The recent Sony Pictures hack has been intriguing, to say the least. I know much of the focus has been on North Korea’s role in the attack, which takes cyber espionage and cyber extortion to levels we haven’t seen before. Forget the critical infrastructure, let’s hit people where it really hurts – entertainment and the loss of revenue.
But I think we also need to look at another angle here. This isn’t the first time Sony was the victim of serious security problems. It’s questionable whether or not the company learned any lessons about improving security since then, as eSecurity Planet highlighted that Sony may have an inside problem:
In an email sent to The Verge, a GOP hacker claimed they were assisted by insiders at Sony, stating, ‘Sony doesn't lock their doors, physically, so we worked with other staff with similar interests to get in,’ the hacker added.
Speculation is that the attack came from the inside, or at least by those who were familiar with the internal network, but even that isn’t so cut and dry. As Jaime Blasco, director at AlienVault Labs, told me in an email:
From the samples we obtained, we can say the attackers knew the internal network from Sony since the malware samples contain hardcoded names of servers inside Sony’s network and even credentials /usernames and passwords that the malware uses to connect to system inside the network. On the other hand, the malware samples we have found talk to IP addresses in Italy, Singapore, Poland, US Thailand, Bolivia and Cyprus - probably hacked systems or VPN/Proxies that the attackers use to hide the origin. We also found the attackers were using the Korean language in the systems they used to compile some of the pieces of malware we have found.
Also, as Brian Krebs stated in his blog, the public focus has been on the damage to Sony Entertainment’s products, but this attack has gone much deeper than that. The hack also likely compromised the personal information of Sony employees.
This particular hack appears to have many layers and many victims, and while it is easy to toss blame and vitriol at the hackers, Sony has to step up and take responsibility for its security failure.
So the question now is this: Was this another case of insufficient security measures or was it, as Eric Cowperthwaite, vice president of advanced security and strategy with Core Security, said to me in an email, “the job of unbelievably sophisticated hackers?”
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba