Streight: Why North Korea probably did NOT hack Sony

Log in to save this page.
passwordsecurity

 

There is growing skepticism in the cyber security and hacktivist crowd about North Korea being to blame for the recent Sony hack, supposedly involving “The Interview” film.

One thing the mainstream media gets wrong is calling Sony Pictures “an American corporation.” It's a Japanese company, with an American division. What makes this a sensitive issue is that Japan committed war crime atrocities against Korea (and China) during World War 2.

So, a film by a Japanese company portraying the assassination of the North Korean ruler stirs up the old animosities. It also, even though humorously, advocates the violation of the Geneva Conventions.

We must also understand that Sony Pictures had horrible cyber-security in place. It was like leaving piles of cash on your front porch and hoping nobody comes by and steals it. Or leaving the front door of your home unlocked with a sign that says "Unlocked Door."

You just can't get any more stupid that having "password" as your password and storing password files in unencrypted files titled "passwords." Sony Pictures is looking more and more ridiculous as the details about their easy-to-hack computer network are revealed.

Cyber security expert S. Cobb made this remark about corporate cluelessness in response to George Clooney (who was trying to get other Hollywood types to sign a petition against North Korea):

“In my own work I have seen the way in which multinational companies generate billions of dollars in profits by applying digital technology to improve productivity.

My job has been, for the better part of two decades, advising companies on how to defend this highly profitable digital technology that they deploy.

Sadly, time and again, too many times to count, my fellow security professionals and I run into companies and company executives who reject our advice as too costly to implement, as an unreasonable burden on their business. When we say that the path they are taking comes with a large amount of risk, they either don't believe us or they say, "fine, we'll risk it."

The result? America's corporate ecosystem, like those of many other countries, suffers from systemic cyber weakness to the point where no company today can afford to say "bring it on". Why? Because they know they are not impervious to potentially crippling hacking attacks.

I used to be in the penetration testing business, that's where you pretend to be bad guys in order to test another company's cybersecurity; our guys had a 100% success rate. They always found a way in, and they didn't even break the law to do it. Every pen tester I've ever spoken to has a similar record.” http://scobbs.blogspot.com/2014/12/dear-george-clooney-word-about.html

The problem is that if you tighten your network security too much, it becomes difficult for vendors and employees to use it. Cyber security experts say you can't really defend yourself 100 percent against cyber attacks. If someone wants to break into your network, they'll eventually find a way to do it. What's important is having the ability to recover quickly after an attack.

The controversy about whether or not it was really North Korea who was responsible for the Sony Pictures hack involves how cyber attackers will spoof their origins and it's time-consuming to trace an attack back to its real source.

Here's a list of more links to information you can explore. Take the time to read these, especially if you're a CEO, CIO, business owner, or IT person.

http://www.wired.com/2014/12/evidence-of-north-korea-hack-is-thin/

http://gawker.com/researcher-sony-hack-was-likely-an-inside-job-by-a-wom-1676556756

http://hosted2.ap.org/APDEFAULT/495d344a0d10421e9baa8ee77029cfbd/Article_2014-12-17-US--Sony%20Hack-What%20Went%20Wrong/id-f5a2cdefe54d46d7842d7c0f5b109fd9

https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/

http://www.nytimes.com/2014/12/31/business/media/sony-attack-first-a-nuisance-swiftly-grew-into-a-firestorm-.html?_r=0

http://scobbs.blogspot.com/2014/12/why-sonyhack-is-not-cyberwar.html

http://krypt3ia.wordpress.com/2014/12/18/sony-hack-winners-and-losers/

http://0paste.com/6875#md

https://www.techdirt.com/articles/20141218/18192929485/ridiculousness-turning-sony-hack-into-911-computer-security.shtml

http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/

http://motherboard.vice.com/read/the-sony-hack-is-not-an-excuse-to-pass-bad-cybersecurity-laws-north-korea

http://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html

http://arstechnica.com/security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/

http://motherboard.vice.com/read/the-sony-hack-proves-we-need-to-replace-email

http://motherboard.vice.com/read/the-best-thing-we-can-do-about-the-sony-hack-is-calm-down

http://www.businessinsurance.com/article/20141221/NEWS07/312219980

http://www.cnn.com/2014/12/19/politics/government-hacks-and-security-breaches-skyrocket/

http://www.huffingtonpost.com/2011/06/04/sony-security-hacks_n_871310.html

https://www.linkedin.com/pulse/why-sonys-breach-matters-steven-sinofsky

http://www.cbsnews.com/news/hacking-after-sony-what-companies-need-to-know/

http://boingboing.net/2015/01/02/obama-administration-north-ko.html

http://blog.norsecorp.com/2014/12/30/cnn-norse-responds-to-sony-hack-questions/

http://blog.norsecorp.com/2014/12/21/marketing-just-isnt-ready-for-hackers/

http://www.usatoday.com/story/money/columnist/rieder/2015/01/05/maybe-north-korea-wasnt-behind-sony-hack/21290467/

http://www.cnn.com/2014/12/27/tech/north-korea-expert-doubts-about-hack/

http://www.thedailybeast.com/articles/2014/12/24/no-north-korea-didn-t-hack-sony.html

http://blog.trendmicro.com/trendlabs-security-intelligence/wipall-malware-leads-to-gop-warning-in-sony-hack/

 

About the Author
Steven Streight is a man of many skills. He’s a talented writer, web content developer, internet marketing consultant and photographer. He’s a trustee on the Peoria Historical Society, a member of SCORE Peoria and the author of the Peoria technology history book, “Bicycle Fever.” In his downtime, he’s hangs out with his beloved Min Pin and tries to get some rest. Considering how involved he is in the community, it sounds like he could use as much as he can get.