#Hacking

The Sony Cyber Attack: What Have We Learned?

hilltoppark03 Cybercrime, Cybersecurity , , , , , ,

1. Nothing
2. The Hacking is the New Extortion

Hackers are sort of like the Don Fanucci character from the Godfather Part 2.  Don Fanucci was a thug who made living extorting money from the local merchants in New York’s “Little Italy” section of lower Manhattan.  They are not huge sums of money, so the merchants pay him rather than face his wrath.  Don Fanucci attempts to extort money from a young Vito Corleone and his associates, Tessio and Clemenza.  Young Vito convinces Tessio and Clemenza to pay less than what Don Fanucci requested to “wet his beak” and make a counter offer he couldn’t refuse.

IMG_0016

Fast forward roughly 100 years and hacking is the new extortion.  Hackers, like Don Fanucci will request a small amount of money from businesses or else all hell will break loose.  Like most of the merchants, the companies will typically perform a cost benefit analysis and come to the conclusion that it makes business sense to comply with the hackers demands.

Unfortunately, the playing field today isn’t as level as the one the Godfather was playing on.  Today’s CEOs cannot just ambush Don Fanucci in the hallway in his apartment building like young Vito Corleone did.  A recent example is a type of malware called ransomware that the hackers used to extort businesses.  The ransomware that made headlines over the past two years was CryptoLocker which entered a business by having any unsuspecting employees open a PDF attachment to an email.  Once opened, the CryptoLocker will encrypt company files stored on hard drives and any network files it can access.  Once encrypted, the company cannot access them unless they pay the hacker a small ransom of say $500.  If the company does not pay in a timely fashion, the ransom increases to $1000.  If the company does not pay within a month, the files disappear forever.  It makes sense for companies to just pay the small ransom than it does to incur their wrath.

In Sony’s case, their hand was forced and didn’t have much choice but to comply with the hackers demands.  The demand was to not release the movie “The Interview” which was about two Hollywood stoners hired by the CIA to assassinate North Korean dictator (I’m sorry, I meant Supreme Leader) Kim Jon Un.  If the movie was released, the hackers threatened a 9/11 scale terror attack on the theaters that showed the movie.  Since the theaters did not want to take that risk and wouldn’t show the movie, Sony had no recourse but to now show the movie in theaters.

3. 80% of Cyber Crimes are Inside Jobs

There has been a lot of discussion since the digital release of “The Interview” that the Sony hack was not the work of North Korea, but was rather an inside job.  It wouldn’t be the first time, as it is estimated that nearly 80% of cybercrimes are actually performed by disgruntled employees with easy access to corporate networks.

Sounds like the plot of a great movie!