Wave Systems Corp. (fka WAVXQ)

[Genz2]

DOJ discloses government hack to expose reach of North Korean cyberattack

https://www.cnn.com/2019/01/30/politics/doj-north-korea-hack-operation/index.html


Washington (CNN) — FBI and Air Force investigators modified computer servers to collect information about a network of devices infected with a malware spread by North Korean hackers, the Justice Department announced Wednesday.

The operation, backed up by court orders and search warrants that enable the so-called government hacking, allowed law enforcement to map out the breadth of the network of infected devices, known as the Joanap botnet, and to notify victims in the US of the alleged North Korean cyberattack.

"This operation is another example of the Justice Department's efforts to use every tool at our disposal to disrupt national security threat actors, including, but by no means limited to, prosecution," said John Demers, the assistant attorney general in charge of the Justice Department's National Security Division, in a statement. "Through this operation, we are working to eradicate the threat that North Korea state hackers pose to the confidentiality, integrity, and availability of data."

Prosecutors have said that the North Korean hackers that propagated the malware were also behind the 2014 hack of Sony Pictures Entertainment.

Investigators first obtained search warrants and orders from a federal judge in June that allowed them to use FBI computers in California to mimic a server infected with the malware and communicate with real infected devices, known as peers.

"Computers within the network of computers infected by this North Korean malware ... will be prompted to communicate with FBI IPs, disclose their own lists of other known Peers, and pass addresses of the FBI IPs to other Peers in the network. This will allow the FBI to learn the Internet Protocol ('IP') addresses of the other Peers in the botnet, thus generating a map of the botnet," prosecutors explained in an application for a court order last year.

An amendment to the federal rule outlining the use of warrants passed in 2016 allows law enforcement to access information like this from remote servers that are associated with malicious conduct and whose locations are hidden.

Andrew Crocker, a senior staff attorney at the digital privacy advocacy group Electronic Frontier Foundation, said the Justice Department has used the new warrant rule to take down a botnet in the past, but said the techniques described in the warrant application appeared to be unique and "fairly sophisticated."


"The operation appears fairly sophisticated, describing the technical steps the government will take to ensure the computers it's accessing are actually infected, and trying to limit the type of data it collects in order to shut down the botnet and ultimately notify US users who are affected," Crocker said.

"With that said, these techniques are inherently invasive, both because of the possibility of unintended consequences and because the government is executing searches on many computers whose owners are not accused of any wrongdoing, but which have become infected," he said.
==================================================================
Botnets can be used to perform DDOS attacks, steal data, send spam and allow the attacker to access the device and its connection. If the organization's/government's network was using Wave ERAS where the devices as part of the network are known (with a TPM), DDOS attacks wouldn't work on the network since the botnet of devices are (unknown). Rogue attacks from the botnet wouldn't work either. Then all the trouble the FBI and Air Force are going through to resolve the issue would be unnecessary. The bad guys or DDOS wouldn't have been able to enter the network. Wave's solutions (ERAS in this case) sure seem to make so much more sense than a need to collect information and perform invasive searches about a botnet after the damage has been done. Wave should have a lot more business with the government given its outstanding solutions!
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpt:

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.