Sony Fallout: The Terrorists Win Our Networks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // IT Strategy
Commentary
12/29/2014
09:20 AM
Patrick Hubbard
Patrick Hubbard
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
100%
0%

Sony Fallout: The Terrorists Win Our Networks

It's time to get serious. Sony hack may mark the end of enterprise networks as we know them.

 8 Biggest Tech Disappointments Of 2014
8 Biggest Tech Disappointments Of 2014
(Click image for larger view and slideshow.)

Writing with a strong opinion on current events, with frustration still red hot in the veins, is risky.

First, by the time your words are in the wind, events may have changed, and in hindsight your supposed facts may be erroneous and your passion misguided. Second, it's too easy to turn emotion into finger pointing and dicto simpliciter against hard working network admins toiling in the middle of an unprecedented, epic fail. "I of course would not have made that rookie mistake." Harrumph. But the biggest danger is you're likely to go way out on a limb with speculative statements.

So, consider yourself warned. Because I think it's possible that the Sony hack is an ineluctable tipping point, and nothing short of the end of enterprise Internet connections and perhaps even some enterprises as we know them.

Alternative to cowardice
What got me boiling was not Sony's capitulation when it initially canceled The Interview release. It's easy to proudly protest the hackers by attending a screening at a suburban megaplex, but I might have been less eager in Times Square on Christmas Day. Sony was probably more worried about something random like Aurora, Colo., than the Democratic People's Republic of Korea. We can't blame them for that, especially while trying to make decisions with crippled infrastructure. I do, however, have some choice words for another studio that pulled Team America: World Police from a replacement protest showing. Even as an unhacked, unrelated company, they're so scared that they pulled a years-old film.

[Don't miss Security News No One Saw Coming In 2014.]

Sony is bailing water and defending itself as best it can. The other studio publically cowering in fear, however, merely emboldens future attackers by demonstrating the enormous effectiveness of network terrorism. Will MGM pull the Red Dawn reboot from Netflix or Die Another Day from iTunes? Across the United States, admins, especially security and compliance engineers, are being called to executive offices and asked the same question: "How do we prevent this from happening here?" And again, executives don't like that we have the same answer as five years ago, because it involves cost.

Taking the "E" out of e-commerce
With the Sony hack, the grim reality, teased by hundreds of security failure anecdotes, is laid bare. No one is safe. We're not talking about a Target-level "oops, we lost $400M, we'll recover" compromise. This is the first exposure of a new invisible hand with the power to circumvent the most basic tenet of the corporation: self-determination. Moreover, with the right influence, entire industries or even nations will be vulnerable to unprecedented coercion.

(Source: GR8DAN)
(Source: GR8DAN)

Consider the recent JPMorgan hack. In Sony's case we're talking about an entertainment company. We expect they'll bemoan Adam Sandler movies in email like the rest of us. But what could an attacker do after secretly compromising JPMorgan? What do its emails contain about US financial policy, international markets, major corporations, or the Federal Reserve? Imagine a Sony-level compromise of an institution with real global influence -- but by smarter hackers who reveal potential embarrassment to select corporate officers. What could the attackers do then? Alternatively, what acquiescence could an attacker achieve with control of an energy company, generating stations, or distribution grids?

Do we really believe that this time, after all these years, we'll finally get serious on a national scale about security, or will we rush headlong into even more self-configuring and increasingly unattended interconnections? Conservative admins would simply pull back, even disconnect a bit, until they could be sure better control was achieved. But in IT, we conservative admins don't usually get to make that choice. Poor security isn't generally the fault of IT; it's simply a reflection of top-level corporate disregard, or at least ignorance of the real risks and costs of failure. You can bet that at Sony, more than once someone revealed the network was too flat and needed compartmentalization and segmentation. You can also bet that a sharp systems administrator at least once ran a scan and reported pandemic password-strength and stewardship weaknesses. It's not IT failure when, after discovery, remediation goes unfunded.

