The Ridiculousness Of Turning The Sony Hack Into The 9/11 Of Computer Security
from the our-boys-fought-and-died-so-these-corporations-could-be-free-from-hacking! dept
Once again, our government is stepping up to help a beleaguered industry giant. Usually the MPAA would be involved (and maybe it is), along with some terrible legislation, but this time it’s Sony Pictures getting an assist from The Man.
Sony, which has no one to blame but itself for being nearly completely compromised, apparently has enough pull that the White House itself is ready to step up, publicly denounce and possibly punish the group behind the hacking. (via Boing Boing)
U.S. investigators have evidence that hackers stole the computer credentials of a system administrator to get access to Sony’s computer system, allowing them broad access, U.S. officials briefed on the investigation tell CNN. The finding is one reason why U.S. investigators do not believe the attack on Sony was aided by someone on the inside, the officials tell CNN.
These unnamed investigators and officials believe North Korea is behind Sony’s hacking. It will be interesting to see what they present to back up this claim, considering there seems to be evidence indicating otherwise. The furor over The Interview, the film that portrays the assassination of Kim Jong-un, wasn’t originally named as a motivation for Sony’s hacking. The media seized on this possibility first, and the hackers followed suit.
Even if the US government turns out to be correct, there are plenty of reasons why it shouldn’t react this way to the hacking of a private company. This is evidenced in White House press secretary Josh Earnest’s statement, which indicates the White House is willing to play right into the hackers’ hands.
He said the United States’ response would need to be “proportional,” and that national security officials considering how to respond are “also mindful of the fact that sophisticated actors when they carry out actions like this are oftentimes, not always, but often seeking to provoke a response from the United States.”
Nevertheless, a response appears to be on the way, even if it’s exactly what the hackers want. The Department of Homeland Security has even weighed in on the issue. Its director also attempts to hedge his statements, but still appears determined to do something about the attack.
“At this point we are not prepared to officially say who we believe was behind this attack,” Homeland Security Jeh Johnson told MSNBC on Thursday. “I will say this: We do regard the attack on Sony as very serious.”
Johnson described it as a “serious attack not only on individuals and a company but basic freedoms we enjoy in this country,” but did not want to label it terrorism.
“Not terrorism.” That’s a relief. But the attack didn’t have any effects on Americans’ basic freedoms. Instead, it was the studios themselves who turned into proxy censors by refusing to release The Interview to theaters or anywhere else. This was prompted by the hackers’ vague threats of violence if the movie was shown, but as cybersecurity expert Peter W. Singer pointed out at Vice, there’s miles of space between talking shit and backing it up.
Here, we need to distinguish between threat and capability—the ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can’t believe I’m saying this. I can’t believe I have to say this.
[…]
It is mind-boggling to me, particularly when you compare it to real things that have actually happened. Someone killed 12 people and shot another 70 people at the opening night of Batman: The Dark Knight. They kept that movie in the theaters. You issue an anonymous cyber threat that you do not have the capability to carry out? We pulled a movie from 18,000 theaters.
Not only that, but theaters’ backup plans — to show the North Korea-baiting “Team America: World Police” in its place — have been scuttled by an equally panicky Paramount Pictures. So, the hackers have already received more of a response than they possibly could have hoped for. Now, the government is indicating it’s willing to appear just as foolish by offering a national response to the hacking of a single motion picture studio. Naming a scapegoat appears to be the primary focus.
Though officials say they are planning to lay blame on Friday, they haven’t yet decided how to respond to the attack.
Given that whatever sanctions or indictments accompanying are unlikely to have an effect on the hackers or whatever proxy nation the White House fingers, the government appears ready to go on record with its own shit talking. Any form of “backing it up” will still be over the distant horizon.
On Friday, our government will proudly denounce the hacking of Sony Pictures, an entity so insecure it has been hacked 56 times in the last 12 years. And we’ll do it to send this powerful message to the hackers of the world:
No matter who you are or where you call home, you can force the hand of the US government by embarrassing certain corporations.
