence of E. coli in the air samples serves as a surrogate for E. coli O157:H7, demonstrating that the pathogen may also be transmitted in this manner, says Berry. The highest levels of contamination found on leafy greens, in August and September of 2012, followed several weeks of very little rainfall and several days of high temperatures, conditions that appear to abet airborne transport of bacteria from the feedlot, she says.


Limitations of the research include that it was conducted only in one state -- Nebraska, which is not a produce growing state. Nonetheless, Berry says that the location was a reasonable model for some of the U.S.'s major produce growing regions, such as California's Central Coast, as winds there can blow almost as hard as in Nebraska, and both places can have dry summers, which are conducive to airborne transport of bacteria.


"The impetus for conducting the research was the rising incidence of foodborne disease outbreaks caused by contamination of fresh produce," says Berry.




Story Source:


The above story is based on materials provided by American Society for Microbiology . Note: Materials may be edited for content and length.



If North Korea Did Hack Sony, It’s a Whole New Kind of Cyberterrorism


A South Korean army soldier watches a TV news program showing North Korean leader Kim Jong Un at the Seoul Railway Station in Seoul, South Korea, Monday, Dec. 22, 2014.

A South Korean army soldier watches a TV news program showing North Korean leader Kim Jong Un at the Seoul Railway Station in Seoul, South Korea, Monday, Dec. 22, 2014. Ahn Young-joon/AP



Everybody jokes about the Sony hack. Two comedians blow up Kim Jung Un, a movie studio gets hacked, emails come out badmouthing Hollywood, the movie is pulled from theaters, and then reinstated at the last minute. In reality, though, it’s not funny at all. If North Korea really did it, it would be the first time an organized, foreign cyber threat has waged a destructive attack on private citizens of the United States.


The Sony hack is indicative of a new breed of terrorism targeting our companies, our citizens, and our way of life.


After years of waging increasingly disruptive and destructive cyber attacks on the banks, media, government, and military of its southern neighbor, North Korea may have shifted its sights to us. The Sony hack is indicative of a new breed of terrorism targeting our companies, our citizens, and our way of life. If we don’t draw a clear, public line in the sand showing that there will be serious consequences for destructive cyber attacks on U.S. companies, it will only make matters worse.



Nathaniel Beach-Westmoreland


Nathaniel Beach-Westmoreland is a senior cyber threat intelligence analyst at Booz Allen Hamilton.




At first glance, cyber attacks may not seem as scary as setting off bombs in public, but they can cause much more targeted chaos: effectively destroying critical infrastructure and the systems that allow our society to function. With its latest hacks, North Korea has pushed the boundaries for conducting “cyber attacks” that fall short of acts of war. Since at least 2009, North Korea has conducted or sponsored increasingly painful attacks, demonstrating a willingness to blur the line between the cyber and physical worlds—leveraging computer systems breaches to destroy real-world machines and business functions. North Korea has long supported cyber attacks against South Korea, and the escalation of the consequences show clear evidence of just how destructive cyber attacks can be.


Attacks don’t have to be particularly sophisticated to cause significant real-world harm. Back in 2009 and 2011, North Korea built a botnet (a network of hijacked computers controlled by malware) to conduct distributed denial of service (DDoS) attacks against major South Korean corporations and government organizations. Attacks like these are fairly straightforward, sending an overwhelming amount of network traffic to websites, causing them to crash and blocking legitimate visitors. While taking down a website may seem like an inconvenience rather than a real threat, imagine blocking access to a major ecommerce site, like Amazon, or a government portal that people need to file for unemployment.


Then, in April 2011, Nonghyup Agricultural Bank, a mid-sized South Korean bank, suffered intermittent service outages for three weeks after malware took down 273 of its 587 servers. While there was no smoking gun, a mountain of publicly available technical and circumstantial evidence led the South Korean government and many independent security firms to confidently link the Nonghyup attack to North Korea. For two days, all banking services were completely disabled and suffered intermittent issues for the next 18 days. Fortunately, because many South Koreans have multiple accounts at several banks, and the outage caused few major problems for ordinary citizens. However, if a similar attack were perpetrated against a major U.S. bank, it could cause major financial problems and widespread public panic, since many Americans only have one bank account and could be completely unable to access critical funds.


North Korea’s destructive attacks didn’t stop there. In June 2012, hackers destroyed article and photo databases and the editing production system at two conservative South Korean newspapers, one week after the North Korean military criticized them for their negative coverage. And, in March 2013, tens of thousands of computers at six South Korean banks and broadcasters simultaneously stopped working after malware overwrote critical hard drive components with the names of Roman army units. While these last two incidents may not seem like incredibly destructive or dangerous attacks, they set a precedent for targeting journalists, media outlets, and individuals that voiced disagreement with the North Korean regime. They were attacks on free speech.


Last month’s Sony attack could be the first publicly disclosed, nation-state-sponsored destructive attack on an American business.


If the FBI’s attribution is correct, the North Korean government sponsored an attack in November on the California-based company Sony Pictures Entertainment. Under the guise of a hacktivist group calling itself “Guardians of Peace,” hackers rendered workstations useless and leaked unreleased movies, corporate documents, emails, and scripts, causing damages estimated to exceed $100 million.


The Sony attack presents a new challenge for the United States. While other companies have faced destructive attacks before, last month’s Sony attack could be the first publicly disclosed, nation-state-sponsored destructive attack on an American business. Destructive attacks not only disable computers, but also threaten their data, the systems that operate on them, and the companies that profit from them.

No longer can companies just worry about other nations that use their hacker corps to steal intellectual property and monitor corporate strategic planning. The fate of Nonghyup Bank raises the specter of the scale of attacks that will inevitably be attempted on other U.S. companies, affecting not just businesses, but the citizens that rely on them for their livelihood. Banks are only one potential target. Hospitals, power grids, and nuclear plants are others, and the stakes for deterring destructive attacks are of the highest order. North Korea and other rogue states will likely continue to push the boundaries of destructive cyberterrorism, skirting the edge of outright war, unless we take decisive action.


This threat necessitates a strong, public U.S. government response that is markedly different from its reaction to cyber espionage. Shaming hackers behind intellectual property breaches would have even less of an effect on North Korea than it had on deterring Chinese hacking attempts. In fact, it would have completely none. President Obama also cannot treat the Sony cyber attack as an act of war. The attack has not resulted in loss of life or gravely harmed a critical infrastructure sector. America’s first cyber war has not been lost, because it has not yet begun.


Whatever its reaction, the Obama administration will set new standards for a legitimate “proportional response” to financially costly, but ultimately bloodless, cyber attacks. America’s friends and foes alike can be expected to watch this decision closely and will likely point to it when they, too, must eventually react to cyber attacks on their people and institutions. Some have suggested that the United States conducted the unsophisticated, low-bandwidth DDoS attacks that knocked North Korea off the Internet yesterday and today. In addition to this attribution being highly unlikely, this attack wouldn’t have sent nearly a clear or potent enough message.


As it stands, pariah states like North Korea are able to accomplish with cyber armies what they can’t with traditional ones: project power and fear globally, even in the United States, without shedding a single drop of blood. America’s response to recent attacks must be significant enough to alter their calculus on whether it’s still a wise investment to build new cyber armies or launch even more destructive cyber attacks. We need to set a clear precedent; otherwise there is no disincentive for state-sponsored cyberterrorism.



If North Korea Did Hack Sony, It’s a Whole New Kind of Cyberterrorism


A South Korean army soldier watches a TV news program showing North Korean leader Kim Jong Un at the Seoul Railway Station in Seoul, South Korea, Monday, Dec. 22, 2014.

A South Korean army soldier watches a TV news program showing North Korean leader Kim Jong Un at the Seoul Railway Station in Seoul, South Korea, Monday, Dec. 22, 2014. Ahn Young-joon/AP



Everybody jokes about the Sony hack. Two comedians blow up Kim Jung Un, a movie studio gets hacked, emails come out badmouthing Hollywood, the movie is pulled from theaters, and then reinstated at the last minute. In reality, though, it’s not funny at all. If North Korea really did it, it would be the first time an organized, foreign cyber threat has waged a destructive attack on private citizens of the United States.


