The Ridiculousness Of Turning The Sony Hack Into The 9/11 Of Computer Security
from the our-boys-fought-and-died-so-these-corporations-could-be-free-from-hacking! dept
Once again, our government is stepping up to help a beleaguered industry giant. Usually the MPAA would be involved (and maybe it is), along with some terrible legislation, but this time it's Sony Pictures getting an assist from The Man.Sony, which has no one to blame but itself for being nearly completely compromised, apparently has enough pull that the White House itself is ready to step up, publicly denounce and possibly punish the group behind the hacking. (via Boing Boing)
U.S. investigators have evidence that hackers stole the computer credentials of a system administrator to get access to Sony's computer system, allowing them broad access, U.S. officials briefed on the investigation tell CNN. The finding is one reason why U.S. investigators do not believe the attack on Sony was aided by someone on the inside, the officials tell CNN.These unnamed investigators and officials believe North Korea is behind Sony's hacking. It will be interesting to see what they present to back up this claim, considering there seems to be evidence indicating otherwise. The furor over The Interview, the film that portrays the assassination of Kim Jong-un, wasn't originally named as a motivation for Sony's hacking. The media seized on this possibility first, and the hackers followed suit.
Even if the US government turns out to be correct, there are plenty of reasons why it shouldn't react this way to the hacking of a private company. This is evidenced in White House press secretary Josh Earnest's statement, which indicates the White House is willing to play right into the hackers' hands.
He said the United States' response would need to be "proportional," and that national security officials considering how to respond are "also mindful of the fact that sophisticated actors when they carry out actions like this are oftentimes, not always, but often seeking to provoke a response from the United States."Nevertheless, a response appears to be on the way, even if it's exactly what the hackers want. The Department of Homeland Security has even weighed in on the issue. Its director also attempts to hedge his statements, but still appears determined to do something about the attack.
"At this point we are not prepared to officially say who we believe was behind this attack," Homeland Security Jeh Johnson told MSNBC on Thursday. "I will say this: We do regard the attack on Sony as very serious.""Not terrorism." That's a relief. But the attack didn't have any effects on Americans' basic freedoms. Instead, it was the studios themselves who turned into proxy censors by refusing to release The Interview to theaters or anywhere else. This was prompted by the hackers' vague threats of violence if the movie was shown, but as cybersecurity expert Peter W. Singer pointed out at Vice, there's miles of space between talking shit and backing it up.
Johnson described it as a "serious attack not only on individuals and a company but basic freedoms we enjoy in this country," but did not want to label it terrorism.
Here, we need to distinguish between threat and capability—the ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can't believe I'm saying this. I can't believe I have to say this.Not only that, but theaters' backup plans -- to show the North Korea-baiting "Team America: World Police" in its place -- have been scuttled by an equally panicky Paramount Pictures. So, the hackers have already received more of a response than they possibly could have hoped for. Now, the government is indicating it's willing to appear just as foolish by offering a national response to the hacking of a single motion picture studio. Naming a scapegoat appears to be the primary focus.
[...]
It is mind-boggling to me, particularly when you compare it to real things that have actually happened. Someone killed 12 people and shot another 70 people at the opening night of Batman: The Dark Knight. They kept that movie in the theaters. You issue an anonymous cyber threat that you do not have the capability to carry out? We pulled a movie from 18,000 theaters.
Though officials say they are planning to lay blame on Friday, they haven't yet decided how to respond to the attack.Given that whatever sanctions or indictments accompanying are unlikely to have an effect on the hackers or whatever proxy nation the White House fingers, the government appears ready to go on record with its own shit talking. Any form of "backing it up" will still be over the distant horizon.
On Friday, our government will proudly denounce the hacking of Sony Pictures, an entity so insecure it has been hacked 56 times in the last 12 years. And we'll do it to send this powerful message to the hackers of the world:
No matter who you are or where you call home, you can force the hand of the US government by embarrassing certain corporations.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: sony hack, white house
Reader Comments
The First Word
“Banks get hacked? Whatever.
Movie company gets hacked? OMG CYBER9/11!!!
As if government agencies making their public announcements from Disneyland wasn't enough to prove that Hollywood owns America.
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
Considering that these tech companies are about 10× the size of the studios, what's stopping them?
