The Ridiculousness Of Turning The Sony Hack Into The 9/11 Of Computer Security

from the our-boys-fought-and-died-so-these-corporations-could-be-free-from-hacking! dept

Once again, our government is stepping up to help a beleaguered industry giant. Usually the MPAA would be involved (and maybe it is), along with some terrible legislation, but this time it’s Sony Pictures getting an assist from The Man.

Sony, which has no one to blame but itself for being nearly completely compromised, apparently has enough pull that the White House itself is ready to step up, publicly denounce and possibly punish the group behind the hacking. (via Boing Boing)

U.S. investigators have evidence that hackers stole the computer credentials of a system administrator to get access to Sony’s computer system, allowing them broad access, U.S. officials briefed on the investigation tell CNN. The finding is one reason why U.S. investigators do not believe the attack on Sony was aided by someone on the inside, the officials tell CNN.

These unnamed investigators and officials believe North Korea is behind Sony’s hacking. It will be interesting to see what they present to back up this claim, considering there seems to be evidence indicating otherwise. The furor over The Interview, the film that portrays the assassination of Kim Jong-un, wasn’t originally named as a motivation for Sony’s hacking. The media seized on this possibility first, and the hackers followed suit.

Even if the US government turns out to be correct, there are plenty of reasons why it shouldn’t react this way to the hacking of a private company. This is evidenced in White House press secretary Josh Earnest’s statement, which indicates the White House is willing to play right into the hackers’ hands.

He said the United States’ response would need to be “proportional,” and that national security officials considering how to respond are “also mindful of the fact that sophisticated actors when they carry out actions like this are oftentimes, not always, but often seeking to provoke a response from the United States.”

Nevertheless, a response appears to be on the way, even if it’s exactly what the hackers want. The Department of Homeland Security has even weighed in on the issue. Its director also attempts to hedge his statements, but still appears determined to do something about the attack.

“At this point we are not prepared to officially say who we believe was behind this attack,” Homeland Security Jeh Johnson told MSNBC on Thursday. “I will say this: We do regard the attack on Sony as very serious.”

Johnson described it as a “serious attack not only on individuals and a company but basic freedoms we enjoy in this country,” but did not want to label it terrorism.

“Not terrorism.” That’s a relief. But the attack didn’t have any effects on Americans’ basic freedoms. Instead, it was the studios themselves who turned into proxy censors by refusing to release The Interview to theaters or anywhere else. This was prompted by the hackers’ vague threats of violence if the movie was shown, but as cybersecurity expert Peter W. Singer pointed out at Vice, there’s miles of space between talking shit and backing it up.

Here, we need to distinguish between threat and capability—the ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can’t believe I’m saying this. I can’t believe I have to say this.

[…]

It is mind-boggling to me, particularly when you compare it to real things that have actually happened. Someone killed 12 people and shot another 70 people at the opening night of Batman: The Dark Knight. They kept that movie in the theaters. You issue an anonymous cyber threat that you do not have the capability to carry out? We pulled a movie from 18,000 theaters.

Not only that, but theaters’ backup plans — to show the North Korea-baiting “Team America: World Police” in its place — have been scuttled by an equally panicky Paramount Pictures. So, the hackers have already received more of a response than they possibly could have hoped for. Now, the government is indicating it’s willing to appear just as foolish by offering a national response to the hacking of a single motion picture studio. Naming a scapegoat appears to be the primary focus.

Though officials say they are planning to lay blame on Friday, they haven’t yet decided how to respond to the attack.

Given that whatever sanctions or indictments accompanying are unlikely to have an effect on the hackers or whatever proxy nation the White House fingers, the government appears ready to go on record with its own shit talking. Any form of “backing it up” will still be over the distant horizon.