The Sony hack is indicative of a new breed of terrorism targeting our companies, our citizens, and our way of life.


After years of waging increasingly disruptive and destructive cyber attacks on the banks, media, government, and military of its southern neighbor, North Korea may have shifted its sights to us. The Sony hack is indicative of a new breed of terrorism targeting our companies, our citizens, and our way of life. If we don’t draw a clear, public line in the sand showing that there will be serious consequences for destructive cyber attacks on U.S. companies, it will only make matters worse.



Nathaniel Beach-Westmoreland


Nathaniel Beach-Westmoreland is a senior cyber threat intelligence analyst at Booz Allen Hamilton.




At first glance, cyber attacks may not seem as scary as setting off bombs in public, but they can cause much more targeted chaos: effectively destroying critical infrastructure and the systems that allow our society to function. With its latest hacks, North Korea has pushed the boundaries for conducting “cyber attacks” that fall short of acts of war. Since at least 2009, North Korea has conducted or sponsored increasingly painful attacks, demonstrating a willingness to blur the line between the cyber and physical worlds—leveraging computer systems breaches to destroy real-world machines and business functions. North Korea has long supported cyber attacks against South Korea, and the escalation of the consequences show clear evidence of just how destructive cyber attacks can be.


Attacks don’t have to be particularly sophisticated to cause significant real-world harm. Back in 2009 and 2011, North Korea built a botnet (a network of hijacked computers controlled by malware) to conduct distributed denial of service (DDoS) attacks against major South Korean corporations and government organizations. Attacks like these are fairly straightforward, sending an overwhelming amount of network traffic to websites, causing them to crash and blocking legitimate visitors. While taking down a website may seem like an inconvenience rather than a real threat, imagine blocking access to a major ecommerce site, like Amazon, or a government portal that people need to file for unemployment.


Then, in April 2011, Nonghyup Agricultural Bank, a mid-sized South Korean bank, suffered intermittent service outages for three weeks after malware took down 273 of its 587 servers. While there was no smoking gun, a mountain of publicly available technical and circumstantial evidence led the South Korean government and many independent security firms to confidently link the Nonghyup attack to North Korea. For two days, all banking services were completely disabled and suffered intermittent issues for the next 18 days. Fortunately, because many South Koreans have multiple accounts at several banks, and the outage caused few major problems for ordinary citizens. However, if a similar attack were perpetrated against a major U.S. bank, it could cause major financial problems and widespread public panic, since many Americans only have one bank account and could be completely unable to access critical funds.


North Korea’s destructive attacks didn’t stop there. In June 2012, hackers destroyed article and photo databases and the editing production system at two conservative South Korean newspapers, one week after the North Korean military criticized them for their negative coverage. And, in March 2013, tens of thousands of computers at six South Korean banks and broadcasters simultaneously stopped working after malware overwrote critical hard drive components with the names of Roman army units. While these last two incidents may not seem like incredibly destructive or dangerous attacks, they set a precedent for targeting journalists, media outlets, and individuals that voiced disagreement with the North Korean regime. They were attacks on free speech.


Last month’s Sony attack could be the first publicly disclosed, nation-state-sponsored destructive attack on an American business.


If the FBI’s attribution is correct, the North Korean government sponsored an attack in November on the California-based company Sony Pictures Entertainment. Under the guise of a hacktivist group calling itself “Guardians of Peace,” hackers rendered workstations useless and leaked unreleased movies, corporate documents, emails, and scripts, causing damages estimated to exceed $100 million.


The Sony attack presents a new challenge for the United States. While other companies have faced destructive attacks before, last month’s Sony attack could be the first publicly disclosed, nation-state-sponsored destructive attack on an American business. Destructive attacks not only disable computers, but also threaten their data, the systems that operate on them, and the companies that profit from them.

No longer can companies just worry about other nations that use their hacker corps to steal intellectual property and monitor corporate strategic planning. The fate of Nonghyup Bank raises the specter of the scale of attacks that will inevitably be attempted on other U.S. companies, affecting not just businesses, but the citizens that rely on them for their livelihood. Banks are only one potential target. Hospitals, power grids, and nuclear plants are others, and the stakes for deterring destructive attacks are of the highest order. North Korea and other rogue states will likely continue to push the boundaries of destructive cyberterrorism, skirting the edge of outright war, unless we take decisive action.


This threat necessitates a strong, public U.S. government response that is markedly different from its reaction to cyber espionage. Shaming hackers behind intellectual property breaches would have even less of an effect on North Korea than it had on deterring Chinese hacking attempts. In fact, it would have completely none. President Obama also cannot treat the Sony cyber attack as an act of war. The attack has not resulted in loss of life or gravely harmed a critical infrastructure sector. America’s first cyber war has not been lost, because it has not yet begun.


Whatever its reaction, the Obama administration will set new standards for a legitimate “proportional response” to financially costly, but ultimately bloodless, cyber attacks. America’s friends and foes alike can be expected to watch this decision closely and will likely point to it when they, too, must eventually react to cyber attacks on their people and institutions. Some have suggested that the United States conducted the unsophisticated, low-bandwidth DDoS attacks that knocked North Korea off the Internet yesterday and today. In addition to this attribution being highly unlikely, this attack wouldn’t have sent nearly a clear or potent enough message.


As it stands, pariah states like North Korea are able to accomplish with cyber armies what they can’t with traditional ones: project power and fear globally, even in the United States, without shedding a single drop of blood. America’s response to recent attacks must be significant enough to alter their calculus on whether it’s still a wise investment to build new cyber armies or launch even more destructive cyber attacks. We need to set a clear precedent; otherwise there is no disincentive for state-sponsored cyberterrorism.



Mr. Know-It-All: Star Trek Teaches Us How Not to Confront Idiots With Loud Earbuds


Christoph Niemann


Earbud jackasses playing their music loud enough for the entire train drive me crazy. How do I tell them to turn it down without seeming like a jerk?


You’ve probably never heard of Kirk Thatcher. He grew up in the San Fernando Valley in the ’70s, the child of two loving upper-middle-class parents. Still, he was angry. And he fell into the punk scene—which seemed exciting and dangerous. “I was a bourgeois punk,” he says. “I never lived on the street or sniffed glue. I didn’t have anything to be angry about, so I could just be generally angry at everything.”


Thatcher turned out all right, though. He went to UCLA and eventually got into the movie business. In 1985 he was working on Star Trek IV (the one with the whales, where the Enterprise crew goes back in time to 1980s San Francisco) and saw an opportunity to contribute. You know that scene where Spock and Kirk are riding the bus over the Golden Gate Bridge and they ask the punk kid to turn down his music, and the punk kid flips them off, so Spock gives him a Vulcan neck pinch, and the punk kid collapses onto his boom box? Of course you do—everyone loves that scene. Well, one day Thatcher went to Leonard Nimoy, who was directing, and told him he wanted to play the punk. Nimoy thought it over for a week and finally agreed, so an enthusiastic Thatcher went and dyed his hair and shaved it into an outrageous orange Mohawk.


They shot the scene without any music, Thatcher clutching his boom box and just headbanging away to a metronome in his head. In postproduction, a problem arose: The studio didn’t have rights agreements with any punk bands and wanted to dub some Duran Duran—or some kind of pretty-boy synth pop-into the scene. Thatcher was alarmed. It wouldn’t make any sense! It was undermining his character! So he went to Nimoy again. I can write you a punk song, he said.


Thatcher reached back to his roots. He started writing, but it all came out different this time. He was at a new stage of his life, and the lyrics he wrote poked fun at the baseless agitation he’d felt as a teenager. His song was called “I Hate You.” It was ridiculous. It was really very silly. (“And I eschew you! And I say screw you! And I hope you’re blue too!”) Twenty years later, Thatcher still laughs when he says the lyrics out loud, especially the word eschew.


