Most Recent Posts

There are global underground markets where anyone can buy and sell all the malicious code for an attack like the one North Korea is accused of unleashing on Sony Pictures.

These underground markets not only make it more difficult to trace who is responsible for any given hack — they also make launching a sophisticated attack against a global company much easier.

Marc Rogers, a principle researcher at the computer security company, CloudFlare, has been tracking the attack on Sony for weeks and analyzing the code the hackers used.

“ "The malware world is really incestuous. You have got people who share source code, who borrow things like hacking tools, or even commercial pieces of software."

- Marc Rogers

"This is Windows malware. It's fairly sophisticated, it's very complex, and it's modular," Rogers says. "It's made up of lots of different bits."

The attackers took one piece of code from one place, one piece of code from another and snapped it together like a Lego set. Some of this code is malicious, and some is legitimate.

Now the FBI believes that the attack was carried out by North Korea because some of those bits of nasty code have been used by North Korean hackers in the past. But Rogers isn't completely convinced.

"The malware world is really incestuous," Rogers says. "You have got people who share source code, who borrow things like hacking tools, or even commercial pieces of software."

The Exploit Market

There is a global market for hacking tools. Hackers who trade here can build their own unique attacks by snapping together parts that other groups developed. Rogers says he knows Russians who will sell a complete attack right off the shelf.

"They will sell it to you with a subscription," he says. "When the malware is identified successfully by antivirus, they'll update it for you."

It's software as a service, but for thieves. And it's not just criminals who are buying and selling computer attacks on these gray markets.

The Two-Way

Obama Calls North Korean Hack 'Cybervandalism'

"Typically the U.S. government pays out higher than anyone else," says Chace Shultz, a computer researcher.

Movies

Hollywood Pros Fear A Chilling Effect After Sony Bows To Hackers

All Tech Considered

Is Sony Hack Really 'The Worst' In U.S. History, As CEO Claims?

Researchers like Shultz spend their days searching for ways to make computers do things they were not designed to do. They're looking for ways to pick the digital locks that are intended to keep all of our machines safe. When they find a key for a lock, they can sell it.

"If they were to sell that to another government or that type of thing, they could potentially sell that for hundreds or tens of thousands of dollars," Shultz says.

But he and others say most researchers and hackers don't sell directly to government agencies. Instead they usually sell their attacks to a small global network of global brokers.

In a sense, these brokers are the arms dealers of the digital age. They act as go-betweens — connecting researchers and hackers with buyers, governments and organizations searching for back doors into computer networks.

"You can take an exploit to one of these people, and they will go forth on your behalf," Shultz says.

An exploit is like the key to a digital lock and selling these things can be a lucrative business. But Shultz says it is also ethically dicey.

"The other thing I have to wonder too with some of these brokers is — are they double selling?" he asks.

And Shultz says after you sell a computer vulnerability on the gray market, you can never be sure exactly how it will be used or where it will end up.

sony hack

cyberattacks

malware

cybersecurity

North Korea

Sony

Herman Travis, 55, lives in Holly Courts, a low-income housing complex in San Francisco.

Every Tuesday, Travis fills a shopping cart with groceries from a local food bank and makes home deliveries to his elderly and disabled neighbors. He started doing it in 2007 and says when he first started, people were skeptical.

"When I first started doing it. People was cautious. They didn't let me in their house, but after they got to really know me they would just be happy to see me," says Travis.

Robert Cochran, a neighbor of Travis who receives deliveries from him, says he loves the joy Travis gets out of making his rounds.

"I sometimes sit back and watch you," he told Travis. "And I seen the way you handle yourself with the residents. They know they treated with respect when they see you coming. And there are people in other complexes that have been trying to steal Herman for years ... to pay him to come and deliver their food for them. "

Cochran says it's the little things Travis does that make him such a good friend.

And it doesn't look like Herman Travis will stop delivering groceries any time soon.

"I'm doing something that people really need. And that makes me feel really good. So long as I have breath in my body I'm going to continue doing it. I sleep good at night," says Travis.

Produced for Morning Edition by Jasmyn Belcher Morris.

StoryCorps is a national nonprofit that gives people the chance to interview friends and loved ones about their lives. These conversations are archived at the American Folklife Center at the Library of Congress, allowing participants to leave a legacy for future generations. Learn more, including how to interview someone in your life, at StoryCorps.org.

Housing

Food

Kevin Counihan and Michael Cannon look at the Affordable Care Act and see very different things.

Cannon is part of the brain trust behind a Supreme Court case that could result in the repeal of a part of the exchanges he says is illegal.

Counihan's job is to make the exchanges work.

Shots - Health News

Obamacare Sign-Ups Show Wide Variation By State, Ethnicity

Millions of people got insurance through the exchanges since they went into operation in October of 2013 (millions also got coverage through Medicaid). But the year ended with doubt. Republicans, largely opposed to the Affordable Care Act, won both houses of Congress, and the U.S. Supreme Court said it will hear a case that could derail the exchanges altogether.

Counihan

Kevin Counihan began 2014 running Connecticut's health exchange, one of the most successful state. He was tapped in August to leave Connecticut and run the federal insurance marketplace, HealthCare.gov. He says that serving consumers is a top priority. The good news for him is that bar is pretty low. At its launch in 2013, HealthCare.gov began by failing. Now, things are looking up.

Shots - Health News

HealthCare.gov Recruits Leader Of Successful Connecticut Effort

"A year ago, when somebody would come on HealthCare.gov they would have to walk through 76 screens in order to complete their application. That's been reduced now to 16," says Counihan.

