Jump to content


Davidson Deac II

Member Since 24 Nov 2008
Online Last Active Today, 06:58 AM
-----

Posts I've Made

In Topic: Ok, now I want to see the movie.

Yesterday, 10:42 PM

I guess my curiosity is how they got in.

 

Did they ram through some pretty complex cyber security protocols or did they figure out some low level employees password because it was "password."

 

Or was there a virus planted?

 

I think I could send North Korea a password protected excel spreadsheet and it wouldn't be worth their time to hack it. 

 

 

There isn't a lot of forensic information out yet, but from what I have read, Malware is the most likely culprit.  A piece of Malware planted in one or more servers, that obtained administrative access and spread via Windowns Management Instrumentation to a number of servers.  The Malware had hard coded ip addresses of servers within the Sony network, which means the hackers had been researching the sony network for a siginificant period of time,  and customized the malware for the Sony network. The amount of data they said they obtained was in the neighborhood of 100 Terabytes, of which about 40GB has been released (including some new movies). 

 

Here is what I am reading in case you are interested.

 

http://thinkst.com/t...4-AH4-Trial.pdf


In Topic: Ok, now I want to see the movie.

Yesterday, 10:08 PM

I doubt it is North Korea. It might be a North Korean but I think the hackers of today are everywhere and targeting everything. Nobody decided to hack Sony...Sony was just the latest to get hacked.

 

That's not to say that governments aren't hacking. But this type of thing seems more like the fappening than a government action. 

 

If a government is hacking us they want it to be our infrastructure. Shutting down a movie is nothing to anyone.

 

 

If it were any other nation, I would agree with you.  The idea of a normal nation doing this sort of thing is absurd.  But the NK leader isn't normal.  If he gets mad about this movie, hacking is really about the only thing he can do, short of causing another incident with South Korea.  There is no financial gain in this.  The motive appears to be political, and to my knowledge, Sony hasn't pissed off anonymous or green peace or any other activist organization.  So I can understand why the US government believes NK is probably the most likely culprit.    


In Topic: Ok, now I want to see the movie.

Yesterday, 06:26 PM

Could be right. I didn't read much about the technical aspects of the hack but wasn't it one individual who had their email password hacked?

 

From what I have read and heard, the email compromise was only a small part of it.  The hackers got employee information such as Social Security numbers, not something one could get from hacking email, as well as quite a bit of other stuff, only a small part of which has been released so far.


In Topic: Ok, now I want to see the movie.

Yesterday, 06:16 PM

A few years ago, I worked for a big company that had very strong safeguards in place.  But they had a subsidiary with a back channel connection to them that didn't have the normal safeguards, and felt it would be to restrictive to follow the same rules the rest of the company did.  So we documented our objections, but allowed them to operate as they had been, albeit with strong security between them and the rest of the company. 

 

Sure enough, they got compromised, their systems got taken off line for a few hours, and the headlines read "company x, subsidiary of company y, was taken down by hackers".  Fortunately, they hackers were not able to gain access to anything outside of the subsidiary.  And we almost enjoyed being vindicated, since we were able to produce documents noting the risk the subsidiary posed.  :)

 

These hackers were pretty good at it, but they didn't come close to compromising the stronger security systems. 


In Topic: Ok, now I want to see the movie.

Yesterday, 05:58 PM

Unfortunately I don't think they are. Cyber risk is something I discuss with clients daily and everyone things they are protected and they simply aren't.

 

Everyone is easy to hack basically.

 

I don't agree.  While no company or organization is hack proof, there are quite a few that are far harder targets than Sony was. And even Sony didn't get Hacked by a bunch of script kiddies.  From what I have read in a few industry sites, the hack is fairly professional and sophisticated in nature.


Shop at Amazon Contact Us: info@carolinahuddle.com