Thatcher seems like a fun and easygoing guy. He’s done other things in Hollywood, but for a lot of people that scene on the bus defines him. (“I could win the Nobel Peace Prize,” he says, “and my tombstone would say PUNK ON THE BUS.”) I ask him if he ever encounters people listening to their earbuds too loudly, and how he advises handling it. He does, but it’s not something that annoys him—if anything, it makes him happy. That’s right: Hearing other people’s obnoxiously loud music has become a delightful experience for Thatcher. Because as soon as he feels himself getting annoyed, he laughs at himself. After his iconic role in Star Trek IV, “I detect how ironic it would be for me to get upset or ask them to turn it down, or to have any other opinion than: ‘Right on, brother.’”


So here’s the thing: People who flood public transportation with their music are inconsiderate jerks. It is totally acceptable to ask them to turn that music down. But do it politely, OK? Your anger is justified, but try to be calm and polite and not carry that anger into the interaction. Thatcher has transcended his anger. You try too.



Experts Are Still Divided on Whether North Korea Is Behind Sony Attack


Security cameras stand across the street on Culver Boulevard from the Sony Pictures Studios' water tank in Culver City, Calif., Thursday, Dec. 18, 2014.

Security cameras stand across the street on Culver Boulevard from the Sony Pictures Studios’ water tank in Culver City, Calif., Thursday, Dec. 18, 2014. Damian Dovarganes/AP



The FBI announcement last week that it had uncovered evidence in the Sony hack pointing to North Korea appears to have settled the issue for a lot of people—in Washington, DC.


“As a result of our investigation,” the FBI announced, “and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions.”


But many on the West Coast, and beyond, are still skeptical of the evidence and the FBI’s claims. The announcement, after all, comes a mere three weeks into the investigation, and reverses a statement FBI Director James Comey had made just the week before that investigators had found nothing so far to tie the hack to the North Korean government. “Before we attribute a particular action to a particular actor,” he said, “we like to sort the evidence in a very careful way to arrive at a level of confidence that we think justifies saying ‘Joe did it’ or ‘Sally did it,’ and we’re not at that point yet.”


The FBI attributed the Sony hack to North Korea in part because it shares some code and components with hacks that were conducted in South Korea in 2013, which some have attributed to North Korea. They also cite as evidence the fact that IP addresses associated with North Korea contacted some of the command-and-control servers the Sony hackers used to communicate with malware on the Sony machines. Skeptics criticized the evidence saying it was inconclusive and failed to make the FBI’s case. The agency, however, maintains that it has other evidence it can’t disclose, raising questions about whether signals intelligence collected by NSA surveillance might have been used. Separately, a private security firm with ties to the FBI says it has additional clues that point to North Korea.


Let’s unpack these details.


The U.S. Government’s Unprecedented Statement


The government’s statement pointing to North Korea is unprecedented, marking the first time a government agency has formally blamed another nation for a cyber attack. When Google was hacked in 2010 by a sophisticated adversary, it wasn’t the government that accused China, but Google. The most Secretary of State Hilary Clinton did publicly at the time was to ask China to explain the claims. When the government has pointed a finger directly at other nations for hacks, it has generally come from individual officials speaking to the press, not from a formal press statement—let alone the president.


This seems to suggest that the government must have other evidence—beyond the FBI’s disclosed circumstantial evidence—that North Korea was responsible for the hack. Otherwise, why would the president agree to announce on TV that North Korea was the culprit?


The Skeptics’ Point of View


Robert Graham, CEO of Errata Security, who has been a vocal skeptic of the government’s attribution, says he thinks the government is divided on the issue, but that certain parties forced a public statement.


“I don’t think the NSA is on board and I don’t think the entire FBI is on board, either,” he speculates. Rather, he thinks someone in a political position inside the FBI, not actual investigators, got hold of a report from Mandiant, the security firm hired to investigate Sony’s breach, which said that there were similarities to other attacks attributed to North Korea. These FBI insiders read this and “wanted it to be North Korea so much that they just threw away caution,” he suggests. The degree of attention focused on the Sony hack combined with “leaks” from anonymous government officials pointing the finger at North Korea made it a fait accompli that the administration would have to officially attribute the attack to North Korea. “There’s this whole group-think that happens, and once it becomes the message, it’s really hard to say no it’s not this,” Graham says.


He expects the Justice Department will eventually announce the arrest of hackers who acted independently of North Korea. Because President Obama’s statements about the hack have been mild—calling it cyber vandalism instead of cyber warfare, for instance—it won’t be hard for the administration to walk back from its initial claims. Graham goes further; he surmises that Obama’s tepid statements indicate there is no other NSA evidence. “If the NSA has evidence, he would be much more forceful in his response.”


The Believers’ POV


Steve Bellovin, however, believes the government does have classified intelligence, either through the NSA, U.S. Cyber Command or the CIA, and that such information more directly links the attack to North Korea. A well-respected professor of computer science at Columbia University, Bellovin also thinks much of the criticism by security researchers picking apart individual pieces of FBI evidence is off-base. He points to a Mandiant report last year about a hack from China that targeted the New York Times. In that investigation, Mandiant exposed a prolific group in China, believed to be state-backed, that was responsible for multiple attacks over a number of years, including the hack of the Times. “They built a profile over the years of what Chinese attacks look like,” he notes based on that experience. So when they see an attack that matches that profile, it’s easy to attribute it to the same group. Similarly, he thinks years of observing hacks believed to be connected to North Korea have helped Mandiant and others build a profile of North Korean hacks based not on one piece of evidence, but multiple.


Bellovin notes that reuse of code, infrastructure, and techniques—evidence the FBI cites in its attribution of North Korea—can indeed be used to link to attacks. That’s how malware researchers have always linked families of malware to one another as well as seemingly disparate attacks.


But he acknowledges that linking families of attacks to an identifiable actor or source is trickier. He points to a National Academies report from 2009, quoting a former Justice Department official on attribution in cyber attacks: “I have seen too many situations where government officials claimed a high degree of confidence as to the source, intent, and scope of an attack, and it turned out they were wrong on every aspect of it. That is, they were often wrong, but never in doubt.”


Indeed, in 2011 a leaked government memo claimed Russian hackers had remotely destroyed a water pump at an Illinois utility. The report spawned dozens of sensational news stories calling it the first reported destruction of U.S. infrastructure by a hacker. But within a week, DHS said it could find no evidence that a hack occurred. In truth, the water pump simply burned out, and a government-funded fusion center had hastily and incorrectly linked the failure to an internet connection from a Russian IP address months earlier.


The NSA’s Unseen Evidence


If the FBI does have unseen evidence collected by the NSA, it may have been collected in a manner laid out by Nicholas Weaver, a computer scientist at the International Computer Science Institute. Weaver has detailed how the NSA could track the Sony hackers, using various surveillance tools it has at its disposal.


Dmitri Alperovitch, co-founder and CTO of the security firm CrowdStrike, says there’s no question that North Korea is behind the Sony hack and asserts that the U.S. does have more evidence pointing to North Korea that it can’t release right now. Alperovitch may be in a position to know. CrowdStrike’s president and CSO, Shawn Henry, is former executive assistant director of the FBI. His company has been tracking the group behind attacks on South Korea for a number of years that they say were also done by North Korea.


The South Korea hacks go back to 2006 and were conducted by a group CrowdStrike calls Silent Chollima, named after a mythical flying horse and a political movement in North Korea. The group is also known alternatively by other researchers as WhoIs Team, IsOne and Hastati. The group is responsible for attacks known as DarkSeoul that in 2013 on the anniversary of the Korean War wiped data from a number of banks and media companies in South Korea. The same group has also been linked to DDoS attacks against targets in South Korea and espionage operations against U.S. and South Korean military targets.


“We believe Silent Chollima are North Korean actors, but we’re not specific whether it’s a military or intelligence unit,” Alperovitch says, noting that in the South Korea hacks the group specifically sought data that would be of strategic interest to the North Korean military.


The evidence again is largely circumstantial. Some of it involves keywords the attackers used to search for data on infected machines—keywords related to specific U.S. and South Korean military plans and exercises in the region. They include, he says: “Key Resolve Drill,” “OPLAN,” and “Artillery.” Key Resolve refers to an annual exercise conducted by U.S. and South Korean military. OPLAN refers to operational plans for the military.


“Who else would it be [but North Korea] that would hit both Sony over the movie and South Korea and U.S. military networks looking for that type of info?” he says.


He also says his team found malware samples used by Silent Chollima that contain words used only in North Korea. “There are some intricacies from North Korean language, some words are spelled differently, and the use of these words were an indication that these were North Korean actors,” he says. He wouldn’t provide examples of the words to WIRED, however, because he says the malware sample containing the words has not been publicly disclosed yet.


In the meantime, Symantec has said that a Trojan it discovered last August, called Volgmer, also has ties to the Sony hack in that it was programmed to communicate with one of the same command-and-control servers used by the Sony hackers. The Trojan is designed to open a backdoor onto infected systems to allow attackers to do reconnaissance and install additional malware. There’s no evidence at this point that the Sony hackers used Volgmer in their attack on the studio, but Symantec thinks it may have been used by the DarkSeoul hackers, since the sample of Volgmer they examined was designed to work only on machines using the Korean language.


The Motive Problem


While it may turn out that the South Korea attacks can be attributed to North Korea and that the Sony hackers are responsible for both sets of assaults, none of this explains the apparent disparity between the motive assigned to North Korea for the hack—over the film The Interview—and the motives the hackers themselves have given, which point to extortion.


In a message sent Nov. 30 from the email address used to leak Sony data, one of the apparent hackers wrote a reporter with IDG News that “Sony and Sony Pictures have made terrible racial discrimination and human rights violation, indiscriminate tyranny and restructuring in recent years. It has brought damage to a lot of people, some of whom are among us,” they wrote. “Nowadays Sony Pictures is about to prey on the weak with a plan of another indiscriminate restructuring for their own benefits. This became a decisive motive of our action. We required Sony Pictures to stop this and pay proper monetary compensation to the victims.”


The demand for monetary compensation echoed an email the attackers apparently sent to Sony executives Nov. 21, a few days before Sony employee computers were hijacked by the attackers.


Alperovitch, however, says none of this is inconsistent with the erratic behavior of North Korea. “You have to look at the fact that North Korea is very special. They do things other nations don’t do,” he says. “You can’t judge them by the stick you would other countries. They do engage in blackmail, extortion and money laundering to finance the regime. I don’t think it’s that out of character.”


Did the U.S. Knock North Korea Off the Internet?


As questions about North Korea’s role in the Sony hack continue to confound, North Korea’s four internet connections were knocked offline yesterday, cutting the country off digitally. Was this the “proportional response” President Obama had warned about, some wondered?


Doug Madory, director of internet analysis at Dyn Research, says it’s unlikely. Dyn Research has sensors placed at strategic points throughout the internet backbone to monitor connectivity in most parts of the world. Madory says the problems with North Korea’s networks occurred intermittently on Sunday before they went completely dark on Monday, which makes Madory think “some joker,” perhaps even a hacker in South Korea, is behind it and was adjusting his attack to increase its power until he knocked all four connections offline.


To suggest the outage was caused by the U.S. is an insult, he says. “This is a pretty clumsy way to take care of business,” he notes. “If this is a DDoS attack [from the U.S.] surely our tax payer money [could pay] for a better internet blackout.”


Others suggest China, which has grown angry and annoyed with North Korea’s antics over the years, was behind the outage. But Madory thinks if that were the case, the connectivity would have gone down completely on Sunday, instead of wavering a day before going dark.


“Any joker on the internet that knows how to conduct DDoS attacks can be behind this,” he says. “DDoS attacks happen as a matter of routine these days—and run a spectrum of sophistication. If [North Korean networks] are vulnerable, they can be knocked offline by some teenager in South Korea.”


Some media outlets called it a “massive” outage. But North Korea has just four networks, composed of about 1,000 IP addresses, that connect to the internet through a North Korean ISP and through China Unicom. “It’s a microscopic internet,” Madory says of North Korea’s connectivity. “The U.S has 150,000 routes [of internet connectivity], and South Korea is about 17,000 routes. North Korea is just 4 routes. They are the smallest they can possibly be….It has no role in the economy or life in North Korea.”


In fact it’s so insignificant that he says it would make no difference to the country to just ignore the outage and leave the networks down for six months.


North Korea’s internet outage is the least concern at this point, however. The mysteries behind Sony’s hack still linger and may never be fully resolved.



Apple-Microsoft Alliance Disarms Its Patent Warheads


After surviving the Nortel meltdown, Rockstar CEO John Veschi took control of about 4,000patents that once belonged to the telecommunications giant

After surviving the meltdown of telecommunications giant Nortel, John Veschi and his company, Rockstar, took control of about 4,000 Nortel patents purchased by Apple, Microsoft, Blackberry, Sony, and Ericcson.



The tech patent wars continue to cool.


Four years after purchasing a massive patent portfolio from bankrupt telecommunications giant Nortel—and moving about 4,000 of these patents into a company that proceeded to sue some of their biggest competitors—Apple, Microsoft, and other members of a controversial consortium called Rockstar have agreed to sell the 4,000 patents to a company that vows to use them solely as a way of protecting the industry from litigation.


The company is called RPX, and on Tuesday, it announced that, through a subsidiary, it has agreed to purchase the 4,000 Rockstar patents for $900 million. In 2011, the Rockstar consortium—which includes Sony, Ericsson, and Blackberry as well as Apple and Microsoft—acquired the Nortel portfolio at auction for an enormous $4.5 billion. But 2,000 of the patents in that original portfolio are still in the hands of the consortium’s member companies.


RPX has agreed to purchase the remaining patents, which were held by a separate company, dubbed Rockstar Consortium. Run by former Nortel employee Jon Veschi, this company spent the last three years trying to “monetize” these patents, seeking licensing deals with companies it believed were infringing on the patents and eventually suing some big-name companies, including Google and Cisco. When we contacted Veschi about the deal with RPX, he referred us to an Apple spokeswoman, who declined to comment.


On the surface, the deal amounts to another armistice in the long, expensive, and rather-complex patent wars. Apple and Samsung have agreed to settle many of their patent suits against each other over various mobile technologies. The Rockstar Consortium has already settled its suits against Google and others. And now the company is offloading all its patents—its reason for being.


What’s more, these patents are going to an operation that seems to have built a successful business subverting the Rockstar business model. RPX controls a large patent portfolio that it licenses to companies such as Google and Cisco as a way of guarding them against litigation. “This transaction represents a shift in mentality,” says RPX CEO John Amster.


Julie Samuels, a longtime patent watcher with the Electronic Frontier Foundation who is now the executive director of a think tank called Engine, says that the deal is indeed good news. “There has been a cooling off in the smartphone war,” she says. “The business model of using patents to make a boatload of money is not what it once was.” But also she points out that the patent landscape can so easily shift. Patents used for defense purposes can quickly become offensive. “It’s always troubling when one party controls that many patents,” she says, referring to RPX. “I don’t care who it is.”


Before starting RPX, Amster worked for another patent collector called Intellectual Ventures. Created by Microsoft co-founder Nathan Myhrvold, Intellectual Ventures began by vowing to protect companies from litigation, but ended up suing many companies instead, and Amster has always said he left IV so that he could tackle the patent wars in a healthier way. “There is no bait-and-switch with us,” he says, pointing out that in licensing its patents to over 200 companies, it has legally agreed not to sue those companies.


When its deal with Rockstar closes, says RPX chief financial officer Bob Heath, RPX will end all litigation involving the 4,000 patents it has purchased, including suits against Samsung, LG and HTC, and it will seek to license the patents to its existing customers, including Google and Cisco.



