Sony—and all its victims (cough, Angelina Jolie)— are still feeling the aftershocks of the massive data breach. In an effort to batten down the hatches, they’ve switched to Amazon Web Services (AWS) and the giant’s impressive hardware, but the damage is already done. A smorgasbord of embarrassing emails from Sony’s executives, badmouthing everyone from celebrities to President Obama, made the media rounds last week as wave after wave just kept crashing down.
So far, it’s known that hackers deleted data from all Sony systems, but also stole and made public private information, movies that haven’t been released yet, and other sensitive information. The early media reports featured these hackers as the latest generation of super hackers that had the power to take down any big corporation they fancied. However, the reality is that these claims are about as overinflated as some of the actors targeted in the Sony leaked emails.
The Hyperbole of Hollywood
It was claimed by some that the Sony attack was “unparalleled crime” but that’s simply not true. While head of Mandiant, Kevin Mandia, the group that Sony’s had on hire for years says it was “unprecedented in nature”, and that the malware used couldn’t be detected by any current antivirus program, that’s simply false. It’s likely a move to keep Sony safe from liability, but should lawsuits start raining down it’s not much of an umbrella.
The reality is that reliable malware that could have detected these attacks have been available for more than 20 years. When attacks are designed to wipe and steal data, like what happened at Sony, they’re not new. This attack mimics the Shamoon issue which happened two years ago—the same MO, wipe and take, was used.
Call in the FBI!
Since this attack targets celebrities and media moguls, it’s of course making headlines. However, calling it a rare, major attack the FBI is investigating is more like a film plot than real life. Of course the FBI is involved since there appears to be an attack under US law. However, the FBI is “involved” in any attack at a national level. North Koreans are allegedly being considered as suspects, especially with the new North Korean satire “The Interview” coming to theaters from Sony.
Bear in mind that ten years ago, Sony got a warning of their security vulnerabilities that included weak passwords. In 2011, there was a major Sony PlayStation breach (remember that?). It seems appropriate changes haven’t been made even with that recent attack. Salaries, social security numbers and embarrassing communications were “easily” hacked.
The lesson learned here? Simply make sure your online security is up to snuff from your web host to who you have on your website development team. This goes for security from natural disasters to hackers. Many hacks could have been avoided, but humans are lazy. Humans are comforted by routine (and not having to look up their password they change every month. This is a hack on a grand scale, but should serve as a reminder even for the non-movie directors of the world: If you don’t want something shared, don’t use the internet to store or share it unless you’re sure the security’s in place.