The Sony Pictures Entertainment hack refers to a breach of confidential data belonging to Sony Pictures Entertainment, a remarkable distressful occurrence that took place on November 24th, 2014 (Davis, 2014). The data flawed inclusive of personal information about Sony Pictures employees and their families. Others include e-mails between employees and information that entailed executive salaries of the company. In addition, copies of previously unreleased Sony films as well as other vital, classified information was breached and unlawfully accessed. The hackers went by the name the “Guardians of Peace” or “GOP”. They demanded the cancelation of the planned release of the film The Interview, a comedy about a plot to assassinate. The duration of the hack is unknown though evidence suggests that the intrusion had been occurring for more than a year, prior to its discovery in November 2011.
The United States intelligence officials having evaluating the software, techniques, and network sources used in the hack, alleged that the attack got sponsored by North Korea (Davis, 2014). North Korea has however denied all the charges and allegations and thus would not take responsibility. In fact, some Korean cyber-security experts went on to cast doubt on the evidence, alternatively proposing that the current or former Sony Pictures employees may have got involved in the hack (Davis, 2014). Sony became aware of the hack on Monday, the 24th of 2014. That was after the malware previously installed became vicious to the extent of rendering many Sony employees’ computers inoperable by the software. In addition, the software got tagged with the warning, such as ‘this is the beginning’. That got made by the Guardians of Peace, along with a portion of the confidential data taken during the hack (Davis, 2014).<*** class="wp-block-image">
How the Sony hack occurred
The hackers made use of a Trojan by the name “Wiper” during the hack as identified through the investigations by the FBI. The FBI identified this malware as Destover-C made by Sophos (Maurushat, 2013). It makes use of the Windows network file sharing system in order to propagate itself or modify network variables, and go on to shut down and reboot individual systems on the network. In that event, the dropper installs the Trojan and related files, many with names identical to critical Windows components as well as opening a network share for %SystemRoot%. Moreover, it has the capability of shutting down the Microsoft Exchange services, as well as render email inaccessible. In addition, the malware has ability to delete contents of a hard drive at the sector level, not at the file system level (Davis, 2014).
The method by which data got taken from Sony is still not immediately clear though the malware apparently had user credentials hardcoded. In the first place, the hackers used Trojans to track the data flow and identify a leaking point. This malware was of the kind that the FBI called “lines of code” and “data deletion” methods similar to malware. The computer-wiping software that got used against Sony also got utilized in a 2013 attack against news outlets and South Korean banks s, which the FBI attributed to North Korea. Having established the vulnerable points, GPO extended their way in and in no time took control of the data flow lines (Maurushat, 2013).
Flaws that in Sony that caused the ease to get hacked
Some of the skills that got used to develop such level of the hack can only get termed as enviable. The results of the analysis provide unprecedented disclosure into the inner workings of Sony Pictures, who leaked the confidential information of almost 4,000 present and past employees. As if the unlawful access to sensitive employee information was not troubling enough, the leak went on to reveal curious practices at Sony. Such included money orders used to purchase movie tickets that were apparently re-sold back to Sony staff. That means that fraud might have emanated from inside where an employer able to manipulate the system may have been paid to collaborate with the enemy. In establishing the plausibility of such involvement, it is seen that, Guardians of Peace made their contact information open for a brief time. Thus, the RBS researchers used that opportunity to contact to the group seeking comment and received the following response: I am the head of GOP, and I appreciate your calling of us. The data shall soon get there. If necessary, you can follow what we do on the following link.
A few days after the initial breach report got announced, four torrent links were published to torrent trackers that contained unreleased movies from Sony, obtained by GOP during the attack. These titles included Annie (December 19), Mr. Turner (December 19), and To Write Love On Her Arms (March 2015). According to several torrent tracking sites, these files have been downloaded over 100,000 times.Another thing that quoted as a cause of the flow can get attributed to the security issues of the Sony Company. The company, though has been claimed to have had an insider supporter of the hackers, suffers the shortage of security buffers. That can get attributed to the vulnerability of the company. It is said that Sony has faced a series of insecurity problems in the past (Shakarian et al.,2015).