Filed Under: sony hack, white house
Comments on “The Ridiculousness Of Turning The Sony Hack Into The 9/11 Of Computer Security”
They needed 9/11 to blatantly violate the Constitution and bury their wrongdoing but the Internet worked around it. Now they need a reason to violate the Internet. They’ve been trying a shot for a while now. I wonder what will be the true 9/11 for the net…
Re: Re:
Considering the contents of some of the leaked documents, any attempt to interfere with the net in the foreseeable future will look very suspect. And Google are already on the counterattack: https://www.theverge.com/2014/12/19/7422119/goliath-strikes-back-google-takes-legal-action-against-state-attorney-general
Re: Re: Re:
… and, of course, we haven’t seen nearly all the leaked documents. Who knows what else might be in there?
Re: Re: Re:
Again, at what point does it become cheaper and easier for Google, Microsoft, Apple, etc. to just buy the studios, replace the MAFIAA and do whatever they want?
Considering that these tech companies are about 10× the size of the studios, what’s stopping them?
Re: Re: Re: Re:
I fully support this suggestion. Google should buy Sony, make sure everyone’s out of the building, and burn it to the ground. This would be an enormous win for American culture and technology — which is why they should leave it just as is — smoldering ruins — as a reminder and a warning to others who are foolish enough to threaten the Internet.
Re: Re: Re: Re:
The ethics of the directors? While it may not be like my own ethics, that appears to be the case. “Don’t be as evil as the entertainment industry” and all that.
Re: Re:
Obama does have an internet kill switch he could always use. Much like china, north korea, and egypt
Sorry government, your word is no longer trusted.
Digital evidence can be manufactured by anyone who has access to the medium.
Indirectly, the data thievery was wholly Sony’s fault – they provided access to this over an outside line, in an unsecure fashion. It’s pretty common in computers, but don’t blame the machines – they do exactly as they are programmed. No less, and certainly no more.
Re: Re:
“It’s pretty common in computers, but don’t blame the machines – they do exactly as they are programmed. No less, and certainly no more.”
Which, incidentally, is what a lot of the suits calling for net censorship and regulation don’t realise. They think that whatever systems they put in place will be magically unable to be subverted by hackers for more nefarious ends. It’s that kind of thinking that gave us the Sony rootkit.
Re: Re: Re:
Not to mention that it’s the same magic that’s going to give us the “For Good Guy Use Only” ™ front doors the FBI is demanding.
Guerilla marketing for a flop
From one of the CNN links:
This is nothing but guerrilla marketing. Sony knows the movie is awful. So they come up with an edgy guerilla marketing campaign to get people to watch a flop.
Re: Guerilla marketing for a flop
Well, most of the people who’ve seen advance screenings do seem to think that it’s as crap as it promises to be.
Re: Re: Guerilla marketing for a flop
How come I am not surprised?!
U.S. investigators
Why the fuck are they In another country Sony is not an American company they have ties sure but they aren’t our responsibility.
Re: Re:
I believe the title of plan B is a perfect response to this comment.
“Team America: World Police”
Re: Re:
Why the fuck are they In another country Sony is not an American company they have ties sure but they aren’t our responsibility.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
This. A thousand times this.
So much of the hysterical reporting has ignored this rather important detail.
What about JPMorgan Chase?
If any companies have the implicit protection of the government, it’s the banks. Whatever happened to that recent, massive penetration of Chase bank’s network? Did that get a “proportional response”? Was that a US hack? Is the security hole patched, or is it (or another one) left open for NSA’s use?
The very different responses to the two events by government spokespeople and news media is fascinating and telling.
Re: What about JPMorgan Chase?
“…government spokespeople…”
I think you meant “government salespeople”
From the storytellers who brought you Iraqi WMD
From the storytellers who brought you the frightening horror flick “Iraq WMD”. Now, a new, compelling tale. Bolder. More imaginative.
It will take you to the edge of your seats.
The New York Times calls it, “Better than yellowcake!” “A must see.”
Coming out this holiday season.
“At this point we are not prepared to officially say who we believe was behind this attack,” Homeland Security Jeh Johnson told MSNBC on Thursday. “I will say this: We do regard the attack on Sony as very serious.”
