Say what? Sony got HACKED? Yeah, sure, everyone that uses a computer has heard about this by now. I know that I have been following it. Your take on it is likely to fall into a few distinct categories.
Just in case you've been hiding under a rock -- or just been consumed with all the activity that surrounds the holiday season -- Sony Pictures Entertainment (SPE) planned a release of a comedy movie starring Seth Rogan and James Franco on Christmas day, called "The Interview." In that movie, a hack television tabloid news "reporter" (Franco) and his producer (Rogan) travel to North Korea to "interview" North Korean leader Kim Jong Un. Once the "news" of their impending interview is announced, they are approached by members of the CIA to assassinate the North Korean leader.
As a result, the SPE servers were hacked and TONS of sensitive personal data -- including emails, passwords, user IDs, Social Security numbers, etc. -- was released to the public. Sony threatened "legal action" against those reporting the news of the attack on their servers, and the subsequent release of sensitive, private data. What's even more astonishing (almost unbelievably so) is that all the user IDs and passwords were reportedly kept in a folder on one of the servers with … wait for it … the name of "Passwords." The contents of that folder were supposedly text files, word processing files and PDF files -- all unencrypted -- with lists of user IDs and their corresponding passwords.
The FBI blamed the North Koreans for the "cyberattack." North Korea has denied having any role in the attack. Meanwhile, a group called Guardians Of Peace has claimed responsibility. President Obama promised retaliation for "North Korea's actions." Within a week or so, the entire North Korean internet went dark and offline for a few days. Meanwhile, the North Koreans have suggested that the DPRK (Democratic People's Republic of Korea, which is what the North Koreans refer to themselves as) and the U.S. work together to expose those who are REALLY behind the cyber attack on the SPE servers.
"Terror attacks" on theaters showing the movie were threatened, and most of the "big name" U.S. cinema chains backed out on showing the film. Some independent theaters forged ahead, at least until Sony cancelled the Christmas day release of the film. Sony was chastised for cancelling the release of the movie from just about every pundit around. Heck, Sony's decision created pundits where no pundits previously existed. Everyone was a critic, and everyone seemed to have an opinion. After all, Sony just couldn't give in to the hackers' demands.
In the end, the movie was released in theaters on Christmas day. It was shown to sellout crowds. It was also released in the Google Play store and on YouTube, where it became the most watched video on this past Christmas day.
What a soap opera, huh? (Here in the U.S., we call the sappy, overly dramatic, overacted daytime television serials "soap operas," since in their early days, they were sponsored by advertisers of soap). I don't know about you, but for me, the longer this plays out, the more ridiculous and absurd this whole thing looks.
In the first distinct group, your beliefs parallel the "official" story. You believe that North Korea hacked the Sony Pictures Entertainment (SPE) servers in retaliation of their planned Christmas day release of the movie. If that was the case, North Korea gave this B-movie a level of free advertising that quite simply couldn't have been purchased for any amount of currency. Most "cybersecurity" experts doubt North Korea's involvement in the cyber attack.
In the second distinct group, you believe that it all was a publicity stunt, planned to drum up interest in the movie's release. If this was the case, it worked exceptionally well. The sellout opening day crowds at the cinemas, along with the online downloads, attest to that.
In the third distinct group, you believe that an outside, third party hacking group (like the Guardians Of Peace) was responsible. The FBI claims that the language in the tools and scripts was written in Korean, as if that really proves anything. Anyone could write the text in the tools in any language they wanted, and would be an especially easy ploy to use to throw the "investigators" far off the track. The FBI also claims that the tools used are similar to another prior North Korean hack of South Korea (as if North Korea has exclusive use of those "types" of tools). The FBI also claims that it traced the attack back to a North Korean IP address (even though we all know how easy it is to hack, falsify and spoof IP addresses). Most "cybersecurity" experts agree that this is the most likely scenario.
I think you will have to agree that this whole thing appears rather suspicious, and reeks as bad as last week's catch left out in the sun.
This isn't the first rodeo for Sony either. Back in 2011, their Playstation network was hacked and taken offline. Back in the early 2000's, Sony faced significant backlash from computer users when they attempted to thwart copying of audio CDs by placing a damaging rootkit on audio CDs. You would have thought that Sony would have learned something from all of their previous bouts of being a target of someone's wrath.
At the very least, this whole ordeal has highlighted why security of our online data is so important. It has, at the very least, brought computer security concerns back to the foreground. If you need to review some sound computer security practices, take a look at our November 2013 issue. If you need to review some sound practices regarding your use of passwords, take a look in our September 2013 issue.
Until next month, I bid you peace, serenity, happiness and prosperity. Oh, and here's to hoping you have the very best 2015!