Sony Hack Draws Intense Reactions
Comments on Yanking of Film and Other IssuesThe Sony Pictures Entertainment hack, and the company's decision to yank the release of a film in the wake of hackers' threats, has provoked intense reactions.
See Also: Gartner Guide for Digital Forensics and Incident Response
Following are highlights of the comments on what's shaping up to be the hottest information security story of the year.
William Hugh Murray, CISSP
"This morning the FBI attributed the attack against Sony to North Korea.
Whether or not North Korea conducted or simply paid for this attack, whether or not the attack was "state sponsored," they have scored a huge victory. They have humiliated both the World's remaining "superpower" and Japan, their ancient enemy and recent occupier. They have won what may be the first and only battle in this "cyberwar." They have demonstrated not only that Sony's security was weak but that Sony had documented the weakness without a budget or schedule for mitigation. They have reinforced the fear that our national infrastructure is vulnerable to crippling attack from the Internet. They have demonstrated that they need only whisper the magic words "nine one one" to get the risk averse, not to say fearful and feckless, American people to compromise the First Amendment and betray all those who have sacrificed life and limb to defend it. Not bad for a starving country that numbers its Internet users in the low thousands."
Posted on "Sony Hackers Threaten Movie Theaters"William Hugh Murray, CISSP
"Once more the terrorists have won. Once more the American people have proven to be fearful and feckless. Those who have sacrificed life and limb to defend our freedoms have been betrayed. We have all been shamed. Will we never again stand tall?"
Te R
"Hmmm. Disgruntled employee???"
RiskIQ
"Assigning blame too early is never a sound strategy. Sony Films execs appear to be more interested in sweeping things under the rug, rather than addressing the security and criminal aspect of this incident. Hopefully, other organizations will take this as a lesson that hacking isn't a problem that will go just go away if you weather the PR storm. Real actions need to be taken in order to protect your data and that of your customers/employees."
Posted on "Sony Hack: Is North Korea Really to Blame?"
William Hugh Murray, CISSP
"The necessary knowledge, skills, and abilities to carry out this attack can be purchased in the market place. For purposes of such attacks, and with the UK/USA nations excepted. all nation states are equally capable.
However, we are not equally vulnerable, Our dependence upon complex infrastructure and our fearfulness makes us peculiarly vulnerable among nations. Note that having demonstrated the vulnerability, these hackers merely had to invoke "9/11" to get us to throw free speech under the bus. Are we more likely to defend trial by jury or freedom from search, seizure, and cruel and unusual punishment? Hardly likely. There appears to be no value for which we are prepared to take any risk. We are not simply risk averse, we now expect zero risk."
Posted on "Sony Hack: Is North Korea Really to Blame?"@euroinfosec It's been a very long time since we've seen credible plots in that industry.
� James Davis (@JanetInfoSec) December 17, 2014
Hannes
"'Dialects used by North Koreans differs from traditional Korean so much' that they would use Chinese tools? Great to have real experts here.
This makes the same amount of sense: 'dialects used by British differ from Americans so much it's more likely they would use tools programmed in German.'"
Posted on "Sony Hack: Is North Korea Really to Blame?"
@euroinfosec @gen_sec I mean in a way I actually have to laugh, because its so Kafkaesque ya know?
� Schrödinger's Spook (@nailbomb3) December 19, 2014
"Ha! Emails show the attackers never mentioned the movie until after the media did. It was simple extortion at first."
-Jeffrey Carr (@jeffreycarr) December 18, 2014
@jeffreycarr Thanks, Jeffrey. More info on the extortion/criminal timeline here: http://t.co/E2CvXFUYfR
� Mathew J Schwartz (@euroinfosec) December 18, 2014
@BnkInfoSecurity @DHSgov no credible plot... that begs snarky question of are we talking about the 'threat' or in 'The Interview' movie?
