Thursday, 4 December 2014
Cybersecurity: What You Need To Know After Cyber Attack On Sony
Soon after, a group of hackers known as G.O.P., or Guardians of Peace, posted internal salary information from Sony Pictures online they had apparently stolen in their attack. (As Fortune noted earlier this week, the data revealed a major racial and gender gap on the company’s executive team.) Also, this week, at least five movies distributed by Sony Pictures, including the new remake of Annie and the October-released war epic Fury, leaked onto the web.
Not much is known about the Guardians of Peace, but technology news site Re/code and other outlets have reported that Sony Pictures plans to announce that the hackers were backed by the North Korean government. In a few weeks, the studio plans to premiere the film The Interview, a fictional comedy in which two journalists try to assassinate North Korean leader Kim Jong Un on behalf of the CIA. Kim Jong Un has condemned the movie as “an act of war.” Time reported on Tuesday that North Korea did not deny its involvement in the hack.
Actor Seth Rogen, who stars in The Interview, has responded with some Twitter humor to the North Korean leader’s anger over the film:
Could more cyber attacks follow?
Well, the FBI went to the trouble of warning U.S. businesses after the Sony Pictures hack to be on the lookout. The agency sent out a confidential “flash” Monday that included some of the technical details of the malicious software used in the hack, but it didn’t directly mention Sony, according to Reuters. The FBI’s report noted that the specific malware can shut down computer networks by overwriting hard drive data, and that it is nearly impossible to later recover that data.
Is this a growing trend?
Sony Pictures is just the latest company to fall victim to hackers. Retailers like Target TGT 0.36% , Home Depot HD 0.44% and Kmart have all fallen victim to high-profile data breaches in the past year that resulted in hackers gaining access to tens of millions of customers’ payment card information. In October, JPMorgan Chase JPM 0.75% revealed that hackers had compromised the contact information of roughly 76 million households and another 7 million small businesses in a data breach that also affected roughly a dozen other banks.
So far, there has been little evidence that the hacking has changed customer behavior, but the attacks have led to dozens of lawsuits (not to mention leaving a blemish on the resumé of Home Depot’s outgoing CEO). Still, the breaches certainly grabbed the attention of the affected companies, with JPMorgan CFO Marianne Lake saying in October that businesses need to cooperate more, and with the government, if they want to fend off future cyber attacks.
In a recent speech, former NSA director Keith Alexander highlighted the scope of the threat to U.S. businesses and the government. Alexander, who also called for more cooperation, put cyber attacks on a similar level of threat to national security as terrorism.
It’s not just businesses. Celebs and Snapchatters have also been targeted.
Over the summer, hackers began posting scores of illicit celebrity photos — mostly of Hollywood actresses and female athletes — that were illegally swiped from personal iPhones and iCloud accounts. The incident raised concerns about Apple’s AAPL 1.13% security, which the company dismissed. In another attack, hackers released thousands more photos stolen from a third-party service meant to store temporary images from Snapchat, the messaging app. Snapchat has previously been breached by hackers who snatched millions of user names and passwords from the service.
How do companies avoid getting hacked?
Large tech companies like Facebook FB -0.77% and Google GOOG -0.46% spend big bucks for their own internal hackers to thwart any potential security threats. However, companies’ security efforts vary in effectiveness, which is why the occasional cyber attack — like the one at Sony Pictures last week — can do damage.
Fortune wrote last month about the latest computer bug hackers are using to target protected information. Google researchers discovered the bug, known as Poodle, which circumvents older versions of the standard security technology called Secure Sockets Layer (SSL). The Poodle bug was found to be less serious than previous bugs like Shellshock/Bash that required system administrators to apply a new set of patches. Companies must keep up to date with security patches, but even then, hackers seem to find new ways to gain access.