Did North Korea Get the Last Laugh Against Sony?

The plot
against Sony
is much
thicker than
that of the
movie that
may have
triggered it:
an upcoming
comedy
starring
James Franco
and Seth
Rogen as a
couple of
journalists
recruited by
the
government
to
assassinate
North Korean
dictator Kim
Jong-un.
Displeasure
with the film
may have
inspired
North Korea
to launch the
attack -- and
the malware
involved
could have
far-reaching,
devastating
effects.

Upwards of 1.2 million people have used pirate sites to
download Brad Pitt's World War II drama Fury ,
scheduled for release Dec. 25, according to Variety .
That was one of five films hackers leaked onto the Web
following an attack on Sony Pictures' network last week.
The others are Annie , Still Alice , Mr. Turner and To Write
Love on Her Arms .
Sony has called in the FBI and other law enforcement
agencies.
And in Other News...
Coincidentally -- or perhaps not -- the FBI on Monday
warned U.S. businesses that hackers recently penetrated
several companies' networks with a particularly damaging
form of malware, according to a Reuters report.
Sony apparently was neither identified nor excluded as one
of the businesses victimized by the malware, but speculation
is rife that the hack attack on the company and the FBI's
warning are linked.
Among other capabilities, the malware can override hard
drives, shutting down and permanently disabling computers
and rendering files inaccessible, the FBI reportedly said in
its alert.
The Great Dictator?
It's also rumored that the hack was launched by North
Korea, which has been outraged by a forthcoming Sony
Pictures comedy, The Interview, depicting the CIA
arranging the assassination of North Korean dictator Kim
Jong-un by two bumbling celebrity journalists.
However, that too is speculative, said Mark Skilton, a
professor of information systems management at the
University of Warwick , who suggested the attackers could
have been motivated by objections to corporatism.
"I think the FBI's involvement perhaps [points more to]
criminal investigations rather than sovereignty issues,"
Skilton told TechNewsWorld.
Yo Ho Ho and a Bottle of Rum!
A group calling itself "Guardians of Peace" reportedly has
claimed responsibility for the hack of the Sony Pictures
internal network, launched Nov. 24.
Digital copies of the leaked movies began appearing online
on Nov. 27, and a person claiming to be "the boss of
GOP" reportedly emailed journalists with links to what
was claimed to be stolen internal data.
The leak is believed to be connected to the hack.
The attack is ransomware, but "we've not seen a whole
organization locked out of their systems for ransom before,"
Jonathan Sander, strategy and research officer for
Stealthbits Technologies, told TechNewsWorld.
This incident "may be setting a precedent for many hackers
-- and victims -- in the future," he warned. "If this can
be done to [Sony], what about the multitude of smaller
shops that have valuable data and enough money to be
interesting for ransom?"
Security Is a Stranger
Hackers in 2011 stole data from 77 million PlayStation
Network accounts, forcing Sony to take the service down
for 24 days.
The Sony PlayStation and Sony Entertainment networks
this August were taken down by a group calling itself the
"Lizard Squad." The group also forced the diversion of a
flight Sony Entertainment Online President John Smedley
was on by falsely tweeting that there was a bomb on board.
Sony restored its networks, apologized to customers, and
called in the FBI. It said there was no evidence of any
intrusion into its network, and nothing was stolen.
Last month, DerpTrolling released what was claimed to be
a file of customer logins across the PlayStation Network,
2K Games, and Windows Live. However, media reports
later said the leak may have been faked in various ways.
The latest hack is "a perfect example of sloppy IT security
and a CISO that did not implement proper privileged
identity management, or a disaster recovery backup plan for
continuity of business," Philip Lieberman, president of
Lieberman Software , told TechNewsWorld. "They will
be looking for a new CIO and CISO, as this team was
unable to even do the basics of their job -- ensure security
and business continuity."
The Seeds of Evil
Security experts suggested, when discussing the August
attack with TechNewsWorld, that perhaps the hackers had
planted sleeper malware that would lie dormant until it was
triggered to act.
They pointed to the Backoff point-of-sale malware, which
targeted retailers, as an example.
It's possible, said Skilton, that the latest hack was
conducted through dormant malware.

Source: TechnewsWorld