On Friday, our government will proudly denounce the hacking of Sony Pictures, an entity so insecure it has been hacked 56 times in the last 12 years. And we’ll do it to send this powerful message to the hackers of the world:

No matter who you are or where you call home, you can force the hand of the US government by embarrassing certain corporations.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “The Ridiculousness Of Turning The Sony Hack Into The 9/11 Of Computer Security”

Subscribe: RSS Leave a comment
72 Comments
observer (user link) says:

Re: Re:

Considering the contents of some of the leaked documents, any attempt to interfere with the net in the foreseeable future will look very suspect. And Google are already on the counterattack: https://www.theverge.com/2014/12/19/7422119/goliath-strikes-back-google-takes-legal-action-against-state-attorney-general

Anonymous Coward says:

Re: Re: Re: Re:

I fully support this suggestion. Google should buy Sony, make sure everyone’s out of the building, and burn it to the ground. This would be an enormous win for American culture and technology — which is why they should leave it just as is — smoldering ruins — as a reminder and a warning to others who are foolish enough to threaten the Internet.

Anonymous Coward says:

Sorry government, your word is no longer trusted.

Digital evidence can be manufactured by anyone who has access to the medium.

Indirectly, the data thievery was wholly Sony’s fault – they provided access to this over an outside line, in an unsecure fashion. It’s pretty common in computers, but don’t blame the machines – they do exactly as they are programmed. No less, and certainly no more.

observer (user link) says:

Re: Re:

“It’s pretty common in computers, but don’t blame the machines – they do exactly as they are programmed. No less, and certainly no more.”

Which, incidentally, is what a lot of the suits calling for net censorship and regulation don’t realise. They think that whatever systems they put in place will be magically unable to be subverted by hackers for more nefarious ends. It’s that kind of thinking that gave us the Sony rootkit.

sigalrm (profile) says:

Re: Re: Re:

Which, incidentally, is what a lot of the suits calling for net censorship and regulation don’t realise. They think that whatever systems they put in place will be magically unable to be subverted by hackers for more nefarious ends. It’s that kind of thinking that gave us the Sony rootkit.

Not to mention that it’s the same magic that’s going to give us the “For Good Guy Use Only” ™ front doors the FBI is demanding.

Anonymous Coward says:

Guerilla marketing for a flop

From one of the CNN links:

Rep. Steve Israel, a top-ranking Democrat, called on Sony Pictures to release “The Interview” on DVD and tweeted “we should not let a pathological regime in N. Korea intimidate us.” He added that he would be the first online to see the movie.

This is nothing but guerrilla marketing. Sony knows the movie is awful. So they come up with an edgy guerilla marketing campaign to get people to watch a flop.

Ambrellite (profile) says:

What about JPMorgan Chase?

If any companies have the implicit protection of the government, it’s the banks. Whatever happened to that recent, massive penetration of Chase bank’s network? Did that get a “proportional response”? Was that a US hack? Is the security hole patched, or is it (or another one) left open for NSA’s use?

The very different responses to the two events by government spokespeople and news media is fascinating and telling.

Anonymous Coward says:

From the storytellers who brought you Iraqi WMD

From the storytellers who brought you the frightening horror flick “Iraq WMD”. Now, a new, compelling tale. Bolder. More imaginative.

“These unnamed investigators and officials believe…”

It will take you to the edge of your seats.

The New York Times calls it, “Better than yellowcake!” “A must see.”

Coming out this holiday season.

Rich Kulawiec (profile) says:

“At this point we are not prepared to officially say who we believe was behind this attack,” Homeland Security Jeh Johnson told MSNBC on Thursday. “I will say this: We do regard the attack on Sony as very serious.”

Yes, it indicates that Sony has a serious, chronic, and pervasive problem with IT security. However, that’s a serious problem for Sony, not for the United States. I doubt that the USG would be quite so full of bluster and feigned concern if the target were, let’s say, the Sierra Club. This response is far more about quid pro quo than it is about any actual threat of any kind to the US.