Google’s Self-Driving Car Hits Roads Next Month—Without a Wheel or Pedals


Google's latest self-driving car prototype has headlights, but no steering wheel or pedals.

Google’s latest self-driving car prototype has headlights, but no steering wheel or pedals. Google



The self-driving, goofy-looking car with no steering wheel or pedals that Google revealed in May is now “fully functional” and should start testing on public roads next month, the tech giant says. Over the past seven months, Google has made a series of prototypes, testing different aspects of the design, from steering and braking to the sensors and software that brings it all together. The result, it says, is “our first complete prototype for fully autonomous driving.”


In contrast to the gradual approach to autonomous driving advocated by automakers like Audi, Mercedes-Benz, and General Motors, Google is going for what it calls a “moonshot.” In the next five to 10 years, it plans to introduce a car that’s so over the idea of human drivers, it won’t even come with a steering wheel or pedals. That’s the vision of this prototype, which will first be tested on a closed track, then on public roads after the New Year. Operators will have “temporary manual controls” and be ready to take over in case something goes wrong.


The new version doesn’t look too different from the one we saw in May. It’s still roughly the size of a Smart car. It still looks like an egg with the face of a koala. The obvious differences are the addition of real headlights and the design of the LIDAR vision system, which now sits flush on the roof, instead of on roof-mounted supports.


We’re still disappointed that Google didn’t take this opportunity to create something … cooler. The advent of self-driving cars will wipe out many basic rules of automotive design. The most unquestionable standards, like forward-facing seats, mirrors, and foot-operated controls will no longer be necessary. Automakers can go nuts. But Google didn’t go nuts. It went kinda lame.


Google doesn’t plan on producing the car itself, once it comes time to go to market, project director Chris Urmson told the Wall Street Journal recently.


Here’s what the prototype revealed in May looked like:


Google is making a prototype of its self-driving car that isn't made to be operated by humans. Photo: Google

Google is making a prototype of its self-driving car that isn’t made to be operated by humans. Photo: Google Google




The Interview Is Headed to Theaters After All. Here’s Where to See It


A billboard for the film "The Interview" is displayed December 19, 2014 in Venice, California.

A billboard for the film The Interview is displayed December 19, 2014 in Venice, California. Christopher Polk/Getty Images



So, The Interview might not be completely shut out of theaters, after all. Following the announcement that Sony Pictures was canceling the movie’s planned Christmas Day release amidst threats from hackers of attacks on establishments showing the film, the studio is reportedly allowing some theaters to screen it.


Earlier this morning, Tim League, founder of the Austin-based Alamo Drafthouse tweeted “Sony has authorized screenings of THE INTERVIEW on Christmas Day. We are making shows available within the hour. #Victory” (In a statement issued later, he also said, “Two days til Christmas, and I am proud to be an American.”) The Plaza Theater in Atlanta posted on Facebook that it would have the Seth Rogen and James Franco film playing on two screens Dec. 25 and would also be announcing screening times for Dec. 26 as well.


Soon after the theaters started making the announcements, Rogen himself took to Twitter to celebrate the decision, saying, “The people have spoken! Freedom has prevailed! Sony didn’t give up! The Interview will be shown at theaters willing to play it on Xmas day!” Sony confirmed the release with Sony CEO Michael Lynton saying in a statement, “We have never given up on releasing The Interview and we’re excited our movie will be in a number of theaters on Christmas Day.”


Sony initially pulled The Interview after hackers threatened 9/11-style attacks on movie theaters showing the film—a move that made it look as though a group of hackers could censor film content. President Barack Obama called the move a “mistake,” adding, “I would have told them do not get into a pattern in which you’re intimidated by these kinds of criminal attacks.”


Many called for Sony to release the film online, a plan that might still come to fruition: The Wrap is reporting that the studio plans to release the movie on VOD simultaneous with the (for now limited) theatrical release. So far, though, no other details about that release are available, but Lynton did say in his statement “we are continuing our efforts to secure more platforms and more theaters so that this movie reaches the largest possible audience.”


It’s unclear how many theaters will ultimately end up showing the movie, but a source told The New York Times Sony will probably be able to put together a limited release in a couple hundred small theaters. Since the announcement came in with such short notice, however, many theaters are simply unable to shift their schedules in time for Thursday: the Somerville Theater in Somerville, MA has confirmed, for example, that it will be screening the film the week of January 2.


Below is a list of theaters that have said they’ll be showing The Interview. We’ll update it as we hear more, but hit the comments and let us know if showtimes are announced at a theater near you—then let us know if you plan on going. And if you’re a theater owner or employee, use the hashtage #SeeTheInterview—we’ll be keeping an eye on that, and will be updating this list as we hear more.


1. Alamo Drafthouse, Theaters TBD


2. Plaza Theater, Atlanta


3. State Theater, Ann Arbor, Michigan



Mr. Know-It-All: Star Trek Teaches Us How Not to Confront Idiots With Loud Earbuds


Christoph Niemann


Earbud jackasses playing their music loud enough for the entire train drive me crazy. How do I tell them to turn it down without seeming like a jerk?


You’ve probably never heard of Kirk Thatcher. He grew up in the San Fernando Valley in the ’70s, the child of two loving upper-middle-class parents. Still, he was angry. And he fell into the punk scene—which seemed exciting and dangerous. “I was a bourgeois punk,” he says. “I never lived on the street or sniffed glue. I didn’t have anything to be angry about, so I could just be generally angry at everything.”


Thatcher turned out all right, though. He went to UCLA and eventually got into the movie business. In 1985 he was working on Star Trek IV (the one with the whales, where the Enterprise crew goes back in time to 1980s San Francisco) and saw an opportunity to contribute. You know that scene where Spock and Kirk are riding the bus over the Golden Gate Bridge and they ask the punk kid to turn down his music, and the punk kid flips them off, so Spock gives him a Vulcan neck pinch, and the punk kid collapses onto his boom box? Of course you do—everyone loves that scene. Well, one day Thatcher went to Leonard Nimoy, who was directing, and told him he wanted to play the punk. Nimoy thought it over for a week and finally agreed, so an enthusiastic Thatcher went and dyed his hair and shaved it into an outrageous orange Mohawk.


They shot the scene without any music, Thatcher clutching his boom box and just headbanging away to a metronome in his head. In postproduction, a problem arose: The studio didn’t have rights agreements with any punk bands and wanted to dub some Duran Duran—or some kind of pretty-boy synth pop-into the scene. Thatcher was alarmed. It wouldn’t make any sense! It was undermining his character! So he went to Nimoy again. I can write you a punk song, he said.


Thatcher reached back to his roots. He started writing, but it all came out different this time. He was at a new stage of his life, and the lyrics he wrote poked fun at the baseless agitation he’d felt as a teenager. His song was called “I Hate You.” It was ridiculous. It was really very silly. (“And I eschew you! And I say screw you! And I hope you’re blue too!”) Twenty years later, Thatcher still laughs when he says the lyrics out loud, especially the word eschew.


Thatcher seems like a fun and easygoing guy. He’s done other things in Hollywood, but for a lot of people that scene on the bus defines him. (“I could win the Nobel Peace Prize,” he says, “and my tombstone would say PUNK ON THE BUS.”) I ask him if he ever encounters people listening to their earbuds too loudly, and how he advises handling it. He does, but it’s not something that annoys him—if anything, it makes him happy. That’s right: Hearing other people’s obnoxiously loud music has become a delightful experience for Thatcher. Because as soon as he feels himself getting annoyed, he laughs at himself. After his iconic role in Star Trek IV, “I detect how ironic it would be for me to get upset or ask them to turn it down, or to have any other opinion than: ‘Right on, brother.’”


So here’s the thing: People who flood public transportation with their music are inconsiderate jerks. It is totally acceptable to ask them to turn that music down. But do it politely, OK? Your anger is justified, but try to be calm and polite and not carry that anger into the interaction. Thatcher has transcended his anger. You try too.