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Digital evidence can be manufactured by anyone who has access to the medium.
Indirectly, the data thievery was wholly Sony's fault - they provided access to this over an outside line, in an unsecure fashion. It's pretty common in computers, but don't blame the machines - they do exactly as they are programmed. No less, and certainly no more.
[ link to this | view in chronology ]
Re:
Which, incidentally, is what a lot of the suits calling for net censorship and regulation don't realise. They think that whatever systems they put in place will be magically unable to be subverted by hackers for more nefarious ends. It's that kind of thinking that gave us the Sony rootkit.
[ link to this | view in chronology ]
Re: Re:
Not to mention that it's the same magic that's going to give us the "For Good Guy Use Only" (tm) front doors the FBI is demanding.
[ link to this | view in chronology ]
Guerilla marketing for a flop
[ link to this | view in chronology ]
Re: Guerilla marketing for a flop
[ link to this | view in chronology ]
Re: Re: Guerilla marketing for a flop
[ link to this | view in chronology ]
Why the fuck are they In another country Sony is not an American company they have ties sure but they aren't our responsibility.
[ link to this | view in chronology ]
Re:
"Team America: World Police"
[ link to this | view in chronology ]
Re:
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
[ link to this | view in chronology ]
This. A thousand times this.
So much of the hysterical reporting has ignored this rather important detail.
[ link to this | view in chronology ]
What about JPMorgan Chase?
The very different responses to the two events by government spokespeople and news media is fascinating and telling.
[ link to this | view in chronology ]
Re: What about JPMorgan Chase?
I think you meant "government salespeople"
[ link to this | view in chronology ]
From the storytellers who brought you Iraqi WMD
The New York Times calls it, “Better than yellowcake!” “A must see.”
Coming out this holiday season.
[ link to this | view in chronology ]
Yes, it indicates that Sony has a serious, chronic, and pervasive problem with IT security. However, that's a serious problem for Sony, not for the United States. I doubt that the USG would be quite so full of bluster and feigned concern if the target were, let's say, the Sierra Club. This response is far more about quid pro quo than it is about any actual threat of any kind to the US.
Let's do keep in mind:
http://gizmodo.com/sony-kept-thousands-of-passwords-in-a-document-marked-1666772286
and
http://ga wker.com/sonys-top-secret-password-lists-have-names-like-master_-1666775151
and
http://arstechnica.com /security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/
and
http://kre bsonsecurity.com/2014/12/in-damage-control-sony-targets-reporters/
and perhaps most damning of all:
http://gawker.com/sony-was-hacked-in-february-and-chose-to-stay-silent-1670025366
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Blame
I think it would be better to blame Monday, or maybe the day after ones vacation.
[ link to this | view in chronology ]
Re: Blame
[ link to this | view in chronology ]
Re: Blame
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If anything, there's a bit of karma in this for the response from a Sony executive about 'most people don't even know what a rootkit is' when they were busy putting them on computers including the exposure of DoF unknown computers.
The US has never been really serious about computer security, otherwise it would be more difficult for the three letter agencies to get into other's computers. Those doors are still open and if they know so do other governments. State sponsored hackers have the time to pour over fundamentals to find them.
Lastly, the US paved the way in how to use malware on physical items. It's been 4 years since the discovery of Stuxnet. Want to bet that program hasn't been thoroughly torn down to understand how it works? I also notice that while the government has been setting all this up they have done nothing to strengthen the computer security of the average business and citizen. In computer warfare, the populace is just like the MADD initiative for nuclear warfare; totally unprotected. It would not take all that long to demonstrate just how disruptive that could be to the economy when the US once again kicks off some stupid war no one else has a defense from around them.
[ link to this | view in chronology ]
Re:
It's much too convenient to blame North Korea without any facts at all to back it up. It again smacks of propaganda and we're at the point of needing proof for any validity of claims; seeing how much BS has been fed through the media.
[ link to this | view in chronology ]
http://attrition.org/security/rant/sony_aka_sownage.html
Count the events.
Look at the toll it took.
Count the number of times they could have taken proactive action.
Notice that only when it might hurt the companies bottom line they finally gave a shit, and turned the Government into a spin machine to craft a fairy tale of nation state hackers.