Let’s do keep in mind:
http://gizmodo.com/sony-kept-thousands-of-passwords-in-a-document-marked-1666772286
and
http://gawker.com/sonys-top-secret-password-lists-have-names-like-master_-1666775151
and
http://arstechnica.com/security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/
and
http://krebsonsecurity.com/2014/12/in-damage-control-sony-targets-reporters/
and perhaps most damning of all:
http://gawker.com/sony-was-hacked-in-february-and-chose-to-stay-silent-1670025366

Anonymous Coward says:

First this is totally Sony’s fault. In one of the previous hacks, Sony had a year or more to change a folder named ‘Passwords’ to something else including some security. They failed to do that because it wasn’t important to them at the time. Inside the folder were account nicks and passwords in the clear. What could go wrong?

If anything, there’s a bit of karma in this for the response from a Sony executive about ‘most people don’t even know what a rootkit is’ when they were busy putting them on computers including the exposure of DoF unknown computers.

The US has never been really serious about computer security, otherwise it would be more difficult for the three letter agencies to get into other’s computers. Those doors are still open and if they know so do other governments. State sponsored hackers have the time to pour over fundamentals to find them.

Lastly, the US paved the way in how to use malware on physical items. It’s been 4 years since the discovery of Stuxnet. Want to bet that program hasn’t been thoroughly torn down to understand how it works? I also notice that while the government has been setting all this up they have done nothing to strengthen the computer security of the average business and citizen. In computer warfare, the populace is just like the MADD initiative for nuclear warfare; totally unprotected. It would not take all that long to demonstrate just how disruptive that could be to the economy when the US once again kicks off some stupid war no one else has a defense from around them.

Anonymous Coward says:

Re: Re:

Given the amount of lying that has been popular in the government I don’t believe much of this. There is a response to getting lies and propaganda all the time. It becomes less and less believable. This government squandered the creditability it had in defending mass spying and torture.

It’s much too convenient to blame North Korea without any facts at all to back it up. It again smacks of propaganda and we’re at the point of needing proof for any validity of claims; seeing how much BS has been fed through the media.

That Anonymous Coward (profile) says:

And this just goes here.

http://attrition.org/security/rant/sony_aka_sownage.html

Count the events.
Look at the toll it took.
Count the number of times they could have taken proactive action.
Notice that only when it might hurt the companies bottom line they finally gave a shit, and turned the Government into a spin machine to craft a fairy tale of nation state hackers.

Wouldn’t it be hysterical to discover they used getting hacked as a reason to shelve a truly shitty movie that will make more from the insurance payout, that it would when half the globe wasn’t interested in showing it cutting into that all important global box office number.
So now we get to have all sorts of public outrage over “North Korea” getting their way…
Funny all of the public outcry wasn’t there when they admitted we tortured people, but now we have an enemy to focus on…
The magician always gets you to look away from where the action actually is, and the lovely assistants to this trick are government stooges bought & paid for to protect the media cartels.

Anonymous Coward says:

The US government has a part in damaging Iranian centrifuges, a direct attack on a foreign government, and its no great deal. Hackers gather internal data information from a company, which includes information which is embarrassing to the US government and they go ballistic. It just shows where the politicians priorities lie, and that is in staying in power and to remove any threats that may reign in their power, including their ability ti act on foreign soil.

Anonymous Coward says:

Why hasn’t anybody pointed out the obvious… All the cyber-war-mongering about the NSA needing access to everybody’s networks in order to prevent such attacks from happening. If the NSA’s systems are so desperately needed in order to avoid such events from happening, then why did this happen?? Why didn’t the NSA see this coming and prevent if from happening?

Just saying….

Anonymous Coward says:

Re: Star Power [was ]

All that’s missing now is for Dick Cheney…

They’ve got an even bigger star than Dick Cheney lined up for this one. Omigosh! Lookout! It’s Newt Gringrich! THE NEWT HIMSELF.

