A few points about the Sony debacle.
Point 1: Sony is a clown show.
Let’s be generous, and suppose the following is what happened. (We don’t know how the malware got in, because they seemingly have no clue, which makes me just weep with pity.)
- Hackers send a carefully crafted email to a Sony dim bulb, like, “have you seen what Nikki Finke wrote about you today in Deadline: Hollywood?”
- Aforementioned nitwit takes a break from mocking Angelina Jolie or whatever the f**k they do all day [ed.: Angelina's lips are a national treasure!], clicks on aforementioned link.
- This installs some malware on their PC.
- Surveys the entire network
- Uploads tens of terabytes to a server in a foreign country
- Infects every PC in the company
- Erases all the PCs and flashes a Guardians of Peace banner
- Intercept the email with a disguised link to a non-whitelisted web site.
- Disallow the download of an installer from an external website. Or let it run in a sandbox. Or download it but don’t let it install anything without adminstrator permissions.
- Don’t allow it to remotely install itself throughout the firm.
- But especially – don’t allow terabytes of data to be uploaded to an unknown IP address. I can’t even think down to the level of an IT team that would not detect that.
- 2011: PlayStation network down for 23 days, 77 million user records stolen after ‘external intrusion.’
- 2007: Sony’s IT security chief says it’s a “valid business decision to accept the risk” of a security breach, like weak passwords, since requiring strong passwords might encourage people to put them on Post-Its.
- 2005: Sony ships CDs with copy protection that secretly changes Windows to run the way they wish it did, opening users up to crashes and further malware exploits.
- FBI alerts Obama and McCain campaigns that they have been thoroughly compromised by a foreign entity.
- US logic bomb detonates Russian pipeline.
- Stuxnet attacks Iran uranium enrichment program, escapes into wild.
- China hacked into US defense contractors, stole plans to weapons developed at a cost of hundreds of billions of dollars, builds its own versions.
- Multiple hacks into Google, the Defense Department.
- And just a few months before, Venetian casino corporate computers plundered, wiped, allegedly by Iranian hackers who didn’t care for Sheldon Adelson’s comments about nuking Iran. (Discussing Sony, idiots at CNN said, if Iran did this, we would be using the word ‘war.’ Nope. The only reason anyone’s even talking about this is embarrassing emails about Angelina Jolie [Angelina Jolie is a national treasure, but I wouldn't go to war for her - ed.])
…and Sony’s IT buffoons never look up from eating donuts or whatever the f**k they do all day to notice a darn thing.
At every stage, a proper infrastructure should have a good shot at stopping the attack.
In the words of Tina Fey: Shut it down!
Now maybe there was an insider, a Snowden. You have to trust somebody, and it’s practically impossible to prevent them from walking out the door with a giant data dump. But even a Snowden shouldn’t be able to grab data, and install malware on every PC in the firm, and erase all trace so they don’t even know what happened.
This just does not happen with a competent corporate IT team. And once you assume incompetence, it seems more likely that, rather than inordinately clever trickery, or an inside job, they just left vulnerable equipment wide open.
If you get an STD and don’t have any idea how you got it, I’m going to say you were probably not using the safest practices.
Here are a few other greatest hits from Sony IT:
Point 2: This hack doesn’t make the top 10 list of greatest hacks.
Point 3: Maybe it was North Korea, maybe it wasn’t.
The FBI says it “has enough information to conclude that the North Korean government is responsible for these actions.”
These Sony clowns don’t even know what hit them. They and the FBI have provided no evidence it was North Korea.
Lockerbie was constantly blamed on the enemy du jour until they settled on Libya. Do I believe the FBI now?
The FT says there’s a long history of world class North Korean hacks on South Korea.
So, either there’s a long history of attacks which could definitively be linked to North Korea, and this one bears the same signature in ways a copycat wouldn’t pick up, so the evidence, though circumstantial, is strong. Even then, the language the FBI uses is excessive, should be more like “we assess with high probability North Korea is linked to these actions.” Maybe they have some top-secret evidence, like a mole, or electronic surveillance.
Or they’re just talking out of their asses, like Lockerbie, yellowcake, Atta’s meetings in Prague, etc. If something is in someone’s interest, they will believe it. If something is greatly feared, they will believe it. Who knows.
Point 4: A rogue state maybe hacked a dipshit company. Who cares?
North Korea versus Hollywood for me is like Iran versus Iraq war. I can't bring myself to support either party.
— Jeet Heer (@HeerJeet) December 17, 2014
Sure, one side is dystopian hell ruled over by a tiny elite which manipulates population with totalitarian kitsch but North Korea is bad too
— Jeet Heer (@HeerJeet) December 17, 2014
The problem is this:
No one should kid themselves. With the Sony collapse America has lost its first cyberwar. This is a very very dangerous precedent.
— Newt Gingrich (@newtgingrich) December 17, 2014
Just when I thought it couldn’t get more ridiculous, a Steve Carrell film set in North Korea has been scrapped http://t.co/doEEZ4NhPg
— Sabrina Siddiqui (@SabrinaSiddiqui) December 18, 2014
So, do we put on our big boy pants, harden our security, keep calm and carry on?
No…once again, faced with a serious, but not existential threat, we panic, run around like chickens with our heads cut off and beclown ourselves. And in the name of freedom, we’ll cancel movies, stop going to the theater, hire more
hackers cyberwarriors and tap more phones and backbones.
History repeats itself, first as tragedy, then as farce.