Hacking Of Sony …. Just Another Reminder

Tis the seasthon to be hacked. As the Holidays have fallen upon, The Art Of Hacking has not taking leave. Sony Pictures reported on November 24th , Hackers intruded its computer networks and shared thousands of financial and personal documents and emails revealing the gargantuan film studios inner most secrets. The attack knocked out Sony Pictures Entertainment’s entire computer network, with staff reduced to working off white boards because PC’s and laptops were rendered useless. Most of the revelations were mostly interesting, some invaded privacy, others could damage individual reputations. Medical history, pending movie details, Social Security Numbers, HR information, salaries, not to mention a plethora of trivial and nontrivial information.

Sony Pictures’ computer system went down on Monday. Before screens went dark, they displayed a red skull and the phrase ‘Hacked By #GOP,’ which reportedly stands for Guardians of Peace, the Los Angeles Times said.
The hackers also warned they would release ‘secrets’ stolen from the Sony servers, the Times reported. According to one insider who spoke to industry website, TheWrap, “Every PC in the company is useless and all of the content files have either been stolen or destroyed or locked away.” No demands have been issued by the hackers but a Reddit thread outlined the data allegedly mined by the Guardians of Peace. This includes A-list actors’ passports, their bank details, salaries for film appearances, their password information and also email correspondences.

Also on Monday evening, the F.B.I. issued a confidential five-page flash warning to security administrators at American corporations about a recently discovered form of destructive malware. The F.B.I. did not name Sony in the warning, which was obtained by The New York Times, but said that the malware was written in Korean and was “destructive” in nature. It commands a computer to sleep for two hours, after which the computer is shut down, rebooted and directed to start wiping all of its files, the agency said.

So as some of us will find this entertaining and amusing (cheaper than buying Hollywood Gossip), this episode is growing to become one of the most serious cyber breaches in corporate history. It will certainly change the way people communicate with each other.

So how does this exploit affect you directly? In every way. It’s just another reminder that every person, every business, everywhere, is vulnerable. Although there is not yet a “100% Guaranteed Never-To-Be-Penetrated” solution available, you can still implement safeguards. Expecting that your data is safe and “it will never happen to me” mentality is not only dangerous, but could cost you your business. Could your business function without its financial information? Internal emails about business strategies and competitors, in the wrong hands, could devastate your market edge. What about “personal information” about employees? Nothing like a lawsuit to ruin one’s profitability and trustworthiness of your associates and accounts. It’s only going to get worse before it gets better.

What can you do to help prevent this?

• Follow forums – Stay aware of the latest methods being used.
• Change default passwords – It is extremely unwise to use built-in passwords on software.
• Identify entry points – Consult with Security experts who have taken special network training to perform this task successfully.
• Perform attack and penetration tests – By running the attack and penetration tests, you can identify those vulnerable points in the network that can be easily accessed from both external and internal users.
• Create user-awareness campaigns – All possible steps must be taken to make all the users of the network aware of the pitfalls of security and the necessary security practices to minimize these risks.
• Configure firewalls – A firewall if not configured properly can act like an open door for any intruder. From time to time proper analysis of the composition and nature of the traffic itself is also necessary to maintain security.
• Implement user password policies – Use strong password policies by having passwords of seven characters which are of secure length and relatively easy to remember. Passwords must be changed in every 60 days. The password should also be made up of both alpha and numeric characters to make it more unique.
• If you create websites, remove comments in website source code – Comments used in source code may contain indirect information that can help to crack the site, sometimes even usernames and passwords. All the comments in source code that look inaccessible to external users should also be removed as there are some techniques to view the source code of nearly all web applications.
• Install anti-virus software – Both intrusion detection systems and anti-virus software must be updated regularly and if possible on a daily basis. The updated version of anti-virus software is necessary as it helps in detecting even the latest virus.

In the IT service industry, most of these recommendations are common sense and no brainers. But in the business world, they may not be your interest or level of understanding. Just as you would hire an attorney for legal advice, and accountant for financial advice, you should hire a IT consulting company for your security needs. But then again, it’s just your data at risk.

This entry was posted in Uncategorized. Bookmark the permalink.

Comments are closed.