Yes, it indicates that Sony has a serious, chronic, and pervasive problem with IT security. However, that’s a serious problem for Sony, not for the United States. I doubt that the USG would be quite so full of bluster and feigned concern if the target were, let’s say, the Sierra Club. This response is far more about quid pro quo than it is about any actual threat of any kind to the US.
Let’s do keep in mind:
http://gizmodo.com/sony-kept-thousands-of-passwords-in-a-document-marked-1666772286
and
http://gawker.com/sonys-top-secret-password-lists-have-names-like-master_-1666775151
and
http://arstechnica.com/security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/
and
http://krebsonsecurity.com/2014/12/in-damage-control-sony-targets-reporters/
and perhaps most damning of all:
http://gawker.com/sony-was-hacked-in-february-and-chose-to-stay-silent-1670025366
Re: Re:
When a company that has come at least pretty close to bribing US government officials has been hacked, it apparently becomes a pretty big issue for the US government.
Blame
I think it would be better to blame Monday, or maybe the day after ones vacation.
Re: Blame
Wednesday got into all kinds of trouble as a child.
Re: Blame
Maybe they really believe that Rebecca Black was the one responsible?
I’m going to take a wild shot in the dark here and say that they hired General Alexander for NetSecOps. This would legitimate his years in office and probably bankroll his future career. /sarc
First this is totally Sony’s fault. In one of the previous hacks, Sony had a year or more to change a folder named ‘Passwords’ to something else including some security. They failed to do that because it wasn’t important to them at the time. Inside the folder were account nicks and passwords in the clear. What could go wrong?
If anything, there’s a bit of karma in this for the response from a Sony executive about ‘most people don’t even know what a rootkit is’ when they were busy putting them on computers including the exposure of DoF unknown computers.
The US has never been really serious about computer security, otherwise it would be more difficult for the three letter agencies to get into other’s computers. Those doors are still open and if they know so do other governments. State sponsored hackers have the time to pour over fundamentals to find them.
Lastly, the US paved the way in how to use malware on physical items. It’s been 4 years since the discovery of Stuxnet. Want to bet that program hasn’t been thoroughly torn down to understand how it works? I also notice that while the government has been setting all this up they have done nothing to strengthen the computer security of the average business and citizen. In computer warfare, the populace is just like the MADD initiative for nuclear warfare; totally unprotected. It would not take all that long to demonstrate just how disruptive that could be to the economy when the US once again kicks off some stupid war no one else has a defense from around them.
Re: Re:
Given the amount of lying that has been popular in the government I don’t believe much of this. There is a response to getting lies and propaganda all the time. It becomes less and less believable. This government squandered the creditability it had in defending mass spying and torture.
It’s much too convenient to blame North Korea without any facts at all to back it up. It again smacks of propaganda and we’re at the point of needing proof for any validity of claims; seeing how much BS has been fed through the media.
And this just goes here.
http://attrition.org/security/rant/sony_aka_sownage.html
Count the events.
Look at the toll it took.
Count the number of times they could have taken proactive action.
Notice that only when it might hurt the companies bottom line they finally gave a shit, and turned the Government into a spin machine to craft a fairy tale of nation state hackers.
Wouldn’t it be hysterical to discover they used getting hacked as a reason to shelve a truly shitty movie that will make more from the insurance payout, that it would when half the globe wasn’t interested in showing it cutting into that all important global box office number.
So now we get to have all sorts of public outrage over “North Korea” getting their way…
Funny all of the public outcry wasn’t there when they admitted we tortured people, but now we have an enemy to focus on…
The magician always gets you to look away from where the action actually is, and the lovely assistants to this trick are government stooges bought & paid for to protect the media cartels.
Department stores get hacked? Yawn.
Banks get hacked? Whatever.
Movie company gets hacked? OMG CYBER9/11!!!
As if government agencies making their public announcements from Disneyland wasn’t enough to prove that Hollywood owns America.