You Can See The Interview in These Theaters, Starting Thursday


A billboard for the film "The Interview" is displayed December 19, 2014 in Venice, California.

A billboard for the film The Interview is displayed December 19, 2014 in Venice, California. Christopher Polk/Getty Images



So, The Interview might not be completely shut out of theaters, after all. Following the announcement that Sony Pictures was cancelling the movie’s planned Christmas Day release amidst threats from hackers of attacks on establishments showing the film, the studio is reportedly allowing some theaters to screen it.


Earlier this morning, Tim League, founder of the Austin-based Alamo Drafthouse founder tweeted “Sony has authorized screenings of THE INTERVIEW on Christmas Day. We are making shows available within the hour. #Victory” (In a statement issued later, he also said, “Two days til Christmas, and I am proud to be an American.”) The Plaza Theater in Atlanta posted on Facebook that it would have the Seth Rogen and James Franco film playing on two screens Dec. 25 and would also be announcing screening times for Dec. 26 as well.


Soon after the theaters started making the announcements, Rogen himself took to Twitter to celebrate the decision, saying, “The people have spoken! Freedom has prevailed! Sony didn’t give up! The Interview will be shown at theaters willing to play it on Xmas day!” Sony confirmed the release with Sony CEO Michael Lynton saying in a statement, “We have never given up on releasing The Interview and we’re excited our movie will be in a number of theaters on Christmas Day.”


Sony initially pulled The Interview after hackers threatened 9/11-style attacks on movie theaters showing the film—a move that made it look as though a group of hackers could censor film content. President Barack Obama called the move a “mistake,” adding, “I would have told them do not get into a pattern in which you’re intimidated by these kinds of criminal attacks.”


Many called for Sony to release the film online, a plan that might still come to fruition: The Wrap is reporting that the studio plans to release the movie on VOD simultaneous with the (for now limited) theatrical release. So far, though, no other details about that release are available, but Lynton did say in his statement “we are continuing our efforts to secure more platforms and more theaters so that this movie reaches the largest possible audience.”


It’s unclear how many theaters will ultimately end up showing the movie, but a source told The New York Times Sony will probably be able to put together a limited release in a couple hundred small theaters. Since the announcement came in with such short notice, however, many theaters are simply unable to shift their schedules in time for Thursday: the Somerville Theater in Somerville, MA has confirmed, for example, that it will be screening the film the week of January 2.


Below is a list of theaters that have said they’ll be showing The Interview. We’ll update it as we hear more, but hit the comments and let us know if showtimes are announced at a theater near you—then let us know if you plan on going. And if you’re a theater owner or employee, use the hashtage #SeeTheInterview—we’ll be keeping an eye on that, and will be updating this list as we hear more.


1. Alamo Drafthouse, Theaters TBD


2. Plaza Theater, Atlanta



Experts Are Still Divided on Whether North Korea Is Behind Sony Attack


Security cameras stand across the street on Culver Boulevard from the Sony Pictures Studios' water tank in Culver City, Calif., Thursday, Dec. 18, 2014.

Security cameras stand across the street on Culver Boulevard from the Sony Pictures Studios’ water tank in Culver City, Calif., Thursday, Dec. 18, 2014. Damian Dovarganes/AP



The FBI announcement last week that it had uncovered evidence in the Sony hack pointing to North Korea appears to have settled the issue for a lot of people—in Washington, DC.


“As a result of our investigation,” the FBI announced, “and in close collaboration with other U.S. government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions.”


But many on the West Coast, and beyond, are still skeptical of the evidence and the FBI’s claims. The announcement, after all, comes a mere three weeks into the investigation, and reverses a statement FBI Director James Comey had made just the week before that investigators had found nothing so far to tie the hack to the North Korean government. “Before we attribute a particular action to a particular actor,” he said, “we like to sort the evidence in a very careful way to arrive at a level of confidence that we think justifies saying ‘Joe did it’ or ‘Sally did it,’ and we’re not at that point yet.”


The FBI attributed the Sony hack to North Korea in part because it shares some code and components with hacks that were conducted in South Korea in 2013, which some have attributed to North Korea. They also cite as evidence the fact that IP addresses associated with North Korea contacted some of the command-and-control servers the Sony hackers used to communicate with malware on the Sony machines. Skeptics criticized the evidence saying it was inconclusive and failed to make the FBI’s case. The agency, however, maintains that it has other evidence it can’t disclose, raising questions about whether signals intelligence collected by NSA surveillance might have been used. Separately, a private security firm with ties to the FBI says it has additional clues that point to North Korea.


Let’s unpack these details.


The U.S. Government’s Unprecedented Statement


The government’s statement pointing to North Korea is unprecedented, marking the first time a government agency has formally blamed another nation for a cyber attack. When Google was hacked in 2010 by a sophisticated adversary, it wasn’t the government that accused China, but Google. The most Secretary of State Hilary Clinton did publicly at the time was to ask China to explain the claims. When the government has pointed a finger directly at other nations for hacks, it has generally come from individual officials speaking to the press, not from a formal press statement—let alone the president.


This seems to suggest that the government must have other evidence—beyond the FBI’s disclosed circumstantial evidence—that North Korea was responsible for the hack. Otherwise, why would the president agree to announce on TV that North Korea was the culprit?


The Skeptics’ Point of View


Robert Graham, CEO of Errata Security, who has been a vocal skeptic of the government’s attribution, says he thinks the government is divided on the issue, but that certain parties forced a public statement.


“I don’t think the NSA is on board and I don’t think the entire FBI is on board, either,” he speculates. Rather, he thinks someone in a political position inside the FBI, not actual investigators, got hold of a report from Mandiant, the security firm hired to investigate Sony’s breach, which said that there were similarities to other attacks attributed to North Korea. These FBI insiders read this and “wanted it to be North Korea so much that they just threw away caution,” he suggests. The degree of attention focused on the Sony hack combined with “leaks” from anonymous government officials pointing the finger at North Korea made it a fait accompli that the administration would have to officially attribute the attack to North Korea. “There’s this whole group thing that happens, and once it becomes the message, it’s really hard to say no it’s not this,” Graham says.


He expects the Justice Department will eventually announce the arrest of hackers who acted independently of North Korea. Because President Obama’s statements about the hack have been mild—calling it cyber vandalism instead of cyber warfare, for instance—it won’t be hard for the administration to walk back from its initial claims. Graham goes further; he surmises that Obama’s tepid statements indicate there is no other NSA evidence. “If the NSA has evidence, he would be much more forceful in his response.”


The Believers’ POV


Steve Bellovin, however, believes the government does have classified intelligence, either through the NSA, U.S. Cyber Command or the CIA, and that such information more directly links the attack to North Korea. A well-respected professor of computer science at Columbia University, Bellovin also thinks much of the criticism by security researchers picking apart individual pieces of FBI evidence is off-base. He points to a Mandiant report last year about a hack from China that targeted the New York Times. In that investigation, Mandiant exposed a prolific group in China, believed to be state-backed, that was responsible for multiple attacks over a number of years, including the hack of the Times. “They built a profile over the years of what Chinese attacks look like,” he notes based on that experience. So when they see an attack that matches that profile, it’s easy to attribute it to the same group. Similarly, he thinks years of observing hacks believed to be connected to North Korea have helped Mandiant and others build a profile of North Korean hacks based not on one piece of evidence, but multiple.


Bellovin notes that reuse of code, infrastructure, and techniques—evidence the FBI cites in its attribution of North Korea—can indeed be used to link to attacks. That’s how malware researchers have always linked families of malware to one another as well as seemingly disparate attacks.


But he acknowledges that linking families of attacks to an identifiable actor or source is trickier. He points to a National Academies report from 2009, quoting a former Justice Department official on attribution in cyber attacks: “I have seen too many situations where government officials claimed a high degree of confidence as to the source, intent, and scope of an attack, and it turned out they were wrong on every aspect of it. That is, they were often wrong, but never in doubt.”


