Sony Fallout: The Terrorists Win Our Networks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy
Commentary
12/29/2014
09:20 AM
Patrick Hubbard
Patrick Hubbard
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
100%
0%

Sony Fallout: The Terrorists Win Our Networks

It's time to get serious. Sony hack may mark the end of enterprise networks as we know them.

 8 Biggest Tech Disappointments Of 2014
8 Biggest Tech Disappointments Of 2014
(Click image for larger view and slideshow.)

Writing with a strong opinion on current events, with frustration still red hot in the veins, is risky.

First, by the time your words are in the wind, events may have changed, and in hindsight your supposed facts may be erroneous and your passion misguided. Second, it's too easy to turn emotion into finger pointing and dicto simpliciter against hard working network admins toiling in the middle of an unprecedented, epic fail. "I of course would not have made that rookie mistake." Harrumph. But the biggest danger is you're likely to go way out on a limb with speculative statements.

So, consider yourself warned. Because I think it's possible that the Sony hack is an ineluctable tipping point, and nothing short of the end of enterprise Internet connections and perhaps even some enterprises as we know them.

Alternative to cowardice
What got me boiling was not Sony's capitulation when it initially canceled The Interview release. It's easy to proudly protest the hackers by attending a screening at a suburban megaplex, but I might have been less eager in Times Square on Christmas Day. Sony was probably more worried about something random like Aurora, Colo., than the Democratic People's Republic of Korea. We can't blame them for that, especially while trying to make decisions with crippled infrastructure. I do, however, have some choice words for another studio that pulled Team America: World Police from a replacement protest showing. Even as an unhacked, unrelated company, they're so scared that they pulled a years-old film.

[Don't miss Security News No One Saw Coming In 2014.]

Sony is bailing water and defending itself as best it can. The other studio publically cowering in fear, however, merely emboldens future attackers by demonstrating the enormous effectiveness of network terrorism. Will MGM pull the Red Dawn reboot from Netflix or Die Another Day from iTunes? Across the United States, admins, especially security and compliance engineers, are being called to executive offices and asked the same question: "How do we prevent this from happening here?" And again, executives don't like that we have the same answer as five years ago, because it involves cost.

Taking the "E" out of e-commerce
With the Sony hack, the grim reality, teased by hundreds of security failure anecdotes, is laid bare. No one is safe. We're not talking about a Target-level "oops, we lost $400M, we'll recover" compromise. This is the first exposure of a new invisible hand with the power to circumvent the most basic tenet of the corporation: self-determination. Moreover, with the right influence, entire industries or even nations will be vulnerable to unprecedented coercion.

(Source: GR8DAN)
(Source: GR8DAN)

Consider the recent JPMorgan hack. In Sony's case we're talking about an entertainment company. We expect they'll bemoan Adam Sandler movies in email like the rest of us. But what could an attacker do after secretly compromising JPMorgan? What do its emails contain about US financial policy, international markets, major corporations, or the Federal Reserve? Imagine a Sony-level compromise of an institution with real global influence -- but by smarter hackers who reveal potential embarrassment to select corporate officers. What could the attackers do then? Alternatively, what acquiescence could an attacker achieve with control of an energy company, generating stations, or distribution grids?

Do we really believe that this time, after all these years, we'll finally get serious on a national scale about security, or will we rush headlong into even more self-configuring and increasingly unattended interconnections? Conservative admins would simply pull back, even disconnect a bit, until they could be sure better control was achieved. But in IT, we conservative admins don't usually get to make that choice. Poor security isn't generally the fault of IT; it's simply a reflection of top-level corporate disregard, or at least ignorance of the real risks and costs of failure. You can bet that at Sony, more than once someone revealed the network was too flat and needed compartmentalization and segmentation. You can also bet that a sharp systems administrator at least once ran a scan and reported pandemic password-strength and stewardship weaknesses. It's not IT failure when, after discovery, remediation goes unfunded.

If we honestly assess the situation and our history related to security, we might admit that we'll never achieve the necessary technology, oversight, and training to support highly connected networks. With no real alternative, the correct action might be to unplug, or at least physically isolate previously inconceivable portions of our internal networks from the WAN. Yes, people will scream when, after some deep packet inspection, we elect to remove Internet access for a subnet showing too much risky traffic in reports, or discontinue many BYOD services. But if the alternative is to become a hostage with the possibility of a multibillion-dollar brand's destruction at stake, or worse -- physical infrastructure damage -- we must finally stop talking and do something about it. We must promote network security to a top priority and meaningfully invest not just now, but every year hereafter to protect our shareholders and our nation, however initially painful.

Watch everyone forget, again
Do not forget this moment. Pop culture will move on, and in the short term a midmarket film will get a larger audience than expected, and due to the Streisand Effect, millions more people will see the cut-out, extra-gory clip of Kim Jong Un's death on YouTube. But we admins should not move on. And most of all, senior executives who direct IT security investment must not move on.

