Jump to content

Hacking: The Interview movie and Sony Pictures


Recommended Posts

The criminal hacking of Sony International Pictures that has occurred the past few weeks has now evolved. By stealing and then releasing the emails and personnel information of Sony employees these hackers have shown a despicable respect for the private affairs of the employees. The FBI is on the move to discover who these people are.

And now we have a further threat against any theater that might show this film, elevating the hack into a threat of terrorism. It now seems that the major theater chains across the country have cancelled any showing of this film. They are probably getting pressure from insurance companies who would have to pay out huge sums of money if some terroristic event should occur.

But now this hack and the messages of terror have frightened away the public who in this day and age will jump if someone says boo. With the full weight of the federal government now in on this investigation we can hope the source of these threats will quickly be discovered.

It is unreasonable to think that North Korea would be behind these threats, but then that nation is known for its absurd reaction to world events. That absurdity is only made clearer by the fact that the North Korean government is dependent on other nations for their existence. The people of that country suffer hunger and slavery while the ruling class plays video games and drinks expensive western liquor.

Twice in this past year the leadership of North Korea has threatened to unleash nuclear weapons on the United States over some slight to their national ego. The plot of The Interview movie is a humorous look at the assassination of Kim Jong Un, the current leader, by two bumbling CIA recruits. The film is probably about as ridiculous as the target of this killing, but it has cost Sony millions to produce.

The hackers will eventually be discovered and that will begin the cycle of criminal prosecution and civil lawsuits. Sony deserves to recoup their loss and one of the defendants in any courtroom should be the media outlets who have passed along the contents of these hacks.

We have all seen the intellectual property warnings posted at the beginnings of any DVD of a film and how the FBI will prosecute any individual who copies these materials. The hackers have stolen Sony's intellectual property on a grand scale and deserve to be treated as major felons once they are discovered.

If North Korea is revealed as the source of the hack then they need to pay the ultimate price. No, I am not suggesting we nuke them since they may very easily do that to themselves. But severing all levels of contact to the internet would be a good start. Let them launch their own satellites which I understand our new laser technology has the promise of killing.

At some point the lunatic running that country will do something so objectionable I think the United States and South Korea will have no choice but to respond in force. Then we will all wish that the plot of this silly Hollywood film could come true. But who knows, we won't be seeing the film until it comes out on DVD or gets released in an internet stream.

Link to comment

The threats from the hackers include threats against the families of the theater owners and functionaries who work at Sony. I really do hope they are found out, but I heard an interview today saying the hackers were inside the Sony system for probaby a year before they were discovered. How many back doors, misdirections and booby traps could they have with implanted in all that time? I doubt they'll be easy to find.

C

Link to comment

This hack attack is largely Sony's fault. They failed to implement adequate security measures in their systems with strong passwords with limits to what can be accessed, two-stage authentication, and secure servers not unlike what Google has (and Apple doesn't have). These security measure are expensive. But if Intervention is never released to theaters Sony will fail to recoup their investment. Spending the money up front would have eliminated the embarrassment, the threats to Sony employees, the company's relationship with theater chains, the actors and staff who worked on this movie and are being threatened, and who know what else the hackers might have downloaded and installed on Sony's many servers. What other scripts will be released? What other threats will be forthcoming?

Everything Sony has is on servers. That includes their films and TV shows, and their game systems, their cameras, their professional video equipment, all of it is on their servers. In my opinion, only fiscal incompetence would cause a company to fail to adequately protect their assets.

Colin :icon_geek:

Link to comment

A couple of years ago, Sony got hacked. I'm pretty sure it had something to do with playstation online services, including credit card data.

The security guy at the time basically defended Sony's security practices by saying that the cost of being hacked would be less than the cost to implement proper security, so there were no plans to overhaul the security strategy as a result of the hack.

He's the security guy they have now. I wonder if he's learned anything.

Link to comment

A couple of years ago, Sony got hacked. I'm pretty sure it had something to do with playstation online services, including credit card data.

The security guy at the time basically defended Sony's security practices by saying that the cost of being hacked would be less than the cost to implement proper security, so there were no plans to overhaul the security strategy as a result of the hack.

He's the security guy they have now. I wonder if he's learned anything.

I wonder if he's been fired. If not it's a "should be" and ASAP!

Colin :icon_geek:

Link to comment

I don't know about anyone else, but the little I have learned about the actual content of the movie "The Interview" has made it clear to me that I would not have been interested in seeing it. I can only take Seth Rogen in small, widely spaced doses. I suspect this movie would probably have come out and done very modest business, then disappeared from view soon after.

