Technology

What Sony Data Hack Teaches Everyone

December 11, 2014 | By Editor 

Summary

It is quite natural to assume that Sony Pictures Entertainment was hit by a revenge-seeking hacking ring from North Korea, considering the history between the two States. But the truth is all companies are just as vulnerable as Sony.

Sony Data Hack

Is North Korea Really Involved?

For many, the idea that the North Korean government is behind the recent cyber attack on Sony Pictures Entertainment looks like a serious effort to promote the upcoming film, “The Interview.”The movie’s plot revolves around a plot to assassinate North Korea dictator Kim Jong Il by two bumbling journalists sent by the Central Intelligence Agency (CIA). Although it is just a movie, the North Korea ruler has apparently been annoyed by the lot.

Sony Pictures is the studio behind the movie and apparently is of the opinion that North Korea is indeed behind the attack in November 2014. The breach took down the firm’s computer systems during Thanksgiving holiday period. However, there are other claims from a group called the “Guardians of Peace (GOP).”

In any case, the breach on the firm not only took Sony Pictures offline, the hackers also erased information and leaked Sony movies, some unreleased, on the Web. However, nobody is exactly sure whether North Korea was really behind the attack, as alleged by the firm. Nobody knows if GOP had anything to do with the actual attack.

Or whether it is a North Korean front organization or if it is simply a bunch of enthusiastic hackers claiming credit for a hack they did not do. Further, complicating matters, nobody knows exactly how the hackers gained access, albeit there are handful of theories.

Who Could Have Done it?

  • This is the situation in which someone did something they were not supposed to do.
  • The identity of the attacker/attackers may never be known, but the truth is Sony Pictures has a very long list of employees and contractors.Any one of them could have made a fundamental security mistake or may have failed to bolster up their security enough.
  • Or perhaps Sony Pictures Entertainment simply did not provide adequate training to its employees.Further, the attack may have resulted from a single point of failure here.
  • For example, a dissatisfied staff with administrative access could have hacked the security on Sony’s network, in an attempt to post some free movies.
  • Breaching a strong security system that guarded the unreleased movies was probably sufficient to gain entry to the recesses of the network where the firm stored its more sensitive data. But even if hackers gained access to the servers that contained the movies, how was it possible that the criminals got access to everything else from HRD to payroll to the mail server?
  • Well, it is possible that Sony may have had lagged in internal security. But considering that the firm has just recuperated from an earlier huge breach to it gaming, we hope that was not the case.

What Could Have Happened?

  • Security researchers think that several people probably received a malware-loaded document containing the flaw. That would mean at least one person in each of the relevant divisions received an email or visited a site that contained the exploit and ran it. Again, that leads us back to the issue of inadequate training.
  • Security firms are conducting a study on the malware to see how its functions and from where it came.
  • According to them, the malware was unique in its design intended to cause operational damage to Sony Pictures and there was nothing in it designed to steal financial data, the usual motive for a malware. This exploit was to cause just pure damage and it’s only target was Sony Pictures. Experts say they have not seen this type of malware infection for a long time.
  • Most malware today is designed specifically for financial gain and that hackers avoid causing serious damage so they can collect information for a longer time. The more unsettling fact is that there are many closely related malware in the wild.
  • That would mean either the malware writers of this exploits are expanding their horizons or other malware distributors are altering the malware for new, more sinister purposes.
  • Experts also wonder about one other characteristic of this attack that is giving them a pause. They wonder how is it possible that several terabytes of data could have been siphoned from Sony’s network without anyone in the firm noticing? So far, there is nothing to indicate the malware had any ability that would explain this glitch.
  • There is another option, as well. Perhaps the cyberattack on Sony Pictures, the theft of movies and personal information were independent operations. It could be that the breach exposed Sony Pictures network to the world, allowing other hackers to feast on the remains.

After all, like every large firm, Sony Pictures Entertainment must have been constantly attacked by cybercriminals who in earlier instances never got past the firewalls and the breach just brought those barriers down.

If so, then the FBI need not hunt for one high-profile super-hacker, but rather a single hacker who targeted Sony, followed by a group of other hackers who got lucky. The Sony hack speaks more strongly about the reasons why a network should be highly compartmentalized. It is the only way to keep chance hackers out.

ssl certificate

Posted in Technology

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory