Tuesday, December 02, 2014
How did the Sony Pictures hack happen? Why can't a large corporation protect itself? Same malware a home threat?
The hack of Sony Pictures, with the destruction of data on its corporate networks, seems to be the largest ever on a US company.
But five films, including the upcoming “Annie”, were leaked, and available on piracy servers through P2P.
There is a lot of suspicion of North Korea over the upcoming release of the comedy “The Interview”, with Seth Rogen and James Franco, where the US CIA recruits two journalists to assassinate the president of North Korea, which seems to take the film as a “threat” (almost like in the Elonis case, discussed on my main blog yesterday). This is a little bit like my situation as a substitute teacher, where a fiction screenplay was interpreted by some as suggesting that I could be a “threat”.
But it’s also unclear why Sony’s own security systems were not able to prevent the hack, and how they got in, or how North Korea had the expertise to do this.
The Wall Street Journal has a detailed and typical news story here.
Webroot is characterizing this as a “ransomware” attack. It is possible that the company was using a “malware infected host”. It’s not clear from news reports is there is a specific worm or virus related to this attack that home security software should scan for. Webroot’s brief story is here.
CNET has a story about the FBI warning to businesses here. The FBI has sent out a “flash warning”.