Thursday, December 18, 2014

How the Sony attack really happened has not yet been explained in detail, and we need to know now (Later: admin leak discovered)


News reports are still sketchy on why large corporations and governments are not able to protect themselves against determined hacking attacks.
  
Webroot has an interesting story, from Dec. 2, of how Sony’s own backup and restore was taken over, and the hacker owner shows up in Google Play, story here

The Independent (UK) has a detailed timeline of the Sony hack here
  
The New York Times has some details here  But the Daily Mail has a bigger story on the way the hyper-Communist country recruits cyber soldiers ("Bureau 121"), here.  And Slate gives Sony a real tongue-lashing here
Still, can a properly defined security system ward off any conceivable attack?  Experts haven’t explained exactly how "they" got in.  Was it ordinary malware from email attachments or thumb drives?  It sounds more likely that it was direct connection to IP addresses.  But properly designed firewalls should have prevented intrusion.
  
There’s also a question of what operating systems were being used.  Was it Windows Server?  More likely it was Unix or Linux.  IBM Mainframe OS’s are very difficult to hack, and I know from a previous job application that Warner Brothers has a lot of mainframe – but I don’t know about Sony.
  
Again, "you" can't tell content providers not to talk about North Korea or radical Islam -- otherwise no content would have integrity.  Large corporations, especially, and governments need to make their networks impenetrable.  I don't know why they can't do it, but a lot is at stake.  Do ISP's, cable providers, and social media sites have better security than Sony?  I believe so.  But no one has explained even how a company like Sony was so vulnerable -- outside of possibly a disaffected insider. 
       
Back in the 1998-2001 era, small ISP’s would get “attacked” by DDOS’s directed to their servers.  There are techniques for repelling such attacks by making the packets “bounce”, like robocalls.  In April 2002, two HTML files on my old “hppub.com” site (now doaskdotell.com) were hacked.  The hack started ina passage discussing suitcase nukes, in an essay posted shortly after 9/11.  A Unix Site Command had been left open at the ISP.  It has never happened again.  The idea that a particular passage was hacked is disturbing, but it hasn’t happened again, and no major terror attack (like what I was hypothesizing in that passage) has happened.  I simply reloaded (by WS-FTP) the clean file from a separate floppy backup when I discovered the problem and fixed it in one minute. I'll add that I do not have anyone's personal information;  people don't log on to my own sites.
     
Home and small business users can consider not linking all of their computers with one router, and keeping physical backups on their own as well as using the cloud.  It’s also safer to turn a machine off when it isn’t in use for a long period.  Some basic security is old school.  

Update: Later Dec. 18

CNN reports that apparently hackers stole Sony systems administrator credentials, to "fake" an inside job.  And, contrary to earlier reports, there is more evidence that some of the actual hacking may have originated inside North Korea, and been routed to other countries.  Still, it seems that Sony did a rather unprofessional job of managing its security, and didn't take symptoms seriously.  Why didn't it hire a professional security company? 

There is also a question of why crudely written hack or email (with language sometimes similar to what you see in overseas spam) was reported in the press, and not immediately sent to law enforcement in secret, so that Sony wouldn't be in a public "Catch 22" position.  Sony carelessly let itself get "outplayed" just as in a chess game.  
       
Every major corporation (power utilities, banks, Internet service providers) should be reviewing how it protects its administrator security right now -- tonight -- and tighten the ship. 

No comments: