Sony Cyber Attack

In case you didn't hear, Sony Pictures was hacked and copies of several movies including Fury and Annie were leaked.

http://www.cbc.ca
/news/arts/fbi-warns-of-hacking-threat-after-sony-pictures-attack-1.2857435

This is what I don't understand: Why the hell do people expose sensitive material to the internet? If you don't want something to get leaked, why would you EVER plug an internet cable into the machine that material resides in? What, they think "it's ok, we have cyber-security measures in place! We'll be fine!"?. Don't people understand that that's just a challenge to hackers? What on earth is so difficult about the concept of standalone machines, local networks that aren't connected to the internet, and transmission via physical storage devices? This is what we do in the Department of National Defense. If you don't want something leaked, you NEVER put it on a machine that's connected to the internet, EVER. There's no such thing as "safe" on an internet connected machine.

While theft of this sort is wrong, I really don't have much sympathy for Sony. Exposing sensitive material to the internet (i.e. placing it on machines or networks that ate connected to the internet) is like leaving your car unlocked overnight overnight in the worst neighborhood in town.

Thanks for the headsup. Fully agree with your thoughts behind it. The irony is that the biggest players fail as regularly and specatularly as small companies.

Did you hear who they think this is? North Korea, because of the movie with Seth Rogen & James Franco called the Interview where they get an interview with Kim Jung-un and the CIA asks them to kill him.

Reports last night say this hack has NK fingerprints all over it.

And if that's true, it should be even more embarrassing for Sony. Way to go, you were bested a guy in North Korea.

Maybe it was the Cylons. Looks like BSG got it right then

SD

Re: North Korea. I think we have our suspect - the one guy in North Korea who knows how to use a computer:

[video:youtube]http://youtu.be/IrCQh1usdzE?t=15m42s[/video]

And they say the leaked files have been downloaded over a Million times. And they might possibly
contain Malware that could take over your computer. So warn the kiddies to stay away if using the
family computer.

Viral advertising IMO. Fury has already been out, and you're either taking the kids to see Annie or you aren't, regardless. Not much damage done, if it even happened. Any proof these are actually out there anyway? Odd the "offending movie" itself wasn't included as hacked and released, which would have made more sense for revenge. No customer info leaked, like with PlayStation accounts, so people don't feel threatened....
I have my doubts.

Convenient. LOL

Fury is already out of our movie theater which I'm shocked about. Yet Gone Girl is still playing.

Some people have real difficulty with this concept, to them an online connection is as vital for a PC to function as electricity.

I had this conversation not long ago regarding my home network (two desktops and a laptop), someone told me using Win98/2000/XP was unsafe even though it's offline. My network isn't even wireless, it's completely local and still I hear, "You think you're safe but if someone wants to break in, they'll find a way". Yeah, if they physically break into my house maybe.

War movies as a general rule are a tough sell at the box office. Murder/Crime thrillers usually do MUCH better by comparison. It's just tough to attract both the female and the under 30 crowd to war films.

Sony hacked only a few years after they infected hundreds of thousands of PCs with the rootkit DRM they had on their Sony music CDs - that they didn't tell people about and that left peoples' computers vulnerable to hackers....

http://www.securityfocus.com/news/11369

What's that about laughing loudest and laughing last?

Reports say that this was a Sony Pictures group breach, not all of Sony, and some suggestions that it was an inside job from a disgruntled employee.

Yes, there's proof. Putlocker was running a bad camcorder version of Fury just a few days ago. Now they've got a DVD quality screener up. See for yourself if you don't mind visiting Putlocker (virus and popup warning). Likewise, you can see the DVD version popping up on Piratebay a few days ago. Same goes for Annie. Unreleased DVD versions of both movies appeared on piracy sites on the 28th, so it's real.

As for not much damage done, are you kidding me? Do you know how much money Sony stands to lose by having movies they planned to rent and sell being released to the public for free? You realize that selling and renting movies is one of the ways that movie studios make money, right? DVDs, electronic sell-through and subscription video-on-demand (like netflix) is an $18 billion a year industry. There's a reason why movies arne't just distributed for free by their owners.

