Friday, December 19, 2014

The Sony Hack

During the 27-year gig we were subjected regularly to "spear phishing" hack attempts.  That's defined by someone contacting internal people via email and soliciting or evoking information that allows for greater intrusion.  It's easy to find someone's internal email address, that's often published or if not, it probably follows a standard format.  If you are any good at talking to strangers you can probably write an email that an employee will respond to.  Generally you want to avoid the representation that you are a Nigerian prince in exhile.

The first was a situation in which a senior employee received an email that appeared to be from USBank.  The logo, font and contact information was all correction.  There was a reply link that took you to a web form, also all correct looking.  At that point it asked for verification of account number, home address, you mother's maiden name, etc.  Our senior employee filled out the form and his Visa card was used about five minutes later in Ireland.

A very recent event, during my last 'transition' months involved a senior accounting member.  On a Friday afternoon they received an email requesting a wire transfer of money for a legitimate project.  The message included the name of the company's CFO and mentioned that he was unavailable according to his calendar but had approved the wire transfer.  The accounting person did several back and forth emails getting further information and was ready to sent the money.  That would have been a significant amount into a black hole. These people are good.  I would have fired the accounting person for even getting that far down the path.

So what is the implication of the Sony hack?  Anything you do on the internet is more or less recorded.  Some companies are good about keeping private what more or less should be private.  Unless you are a terrorist, Google is not going to cough you up.  The North Korean's were able to solicit via spear phishing enough information to get to a senior network administrators user ID and password.  That is all it takes.  In the 27-year gig there were just four of us who had those rights and we check on each other's integrity and practice standards all the time.

You should have complex passwords, something other than your childhood dog's name.  Don't right them down.  Don't give them to you spouse.  Don't ask computer's to remember you.

The Koreans had political intent.  There are just as many security trolls out and about doing this stuff for fun who may just like messing with people and companies.  There is also good money in this as evidenced by the hacks of Target, Home Depot, etc.  My USBank card had been lifted three times and our three small business cards from Wells Fargo have been lifted five times in total.  Cash might be good...although 20% of the $100 bills are fake.

Cloud storage is pretty convenient.  I used it all the time.  Not everything that I store on the cloud is encrypted.  Some of the cloud storage providers are a bit brazen about declaring the security of their systems and the lack of intrusions.  The Sony intrusion occurred through a relatively simple approach and may have destroyed their reputation and put a lot of movie goers under a threat of violence in theaters, and we know there's some bad stuff that has happened there in the past.  Are there Korean sleeper cells her?  That's my conspiracy comment of the day.

The really big hack, bigger than Sony, is that ICAAN was hacked recently.  This is the organization that provides all the addressing and domain assignments for the internet.  A good hack there would affect all internet traffic.

I'm going to rethink my information stored in the cloud, probably ensuring that all of is is encrypted on my side before being uploaded.  I never had a dog as a child but I do remember the name of dog that lived directly across the street.

2 comments:

  1. Korean sleeper cells? I doubt that. Why would they remain loyal? Threats against loved ones? I found the whole thing amusing. I bet the movie is really bad.

    ReplyDelete
  2. Network admin people are quite discrete. The rise of large scale hacks has put everyone on notice. Most companies of any size now put Chief Security Officers in place with a specific purpose of protecting corporate intellectual property and assets. Early evidence would indicate some collusion from inside. For example a known technical person sending requests to an admin person with the keys to the jewels. There are all sorts of keylogger programs and devices that can be installed without detection. Once those are in place and you request a network admin person to do some secured function you have the UserID and password.

    The more interesting detail in this intrusion is that we most certainly monitor and administer certain types of internet traffic from other countries, hence the absence of the videos showing actual beheadings. This points, too, to the situation that the hack probably originated from domestic endpoints.

    I'd recommend "The Americans" which is a good show about Soviet spies in the 1960s in the US. Political indoctrination is quite effective.

    I've paid little attention to movies lately so have no comment on that content. I do think it was a bad choice to pull the movie from distribution and showing. That plays into a passive negotiation with terrorist or those putting Americans at risk.

    ReplyDelete