If we honestly assess the situation and our history related to security, we might admit that we'll never achieve the necessary technology, oversight, and training to support highly connected networks. With no real alternative, the correct action might be to unplug, or at least physically isolate previously inconceivable portions of our internal networks from the WAN. Yes, people will scream when, after some deep packet inspection, we elect to remove Internet access for a subnet showing too much risky traffic in reports, or discontinue many BYOD services. But if the alternative is to become a hostage with the possibility of a multibillion-dollar brand's destruction at stake, or worse -- physical infrastructure damage -- we must finally stop talking and do something about it. We must promote network security to a top priority and meaningfully invest not just now, but every year hereafter to protect our shareholders and our nation, however initially painful.

Watch everyone forget, again
Do not forget this moment. Pop culture will move on, and in the short term a midmarket film will get a larger audience than expected, and due to the Streisand Effect, millions more people will see the cut-out, extra-gory clip of Kim Jong Un's death on YouTube. But we admins should not move on. And most of all, senior executives who direct IT security investment must not move on.

For security executives, ask yourself these questions: What is hiding in your emails, or even on forgotten tape backups that could give faceless organizations leverage over you? What would your shareholders think if what's happening now to Sony happened to your company? How many questions will be asked about missed security opportunities?

If any of those questions give you a shiver, it's time to get serious. Now they know they can hurt us. The genie is out of the bottle.

Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it? Get the Malware Mutation issue of Dark Reading today.

Patrick Hubbard is a head geek and director of technical product marketing at SolarWinds, an IT management software provider based in Austin, Texas. Hubbard, who joined SolarWinds in 2007, has more than 20 years of experience in product management and strategy, technical ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
richalt
50%
50%
richalt,
User Rank: Apprentice
12/29/2014 | 5:27:21 PM
theaters fear North Korea, or their own patrons?
I think we have to be honest that theater owners are not fearing North Korea.  Rather they fear their own next door, long time patron, getting startled by something which happens in the theater, then suing the theater, the projector manufacturer, and the popcorn vendor.  And the jury awards millions.

So the solution here is not courage in the face of a foreign threat.  The solution is tightening liability and tort reform laws.  Limiting jury awards to actual losses incurred would defend 1000s of theater owners effectively!

 
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
12/29/2014 | 9:57:01 PM
Re: theaters fear North Korea, or their own patrons?
richalt, I think their concern is a little bit beyond just fearing litigiousness. Should something really bad happen at their theater, they ought to be liable for any security lapses. But they would also be risking business shutdown, either because the authorities would need to shut down their theaters for weeks to investigate or because consumers wouldn't return to the theater after the event out of even greater fear.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/30/2014 | 12:33:10 PM
Re: theaters fear North Korea, or their own patrons?
Broadway,

I don't know if you are tracking the Latest Box office numbers but all this Publicity has translated into ENORMOUS HYPE/PUBLICITY for the Interview and the Movie is well on its way to becoming a super-duper hit!

I won't be surprised to hear that Sony made a HUGE Profit on this venture.

All's well that Ends well?

Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
12/31/2014 | 8:38:02 AM
Re: theaters fear North Korea, or their own patrons?
It may be getting big dollars in the box office despite its limited (and postponed) release, but perhaps that's more about Americans behaving "patriotically" and sticking it to an enemy of the state any way possible, From reviews, it appears the movie is at worst mediocre, at best a stoners' cult classic to be.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/31/2014 | 8:57:03 AM
Re: theaters fear North Korea, or their own patrons?
Broadway,

Do you really-really Believe it was the Koreans behind the hack?

All the Evidence available clearly points to an Insider job(Disgruntled Employee) insteadwww.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory-113866.html

I have worked with the Security Experts profiled in the article previously(Like Bruce Schneir and Norse) ;I trust them more than the Incompetent Buffoons in the FBI.


 
progman2000
50%
50%
progman2000,
User Rank: Ninja
12/31/2014 | 10:01:48 AM
Re: theaters fear North Korea, or their own patrons?
This is indeed an intriguing story.  I would have to give the government a little more credit than saying that the "bafoons in the FBI" are snooping this one out.  I would believe at this point our cyber intelligence would be pretty sharp.  Besides, isn't it the NSA that would be looking into this also?
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/1/2015 | 6:33:04 AM
Re: theaters fear North Korea, or their own patrons?
Progman,

You sure have more faith than I do in the Government(and various Government Agencies).