Indeed, in 2011 a leaked government memo claimed Russian hackers had remotely destroyed a water pump at an Illinois utility. The report spawned dozens of sensational news stories calling it the first reported destruction of U.S. infrastructure by a hacker. But within a week, DHS said it could find no evidence that a hack occurred. In truth, the water pump simply burned out, and a government-funded fusion center had hastily and incorrectly linked the failure to an internet connection from a Russian IP address months earlier.


The NSA’s Unseen Evidence


If the FBI does have unseen evidence collected by the NSA, it may have been collected in a manner laid out by Nicholas Weaver, a computer scientist at the International Computer Science Institute. Weaver has detailed how the NSA could track the Sony hackers, using various surveillance tools it has at its disposal.


Dmitri Alperovitch, co-founder and CTO of the security firm CrowdStrike, says there’s no question that North Korea is behind the Sony hack and asserts that the U.S. does have more evidence pointing to North Korea that it can’t release right now. Alperovitch may be in a position to know. CrowdStrike’s president and CSO, Shawn Henry, is former executive assistant director of the FBI. His company has been tracking the group behind attacks on South Korea for a number of years that they say were also done by North Korea.


The South Korea hacks go back to 2006 and were conducted by a group CrowdStrike calls Silent Chollima, named after a mythical flying horse and a political movement in North Korea. The group is also known alternatively by other researchers as WhoIs Team, IsOne and Hastati. The group is responsible for attacks known as DarkSeoul that in 2013 on the anniversary of the Korean War wiped data from a number of banks and media companies in South Korea. The same group has also been linked to DDoS attacks against targets in South Korea and espionage operations against U.S. and South Korean military targets.


“We believe Silent Chollima are North Korean actors, but we’re not specific whether it’s a military or intelligence unit,” Alperovitch says, noting that in the South Korea hacks the group specifically sought data that would be of strategic interest to the North Korean military.


The evidence again is largely circumstantial. Some of it involves keywords the attackers used to search for data on infected machines—keywords related to specific U.S. and South Korean military plans and exercises in the region. They include, he says: “Key Resolve Drill,” “OPLAN,” and “Artillery.” Key Resolve refers to an annual exercise conducted by U.S. and South Korean military. OPLAN refers to operational plans for the military.


“Who else would it be [but North Korea] that would hit both Sony over the movie and South Korea and U.S. military networks looking for that type of info?” he says.


He also says his team found malware samples used by Silent Chollima that contain words used only in North Korea. “There are some intricacies from North Korean language, some words are spelled differently, and the use of these words were an indication that these were North Korean actors,” he says. He wouldn’t provide examples of the words to WIRED, however, because he says the malware sample containing the words has not been publicly disclosed yet.


In the meantime, Symantec has said that a Trojan it discovered last August, called Volgmer, also has ties to the Sony hack in that it was programmed to communicate with one of the same command-and-control servers used by the Sony hackers. The Trojan is designed to open a backdoor onto infected systems to allow attackers to do reconnaissance and install additional malware. There’s no evidence at this point that the Sony hackers used Volgmer in their attack on the studio, but Symantec thinks it may have been used by the DarkSeoul hackers, since the sample of Volgmer they examined was designed to work only on machines using the Korean language.


The Motive Problem


While it may turn out that the South Korea attacks can be attributed to North Korea and that the Sony hackers are responsible for both sets of assaults, none of this explains the apparent disparity between the motive assigned to North Korea for the hack—over the film The Interview—and the motives the hackers themselves have given, which point to extortion.


In a message sent Nov. 30 from the email address used to leak Sony data, one of the apparent hackers wrote a reporter with IDG News that “Sony and Sony Pictures have made terrible racial discrimination and human rights violation, indiscriminate tyranny and restructuring in recent years. It has brought damage to a lot of people, some of whom are among us,” they wrote. “Nowadays Sony Pictures is about to prey on the weak with a plan of another indiscriminate restructuring for their own benefits. This became a decisive motive of our action. We required Sony Pictures to stop this and pay proper monetary compensation to the victims.”


The demand for monetary compensation echoed an email the attackers apparently sent to Sony executives Nov. 21, a few days before Sony employee computers were hijacked by the attackers.


Alperovitch, however, says none of this is inconsistent with the erratic behavior of North Korea. “You have to look at the fact that North Korea is very special. They do things other nations don’t do,” he says. “You can’t judge them by the stick you would other countries. They do engage in blackmail, extortion and money laundering to finance the regime. I don’t think it’s that out of character.”


Did the U.S. Knock North Korea Off the Internet?


As questions about North Korea’s role in the Sony hack continue to confound, North Korea’s four internet connections were knocked offline yesterday, cutting the country off digitally. Was this the “proportional response” President Obama had warned about, some wondered?


Doug Madory, director of internet analysis at Dyn Research, says it’s unlikely. Dyn Research has sensors placed at strategic points throughout the internet backbone to monitor connectivity in most parts of the world. Madory says the problems with North Korea’s networks occurred intermittently on Sunday before they went completely dark on Monday, which makes Madory think “some joker,” perhaps even a hacker in South Korea, is behind it and was adjusting his attack to increase its power until he knocked all four connections offline.


To suggest the outage was caused by the U.S. is an insult, he says. “This is a pretty clumsy way to take care of business,” he notes. “If this is a DDoS attack [from the U.S.] surely our tax payer money [could pay] for a better internet blackout.”


Others suggest China, which has grown angry and annoyed with North Korea’s antics over the years, was behind the outage. But Madory thinks if that were the case, the connectivity would have gone down completely on Sunday, instead of wavering a day before going dark.


“Any joker on the internet that knows how to conduct DDoS attacks can be behind this,” he says. “DDoS attacks happen as a matter of routine these days—and run a spectrum of sophistication. If [North Korean networks] are vulnerable, they can be knocked offline by some teenager in South Korea.”


Some media outlets called it a “massive” outage. But North Korea has just four networks, composed of about 1,000 IP addresses, that connect to the internet through a North Korean ISP and through China Unicom. “It’s a microscopic internet,” Madory says of North Korea’s connectivity. “The U.S has 150,000 routes [of internet connectivity], and South Korea is about 17,000 routes. North Korea is just 4 routes. They are the smallest they can possibly be….It has no role in the economy or life in North Korea.”


In fact it’s so insignificant that he says it would make no difference to the country to just ignore the outage and leave the networks down for six months.


North Korea’s internet outage is the least concern at this point, however. The mysteries behind Sony’s hack still linger and may never be fully resolved.



Apple-Microsoft Alliance Disarms Its Patent Warheads


After surviving the Nortel meltdown, Rockstar CEO John Veschi took control of about 4,000patents that once belonged to the telecommunications giant

After surviving the meltdown of telecommunications giant Nortel, John Veschi and his company, Rockstar, took control of about 4,000 Nortel patents purchased by Apple, Microsoft, Blackberry, Sony, and Ericcson.



The tech patent wars continue to cool.


Four years after purchasing a massive patent portfolio from bankrupt telecommunications giant Nortel—and moving about 4,000 of these patents into a company that proceeded to sue some of their biggest competitors—Apple, Microsoft, and other members of a controversial consortium called Rockstar have agreed to sell the 4,000 patents to a company that vows to use them solely as a way of protecting the industry from litigation.


The company is called RPX, and on Tuesday, it announced that, through a subsidiary, it has agreed to purchase the 4,000 Rockstar patents for $900 million. In 2011, the Rockstar consortium—which includes Sony, Ericsson, and Blackberry as well as Apple and Microsoft—acquired the Nortel portfolio at auction for an enormous $4.5 billion. But 2,000 of the patents in that original portfolio are still in the hands of the consortium’s member companies.


RPX has agreed to purchase the remaining patents, which were held by a separate company, dubbed Rockstar LLC. Run by former Nortel employee Jon Veschi, Rockstar LLC spent the last three years trying to “monetize” these patents, seeking licensing deals with companies it believed were infringing on the patents and eventually suing some big-name companies, including Google and Cisco. When we contacted Veschi about the deal with RPX, he referred us to an Apple spokeswoman, who declined to comment.