Re: Re:
“As if government agencies making their public announcements from Disneyland wasn’t enough to prove that Hollywood owns America.”
Or at least the American Government.
The US government has a part in damaging Iranian centrifuges, a direct attack on a foreign government, and its no great deal. Hackers gather internal data information from a company, which includes information which is embarrassing to the US government and they go ballistic. It just shows where the politicians priorities lie, and that is in staying in power and to remove any threats that may reign in their power, including their ability ti act on foreign soil.
Why hasn’t anybody pointed out the obvious… All the cyber-war-mongering about the NSA needing access to everybody’s networks in order to prevent such attacks from happening. If the NSA’s systems are so desperately needed in order to avoid such events from happening, then why did this happen?? Why didn’t the NSA see this coming and prevent if from happening?
Just saying….
Re: Re:
Common sense croaked years ago, buddy.
The NSA isn’t interested in preventing cyber-attacks, it’s all about keeping tabs on We The People.
All that’s missing now is for Dick Cheney to tell us that the Interview and Team America cancellations demonstrate that torture is necessary.
Re: Star Power [was ]
They’ve got an even bigger star than Dick Cheney lined up for this one. Omigosh! Lookout! It’s Newt Gringrich! THE NEWT HIMSELF.
Star power. You know it when you see it. You just know it.
Re: Re: Star Power [was ]
Uh, Sony is still here, Newt.
What a mook!
Re: Re:
hahaha. unfortunately for us, “The Interview” and “Team America” are already torture…
Wow, this much defense for a poorly secured and managed Japanese company?
They won’t equate it with terrorism, but I will:
The hackers, like terrorists, have already won.
First of all, that’s what you get for treating IT like disposable garbage. You get shitty IT systems and security.
Secondly, the response to this has been nothing short of mind-boggling insanity. N.Korea is a pro-level saber rattler but they have no bite to their bark. Being afraid of them is utterly ridiculous.
There’s something deeper to this that we’re hearing.
Remember folks, these are the people that want to run the internet and they’re stumbling over themselves backpedaling like cowards at the first sign of a confrontation. It’s no surprise their first, second, third and all subsequent responses have been to censor.
Never forget Sony
I, for one will never forget Sony’s rootkit fiasco. That turned me off of buying anything Sony, forever.
Even pirating Sony productions seems distasteful to me, it gives them too much attention (and I cannot think of anything worth the effort to click a few buttons).
So breaking and entering isn’t illegal anymore? Even if Sony left the keys under a welcome mat in front of the door.
Re: Re:
What happened to Sony is also almost certainly illegal (under US Law, at least. People forget a huge point in that that this hack isn’t illegal everywhere, and in some countries would be cause for individuals to be actively rewarded).
I generally dislike blaming the victim. But… if we’re going to stick with your “keys under the mat” analogy: Sure, Sony left the keys under the mat. Someone broke in, with those keys. Sony then opted to leave the keys under the mat, again. And again, someone broke in with those keys. Lather. Rinse. Repeat. What, 5 times in the last decade or so? That were publicized? And more instances of network penetrations are being revealed as a result of internal communications being leaked.
At some point, even the densest of organizations will get the hint: Move the key from under the mat to the potted plant on the window. Sony apparently couldn’t be bothered to do even that.
Doesn’t make what happened to them less illegal for individuals operating under US jurisdictions.
But if I’m Sony’s insurance carrier, not only am I not paying on any claims, I’m dropping you as a customer. In addition, I might just sue you for insurance fraud if I can make it stick. If payment card information was lost, Visa/Mastercard/Amex/Discover are going to step in w/ major fines for it. If ePHI held under the auspices of HIPAA was compromised, OCR is stepping in to levy fines. And that’s just a little bit of the fun Sony is likely to be in for.
Also: if I’m a Sony Stock Holder, I’m talking to the best lawyers in the US, and getting ready to sue Sony corporation and every corporate officer from the board down for a complete and utter failure to fulfill their fiduciary responsibilities. And the best part: 95% of the information I would generally have to cough up cash to get discovered is already on the internet.