Wouldn't it be hysterical to discover they used getting hacked as a reason to shelve a truly shitty movie that will make more from the insurance payout, that it would when half the globe wasn't interested in showing it cutting into that all important global box office number.
So now we get to have all sorts of public outrage over "North Korea" getting their way...
Funny all of the public outcry wasn't there when they admitted we tortured people, but now we have an enemy to focus on...
The magician always gets you to look away from where the action actually is, and the lovely assistants to this trick are government stooges bought & paid for to protect the media cartels.
[ link to this | view in chronology ]
Banks get hacked? Whatever.
Movie company gets hacked? OMG CYBER9/11!!!
As if government agencies making their public announcements from Disneyland wasn't enough to prove that Hollywood owns America.
[ link to this | view in chronology ]
Re:
Or at least the American Government.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Just saying....
[ link to this | view in chronology ]
Re:
The NSA isn't interested in preventing cyber-attacks, it's all about keeping tabs on We The People.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Star Power [was Re: ]
[ link to this | view in chronology ]
Re: Star Power [was Re: ]
What a mook!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
They won't equate it with terrorism, but I will:
The hackers, like terrorists, have already won.
[ link to this | view in chronology ]
Secondly, the response to this has been nothing short of mind-boggling insanity. N.Korea is a pro-level saber rattler but they have no bite to their bark. Being afraid of them is utterly ridiculous.
There's something deeper to this that we're hearing.
Remember folks, these are the people that want to run the internet and they're stumbling over themselves backpedaling like cowards at the first sign of a confrontation. It's no surprise their first, second, third and all subsequent responses have been to censor.
[ link to this | view in chronology ]
Never forget Sony
Even pirating Sony productions seems distasteful to me, it gives them too much attention (and I cannot think of anything worth the effort to click a few buttons).
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
I generally dislike blaming the victim. But... if we're going to stick with your "keys under the mat" analogy: Sure, Sony left the keys under the mat. Someone broke in, with those keys. Sony then opted to leave the keys under the mat, again. And again, someone broke in with those keys. Lather. Rinse. Repeat. What, 5 times in the last decade or so? That were publicized? And more instances of network penetrations are being revealed as a result of internal communications being leaked.
At some point, even the densest of organizations will get the hint: Move the key from under the mat to the potted plant on the window. Sony apparently couldn't be bothered to do even that.
Doesn't make what happened to them less illegal for individuals operating under US jurisdictions.
But if I'm Sony's insurance carrier, not only am I not paying on any claims, I'm dropping you as a customer. In addition, I might just sue you for insurance fraud if I can make it stick. If payment card information was lost, Visa/Mastercard/Amex/Discover are going to step in w/ major fines for it. If ePHI held under the auspices of HIPAA was compromised, OCR is stepping in to levy fines. And that's just a little bit of the fun Sony is likely to be in for.
Also: if I'm a Sony Stock Holder, I'm talking to the best lawyers in the US, and getting ready to sue Sony corporation and every corporate officer from the board down for a complete and utter failure to fulfill their fiduciary responsibilities. And the best part: 95% of the information I would generally have to cough up cash to get discovered is already on the internet.
So, do you blame the victim? Generally, no. Sometimes, yes. and this is one of those cases where it may be justified.
[ link to this | view in chronology ]
Re:
There's an excellent chance that whoever pulled off the Sony hack did so from a country where hacking Sony isn't illegal.
They might have nothing to fear from the long arm of the US unless they're A) identified and b) travel to a country with a US Extradition treaty. Assuming, of course, that rendition is off the table (which is probably a bad assumption)
[ link to this | view in chronology ]
They did not have any moral authority to pull Team America from theaters. In a crucial moment of solidarity that had to be upheld, Paramount trashed it.
And they used copyright law to do so. That is a rather significant finding, I would think, and I can't believe it's been so easily glanced over.
What we have here is a textbook example of copyright being used to suppress freedom of expression. On a vast political and dialectical scale. That showing of Team America was a crucial act of defiance in the face of the censorship of another film, and it was wrecked by a pathetic claim of ownership of expression on an already 10 year old movie.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Well how else are you going to try and cram through a newer version of PATRIOT?
[ link to this | view in chronology ]
The Interview -- perhaps just a really bad movie?
[ link to this | view in chronology ]
Re: The Interview -- perhaps just a really bad movie?