� Jaded InfoSec Pro (@edwardmccabe) December 17, 2014
Saalbach
"Clearly the US bravado and dollars are more important than the lives of its citizens. Perhaps a rethink of where the US sits in the world is overdue - a change in attitude to people of different race, belief and economic values might reduce some of the attacks (both cyber and physical) against it. I must confess, I like the idea of releasing the film online, and getting donations for worthwhile purposes - probably won't happen as it goes against the idea of raking in as much money as possible.
Maybe all those who are shocked by Sony's decision could demonstrate their bravery by all going to the same cinema for a screening on the same night?"
Posted on "Sony's Action Called 'Dangerous Precedent'"
- Jack McCarrup (in reply to Saalbach)
"Do you mean we should start treating our women like Isis does?"
- Jack McCarrup (in reply to Saalbach)
"Do you mean we should start thinking like Isis and treat women the same way? And no one with critical thinking skills believes for a minute that any Neville Chamberlin-esque actions will convince terrorists to stand down. The only effective response to terrorism is...shall we say...neutralization."
Jack McCarrup
"Random points:
- Who decided it would be funny and profitable to fund a movie about the assassination of a country's active leader? Regardless of how despicable one may think he is (and he is), what island were these people living on?
- The gist of the article is indeed valid. If we back down to a group of terrorists on this, there is no stopping that slippery slope. I could care less about the movie, and would not have gone to see it in the first place, but this proves that Americans can be cowed. And that is very, very dangerous.
- You cannot appease terrorists. No matter what you do, they will never stop terrorizing you until you, um, neutralize them.
- What a sad day to see how our leadership has destroyed the spirit of a great country."
Jack McCarrup
"What island were these people on when they dreamed up the idea to make a comedy about killing a sitting leader? Regardless that he is a murderous buffoon, it's a bizarre premise. That was all they could come up with that fit their definition of 'funny'?"
Posted on "Sony's Action Called 'Dangerous Precedent'"
@BnkInfoSecurity #SNE had "thousands of logins and passwords in clear-text files in a folder named Password, with no password protection."
� Ironguts (@ironguts) December 18, 2014
@BnkInfoSecurity #SNE had "tiny security crew (11 for a user base of 6,500) was heavy on managers and light on people doing the work"
� Ironguts (@ironguts) December 18, 2014
@BnkInfoSecurity Those secrets must be whoppers! #90milliondollarsecret #SonyCowards
� Lynne (@Lynnenallo) December 18, 2014
ISMG User
"Interesting contrast, since Sony Pictures has totally folded to the pressure by delaying the release of their (probably awful anyway) movie. So much for not negotiating with terrorists."
@BnkInfoSecurity you can be hacked one time, but if you did not have learned lessons and assumed that would be hacked again..mm!!! #Epicfail
� Juan Carlos Vázquez (@jc_vazquez) December 19, 2014
Rick Romero
"They like to rattle their saber at everyone, but it doesn't mean they actually did anything."
While that's true, this is the United States, and authorities take action even when there is no evidence of intent of action by the perpetrator of 'dangerous' words.
Posted on "Sony Hack a 'National Security Matter'"
ISMG User
"I wanted to see this movie because of the actors/actresses, not because of what country or leader it involved. I feel sorry for people that live their lives so seriously that they cant take up to 2-3 hours, depending on the show, to sit and laugh with fellow human beings."
Posted on "Sony's Action Called 'Dangerous Precedent'"
ISMG User
"The only thing they won was a lot of media and new fans for the movie. I predict it will be distributed in some fashion by mid February and direct to consumer pay per view is a great vehicle for it. I think a 24 hour rental for $5 with all proceeds going to the "Wounded Warrior" project would be a great way to demonstrate that "We The People" do stand tall."
William Hugh Murray, CISSP
"The POTUS has promised a "proportionate" response."
Posted on "Sony Hack a 'National Security Matter'"
Mangelinovich
"If you have Passwords that are entered by a human, then it doesn't take much to steal them."
Posted on "Sony: N. Korea Warns of 'Consequences'"