back to article Sony Pictures in IT lock-down after alleged hacker hosing

Sony Pictures is investigating a breach that has seen hackers supposedly steal reams of internal data and splash defacements across staff computers. The company is now in lock-down as it wrestles with the problem. The beleaguered company, writes Variety, has requested staff disconnect their computers and personal devices from …

  1. John Tserkezis

    DON'T PANIC!

    It's alright, Sony has assured us the PS4 was *NOT* hacked.

    And that's the important thing now isn't it?

  2. btrower

    Predictable and not going away

    The ridiculous security infrastructure in place along with holes deliberately punched through by agencies like the NSA make this not just likely, but inevitable. Sony will not be the last to witness such a breach.

    If you have not had a visible breach of any kind and you have a valuable network I would not be too smug that I had a secure system. I would be suspicious that you have already been penetrated if you have never seen any visible sign of a partial breech. The really dangerous malware seals up your system so other malware (or legitimate attempts to reclaim the system) cannot break its grip.

    You are not going to see a zero day exploit on your system if it has already been used, your system captured and the weakness fixed by the intruder.

    By their nature at least some zero-day exploits are very hard to anticipate. In most cases, your just hoping that you get notice and a fix before a breech because some other sucker took the hit.

    Mortals attempting to keep complex heterogeneous systems secure don't have much of a chance against strong attacks.

    Having said the above, a down and dirty way for medium to large companies to at least make net facing systems less attractive as targets is to just get someone who knows what they are doing to make sure that hardware firewalls seal the perimeter.

    1. Anonymous Coward
      Anonymous Coward

      Re: Predictable and not going away

      I have you an up vote simply because you're pretty dead-on right up to the point where you give a prescription. There are no perimeters anywhere. You have no choice but to use whitelists everywhere, with signatures even though those can be got around as well (nobody uses two differing hash signatures yet), and a slash and burn approach to air gaps center out to edges, never edges to center. And no, badbios is still a problem with new media.

      Many years I came up with my "bastion" defense scheme, basically along the same lines of the largest castles ever built but digital. Now, any and all of my past work isn't sufficient now that nation-state grade tools are falling into the hands of "less sophisticated" criminals. I guess a fortress of solitude next.

      1. Deimos
        Facepalm

        Re: Predictable and not going away

        Yup I am also very fond of the castle / bastion approach, it is also a great image to have on the screen when doing security awareness training.

        My fear isn't the Nation-state grade tools, it's the tools inside the walls who effectively tunnel under the walls, leave the gates open at night and store all our crown jewels in a shed in the middle of town labelled "Jewels - keep out please".

        I do wonder though why Sony appear to get hit so often, bad at Security or a campaign by MS to make XBOX dominant in the marketplace.

        1. John Brown (no body) Silver badge
          Big Brother

          Re: Predictable and not going away

          "I do wonder though why Sony appear to get hit so often,"

          Maube a lot of people remember how many peopler were hacked by Sonys rootkit.

          1. Fatman

            Re: Predictable and not going away

            Maube a lot of people remember how many peopler were hacked by Sonys rootkit.

            Sadly, I am a member of that club; so I have no sympathy for them.

            Arrogant bastards.

    2. dan1980

      Re: Predictable and not going away

      @btrower

      I am not a security expert but the conclusion I have come to is that it is next to impossible to prevent a truly determined attack against any network - at least while still maintaining some even half-way acceptable level of utility.

      As you have said, the goal is to do enough so that you are not a target of opportunity.

    3. Dr Who

      Re: Predictable and not going away

      Asking when rather than if your systems were/will be compromised is good security practice.

      So your strategy is to make life as hard as possible for miscreants once they are in. One useful tactic might be to avoid (presumably) unencrypted password stashes called things like Extranet Oracle & SQL passwords 4.3.06.txt.

  3. dan1980

    Yaaarrghhh

    "We continue till our request be met."

    Did anyone else read that with Geoffrey Rush's voice?

    1. SDoradus

      Re: Yaaarrghhh

      It's a person very highly trained in English but not quite to mother-tongue level. The un-necessary use of the subjunctive is a dead giveaway.

  4. Anonymous Coward
    Anonymous Coward

    We spend ages

    Looking at security, considering breach points in the physical and digital world, then as time goes on the top bosses want to install "Torch" apps on their phones that need full access to all their details, world of tanks on the laptop, a news ticker that keeps them updated on their football scores and to let the niece use the laptop while visiting to download kids games.

    We are banging our heads against walls, the only advantage of getting older is that we don't run so fast at the wall first.

  5. Christoph

    "Determine what will you do till November the 24th"

    A German hacking group perhaps? Most Germans use 'until' when they mean 'by'.

    I wonder if they got into Sony using Sony's own root kit that someone still had installed?

  6. RainForestGuppy

    Inside Job.

    What benefit would an attacker have freely publishing passwords? These are commercially traded commodities.

    This has all the hallmarks of a disgrunted employee, rather than an external attack. It's either somebody who has been disciplined/sacked and wants to cause trouble, or somebody who has got fed up about banging on about poor security/operational procedures and wants to to a 'told' you so.

    1. Sebastian A

      Re: Inside Job.

      Not necessarily. Publishing some valuable information that can be confirmed as legit is a good way of showing you're not bluffing. It's the equivalent of sending a severed digit from a hostage.

  7. Anonymous Coward
    Anonymous Coward

    No Open Source - No Secrets

    It looks as if Sony were running Microsoft software.

    So they asked for it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020