The Hacking of Sony

The Hacking of Sony

Name:

Institution:

The Hacking of Sony

Introduction

            Cybersecurity has become a vital area of concern for most businesses and personalities globally due to its adverse effects on the victims in the event of a breach. The advancement in technology has thus witnessed a surge in negative publicity resulting from hacking activities propagated by people with malicious intentions. On November 24, 2014, a similar breach occurred at Sony Pictures Entertainment and the Guardians of Peace (GOP) claimed responsibility (Lee, 2015). The perpetrators compromised many materials and made demands for the cancelation of the upcoming The Interview movie for its insensitive portrayal of Kim Jong-Un, the leader of North Korea. The sophisticated attack on Sony was well orchestrated and showed the vulnerability of even big corporations

Discussion

Part 1

Sony experienced a virus attack aimed at the illegal extraction of information and identities of its employees as well as other stakeholders.

Part 2

The malware attack on Sony resulted in the disclosure of personal information used for identification of its employees. It also contained the identities of their dependents thereby detailing their names, financial information, social security numbers, and addresses. For example, over 47,000 social security numbers were stolen. The illegality also included an exposure of personal email exchanges between studio executives and celebrities as well as other employees. For instance, the racially charged email of Amy Pascal, the corporation’s co-chairwoman, and Scott Rudin, a film producer, and director, about President Barrack Obama was leaked. While more emails followed, confidential scripts about certain movies such as the upcoming Spectre, a James Bond flick were also compromised in the attack. Numerous future films like Still Alice and Annie were hacked and released as well thereby jeopardizing their sales prospects. Official correspondence between Hollywood stakeholders illustrating their approach to business affairs was also nabbed in the hacking scandal.

Part 3

The hackers have been consistently linked to North Korea’s leadership by reputable agencies such as the Federal Bureau of Investigations. It is believed that the GOP accessed the company’s website through the shared IP address and downloaded the data. Deleting of the original copies was then done, and messages posted to warn of further attacks.

Part 4

The above attack sampled confidential information most of which was protected by the needs for passwords hence is reflective of a culture of weak access codes or even collaboration between workers and hackers. It is evident that the GOP was able to bypass the usual protocols that restrict access to such data by rigging the IP addresses and planting the malware in the company’s network, thereby obtaining the vital information (Weinman, 2015). The firm needs to abandon the use of built-in passwords, as they are easy to decipher as well as use encrypted VPN’s for routing of its internet. In fact, two-factor authentication mechanisms would be advisable, as that may have limited the penetration of the hackers into the email accounts. The use of electronic locks would also be helpful since the HTTPS system in the Sony servers and computers could prevent the leakage of data.

The amount of data compromised is high hence indicating the lack of a strong firewall to filter bugs and avoid such breaches. The installation of the Wiper bug in the company’s systems without detection shows that Sony has to reinforce its defensive strategy to counter such threats in future. The presence of a bug that erases server data is an illustration of poor scanning software programs and infrequent attack and penetration tests that are integral in the detection of vulnerable points. If the corporation had conducted numerous such tests, it would have exposed the blunders within its current system and fixed them. In fact, the configuration of firewalls is a significant action ought to have been taken in the hope of eliminating any loopholes within the network (Sethy, 2015). The huge volume of personal communication data obtained by the hackers is also a pointer to the over-reliance on password authentication rather than the more secure VPN or SSH keys. The latter would ensure that unauthorized personnel do not gain access to such sensitive material. The Sony hack witnessed the leakage of numerous personal comments about certain celebrities, as well as the chiding of the US president in what would understandably be private exchanges between friends. The breach of privacy was hurtful yet the employees should have deleted the comments located in website source codes as a way of minimizing their exposure.

Revelations were made that showed that IP addresses from the foreign hackers were encoded with those from Sony yet the latter had been hardcoded in the data deletion system. The encryption algorithms also indicated a significant breach in the company’s system, thereby illuminating the existence of a weak network security. It is important for users to log off from services to avoid automatic log-in when within range, as well as turning off the Wi-Fi availability to prevent the joining of rough networks by the devices. Taking these precautions would have aided in preventing the spread of this malware especially in the retrieval of communications between trusted friends and management officials. An analysis of the hack reveals that the perpetrators avoided the common malware route in which they feed target computers with programs that require the input of the user to spread such as Trojan Horse. It is thus a sign of the changing trends within the IT industry and a prompt for firms to shift their focus towards preventing or containing network related breaches. The hackers capitalized on the interconnection of Sony servers to transmit information to their devices hence stealing large amounts of data while eliciting minimal detection. The installation of real-time anti-spyware programs is, therefore, essential to curbing this vice while the business should have disabled autorun to prevent the illegal bug attaching itself to drives as that propagates the virus. The deployment of DNS protection is a viable alternative to avoid compromising the machines while engineers need to disable image previews found in Outlook too. In following the above undertakings, Sony would have significantly reduced its vulnerability to such attacks and helped to secure the integrity of the stolen data (Weinman, 2015). The attack was noticeable from a note left on the workers’ computers warning of dire consequences should the demands of the GOP not be met. The decision to warn employees against using their machines until a proper diagnostic test is conducted to ascertain their cleanliness was wise as it prevented further attacks. It is possible that such ominous messages will act as baits for more attachment of the bugs to other programs hence infecting other devices thereby causing further damage. The importance of having software engineers to conduct repairs is thus understandable although such exercises should be strengthened by the adoption of the above firewall reinforcing methodologies. It is also advisable for companies to install quality anti-viruses in their computers and regularly updating them to avoid the errors made in the above attack. Such processes reduce the level of vulnerability. They would have prevented the breach witnessed at Sony Pictures Entertainment. As an addition to the layer of protection required by such a large and diversified corporation, scans of the equipment by engineers should be applicable, as they help in the removal of infections in good time before their spread. The exercises are vital in detecting phishing attacks hence making the data secure.

Conclusion

            Hacking is a common vice in the current global environment, which causes great anguish and financial losses to various entities. The 2014 malware attack on Sony was a viral mutant that stole employee personal data such as addresses and social security numbers. Whereas scripts of future films were also compromised, email exchanges among different parties were also acquired in the raid (Sethy, 2015). Notably, the hackers managed to delete the original copies of these items thereby causing irreparable damage to the victims as well as the company. As an attack with massive financial implications, it signaled the need for aggressive cyber security within these sectors to prevent similar malware attacks. Firms need to use DNS protection to boost their firewalls as well as the deployment of two-factor authentication systems. Electronic lock keys and HTTPS platforms are also viable alternatives designed to block infiltration of machines as well and the latter needs daily scanning to avert new threats.

References

Lee, N. (2015). Counterterrorism and Cybersecurity: Total Information Awareness.

Sethy, S. S. (2015). Contemporary Ethical issues in Engineering.

Weinman, J. (2015). Digital Disciplines: Attaining Market Leadership via the cloud, big data, Social, Mobile, and the Internet of things.