[ link to this | view in chronology ]
sony hacked
goverment blog|telugu mp3 songs
[ link to this | view in chronology ]
It wouldn't surprise me if blaming NK is just a political ploy to give the U.S. government any excuse to carry out actions it wanted to carry out regardless. Kinda like how Bush was fixated on blaming Iraq for 911 just because he wanted to go to war with them.
[ link to this | view in chronology ]
Response to: Anonymous Coward on Dec 19th, 2014 @ 10:38am
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on Dec 19th, 2014 @ 10:38am
Seriously? Let me be serious for an instant.
The United States is interested in long-term regional stability, and in the security of our friends, allies, and partners. We have a commitment to the defense of the Republic of Korea, as well as to Japan. Furthermore, we have a long-term relationship with the Philippines —although our colonial history is not easy— and share language and culture with Australia. I could go on, but instead I'll leave many other relationships unsaid, rather than to inadvertently slight some other nation or power. Thus, that brief rundown of our major interests is certainly not exhaustive.
[ link to this | view in chronology ]
Re: Response to: Anonymous Coward on Dec 19th, 2014 @ 10:38am
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Damned right the movie studios are "critical infrastructure"...
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
The NSA hacked Sony and accidentally left the keys in public, someone found it and put his willie in Sony. So they are now just blaming whoever they can so noone suspects their involvment.
Would anyone be surprised if something like this happened?
[ link to this | view in chronology ]
Open Question
[ link to this | view in chronology ]
Re: Open Question
Long answer: "North Korea hacked Sony" ranks with "Saddam Hussein has weapons of mass destruction" ranks with "Our ships were attacked without provocation by the North Vietnamese" ranks with "I have here in my briefcase the names of Communists within the United States government". There's a long tradition of using the enemy du jour as the foil for everything that goes wrong -- since doing so makes it easier to justify whatever action we were going to take anyway, whenever the opportunity presented itself. That hasn't changed.
What has changed is that much of the mainstream press has become part of the spin machine and self-demoted to the status of "stenographer", leaving much of the investigative reporting to newer organizations, bloggers, and independent journalists -- all of which are sporadically labeled not-journalists when convenient. Edward R. Murrow? Ha. Woodward and Bernstein? Yeah, right. Neither CBS News nor the New York Times nor the Washington Post has the stones to call them on this; instead they will dutifully report transparently-obvious bullshit as fact.
What has also changed is that the aggregate ability to process facts and think critically has been severely degraded. Soundbites and reality television, Fox "News" and the 24 hour news cycle, CNN's "Situation Room" and the rush to be first to break a story, talking heads and more, all of these have lowered the standard of discourse so much that whoever repeats the biggest lies the loudest and the longest wins. (Consider: it's nearly 2015 and yet there are people so insanely stupid, so scientifically illiterate, so utterly clueless, that they think we need to hear "both sides" of the evolution vs. creationism "debate".)
So the playbook is the same as it ever was (same as it ever was) but the news media are (mostly) unwilling to point it out and the public are (mostly) unwilling to figure it out for themselves. So things are working out pretty well for the spinmeisters in government.
[ link to this | view in chronology ]
Re: Open Question
[ link to this | view in chronology ]
Nearly completely compromised?
Nearly????
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I now doubt it was North Korea
[ link to this | view in chronology ]
and Sony thinks someone can physically harm theaters remotely from North Korea? or Sony thinks the US is full of it.
in any case, awful nice of US taxpayers to donate all our public agencies to "save" Sony (?) from some embarrassing emails. rather ironic, even, since these agencies are squirreling away all of our own emails.
meanwhile, the MPAA will have its way with our "democracy", the Spentagon will target North Korea, and if someone in the US actually WANTS to off a few civilians in malls and theaters, no one really cares. it sells guns.
[ link to this | view in chronology ]
Seems more like the Maine of governments looking for an excuse for their next play date, but whatevs.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Sony Hacks
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Change the narrative
So the first thing that security experts need to do is change the narrative: people already believe and accept that the hacking came from North Korea to the point that the headlines say "North Korea" instead of "hackers".
Like other commenters are saying, the same US government that's trying to push a connection to North Korea is the same government that pushed WMD's in Iraq.
[ link to this | view in chronology ]
Sony & America blame game
[ link to this | view in chronology ]