No one should kid themselves. With the Sony collapse America has lost its first cyberwar. This is a very very dangerous precedent.
            ——Newt Gringich on Twitter

Star power. You know it when you see it. You just know it.

Anonymous Coward says:

First of all, that’s what you get for treating IT like disposable garbage. You get shitty IT systems and security.
Secondly, the response to this has been nothing short of mind-boggling insanity. N.Korea is a pro-level saber rattler but they have no bite to their bark. Being afraid of them is utterly ridiculous.
There’s something deeper to this that we’re hearing.

Remember folks, these are the people that want to run the internet and they’re stumbling over themselves backpedaling like cowards at the first sign of a confrontation. It’s no surprise their first, second, third and all subsequent responses have been to censor.

sigalrm (profile) says:

Re: Re:

What happened to Sony is also almost certainly illegal (under US Law, at least. People forget a huge point in that that this hack isn’t illegal everywhere, and in some countries would be cause for individuals to be actively rewarded).

I generally dislike blaming the victim. But… if we’re going to stick with your “keys under the mat” analogy: Sure, Sony left the keys under the mat. Someone broke in, with those keys. Sony then opted to leave the keys under the mat, again. And again, someone broke in with those keys. Lather. Rinse. Repeat. What, 5 times in the last decade or so? That were publicized? And more instances of network penetrations are being revealed as a result of internal communications being leaked.

At some point, even the densest of organizations will get the hint: Move the key from under the mat to the potted plant on the window. Sony apparently couldn’t be bothered to do even that.

Doesn’t make what happened to them less illegal for individuals operating under US jurisdictions.

But if I’m Sony’s insurance carrier, not only am I not paying on any claims, I’m dropping you as a customer. In addition, I might just sue you for insurance fraud if I can make it stick. If payment card information was lost, Visa/Mastercard/Amex/Discover are going to step in w/ major fines for it. If ePHI held under the auspices of HIPAA was compromised, OCR is stepping in to levy fines. And that’s just a little bit of the fun Sony is likely to be in for.

Also: if I’m a Sony Stock Holder, I’m talking to the best lawyers in the US, and getting ready to sue Sony corporation and every corporate officer from the board down for a complete and utter failure to fulfill their fiduciary responsibilities. And the best part: 95% of the information I would generally have to cough up cash to get discovered is already on the internet.

So, do you blame the victim? Generally, no. Sometimes, yes. and this is one of those cases where it may be justified.

sigalrm (profile) says:

Re: Re:

And, to shorten a long post:

There’s an excellent chance that whoever pulled off the Sony hack did so from a country where hacking Sony isn’t illegal.

They might have nothing to fear from the long arm of the US unless they’re A) identified and b) travel to a country with a US Extradition treaty. Assuming, of course, that rendition is off the table (which is probably a bad assumption)

jameshogg says:

You don’t seem to have stressed enough the disgrace of Paramount Pictures.

They did not have any moral authority to pull Team America from theaters. In a crucial moment of solidarity that had to be upheld, Paramount trashed it.

And they used copyright law to do so. That is a rather significant finding, I would think, and I can’t believe it’s been so easily glanced over.

What we have here is a textbook example of copyright being used to suppress freedom of expression. On a vast political and dialectical scale. That showing of Team America was a crucial act of defiance in the face of the censorship of another film, and it was wrecked by a pathetic claim of ownership of expression on an already 10 year old movie.

Anonymous Coward says:

“Given that whatever sanctions or indictments accompanying are unlikely to have an effect on the hackers or whatever proxy nation the White House fingers”

It wouldn’t surprise me if blaming NK is just a political ploy to give the U.S. government any excuse to carry out actions it wanted to carry out regardless. Kinda like how Bush was fixated on blaming Iraq for 911 just because he wanted to go to war with them.

Anonymous Coward says:

Re: Re: Response to: Anonymous Coward on Dec 19th, 2014 @ 10:38am

So then what do we want from North Korea?

Seriously? Let me be serious for an instant.

