Go to source
Can we bring the discussion of the Sony hack back to earth?
- Advertisement -
It's a hack.
Somebody hacked into the Sony Pictures Entertainment computer network in Hollywood, and released to the public a treasure trove of confidential information. Everything from embarrassing emails to forthcoming movie scripts was dumped out in public. This is an embarrassment for an international (Japanese-American) media corporation and a bunch of celebrities. It may be a violation of intellectual property rights, and personal privacy rights, and common courtesy. It may be condemnable on any of those grounds. But it is not "terrorism" or "cyberwar." It's a hack.
It is, furthermore, a rather ordinary and foreseeable kind of hack, despite the Sony cybersecurity guy's insistence
that: "This attack is unprecedented in nature. "an unparalleled and well planned crime, carried out by an organized group, for which neither [Sony Pictures Entertainment] nor other companies could have been fully prepared," To which one security expert, known as "The Grugq," says
: "Bullshit." Malware for such attacks can be purchased on the Internet. A similar attack struck 30,000 computers at Aramco in Saudi Arabia and at banks and media companies in South Korea.
In fact, Sony itself had been hacked in 2011, forced to shut down its Online Entertainment and PlayStation Networks for weeks. In a previous security audit, Jason Spaltro, Sony's Executive Director of Information Security, was warned about the company's cyber vulnerabilities, with an emphasis on its lax password practices (simple nouns, passed around in plaintext documents), with the blunt admonition: "If you were a bank, you'd be out of business." To which Spaltro replied: "If a bank was a Hollywood studio, it would be out of business."
Nice comeback line for a sitcom character, Jason. For a bank, a studio, or any other kind of business, not so much. Spaltro went on, digging himself further into the hole of classic myopic accountancy: "it's a valid business decision to accept the risk [of a security breach]."I will not invest $10 million to avoid a possible $1 million loss." [No, it's not a line from a screen play, but it's gonna be. I can't make this stuff up.]
So, as one independent security researcher points out , Sony's goal "is to save face, to their investors, to their employees, to their partners. To protect their image, they need this to be an unpreventable, incredibly sophisticated attack." By way of covering its own ass, it's in Sony's interest to make this into the work of an international evil genius, against whose wiles no mere mortal international media-technology conglomerate could possibly have defended itself. It's not in our interest to buy this crock.
Now it's true that, like any other hack, this is an event of cyber consequence. It highlights the vulnerability of all the sensitive information that is now automatically and casually stored in cyberspace. It underlines the need for every organization and individual who wants to protect their private data to take much more seriously the need for a strict security and cryptographic protocols. This is, indeed, a new and permanent problem of the cyber world in which we all live, and on which we all depend. This hack demonstrates that Sony Pictures, like many other businesses, did not take that problem seriously enough. Still, in this regard, there is nothing here that is "unprecedented" or "unparalleled," and certainly nothing that has anything to do with "national security," or "terrorism" or "warfare" of any kind.
It's extortion. It's sabotage. It's extortion and it's sabotage.
Here's where the story develops from run-of-the-mill cyber criminality into something more nefarious, of greater public interest, and having really nothing to do with the cybersphere.
These hackers are not whistleblowers motivated by their civic duty to expose important information of political consequence to the public. Here (from Mashable
) is the first email, sent on November 21st
to Amy Pascal, Chairman of Sony Pictures Entertainment Motion Pictures Group, which she apparently neglected to read:
We've got great damage by Sony Pictures.
The compensation for it, monetary compensation we want.
Pay the damage, or Sony Pictures will be bombarded as a whole.
You know us very well.
We never wait long.
You'd better behave wisely.
At this point, it seems a relatively simple hold-up: Somebody feels that Sony pictures did them wrong, and they're going to make the company pay--in money. Someone the company "knows very well." ("Bombard" does not read as referring to actual explosives.)
Sounds like Sony is about to get hit with a ransomware or blackmail attack like that which forced Nokia to pay millions of euros to protect the source code of its mobile operating system--with the twist that these guys seem to have a personal grudge against Sony. This would be specifically a cyber-blackmail. But no ransom amount is specified.
At any rate, there is not a word in here about The Interview or any other movie, no hint of a demand beyond money, and absolutely nothing to suggest this has anything to do with North Korea or its government. Indeed, the hackers' self-identification as "God'sApstls" argues quite strongly against any such connection.
Here's the hackers' next message, which popped up on Sony computer screens on November 24th:
Hacked By #GOP
We've already warned you, and this is just a beginning.
We continue till our request be met.
Next Page 1 | 2 | 3
|The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.