In the weeks since the hacking of Sony Pictures Entertainment, the massive security breach just keeps getting uglier. The Nov. 24 attack on Sony, which started as an extortion attempt and information leak, has evolved into an international crisis. With both North Korea as a suspect and the FBI’s involvement, the seriousness of the situation is undeniable.
While we are still unsure of exactly how much of Sony’s data was compromised, the FBI has issued a Flash Alert warning requesting U.S. companies be on the lookout for a particularly nasty malware that destroys data on the targeted computer after stealing the data it was after. Essentially, after snatching files from a server or cluster of computers, the malware can then wipe the hard drive of any computer attached to that server. Even if Sony has backups of the information or recovers most of the data taken, likely with a data recovery service and backups, the company will still sustain damages from the private documents that have been, and continue to be, leaked.
For anyone who is not caught up on the recent Sony hack, here’s what happened:
Extortion. A few days before the November hack, Sony employees received threatening emails from a group referring to themselves as the GOP, or Guardians of Peace, asking for “compensation,” among other demands. Since then, the Hollywood studio has continued to receive messages from the GOP, some even threatening employees’ families. These threats resemble those sent last year to the South Korean banks, an attack attributed to the North Koreans who are supportive of the GOP’s actions but currently deny having any connection to the Sony hack. The FBI is also investigating the attacks coming from a former employee.
Embarrassing Leaks. After the initial threats from the GOP, a massive collection of data and confidential computer files stolen from Sony started to appear online. This included everything from movie scripts and full films, to internal memos, financial documents and personal information on both movie stars and employees, such as phone numbers, payroll and Social Security information.
Many secret aliases of A-list celebrities have been released. Thanks to the leaks, we now know that Tom Hanks goes by “Harry Lauder” and “Johnny Madrid,” Natalie Portman goes by “Laura Brown,” Daniel Craig goes by “Olwen Williams,” and Jessica Alba goes under the name of “Cash Money.” While it is fairly easy to come up with a new alias, other information leaked has caused much more damage. Sylvester Stallone, and some 47,424 people associated with Sony, had their Social Security numbers leaked. Many of company’s employees have been victims of identity theft in the past weeks, having their information used for mortgages, Beverly Hills shopping sprees and more.
A number of embarrassing internal memos and emails have also been leaked. One email, posted on Gawker, expressed employees’ distraught at the movies the studio produces, such as the “mundane, formulaic Adam Sandler films.” In another, producer Scott Rudin refers to Angelina Jolie as a “minimally talented spoiled brat.”
The hack itself is currently believed to be in response to the studio’s upcoming release of the movie “The Interview,” a comedy about two journalists who are recruited into a plot to kill North Korean leader Kim Jong-Un. The movie is still scheduled for release on Dec. 25th, despite threats from hacker group, Guardians of Peace. The movie will not be released in Asia.
Could the attack on Sony been prevented?
According to the FBI, very few companies could have prevented an attack such as this. During the recent Senate Banking Committee hearing, Joe Demarest, assistant director of the FBI’s cyber division, stated that the “malware that was used would have gotten past 90 percent” of private industry’s cyber defenses and would most likely “challenge even the state government” digital defenses.
Sony may not have been able to prevent the attack, but the company’s unfathomable password protections practices are also part to blame. Among the data leaked were folders simple labeled as “passwords,” which as you would expect, held passwords to employee emails and password protected files. This isn’t the first time Sony’s abysmal password practices have been exposed. When the company’s PlayStation Network was breached in 2011, hackers revealed that the network’s users’ passwords were stored in plaintext instead of encryptions, which is now the industry standard.