The United States is interested in long-term regional stability, and in the security of our friends, allies, and partners. We have a commitment to the defense of the Republic of Korea, as well as to Japan. Furthermore, we have a long-term relationship with the Philippines —although our colonial history is not easy— and share language and culture with Australia. I could go on, but instead I’ll leave many other relationships unsaid, rather than to inadvertently slight some other nation or power. Thus, that brief rundown of our major interests is certainly not exhaustive.

Anonymous Coward says:

Re: Open Question

Short answer: We have always been at war with EastAsia.

Long answer: “North Korea hacked Sony” ranks with “Saddam Hussein has weapons of mass destruction” ranks with “Our ships were attacked without provocation by the North Vietnamese” ranks with “I have here in my briefcase the names of Communists within the United States government”. There’s a long tradition of using the enemy du jour as the foil for everything that goes wrong — since doing so makes it easier to justify whatever action we were going to take anyway, whenever the opportunity presented itself. That hasn’t changed.

What has changed is that much of the mainstream press has become part of the spin machine and self-demoted to the status of “stenographer”, leaving much of the investigative reporting to newer organizations, bloggers, and independent journalists — all of which are sporadically labeled not-journalists when convenient. Edward R. Murrow? Ha. Woodward and Bernstein? Yeah, right. Neither CBS News nor the New York Times nor the Washington Post has the stones to call them on this; instead they will dutifully report transparently-obvious bullshit as fact.

What has also changed is that the aggregate ability to process facts and think critically has been severely degraded. Soundbites and reality television, Fox “News” and the 24 hour news cycle, CNN’s “Situation Room” and the rush to be first to break a story, talking heads and more, all of these have lowered the standard of discourse so much that whoever repeats the biggest lies the loudest and the longest wins. (Consider: it’s nearly 2015 and yet there are people so insanely stupid, so scientifically illiterate, so utterly clueless, that they think we need to hear “both sides” of the evolution vs. creationism “debate”.)

So the playbook is the same as it ever was (same as it ever was) but the news media are (mostly) unwilling to point it out and the public are (mostly) unwilling to figure it out for themselves. So things are working out pretty well for the spinmeisters in government.

Anonymous Coward says:

Re: Open Question

Or are things heading further down the road to funnytown?

Armed clashes in South China Sea possible next year”, by Jose Katigbak, Philippine Star, Dec 17, 2014

A military clash between China and one or more Southeast Asian nations involved in territorial disputes in the South China Sea has a 50-50 chance of occurring in 2015, the Council on Foreign Relations said. . . .

mka says:

so the US is announcing that they KNOW from their “evidence” that the hack was done remotely from North Korea…
and Sony thinks someone can physically harm theaters remotely from North Korea? or Sony thinks the US is full of it.

in any case, awful nice of US taxpayers to donate all our public agencies to “save” Sony (?) from some embarrassing emails. rather ironic, even, since these agencies are squirreling away all of our own emails.

meanwhile, the MPAA will have its way with our “democracy”, the Spentagon will target North Korea, and if someone in the US actually WANTS to off a few civilians in malls and theaters, no one really cares. it sells guns.

John85851 (profile) says:

Change the narrative

Like the linked article in Wired points out, the hack probably did not come from North Korea.
So the first thing that security experts need to do is change the narrative: people already believe and accept that the hacking came from North Korea to the point that the headlines say “North Korea” instead of “hackers”.

Like other commenters are saying, the same US government that’s trying to push a connection to North Korea is the same government that pushed WMD’s in Iraq.

thomas cross says:

Sony & America blame game

This is wake up call for arrogant American firms. The thought they are impenetratable yet we seeing one of the biggest tax contributor to USG crumbling to pieces-The top 10 highest paid are now sitting ducks for their stupidity and lack of forsight. Of all things America must realize that their genius worldwide figuring out with computers. the blame game on north korea is as stupid as american NASA hacked european countries like france and german to name but a few

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...