Slashdot Mirror
What the Sony Hack Looked Like To Employees (slate.com)
An anonymous reader writes: The cyber attack on Sony was one of the highest profile hacks in the past several years. Slate tracked down two dozen people who worked there at the time, and asked them what it was like on the inside while it was happening. Quoting: "The telephone directory vanished. Voicemail was offline. Computers became bricks. Internet access on the lot was shuttered. The cafeteria went cash-only. Contracts—and the templates those contracts were based on—disappeared. Sony's online database of stock footage was unsearchable. It was near impossible for Sony to communicate directly with its employees—much less ex-employees, who were also gravely affected by the hack—to inform them of what was even happening and what to do about it. 'It was like moving back into an earlier time,' one employee says." Some employees had their workloads doubled, some had nothing to do. While the hack brought the company together at the beginning, it eventually descended into recriminations and lawsuits.
I was never sold on that explanation. The notion that North Korea even could pull it off - let alone would - I find to be absurd. Certainly if they had the ability, someone in that crew would have been aware of the Streisand Effect by now and would have said it was an awful idea. I watched The Interview, which was an awful movie - if the North Koreans wanted it to go away the right thing to do would have been to let it fail on its own. Had Sony not gotten this free PR for it, the movie would have promptly fallen into the same realm as Manos: Hands of Fate and various other un-watchables.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Could still 'have been' DPRK, they just farmed out the actual work to somebody else.
Your hair look like poop, Bob! - Wanker.
I only watched that pile of shit because of all the ruckus. NK is simply not equipped to have done this and there's no benefit from doing it. If their goal was to ensure the movie was never released that failed badly, it WAS released specifically because of this "attack" Honestly, and I'll probably take lots of flack for saying it, I think this was an amateur (or group there of) that got lucky and an inept IT department was the icing on the cake. "Computers became bricks." Hold on, that's totally not how network attacks work, at all, by any stretch of the imagination. I'm going to assume that employees who say "no internet connection" warnings were the ones who had their computers "bricked".
Let us not forget either, that it was hardly the only high-profile hack on Sony in recent years which showed them to be exhibiting signs of severe negligence with regards to network security basics. In 2011 the PlayStation network was hacked, interrupting service for weeks and compromising the personal details of approximately 77 million accounts.
Hint to "network security" noobs working for high-profile businesses; storing the user's own passwords at the client-side, even encrypted, is a stupid, catastrophically naive approach to alleviating load on your authentication servers. Allowing global administrative access through the same channel once you've done this is doubly so.
Don't be stupid. It was an inside job by disgruntled employees or ex employees.
What would the DPRK have to do with rootkits on shitty music CDs?
Oh, wait, _that_ hack... I guess I'm getting old.
Lets be real here. There are perfectly logical reasons why they would refer to their computers as bricks. The most likely being every single activity they do on their computer could require network access. Another possibility, and I live this at work, is PCoIP. If/when the network connection goes down, so does my ability to do literally anything computer related.
it can help to know something about the subject before commenting on it, and such failure is particularly egregious when the topic is very public with many details publicized.
Maybe you don't like the term "bricked", but systems were wiped, leaving them inoperable.
As to the capability of North Korea, people are I think significantly underestimating their ability. In any case, the allegation is that the attack was perpetrated by actors who previously worked for North Korea or had ties to North Korea. It is entirely possible the attack was orchestrated by North Korea.
However, the complaints/demands of the attackers (as recorded in the screen image that was displayed on attacked systems) had to do with outsourcing labor -- nothing to do with The Interview or its relationship to North Korea. Workers wanted fair treatment and took the matter into their own hands. The attack itself looks like someone on site (for example, someone who hadn't been downsized yet who had friends that had already been let go), not a network intrusion.
As relations with Cuba have (very slightly and very gradually) thawed, it appears that the US government is increasingly relying on North Korea as the exemplar of an unstable and dangerous regime.
Why is NK not equipped but an amateur group able to get lucky? This is a technologically developed country (in the sense that it has civilian and military high tech, not in the sense that a significant proportion of people are allowed free access to it) of 24.9 million people with a ~$13 billion GDP. It has access to enough brains and cash to pull off anything an amateur group can do.
Sometimes I think that US propaganda is so effective that even the most basic nonsense about "enemies" can be uttered without passing the bullshit test. If it helps to put things in western terms, NK has a tiny middle class and a lot of peasants, while the US has a relatively huge (if dwindling) middle class. It only requires a tiny middle class for there to be enough to cream off for intelligence projects - there's just less competition for entry.
Right, because batshit crazy dictators who routinely have people offed in spectacular ways who disappoint with them really give a crap when someone says "maybe we shouldn't do this".
I don't know or care who hacked Sony. But if you think telling them something is a bad idea is going to work, then I'm afraid you're so utterly clueless about North Korea that you should really stop talking about it.
North Korea is ran by a vicious little psychopath who thinks he can do anything he wants, and whose daddy and granddaddy have been doing the same thing for decades.
Never underestimate the flair for the dramatic from a psycho little dictator, or assume that anything they ever do is rational by your or my standards -- these are people who really think they can define reality according to their own whim.
Smart? Sane? Rational? Not bloody likely.
More like bloodthirsty, remorseless, and utterly convinced of their own position as supreme authority.
Seriously, trying to say what you think makes sense in this context is bound to be wrong.
Lost at C:>. Found at C.
Well when some who was replaced by an H1b and is out of work with big doctor bills and is like hell fed prison is better and I can get some to look at this bump. Why not fuck over the people who layed me off.
While I think that it probably wasn't the DPRK, your reason isn't good enough as to why it's not. You might be interested in reading the book _The Impossible State_ by Victor Cha, a man who worked for the George W. Bush administration and has been to North Korea. Basically even if North Koreans knew about the Streisand Effect, and I'm not sure they would have known about it, if somebody high up enough orders you to do something, you don't question it - you do it. You risk death or being sent to a labor camp (with a high probability of death anyway) to do otherwise. And as a deterrent, if you get in trouble with the government, your family does too. The book reports people being imprisoned for "crimes" a long dead grandparent or great-grandparent did before WWII even started, so there's not really any sense of people arguing against orders. They're just hoping the state leaves them alone.
In North Korea they don't see the world the same way that you do. Fanatical devotion to the Kim family is widespread. In fact, even defectors who now live in South Korea rarely have anything at all negative to say about whichever Kim family member is currently in charge even years later and they tend to be kind of like the Russians in thinking that the guy running the show is actually a really good person and any bad things are being caused by everybody else and if only the top guy knew the real truth, he'd fix the problems. I don't buy the US government's investigation into the hack and my guess is that the investigation may be a lie (ie. They know North Korea didn't do it, but they want a reason to go after them anyway) or the people who did the investigation are just not all that good at their jobs.
Could the North Koreans have done it? Sure. Could it have been an inside job? Absolutely. My opinion is - inside job. Since there is apparently no evidence one way or another, my opinion (inside job) is no less (and no more) valid than somebody else's opinion that North Korea did it.
None of them can see the clouds; The polished wings don't care.
I'd bet that the security people there, initially, were overruled by higher management.
I've seen too many instances where management skips basic security because "it's easier" or because their egos cannot stand having an IT nerd tell THEM what to do. And then there's plain nepotism.
Eventually, the people who know the risks move on to better companies. And then when the breach is discovered, management can blame it on whomever was the last to leave.
I'd hoped that you'd gotten it through your skull
About what's figurative and what's literal
But just now
You stated
You literally couldn't do anything computer related
That really makes me want to literally
Uh... Go back in time so your parents never dated? ...That seems kind of harsh.
*Looks up PCoIP*. Ah, shit.