On the surface, the deal amounts to another armistice in the long, expensive, and rather-complex patent wars. Apple and Samsung have agreed to settle many of their patent suits against each other over various mobile technologies. Rockstar has already settled its suits against Google and others. And now it’s offloading all its patents—it’s reason for being. What’s more, these patents are going to an operation that seems to have built a successful business subverting the Rockstar business model. RPX controls a large patent portfolio that it licenses to companies such as Google and Cisco as a way of guarding them against litigation.


“This transaction represents a shift in mentality,” says RPX CEO John Amster.


Julie Samuels, a longtime patent watcher with the Electronic Frontier Foundation who is now the executive director of a think tank called Engine, says that the deal is indeed good news. “There has been a cooling off in the smart phone war,” she says. “The business model of using patents to make a boat load of money is not what it once was.” But she points out that the patent landscape can easily shift. Patents used for defense purposes can quickly become offensive. “It’s always troubling when one party controls that many patents,” she says, referring to RPX. “I don’t care who it is.”


Before starting RPX, Amster worked for another patent collector called Intellectual Ventures. Created by Microsoft co-founder Nathan Myrvold, Intellectual Ventures began by vowing to protect companies from litigation, but ended up suing many companies itself, and Amster has always said he left IV so that he could tackle the patent wars in a healthier way. “There is no bait and switch with us,” he says, pointing out that in licensing its patents to over 200 companies, it has legally agreed not to sue those companies.


When its deal with Rockstar closes, says RPX chief financial officer Bob Heath, RPX will end all litigation involving the 4,000 patents it has purchased, and it will seek to licenses the patents its existing customers, including Google and Cisco.



Google’s Self-Driving Car Hits Roads Next Month—Without a Wheel or Pedals


Google's latest self-driving car prototype has headlights, but no steering wheel or pedals.

Google’s latest self-driving car prototype has headlights, but no steering wheel or pedals. Google



The self-driving, goofy-looking car with no steering wheel or pedals that Google revealed in May is now “fully functional” and should start testing on public roads next month, the tech giant says. Over the past seven months, Google has made a series of prototypes, testing different aspects of the design, from steering and braking to the sensors and software that brings it all together. The result, it says, is “our first complete prototype for fully autonomous driving.”


In contrast to the gradual approach to autonomous driving advocated by automakers like Audi, Mercedes-Benz, and General Motors, Google is going for what it calls a “moonshot.” In the next five to 10 years, it plans to introduce a car that’s so over the idea of human drivers, it won’t even come with a steering wheel or pedals. That’s the vision of this prototype, which will first be tested on a closed track, then on public roads after the New Year. Operators will have “temporary manual controls” and be ready to take over in case something goes wrong.


The new version doesn’t look too different from the one we saw in May. It’s still roughly the size of a Smart car. It still looks like an egg with the face of a koala. The obvious differences are the addition of real headlights and the design of the LIDAR vision system, which now sits flush on the roof, instead of on roof-mounted supports.


We’re still disappointed that Google didn’t take this opportunity to create something … cooler. The advent of self-driving cars will wipe out many basic rules of automotive design. The most unquestionable standards, like forward-facing seats, mirrors, and foot-operated controls will no longer be necessary. Automakers can go nuts. But Google didn’t go nuts. It went kinda lame.


Google doesn’t plan on producing the car itself, once it comes time to go to market, project director Chris Urmson told the Wall Street Journal recently.


Here’s what the prototype revealed in May looked like:


Google is making a prototype of its self-driving car that isn't made to be operated by humans. Photo: Google

Google is making a prototype of its self-driving car that isn’t made to be operated by humans. Photo: Google Google




Angry Nerd: The Biggest Things That Happened to Superheroes in 2014


The past 12 months were a very busy time in the world of superheroes. Marvel ruled theaters, DC ruled your living room, studios announced huge line-ups of new films to come, and multiverses got more, well, multiverse-y. We even set up a few female superheroes to get in on the blockbuster action. Angry Nerd is here to run down the biggest superhero happenings of 2014.



What America Needs Now: One Heaping Helping of Apprenticeship, Hold ‘The Donald’


donaldtrump_660

gageskidmore/Flickr



If apprenticeship programs operated like the NBC show “The Apprentice,” it would be easy to understand why job seekers and employers aren’t clamoring for more apprenticeships. Fortunately, the show and the real-life workforce development approach are as different as night and day. While the TV show does require hard work, it also includes drama, backstabbing and shouting. Actual apprenticeships, on the other hand, are exactly what America needs more of.


A multitude of reasons — historic, structural and ingrained — have converged to create traditional ideas about apprenticeships in the US, which vary from those in Canada and Western Europe. England, with only a sixth of America’s population, has approximately five times the number of new registered apprentices each year. Even Canada, with approximately 10 percent of the population of the US, has more apprentices than in the States. In my discussions with key corporate, union, government and workforce leaders across the US, it is clear we are now experiencing a deliberate and thoughtful pivot towards apprenticeships. To that end, the Obama administration’s recent announcement of the $100 million American Apprenticeships Grant Competition is an important and symbolic step forward.


At present, I see three primary barriers related to apprenticeship in America. The first is financial. The US government is currently spending an average of $718 per apprentice, with the balance covered by employers, unions and industry groups. In contrast, Canadian apprenticeship is paid for largely by provincial governments and the public funds used can top 10 to 50 times this amount. The increased public investment is certainly a big part of the difference in apprenticeship adoption, but not all. While I am not advocating a shift to Canadian or European-style apprenticeship investment for the US, extra money always helps. That said, the historic lack of uptake in apprenticeships in the US is not only about money.


The second barrier is the limited viewpoint most Americans have about what jobs or industries are suitable for apprenticeship. The good news is that this simply requires a change in perspective. While apprenticeships are possible for many career areas, in the US the focus appears to be overwhelmingly on trades. Unfortunately, apprenticeships have become wrapped up in the ideological positions for or against organized labor. While organized labor has played a key role in apprenticeships through their use in qualifying for construction jobs, apprenticeships work well in both unionized and non-unionized careers and industries. In fact, the potential careers that can benefit from apprenticeships extend far beyond traditional building trades. Possible non-traditional areas include careers such as medical transcription, manufacturing, hospitality, IT support and even receptionist work.


Apprenticeship also suffers from inadequate technology investment – the third barrier. The lack of effective technology to implement, manage and streamline apprenticeship programs, in fact, is what drew me to this arena several years ago. Like so much in workforce development, simple but highly impactful technical solutions are waiting to be created. Momentum is perhaps the most valuable (and most lacking) commodity in the world of apprenticeships, and technology can play a role in creating it.


With an aging workforce, a slow economic recovery and many other workforce issues to contend with, some may be asking, “Why apprenticeships?” No doubt we have all read and heard about the skills gap and the different ways to address it. Here is where apprenticeships shine. They are a perfect remedy for the skills gap by their very nature. By design, there are fewer skills gaps in careers that use apprenticeships, because the jobs are already there, waiting for people and apprenticeship programs specifically target the skills that people need to perform well in those available jobs. Hence, there should be very little mismatch between job seekers and employers. Apprenticeships are “perfect skills gap busters.”


Of course, apprenticeship isn’t a flaw-free answer to workforce development. Apprenticeships require program set-up logistics, as well as more investments of time, money and energy on the part of sponsors. Some careers that employ the apprenticeship model suffer from low graduation rates. None of these problems are insurmountable and none of them should prevent organizations from considering this approach. That’s because research consistently shows that apprenticeships work. They provide specific, needed training, which leads to employability for actual jobs that need to be filled. They engender employee loyalty and increase productivity.


We are seeing innovative solutions throughout the US to help overcome the difficulties of expanding the apprenticeship model. Now that the Obama administration has provided 100 million incentives, more organizations are sure to start embracing the possibilities that apprenticeships offer. Donald Trump, eat your heart out.


Emad Rizkalla is founder and CEO of Bluedrop Performance Learning.