However, this time the company should have been able to fight off the hack had it gotten installed with tighter screws of security covers. The hackers, even before their undertaking communicated their upcoming big move against Sony. The Guardians of Peace, with no hitch, announced they would be releasing a series of “Christmas Gifts,” the first of which was towards Sony Entertainment CEO Michael Lynton’s emails. That came at a time when the currently released files had added up to a little over 200GB of the reportedly 100TB stolen. That was 0.2%, of the information that hackers admit having stolen. So what’s next? That means that the hackers had already identified a keyhole with which they had extraordinary belief that the company would not identify or make an immediate move to survive the hook of GOP (Davis, 2014).
It is, however, noteworthy that the most valuable secrets Sony has are the ones they get best known for films of course, and which don not require a password: films. The online leaks of Annie, Fury, Still Alice and Mr. Turner and others, all characterize releases from items Sony had already approved screeners off. Taking a step back and looking at the sheer scale of what is at stake, one begins to realize one thing. Due to modern technology, servers, and dutiful workers, the majority of Sony’s theatrical releases in 2015 may either be completed or close to being subject to stealing. That is, in the same way, that the emails, films, and files were before (Maurushat, 2013).
Measures that could have been included to prevent the hack
Poor security practices on the part of Sony are not justifiable of the hack. Sony is just a victim! So it is true that one should not “blame the victim” for an attack performed by someone else (Pipkin, 2014). However, though attacks are inevitable, complaining that there are attackers does not eliminate them. Organizations, not exempting Sony need to step up to: ensure they have the capacity to prevent attacks from succeeding. Secondly, they should define ways to detect successful attacks or malicious attacks when they happen, and design methods to lessen the volume of damage when they are not prevented or detected in time. Below are a few simple steps that might have helped. It is noteworthy that, though some measures seem too obvious, even just the shorter critical subset identified is likely to have helped counter the attack or reduced its damage. Never mind a comprehensive set of controls (Shakarian et al.,2015).
Strong password-The first way to protect a system is to reduce its vulnerability through designing passwords. Here, the author is of the view that it could have been amicable to structure strong passwords for important tasks (like login) whenever passwords get used. A SOX audit found this problem in Sony Pictures years ago. Of concern is that the person who was in charge of leading their security crowed about this rather than fixing it. Computer systems should normally prevent setting bad passwords, and force users to use good ones (Pipkin, 2014). Second would have been the use of a multi-factor identification. This feature adds up the privilege of a computerized system in that the so placed passwords will not disappear anytime soon. That is because passwords in their nature are cheap and portable and some easy to ***** which implies that they are also easier to compromise Sony, for their important functions. They should have used multi-factor identification, say a smart card and a PIN to enrich the security power of their passwords (Pipkin, 2014).
hirdly, it could have been safer if Sony Pictures Entertainment would have kept their patches up-to-date. There are unsubstantiated claims that Sony Pictures did a poor job keeping patches up-to-date. It seems like Sony might not have put emphasis on simple tasks like running an email that may at a time be very plausible. Though there is no efficient evidence to justify that, in any case, keeping systems up-to-date is important for it makes systems harder to attack (Pipkin, 2014). A fourth way to stay relieved would have been through placing stronger protections for important data. It is a recommendation that the “crown jewels” should not be placed on the normal network at all. The isolated network appears to be better. In the event, that the data administrators cannot fully isolate the networks, it is advisable to isolate them to the maximal extent. Of more importance is to encrypt these crown jewels, both in motion and at rest, ensuring their passwords get not stored with them (Pipkin, 2014).
Maintain backups could also have played an extensive role too. Sony may have been doing this, but it is worth emphasizing. Finally, it would have been to place a working detection and response process in place. It would have gotten much better was monitoring Sony’s network. That would have made it harder to ex-filtrate over a terabyte of data without being detected due to a close examination of data flow. These administrators should have the know-how about what get expected, and be suspicious of the rest. All sorts of alarms for a suspicious activity should have gotten installed, and responses placed at the ready should something bad get detected. All these in conjunction with others should have helped Sony fight the hack (Pipkin, 2014).
Davies, N. (2014). Hack attack: The inside story of how truth caught up with Rupert Murdoch. New York: Faber & Faber, Inc.
Maurushat, A. (2013). A Disclosure of security vulnerabilities: Legal and ethical issues. London: Springer.
Pipkin, D. (2014). Halting the Hacker: A Practical guide to computer security. Upper Saddle River, N.J: The Prentice Hall PTR.
Shakarian, P., Shakarian, J., & Ruef, A. (2015). Introduction to cyber-warfare: A multidisciplinary approach. Amsterdam [Netherlands: Morgan Kaufmann Publishers, The imprint of Elsevier.