And the fact that they didn't release "The Interview" could be due to any number of reasons. Maybe the computer(s) successfully hacked didn't happen to contain that particular movie. Or if the theory that North Korea is behind this is true, their motive was to suppress that movie. How would flooding the internet with free copies of a movie they're trying to suppress make any sense?

People that pirate movies pirate movies, they don't bother buying or renting. Those movies would eventually be up there anyway. The average movie goer and renter has no idea who Piratebay is, much less Putlucker (whom I've never heard of either). Still odd to me "they" would get Fury and Annie, and NOT the movie that supposedly started all of this.
Maybe I'm wrong, time will tell. Perhaps. Until then:
Viral. Advertising.

I do both. Now I won't be renting Fury when it comes out because I already saw it for free. Once again, there's a reason why film studios don't just upload their movies to YouTube once they're out of theaters. Do you not understand why that is?


Enough people use pirated movies to warrant the film industry investing millions of dollars in fighting piracy.


I already explained this. Just because hackers were able to steal those two movies doesn't mean they had access to all Sony movies. You see to be under the assumption that these hacker broke into some central vault where all the movies are stored. In reality, they probably broke into a bunch of Sony employees' workstations and laptops.


Viral advertizing? Why would someone advertize for a movie by offering if for free? Please explain how Sony benefits by releasing "pirated" version of their own movie.

It's not a victimless crime! Or so the ads say!

Really though arguments can be made both ways. While some pirates may only want to watch a movie once and then never again (and then the owner losses a sale/ticket) most are not that way. If they like the movie a lot of people will buy it. (I am that way. If I watch something I like on netflix I will just buy it) and others steal just to steal or collect with no intention of ever watching or buying.

The owner wants to classify all pirates as the first (lost sale) and the pirates want to all classify themselves as the later (never had the intention of buying / only interested in watching for free ie no lost sale).

In truth it is normally mostly somewhere in between where piracy does equal some lost sales but it also produces some sales. I would imagine that if you threw out all the extremes piracy is closer to breaking even in sales leaning on the loss of sale side of the equation. It sure as **** is no where near what the owner would have you believe though.

There are just too many factors in the equations for it to be purely black and white. For instance in some countries people WOULD buy if the price was reasonable but import fees / taxes and refusal to sell the product for a reasonable rate compared to local income means pirating or buying pirated is the only option. Yet all of those sales are lumped into the same "loss of sale" category by owner.

If you're one of those that downloads pirated movies, I doubt they were holding their breath hoping you'd actually pay up the $2 to rent anything. That hurts Red Box, DirecTv and the like more than Sony though.
The movie I'm referring to as the subject of viral advertising is "The Interview", which was not leaked, obviously. Fury has been out. Those that would go to see Annie probably wouldn't pirate it for their kids rather than go to the theater. But who knows, maybe there are cheapskates that would?
They picked some safe movies to do this with, knowing they would end up pirated anyway. Might as well make the pirates work for them for a change and get something out of it. In fact, just because these movies are out there doesn't mean this is actually the source.

So you think it's all a big conspiracy? Again, I'll ask - to what end? What does Sony gain by giving away their movies for free?

Isolated networks are not safe either.

Not safe from what? Please elaborate. If your network has no online connection, how can it be accessed remotely? It's as safe as being powered off.

Free advertisement and potential viewers who had no intention of buying it who might now buy it or convince someone else to buy it.

And while that might not seem significant... it really is. I wouldnt be surprised if this whole incident was trumped up because it is now national news and millions of people who didnt care about those movies now know about them and might be curious to see them.

Closed networks get hacked all the time. It is as simple as getting a wireless or blue tooth dongle into a computer on the network for a few minutes. There is always a weak l ink in the chain and a lot of leaks happen at production studios. Also a lot of these pirated movies come from preview / prescreening copies that get sent out or put on a network for specific people to download.

So we agree that a wired network is impenetrable from the outside, like mine which is totally wired?...



Wired network hub...



I do have a wireless router connected to my satellite modem, but only for wireless devices (like the laptop I'm posting on) which are not connected to my wired network...



So the key is to be wired, and since the Feds still use 3.5" floppies and the Navy still uses MS-DOS (I posted links about a year ago), I'm sure any really sensitive networking is still physically wired.