As a result of the hacking, however, we now have a brilliant demonstration of the "Streisand Effect," where efforts to suppress something backfire by bringing far more attention to the item than it would originally have garnered. And North Korea is now front and center as an object of international opprobrium.

R

Link to comment

I've fought this battle before.

When you try to get money to implement IT security, the financial guys don't get it. They think you are empire building and will only pay a bare minimum.

If you try to hire a specialist, they tell you that's your job (IT or Network Management).

In fact it's so specialized, that most IT and Network people really don't have the skill set.

With the ever changing nature of the threat, you have to be a specialist and you have to stay up to date on a daily basis.

Link to comment

The company within Sony that suffered the hack is Sony Pictures Entertainment. Their CIO is Steve Andujar. He has been in that position since 2010.

He does not play a financial role. He is a peer to the CFO and to the CTO, reporting directly to their CEO.

The finance guy didn't wave off cyber security. The CIO did.

Link to comment

I don't imagine there is any company that can muster the resources of a nation-state like North Korea, and so it seems the experts are rightly concerned:

http://www.msn.com/en-us/news/technology/for-north-koreas-cyber-army-long-term-target-may-be-telecoms-utility-grids/ar-BBgZdRz?ocid=LENDHP

Should something like this be a training exercise for the cyber forces of a totalitarian state then we are in for some difficult times ahead. I can't imagine what they are thinking when they do something like this but an attack on the Infrastructure of the U.S. would require retaliation and we have never been known to do that gently. Let's hope that NK thinks really, really hard before they get annihilated.

Link to comment

Chris: I completely agree with you.

I work in IT. I configure and install firewalls, participate in penetration testing (making sure those firewalls are set up properly by attempting to hack them, etc), and other security-related work.

I can assure you that the Chinese (and the Russians) are actively engaged in a constant and relentless attack on the West's IT infrastructure. I have firewall logs that have thousands and thousands of attempts to penetrate our firewalls. The ip addresses of the machines attempting to breach the firewalls and retrieve passwords and open ports can usually be traced to Chinese and Russian Internet service providers. Microsoft's media campaign to get people to stop using windows XP and Internet explorer 6 are a big part of mitigating these attacks...because most of the malware and virus creators are from those countries, and the machines that are infected with a bot can be used to attack and deny service to companies and government agencies. And often are.

The bad news is that Sony is one of the first open and publicized attacks. Publishing all the data is terrible, but it highlights the issue very well.

People need to take passwords and their use, and keep in mind where and how their data is stored, very seriously. Not even your corporate network is safe (actually corporate networks are often LESS safe than home machines because your data is not considered private on a corporate network).

Link to comment

Chris and Hoskins, I agree with both of you. I work for a computer consulting company. We had a client that had a small legal department. The head of that department, a lawyer, refused to use a login password. He also refused to allow the data files on his laptop to be encrypted. We explained that protecting his data, especially his email messages, was the only way to keep confidential company business confidential in case his laptop was stolen or someone gained access to his email account which was stored on a commercial email service. The only thing that protected his email was that service required a password to access his account. The company used Outlook, and the password was stored in Outlook. That meant that anyone accessing his laptop had, in essence, an open book.

I don't know if anything bad has happened. We completed our project at that client, which had nothing to do with security or with their legal department. One day at lunch their IT guy (singular; it was a small organization) complained about the situation and management not willing to do anything about it.

Unfortunately, when working with smaller organizations we've found that this isn't a unique situation.

Colin :icon_geek:

Link to comment

So now the FBI points the finger and says, yup....North Korea did it. Then this morning I read that the NK government wants to join the U.S. in finding out who really did this with the offer of a joint investigation. Kinda like allowing the fox in the henhouse to help count the eggs, don't you think?

Link to comment

We had a client that had a small legal department. The head of that department, a lawyer, refused to use a login password...

F-ing lawyers are the worst possible clients. After my last lawyer client, I've sworn off of the arrogant, cheap bastards.

Somebody else can keep their crap running. It's not worth the aggravation.

Link to comment

Here is what I think is going on:

You know how you'll see a kid in a store, and he or she has something sneaky going in their brain, and grandma sees that they're about to go and start some shenanigans?

When Nana grabs them by the ear and gives it a good pinch and says "Don't even think about it?" Yeah. This is what the US is doing to NK right now. It's not coming from China. NK is posturing about making things "a thousand times worse". We are simply grabbing their ear and making them reconsider their course of action.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...