I am really fortunate and lucky to have some experience in this space so I know that the best talent in this space rarely if ever sticks with the Government(rather migrates to the Private Sector where they are compensated very well & usually have the creative freedom to pursue the kind of projects they are most fascinated with).

As far as the NSA Is concerned;Everyone knows its just into Blanket Surveillance.

They can't do much else effectively enough[See how few threats they have prevented or trends they have predicted accurately enough for reference].

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/1/2015 | 6:33:10 AM
Re: theaters fear North Korea, or their own patrons?
Progman,

You sure have more faith than I do in the Government(and various Government Agencies).

I am really fortunate and lucky to have some experience in this space so I know that the best talent in this space rarely if ever sticks with the Government(rather migrates to the Private Sector where they are compensated very well & usually have the creative freedom to pursue the kind of projects they are most fascinated with).

As far as the NSA Is concerned;Everyone knows its just into Blanket Surveillance.

They can't do much else effectively enough[See how few threats they have prevented or trends they have predicted accurately enough for reference].

 
batye
50%
50%
batye,
User Rank: Ninja
1/2/2015 | 2:21:26 PM
Re: theaters fear North Korea, or their own patrons?
@progman2000 interesting observation... it like saying our taxes at work... but if we gonna see results... but what if...
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
12/31/2014 | 10:35:42 PM
Re: theaters fear North Korea, or their own patrons?
It certainly could be an insider hack. Companies ought to focus most of their cyber security efforts internally --- to prevent this type of malicious behavior, as well as to prevent idiotic behavior (like employees who reply to phishing scams).
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/1/2015 | 6:11:01 AM
Re: theaters fear North Korea, or their own patrons?
Broadway,

Its good to see that you are atleast open to the possibility that this maybe the case[As Usual the Government has goofed up].

Companies need to spruce up their insider policies aggressively today.I still can't figure out why they give so much leeway to Insiders (especially someone who is not a part of the Permanent Staff).

Sure you need to take care (as well as give them the Tools to do their Job well) but don't give them blanket access to everything!

Also,have active Logs in place to monitor -Who does what and where.

 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/2/2015 | 7:26:10 AM
Re: theaters fear North Korea, or their own patrons?
@Broadway, I think part of the reason the theaters were OK pulling the movie is that they knew this wasn't an Oscar winner in the first place.  They knew it would be a so-so movie and while it would get some bodies in the door it wasn't a movie that people were clamoring for.  The theaters were not going to put themselves at risk for a goofy buddy comedy.
batye
50%
50%
batye,
User Rank: Ninja
1/2/2015 | 2:19:09 PM
Re: theaters fear North Korea, or their own patrons?
@SaneIT, yes and no... to each his own

 I trust we are free in USA/Canada and have right to free expression... 

I trust we have a right if we decide to see the Movie freely... with out any threats or... for me communism is same like a racism and in my books racism is a disability (like mental defect) I do not judge people with mental problems...
but in my opinion NK leaders need to be helped by mental health professionals...

Myself from what I read about movie, I think I would not like it much... but it should be my right to have a choice to see it or not... 
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
1/3/2015 | 11:04:30 PM
Re: theaters fear North Korea, or their own patrons?
Batye, you do have the right to watch any movie you want. And you could have here --- this movie was offered on streaming long before theaters picked it back up. But theater owners have the right to carry whatever movie they want.
batye
50%
50%
batye,
User Rank: Ninja
1/4/2015 | 10:24:20 PM
Re: theaters fear North Korea, or their own patrons?
yes, thank you, but other contries shall not get involve in this process... it should be free choice... How I see it...
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/5/2015 | 7:20:44 AM
Re: theaters fear North Korea, or their own patrons?
@batye, I'm not really worried about NK or its leaders I'm more worried about people with mental instabilities getting ideas from hearing about this on the nightly news.  Even if NK somehow had agents in the US that were willing to die for a cause I doubt a goofy movie would be the best use for them.  This is how terrorism works though, you don't have to do anything you just have to make people afraid enough that they do what you say.
batye
50%
50%
batye,
User Rank: Ninja
1/5/2015 | 8:26:45 AM
Re: theaters fear North Korea, or their own patrons?
@SaneIT - I trust you are right... as sometimes even very small ideas create big problem on the global scale... it all remind me of how World War 1 started... also NK do not have to drop it agents in USA... they could hire mercenaries... to create poroblems... like Putin did in Ukraine... sad reality... sad... sad...
mak63
50%
50%
mak63,
User Rank: Ninja
1/6/2015 | 5:23:10 AM
Re: theaters fear North Korea, or their own patrons?
@Ashu001

I won't be surprised to hear that Sony made a HUGE Profit on this venture.


The movie made a lot of publicity'hype indeed, but it didn't translate to big numbers on the box office. At least, not yet. I read that it made 5 million so far. It had a limited release though.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/6/2015 | 7:22:17 AM
Re: theaters fear North Korea, or their own patrons?
I had a moment or two where I thought that maybe Sony was milking the attack to hype the movie.  It was never going to be a must see movie so the attacks may have done the movie some good.  People who would have just rolled their eyes at a movie about killing Kim Jong-Un now had a reason to see what the big deal was.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/6/2015 | 12:32:06 PM
Re: theaters fear North Korea, or their own patrons?
SaneIT,

Guess what?

The Hype worked.

It has become Sony's Highest Selling Online Movie[They have earned over $20 million via Online Sales of The Interview] and also was Google Play's Top Selling Movie of the Year.

I say they surely succeeded with what they started out to do.

Have'nt they?

 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
1/7/2015 | 7:38:16 AM
Re: theaters fear North Korea, or their own patrons?
It sure has had an impact.  I've heard that they have an international audience for the movie as well.  I doubt that the movie would have had such wide distribution without the hype.  I guess when life gives you lemons you make lemonade, right?
batye
50%
50%
batye,
User Rank: Ninja
2/3/2015 | 11:20:59 AM
Re: theaters fear North Korea, or their own patrons?
@SaneIT good point, this days you could never have a bad publicity... and hype do attract people...
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
1/6/2015 | 12:28:52 PM
Re: theaters fear North Korea, or their own patrons?
mak63,

This Information in from Wikipidea-

 


The Interview opened to a limited release in the United States on December 25, 2014 across 331 theaters and earned over $1 million on its opening day. Variety called the opening gross "an impressive launch for a title playing in only about 300 independent theaters in the U.S."It went on to earn over $1.8 million in its opening weekend, and as of January 5, 2015 its total box office gross was $5.0 million.

In four days, The Interview earned over $15 million through online rentals and purchases, becoming Sony Pictures' highest-grossing online release,The Interview is also the top-selling Google Play/YouTube movie of 2014.

 

Not just that the Tremendous Hype around the Movie[It was the highest shared movie on Torrents as well];shows the tremendous Curiousty factor around the Movie;which eventually will translate into Ticket Sales.


This movie is going to be a winner all the way to the Bank for Sony.

 
mak63
50%
50%
mak63,
User Rank: Ninja
1/7/2015 | 12:13:13 AM
Re: theaters fear North Korea, or their own patrons?
Ashu001 This movie is going to be a winner all the way to the Bank for Sony.

I have to agree with you 100%. USA Today just reported: 'The Interview' gets the job done: $31M in sales.
batye
50%
50%
batye,
User Rank: Ninja
2/3/2015 | 11:22:48 AM
Re: theaters fear North Korea, or their own patrons?
@ mak63, interesting to know... I think some producers will be using this way to advertise they movies...

 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
12/31/2014 | 7:22:18 AM
Re: theaters fear North Korea, or their own patrons?
Agreed, I don't think theater owners were afraid of the North Korean army descending on their building, but when a seed is planted it opens the door for all kinds of mentally unstable people to do dumb things.  Even if it's someone carrying a gun into the theater to be the vigilante hero in case the N. Koreans attack.  I think the biggest problem here is that it seems like everything was put out for public consumption and thus the attackers were getting exactly what they wanted.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
12/30/2014 | 12:34:35 PM
Re: theaters fear North Korea, or their own patrons?
Richalt,

Good points!

I could'nt agree more.

Tort Reform is way overdue in America today.

I am hoping it is taken on as a Priority by the New Administration coming in after Obama leaves the White House.

 
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll