More details are now emerging on the heels of the Sony hack, including ongoing leaks of the information gained from Sony’s servers. What we’re discovering is interesting, though as we get a more complete picture, things aren’t exactly as Sony initially had us believe. Here’s what we know so far.
The North Korea Connection
When the attack was first made public, Sony indicated that they believed the North Koreans to be behind the attack. It is true that North Korea has spoken out in support of the hackers who did the attack. They clearly approve of the action, but so far, it has not been proved that they were behind it. The group currently claiming responsibility is called the “Guardians of Peace” (GOP). It may yet come to light that this group was funded by North Korea to make the attack possible, but at this stage, we just don’t know.
Unprecedented Scale
Sony Execs were quick to paint this attack in terms that made it seem completely unavoidable. Sony against a powerful, rogue enemy nation with virtually limitless resources to plan, create, and then execute a malicious attack against them, and to a degree, they are correct. Even if we don’t know who was behind it, the sheer size and scope of the breach, and the amount of data that was taken makes it a landmark hacking case for certain.
The question, however, is was it unavoidable? Sony paints themselves as having a sterling security system in place. State of the art, and top of the line. Their argument is that even that was insufficient to stop the determined hackers.
It’s easy to understand why they would take this line. After all, they’ve got to paint themselves as having done everything possible to prevent it, in order to mollify their investors so no one gets skittish, but as security analysts from companies like FireEye delve more deeply into the incursion, they’re finding several notable, glaring flaws in Sony’s security procedures that make the attack much more avoidable than Sony first indicated.
Here, two things stand out. First, many of their employees kept (and were, in fact, encouraged to keep) their passwords stored in simple, unprotected Word documents. That’s not only a security faux pas, but it’s also a stunningly bad practice that can easily open a company up to a serious, significant breach. Second, and even more damaging to the Sony narrative, however, is the fact that so much data was moved off of their servers.
You can’t get that much data quickly, which means that the hackers not only quietly infiltrated Sony’s core systems, but they remained inside them for an extended period. The whole time they were there, they were dumping massive amounts of data to points outside Sony’s network. You could sell system security people on the idea that the hackers were able to gain access to your network undetected. You could even sell them on the idea that they were able to freely roam your network undetected, but when you start talking about moving that kind of data offsite without anybody noticing, there’s a problem. It’s just not possible to move that much data without leaving a trace, and that means that somebody at Sony was asleep at the switch and missed it.