He points to other successes, too. There are more insurers in the marketplace. People renewing could have a fairly easy time of it, since their applications have 90 percent of their information already entered. And millions of people got in touch before Dec. 15, which was the deadline for those who wanted coverage beginning Jan. 1, 2015.

"We had an extraordinary weekend," says Counihan, referring to Dec. 13 and 14. Call centers fielded 1.6 million calls, he said with over 1 million calls on Dec. 15. "And the next day, that Tuesday, the 16th, at our morning stand-up meeting, the first thing we asked was, 'What are the service issues?' No consumers had called in with service issues," he says.

Counihan says he hasn't had time to worry about the broader existential threats to the Affordable Care Act. He's just focused on making it run.

"The basic premise is that having more people insured than fewer is better for both the people and the country because it provides the best way to improve people's lives and also to better control health care costs," he says. "I think it could be described really as probably the most significant social program in 50 years — since the creation of Medicare and Medicaid."

Cannon

That's one way of looking at it. Here's another, from Cannon: "It's amazing what you can accomplish when you're willing to break the law."

Shots - Health News

If Supreme Court Strikes Federal Exchange Subsidies, Health Law Could Unravel

Cannon is the director of health policy studies at the libertarian Cato Institute and has long opposed the Affordable Care Act.

As he sees it, the Obamacare train may be running on time, but it never should have left the station to begin with. He says the subsidies are only meant for state-based exchanges. Meaning, the subsidies the government is paying to consumers who buy their insurance through HealthCare.gov are not in the law. By paying those subsidies, he says, Obama is breaking that law.

Cannon concedes that millions of people have gotten subsidies. And there's no avoiding the fact that the exchanges are up and running, and there are more insurers in the market creating competition. But he says it's all flawed.

"None of this would have happened if not for those illegal subsidies the president is offering in the 36 states with federal exchanges. There would be no exchanges, there would be no competition, there would be no insurers participating. None of this would have happened if the president were following the law. There would be no successes if the president had followed the law."

Cannon has spent the last few years arguing that the subsidies are a problem. Soon the Supreme Court will hear the case.

"By mid 2015, the Supreme Court could rule that the administration has been breaking the law and, at that point, some five million people who the administration has enrolled in health insurance through HealthCare.gov will see their premiums quadruple, see their tax liabilities increase by thousands, they could see their plans disappear," he says.

While that may be disruptive, Cannon says it wouldn't be nearly as bad as letting the subsidies continue. That, he says, would give Obama and all future presidents permission to govern beyond the limits of the law.

But Cannon cautions against getting too caught up in how the justices will rule. Even if Obama wins the legal argument, with Republicans in charge of Congress, the political fights will continue.

This story is part of a reporting partnership with NPR, WNPR and Kaiser Health News.

Cato Institute

Affordable Care Act

Health Insurance

Supreme Court

The daily lowdown on books, publishing and the occasional author behaving badly.

Lately, state governments have been waxing poetic. Showing their more aesthetic side, North Carolina has named its new state poet laureate, while both Ohio and Massachusetts are moving forward with plans to establish similar posts at home.

In an announcement Monday, North Carolina Gov. Pat McCrory appointed Shelby Stephenson to the role of poet laureate. The decision was greeted with cheers from many in the state's literary community, including poet Anthony Abbott, who told the Charlotte Observer that the former professor at the University of North Carolina, Pembroke, is "the earth, a true North Carolinian, a wonderful poet and a splendid human being."

The joy stands in stark contrast to the furor that followed McCrory's last appointment, Valerie Macon, whose tenure in July lasted just six days amid criticism that the governor failed to follow the standard selection process. Macon is a state disability examiner, who critics said lacked significant literary bona fides.

North Carolina's not the only state with poetry on its mind. Ohio Gov. John Kasich signed a bill Friday that established a state poet laureate of its own, according to the Associated Press. The newly minted law "would allow the governor to select the poet laureate from a list developed by the Ohio Arts Council" — a selection that will take effect when the post opens its inaugural term on Jan. 1, 2016.

Just a few steps behind these states, Massachusetts has a bill in the works to establish a poet laureate, too. In a blog for the Library of Congress, Peter Armenti notes that if Massachusetts passes the bill, the state will join a long list of states that now feature the position — a list Armenti compiles here.

B&N Now Sole Owner Of The Nook: On the heels of its agreement to buy out Microsoft's ownership stake in the e-reader Nook, Barnes & Noble has struck a similar deal with the publisher, Pearson. Publishers Weekly reports that the mega-bookseller has agreed to purchase Pearson's share of Nook Media for a price of $13.7 million, as well as some 600,000 shares of common stock in Barnes & Noble. The deal, which ends Person's 5 percent stake in the Nook, reportedly gives Barnes & Noble full ownership over the struggling device.

Lit Mags (Should) Live: The life span of a new literary journal isn't likely to be a long one; in fact, a pessimistic prognosis might even place it next to that of a fruit fly. But Peter Kispert argues, "ignoring or excluding the newest efforts is foolish: these are valuable and needed additions to the literary scene — reminders of work yet to be done and news of the great work to come." At Ploughshares, Kispert draws together some new magazines worthy of attention — and even, hopefully, long and healthy lives.

Note: Book News will be taking a brief break for the holiday. But don't fear for a lonely Boxing Day: The column will be back on Friday.

Book News

books