It’s unclear who hacked Sony Pictures Entertainment on 24 November, 2014 but there are the tell-tale signs of a carefully orchestrated attack.
Rick Crouch, founder and owner of Rick Crouch & Associates, says: “Sony Pictures Entertainment appears to have been victimised by what experts call an advanced persistent threat (APT).”
“The attack has the hallmarks of an APT,” he explains. “The hackers had a specific target in mind. It’s not like they were after just any company or studio, it looks like they specifically went after Sony.”
But in his estimation there’s nothing the studios — or any company — can do to completely eliminate the threat of hackers.
“We need to re-think our perceptions about cyber-security. This is not something where you can achieve 100% security,” he explained.
“As long as you are online there will be threats. In some cases they will already be inside your company or organisation, like a disgruntled employee who could be anyone from a personal assistant, a manager to an IT employee. Once someone gets inside your systems they shouldn’t have the keys to the kingdom. They shouldn’t be able to go anywhere and everywhere within your system.”
The way Sony was hacked was actually quite simple and is a method that is used by many hackers involved in corporate espionage.
In this case they looked for names of employees that worked on this particular movie, just watching the movie credits or a simple Google search would have given them that information, they would then have narrowed that list down to high ranking IT personnel, because IT people usually have access to the entire network.
The next step would have been to send an e-mail to that employee and spoofing it so that it appeared to come from a co-worker, the content of the e-mail would have contained a link and a reason for that person to click on the link, which they would have because it was from a co-worker.
That link would have then taken them to a website which would, within seconds, have downloaded malware to that computer. That malware would then enable the hacker’s computer to “mirror” the infected computer. The hacker would be able to see everything that is typed on the infected computer as if they were sitting in front of the target computer, including usernames and passwords.
That is a simplistic explanation of what happened to Sony and can happen just as easily to your company or your personal computer. Ensure that you employ defences to this type of hack, most importantly educating staff on these tactics and how to respond.