So, do you blame the victim? Generally, no. Sometimes, yes. and this is one of those cases where it may be justified.
Re: Re:
And, to shorten a long post:
There’s an excellent chance that whoever pulled off the Sony hack did so from a country where hacking Sony isn’t illegal.
They might have nothing to fear from the long arm of the US unless they’re A) identified and b) travel to a country with a US Extradition treaty. Assuming, of course, that rendition is off the table (which is probably a bad assumption)
You don’t seem to have stressed enough the disgrace of Paramount Pictures.
They did not have any moral authority to pull Team America from theaters. In a crucial moment of solidarity that had to be upheld, Paramount trashed it.
And they used copyright law to do so. That is a rather significant finding, I would think, and I can’t believe it’s been so easily glanced over.
What we have here is a textbook example of copyright being used to suppress freedom of expression. On a vast political and dialectical scale. That showing of Team America was a crucial act of defiance in the face of the censorship of another film, and it was wrecked by a pathetic claim of ownership of expression on an already 10 year old movie.
Re: Re:
Birds of a feather stick together. In any case, MPAA members are all about censorship. Remember SOPA? They’re doing this in an effort to put it back on the table.
Well how else are you going to try and cram through a newer version of PATRIOT?
The Interview -- perhaps just a really bad movie?
Perhaps the real motivation for pulling the movie is that it is simply a bad movie. All this publicity will help to sell the movie when it is eventually released.
Re: The Interview -- perhaps just a really bad movie?
Sony Entertainment will just use Hollywood math to claim this flop of a movie could have made a bazillion dollars and tack that onto an insurance claim. Ironically, they may even profit from this fiasco.
sony hacked
amazing sony getting hack again and again
goverment blog|telugu mp3 songs
“Given that whatever sanctions or indictments accompanying are unlikely to have an effect on the hackers or whatever proxy nation the White House fingers”
It wouldn’t surprise me if blaming NK is just a political ploy to give the U.S. government any excuse to carry out actions it wanted to carry out regardless. Kinda like how Bush was fixated on blaming Iraq for 911 just because he wanted to go to war with them.
Re: Response to: Anonymous Coward on Dec 19th, 2014 @ 10:38am
So then what do we want from North Korea? Oil?
Re: Re: Response to: Anonymous Coward on Dec 19th, 2014 @ 10:38am
Seriously? Let me be serious for an instant.
The United States is interested in long-term regional stability, and in the security of our friends, allies, and partners. We have a commitment to the defense of the Republic of Korea, as well as to Japan. Furthermore, we have a long-term relationship with the Philippines —although our colonial history is not easy— and share language and culture with Australia. I could go on, but instead I’ll leave many other relationships unsaid, rather than to inadvertently slight some other nation or power. Thus, that brief rundown of our major interests is certainly not exhaustive.
Re: Re: Response to: Anonymous Coward on Dec 19th, 2014 @ 10:38am
Probably a good reason to stop them from rebuilding their nuclear reactor which was stopped by Kim Jong-il, it’s crazy when you think about it but his dad was less of a dipshit than Kim III The Fatty.
Because movie studios are obviously “critical infrastructure”.
Re: Re:
Do you have any idea how many politicians wouldn’t be re-electable if they weren’t backed by the entertainment industry lawyers, lobby, and cash?
Damned right the movie studios are “critical infrastructure”…
Re: Re: Re:
Have a ‘that should have been funny, but it’s far too true’ insightful vote for that one.
haha, cant wait until the next big plot twist
The NSA hacked Sony and accidentally left the keys in public, someone found it and put his willie in Sony. So they are now just blaming whoever they can so noone suspects their involvment.
Would anyone be surprised if something like this happened?
Open Question
To those of you who have weathered more news cycles than I have, has the world always been this absurd and we’re just exposed to more of it because of faster communications technology? Or are things heading further down the road to funnytown?
Re: Open Question
Short answer: We have always been at war with EastAsia.