For security executives, ask yourself these questions: What is hiding in your emails, or even on forgotten tape backups that could give faceless organizations leverage over you? What would your shareholders think if what's happening now to Sony happened to your company? How many questions will be asked about missed security opportunities?

If any of those questions give you a shiver, it's time to get serious. Now they know they can hurt us. The genie is out of the bottle.

Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it? Get the Malware Mutation issue of Dark Reading today.

Patrick Hubbard is a head geek and director of technical product marketing at SolarWinds, an IT management software provider based in Austin, Texas. Hubbard, who joined SolarWinds in 2007, has more than 20 years of experience in product management and strategy, technical ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
batye
50%
50%
batye,
User Rank: Ninja
2/3/2015 | 11:22:48 AM
Re: theaters fear North Korea, or their own patrons?
@ mak63, interesting to know... I think some producers will be using this way to advertise they movies...

 
batye
50%
50%
batye,
User Rank: Ninja
2/3/2015 | 11:20:59 AM
Re: theaters fear North Korea, or their own patrons?
@SaneIT good point, this days you could never have a bad publicity... and hype do attract people...
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/7/2015 | 7:38:16 AM
Re: theaters fear North Korea, or their own patrons?
It sure has had an impact.  I've heard that they have an international audience for the movie as well.  I doubt that the movie would have had such wide distribution without the hype.  I guess when life gives you lemons you make lemonade, right?
mak63
50%
50%
mak63,
User Rank: Ninja
1/7/2015 | 12:13:13 AM
Re: theaters fear North Korea, or their own patrons?
Ashu001 This movie is going to be a winner all the way to the Bank for Sony.

I have to agree with you 100%. USA Today just reported: 'The Interview' gets the job done: $31M in sales.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/6/2015 | 12:32:06 PM
Re: theaters fear North Korea, or their own patrons?
SaneIT,

Guess what?

The Hype worked.

It has become Sony's Highest Selling Online Movie[They have earned over $20 million via Online Sales of The Interview] and also was Google Play's Top Selling Movie of the Year.

I say they surely succeeded with what they started out to do.

Have'nt they?

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/6/2015 | 12:28:52 PM
Re: theaters fear North Korea, or their own patrons?
mak63,

This Information in from Wikipidea-

 


The Interview opened to a limited release in the United States on December 25, 2014 across 331 theaters and earned over $1 million on its opening day. Variety called the opening gross "an impressive launch for a title playing in only about 300 independent theaters in the U.S."It went on to earn over $1.8 million in its opening weekend, and as of January 5, 2015 its total box office gross was $5.0 million.

In four days, The Interview earned over $15 million through online rentals and purchases, becoming Sony Pictures' highest-grossing online release,The Interview is also the top-selling Google Play/YouTube movie of 2014.

 

Not just that the Tremendous Hype around the Movie[It was the highest shared movie on Torrents as well];shows the tremendous Curiousty factor around the Movie;which eventually will translate into Ticket Sales.


This movie is going to be a winner all the way to the Bank for Sony.

 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/6/2015 | 7:22:17 AM
Re: theaters fear North Korea, or their own patrons?
I had a moment or two where I thought that maybe Sony was milking the attack to hype the movie.  It was never going to be a must see movie so the attacks may have done the movie some good.  People who would have just rolled their eyes at a movie about killing Kim Jong-Un now had a reason to see what the big deal was.
mak63
50%
50%
mak63,
User Rank: Ninja
1/6/2015 | 5:23:10 AM
Re: theaters fear North Korea, or their own patrons?
@Ashu001

I won't be surprised to hear that Sony made a HUGE Profit on this venture.


The movie made a lot of publicity'hype indeed, but it didn't translate to big numbers on the box office. At least, not yet. I read that it made 5 million so far. It had a limited release though.
batye
50%
50%
batye,
User Rank: Ninja
1/5/2015 | 8:26:45 AM
Re: theaters fear North Korea, or their own patrons?
@SaneIT - I trust you are right... as sometimes even very small ideas create big problem on the global scale... it all remind me of how World War 1 started... also NK do not have to drop it agents in USA... they could hire mercenaries... to create poroblems... like Putin did in Ukraine... sad reality... sad... sad...
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/5/2015 | 7:20:44 AM
Re: theaters fear North Korea, or their own patrons?
@batye, I'm not really worried about NK or its leaders I'm more worried about people with mental instabilities getting ideas from hearing about this on the nightly news.  Even if NK somehow had agents in the US that were willing to die for a cause I doubt a goofy movie would be the best use for them.  This is how terrorism works though, you don't have to do anything you just have to make people afraid enough that they do what you say.
Page 1 / 3   >   >>
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll