Question about sony pictures attack

[iamgenius]

Hello guys. This is just a general question out of interest about sony's recent unfortunate massive internet attack they suffered days ago.

Why would they have all their contents and productions on the internet? What's the real need for that? I mean if they work from a central location, they can do their production work in their isolated LAN's in their HQ. Or is it like they have many geographically distant locations for which they have to have their all contents online so they can be accessed from anywhere in the world?

 

[John Connor]

I think the data is on their own centralized servers, but an Internet attack got into those servers which are connected to the Internet. I think the attack came in the form of a malware ridden E-mail. Not sure.

Looks like the list goes on and on. http://gizmodo.com/why-sony-keeps-getting-hacked-1667259233

I could secure their damn servers better and cheaper!

LOL@ Lifelock. A credit freeze is more effective. http://fortune.com/2014/12/20/sony-pictures-entertainment-essay/

 

[Spacehead]

According to the latest Security Now podcast it was either make it easier to communicate with each other or better security.
I'm over simplifying what was said about it though.

Check it out here
https://www.grc.com/securitynow.htm
Episode #485 - Expensive Lessons
The Sony stuff starts about halfway thru.

 

[mikeymikec]

One of the attack methods used (according to an article I read) was against SMB (Server Message Block, basically Windows file sharing services), which strongly suggests that this was a server sitting on an internal network which has an Internet connection. They probably did something silly like rely solely on a basic broadband router's NAT and basic firewall to keep their internal network safe.

 

[iamgenius]

One of the attack methods used (according to an article I read) was against SMB (Server Message Block, basically Windows file sharing services), which strongly suggests that this was a server sitting on an internal network which has an Internet connection. They probably did something silly like rely solely on a basic broadband router's NAT and basic firewall to keep their internal network safe.

Unbelievable !

 

[John Connor]

I just heard on the news that it could have been RUSSIA that hacked Sony and NOT the DPRK. ROFL! So we took the DPRKs Internet down for nothing and Sony was all "we won't show this movie now." MORONS!

The Playstation network was down for a few hours too. Maybe Russia again?

 

[lxskllr]

I just heard on the news that it could have been RUSSIA that hacked Sony and NOT the DPRK. ROFL! So we took the DPRKs Internet down for nothing and Sony was all "we won't show this movie now." MORONS!

The Playstation network was down for a few hours too. Maybe Russia again?

http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/

http://marcrogers.org/2014/12/21/why-i-still-dont-think-its-likely-that-north-korea-hacked-sony/

 

[unokitty]

Hello guys. This is just a general question out of interest about sony's recent unfortunate massive internet attack they suffered days ago.

Why would they have all their contents and productions on the internet? What's the real need for that? I mean if they work from a central location, they can do their production work in their isolated LAN's in their HQ. Or is it like they have many geographically distant locations for which they have to have their all contents online so they can be accessed from anywhere in the world?

There is always a tension between ease of use and security. Sony chose ease of use.

Information security is poorly understood and most security teams are poorly led.

For example:

The executive director of information security at Sony Pictures, Jason Spaltro, told CIO Magazine in a 2007 interview that it may be “a valid business decision to accept the risk” of a security breach, depending on the cost of investing in security and the cost of a successful attack.

The reality is that Sony didn't have good security because they didn't care.

“Sony’s ‘information security’ team is a complete joke,” one former employee said. “We’d report security violations to them and our repeated reports were ignored.”

Just 11 people are assigned to the information security team out of a company of 7,000 employees, according to leaked files discovered by Fusion. Only three people on the team are not managers or directors.

Sony's own internal reports show that they had major vulnerabilities. For example:

Earlier this year, Sony Pictures released one hell of an internal IT assessment. The report showed that not only was the company ignoring basic security protocol, its IT security was plagued with unmonitored devices, miscommunication, and a lack of accountability.

Sony wasn't secure. They knew that. They just didn't care.

Uno