Anything else requires physical contact with the network ("getting a wireless or blue tooth dongle into a computer on the network for a few minutes") and in my case it means they've broken into my house. In that case all security is lost, they can just haul my stuff away.

Note that I'm not a security fanatic, I just use old equipment (no wireless adapters in my network).

Your wired network is impenetrable as long as it doesn't touch anything outside your wired network and no one besides you has physical access to it.

If any computer on your wired network has access to the Internet then it can be breached by you browsing the internet.

Even if your wired network doesn't touch the internet, if anyone else has physical access to those computers or your wired network then they introduce a wireless access point somewhere on your network which they could then access from outside your house to steal data or inject malware.

Nothing is impenetrable unless you disable all network access and keep it physically locked in a closet but that tends to make the computer pretty useless for modern activities

that depends on what you mean by wired. If you are hard wired to an access point on the internet then you are at risk. if you are just hardwired to an intranet without any line outside then you are relatively safe but if any device has a blue tooth function or wifi it can be hacked even if it does not connect to the internet.

A lot of these stolen movies and etc come from someone stealing them from a laptop through wifi. Lets say these movies were never put on a network but someone had a laptop with wifi access and had the movie in their dvd drive to watch it. Someone could hack the wifi and burn the dvd through the wifi connection onto their computer. In that situation the media was never in any form other than a hard disk and the computer was never connected to the internet and yet it was still stolen.

Stuff like that happens ALL the time.

And this is the case, no desktop nor laptop on my wired network even has the ability to go online and no one else has physical access (except my wife which doesn't count).



No access whatsoever, for this I'd have to run a cable to my modem or wireless router to make the connection. But I don't.



Again, this would require a physical break-in. A network wouldn't matter at this point, they could just take the equipment/data with them, right?



Can't do much locked in a closet, but I disagree that an offline PC is useless, even today. I think of my network as standalones that happen to be connected by physical cables to a hub so that I have access to any drives/printers from any PC. No wireless and no internet connection.

But if someone wants to physically steal your equipment and their contents they could, networked or not. But are we talking hacking or using a crowbar and moving van?

For online I use a separate wireless laptop (pictured right) which has no access to my wired network...




I can usually download what I need and transfer the contents to my wired network via a flash drive, but with some newer software that's no longer possible, you must have a connection. This is when modern PC computing will finish leaving me behind.

Wow Mark. Your home PC setup looks similar to my PC lab in college circa 1995.

Come on, everyone knows real hacking involves a few heist, a sting and spy elements!
Ever see Sneakers or War Games? If it wasn't for dumpster diving we might not even have Windows or a mouse. LOL
Hacking predates wifi by a few decades.

It's as if NO businesses in the world of Hollywood use paper shredders.

I was looking for the source of a hacker's quote that goes like "to secure a pc you'd have to bury it, cover in concrete and then it MIGHT be safe."
Ran across a Kevin Mitnick quote page that's pretty cool:
http://www.brainyquote.com/quotes/authors/k/kevin_mitnick.html

My favorite:
Companies spend millions of dollars on firewalls, encryption, and secure access devices and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.

LOL! You should see my attic: PCs, peripherals and many parts categorized and neatly packed in plastic containers, like a miniature version of the warehouse at the end of Raiders of the Lost Ark (except my bins are labeled). I'm like the nutty guy who keeps canned goods and a fresh supply of bottled water in their basement, just in case.

My main PC (meticulously maintained) is almost 15 years old (the Dell under the monitor) and has been phenomenal under years of heavy use, including the original WD HD that gets cleaned up and defragged almost every day. I have more just like it in storage and have no doubt they will long outlive me.

I know tech is so much cheaper today (thankfully) but I do believe the older stuff was better made.

Still working perfectly for DOS backups...

Haha nice Mark, your network is frozen in time.

I had lots of similar hardware and home "LAN" setup but had to donate it many years and house moves ago to make room for kids stuff

hack to jeopardize new James Bond and Spiderman films with new released data
LINK




Not just what it's doing to the movies Sony releases, but the emails they are sharing are so damning for the VP's. I can't believe all the stuff these VP's are saying about the people that work for them. I heard this morning that Amy Pascal might be forced out.


Stare down

If looks could kill, I remember seeing that look in Mr and Mrs Smith.