Long answer: “North Korea hacked Sony” ranks with “Saddam Hussein has weapons of mass destruction” ranks with “Our ships were attacked without provocation by the North Vietnamese” ranks with “I have here in my briefcase the names of Communists within the United States government”. There’s a long tradition of using the enemy du jour as the foil for everything that goes wrong — since doing so makes it easier to justify whatever action we were going to take anyway, whenever the opportunity presented itself. That hasn’t changed.
What has changed is that much of the mainstream press has become part of the spin machine and self-demoted to the status of “stenographer”, leaving much of the investigative reporting to newer organizations, bloggers, and independent journalists — all of which are sporadically labeled not-journalists when convenient. Edward R. Murrow? Ha. Woodward and Bernstein? Yeah, right. Neither CBS News nor the New York Times nor the Washington Post has the stones to call them on this; instead they will dutifully report transparently-obvious bullshit as fact.
What has also changed is that the aggregate ability to process facts and think critically has been severely degraded. Soundbites and reality television, Fox “News” and the 24 hour news cycle, CNN’s “Situation Room” and the rush to be first to break a story, talking heads and more, all of these have lowered the standard of discourse so much that whoever repeats the biggest lies the loudest and the longest wins. (Consider: it’s nearly 2015 and yet there are people so insanely stupid, so scientifically illiterate, so utterly clueless, that they think we need to hear “both sides” of the evolution vs. creationism “debate”.)
So the playbook is the same as it ever was (same as it ever was) but the news media are (mostly) unwilling to point it out and the public are (mostly) unwilling to figure it out for themselves. So things are working out pretty well for the spinmeisters in government.
Re: Open Question
“Armed clashes in South China Sea possible next year”, by Jose Katigbak, Philippine Star, Dec 17, 2014
Nearly completely compromised?
Nearly????
I’m sure the Sony hack had nothing to do with their inferior infrastructure and management hubris of epic proportions regarding network security practices. Look! 9/11! Because Terrorist Hackers!
I now doubt it was North Korea
That there is such an effort to portray the Sony hack into some kind of crisis for anyone who isn’t Sony is so specious that it makes me wonder if North Korea did it in the first place — it seems entirely too perfect for those in the US who want to crack down on freedom.
so the US is announcing that they KNOW from their “evidence” that the hack was done remotely from North Korea…
and Sony thinks someone can physically harm theaters remotely from North Korea? or Sony thinks the US is full of it.
in any case, awful nice of US taxpayers to donate all our public agencies to “save” Sony (?) from some embarrassing emails. rather ironic, even, since these agencies are squirreling away all of our own emails.
meanwhile, the MPAA will have its way with our “democracy”, the Spentagon will target North Korea, and if someone in the US actually WANTS to off a few civilians in malls and theaters, no one really cares. it sells guns.
Breaking into Sony’s network is the 9/11 (which is the pearl Harbor anti-terrorism) of computer security. OK.
Seems more like the Maine of governments looking for an excuse for their next play date, but whatevs.
Let’s face it, it has a better ring than calling it the “Every Couple of Months for Over a Decade” of computer security.
Their evidence will most likely be secret because “national security reasons”. ie we have nothing and if showed we had nothing where would our witch hunt go
Sony Hacks
Now, let me get this straight. Sony hacks goes around hacking ordinary citizens with root kits and so forth and that’s OK with the government. But let Sony get hacked and the government flips out. Something’s very wrong here.
Corporate dollars speak louder than common people.
Change the narrative
Like the linked article in Wired points out, the hack probably did not come from North Korea.
So the first thing that security experts need to do is change the narrative: people already believe and accept that the hacking came from North Korea to the point that the headlines say “North Korea” instead of “hackers”.
Like other commenters are saying, the same US government that’s trying to push a connection to North Korea is the same government that pushed WMD’s in Iraq.
Sony & America blame game
This is wake up call for arrogant American firms. The thought they are impenetratable yet we seeing one of the biggest tax contributor to USG crumbling to pieces-The top 10 highest paid are now sitting ducks for their stupidity and lack of forsight. Of all things America must realize that their genius worldwide figuring out with computers. the blame game on north korea is as stupid as american NASA hacked european countries like france and german to name but a few