What is the IT story of the year for 2014? Some experts point to "The Sony Hack." If it isn't the story of the year, it is at least the Hack of the Year for 2014.
Recently employees at Sony Pictures opened their computers at work to find a skull-decorated "splash page." (Shown at left.)
Sony employees were then told the company email systems were down and to go home because the company’s networks had been hacked. Sony administrators reportedly shut down much of its worldwide network and disabled VPN connections and wi-fi access in an effort to control the intrusion.
One of the most embarrassing corporate hacks in history, it appears that the files include the social security numbers of 47,000 people (employees and film stars like Sylvester Stallone, Judd Apatow and Rebel Wilson).
A group, the Guardians of Peace, has taken responsibility. But who GOP are (and what they really want) remains unclear but their correspondence indicates Sony failed to meet their demands. “We’ve already warned you, and this is just the beginning. We continue till our request be met.”
Most hacks like this begin with a phishing attack, which involve sending emails to employees to get them to click on malicious attachments or visit web sites where malware is surreptitiously downloaded to their machines. Or hackers also get into systems through vulnerabilities in a company’s web site that can give them access to backend databases. Once on an infected system in a company’s network, hackers can map the network and steal administrator passwords to gain access to other protected systems on the network and hunt down sensitive data to steal.
Among the more than 11,000 newly-released files are hundreds of employee usernames and passwords as well as RSA SecurID tokens and certificates belonging to Sony—which are used to authenticate users and systems at the company—and information detailing how to access staging and production database servers, including a master asset list mapping the location of the company’s databases and servers around the world.
Sony Pictures Entertainment Inc. (SPE) is the American entertainment subsidiary of Japanese multinational technology and its group sales in the fiscal year (March 31, 2014) hit $8.054 billion. SPE has produced, distributed, or co-distributed successful franchises such as Spider-Man, Men in Black, Underworld, and Resident Evil.
The hackers claim to have stolen a treasure trove of sensitive data from Sony, as large as 100 terabytes of data. The leaked documents include a list of employee salaries and bonuses; Social Security numbers and birth dates; HR employee performance reviews, criminal background checks and termination records; correspondence about employee medical conditions; passport and visa information for Hollywood stars and crew who worked on Sony films; and internal email spools.
All of these leaks are embarrassing to Sony and harmful and embarrassing to employees. But more importantly for Sony’s bottom line, the stolen data also includes the script for an unreleased pilot by Vince Gilligan, the creator of Breaking Bad as well as full copies of several Sony films, most of which have not been released in theaters yet.
The attack on Sony might have included malware designed to destroy data on its systems.
Finger-pointing by Sony and the FBI suggests it may be related to a comedy film on North Korea, The Interview due for release. North Korea denies this.
All of this vividly underscores why Sony had to shut down its entire infrastructure after discovering the hack in order to re-architect and secure it.
Which brings us back to the point: Listen to these hackers…
I am the head of GOP who made you worry.
Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan. It's your false if you if you think this crisis will be over after some time. All hope will leave you and Sony Pictures will collapse. This situation is only due to Sony Pictures. Sony Pictures is responsible for whatever the result is. Sony Pictures clings to what is good to nobody from the beginning. It's silly to expect in Sony Pictures to take off us. Sony Pictures makes only useless efforts. One beside you can be our member.
Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the email address below if you don't want to suffer damage. If you don't, not only you but your family will be in danger.
Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely.
Give in to terrorists? Yes, Sony has cancelled its original plan to distribute *The Interview* that might have inspired the hack. The company claims theatre owners are reluctant and says it is searching for another “distribution strategy.” How convenient an excuse…and what a mistake that will not only encourage all types of hackers…it will EMPOWER them.
Even President Obama is weighing in on Sony's decision, voicing his opinion that Sony should find distribution.
The point for the IT business is how security affects us all. Security is, unfortunately, a fast-growing business in the corporate world. Check out the Hackmageddon statistics for November 2014 (one of their charts shown below).
Hackers now attack a wider range of companies and organizations than ever before-- for a growing list of various reasons.
If you haven't already, hire or grow your own expert in security (security based on what risks your clients have.) Make security a renewed priority because in a networked world we are all on IP networks that are increasingly targets for all the malcontents, terrorists and organized crime in the world.
And you can bet that in 2015 these hackers will extend their work to smaller companies as well as more of the world famous corporations (hacking, after all, will be no different than any other business as it follows the pyramid down to a broader base.)
So help educate your customers to the oncoming tsunami of hacks. Make a business service out of assessing what risks your clients are running-- and out of offering appropriate solutions.
You can also consider a strategic alliance with security system integrators. Whatever way you tackle it, you might have heard that at the end of the IT rainbow is a pot of gold. That may be true...but if so, today it is more than likely buried under Security.