However, the complaints/demands of the attackers (as recorded in the screen image that was displayed on attacked systems) had to do with outsourcing labor -- nothing to do with The Interview or its relationship to North Korea. Workers wanted fair treatment and took the matter into their own hands. The attack itself looks like someone on site (for example, someone who hadn't been downsized yet who had friends that had already been let go), not a network intrusion.
In my humble opinion...
I hope this sort of thing happens more often then. Anything to increase the cost of outsourcing is going to benefit regular folk at the expense of the asshole hatchetmen who make these decisions. They're sociopaths. Sociopaths don't give a damn about how families will afford things like food and housing or what the impact to local economies are. Sociopaths need selfish reasons for not doing something. Sounds like a problem begot its own solution.
People are getting seriously fed up with this corporate bullshit. It's a testament to their civility and longsuffering that this kind of thing didn't happen sooner.
They were probably told to do it by clueless managers. I've seen some crazy things done when there was an issue because management felt they had to be seen to be doing something no matter how idiotic.
I was never sold on that explanation. The notion that North Korea even could pull it off - let alone would - I find to be absurd. Certainly if they had the ability, someone in that crew would have been aware of the Streisand Effect by now and would have said it was an awful idea. I watched The Interview, which was an awful movie - if the North Koreans wanted it to go away the right thing to do would have been to let it fail on its own. Had Sony not gotten this free PR for it, the movie would have promptly fallen into the same realm as Manos: Hands of Fate and various other un-watchables.
I thought it wasn't awful, it wasn't great, but it was more or less an average to slightly below average comedy flick.
As for NK's objectives, was their plan to stop The Interview, or to deter future projects? I doubt other studios are anxious to do another film critical of NK and draw a potential hack or something worse.
I stole this Sig
Right, because batshit crazy dictators who routinely have people offed in spectacular ways who disappoint with them really give a crap when someone says "maybe we shouldn't do this".
For an example closer to home, just look at the Cheney/Plame affair.
As always, the most insecure system in existence.
Sayith the man
...
Who thinks
He has to
Insert linebreaks
Manually
For no good reason
Burma shave!
Yeah, a time before Sony was an evil fucking corporation. The late 19th century, I think.
You are welcome on my lawn.
If we were talking about any country that wasn't the DPRK, I would agree one hundred percent, because it's absurd.
That said, the normal rules don't apply to the DPRK, because by normal standards, the DPRK _is_ absurd. The entire country is built around a cult of personality centered on the Kim family, and propped up by the military elites. While it's dubious to what degree people actually buy in to it, it's very clear that they have to pretend to do so, because the alternative is pretty much risking getting sent to a prison camp for the rest of your life, along with your entire extended family.
I find it entirely plausible as a motive (nevermind Sony being a Japanese company, whom they have no particular love for). That's not to say it's proof by any means, and there are certainly other plausible explanations - but I don't think it's fair to rule out the possibility on grounds that "this isn't what normal nations do."
As for "could", they've pretty much also been accused of all sorts of hacking activity against South Korea. I guess if you don't believe they did that, then sure - but they're pretty much the number one suspect.
And lastly, the notion that Sony Pictures would go to this length to promote a movie, to the point of wrecking their operations and embarrassing the absolute crap out of their senior executives, getting lots of people fired... it's insane. They're going to spend more just fighting off the lawsuits alone, nevermind the cleanup, than they will ever make on "The Interview."
First, I don't work at Sony, nor did I in the past.
I do know that they ramped up and hired a bunch of people to build a CIRT after the PSN hack. The rumor that I heard was that those guys wound up in the wonderful situation of a CIRT, working for Corporate (Big Sony) that is responsible for everything, but doesn't have the power to necessarily tell the individual subsidiaries (like Sony Pictures) what to do, let alone do something like threaten to cut off network access unless issues are addressed.
So you could well wind up with a shitshow where one subsidiary is running a flat network, has executives who don't care, and tell IT to just "make it work" all the while cutting costs to the bone (that part about having Bain come in, in TFA, especially)? Yeah, I could easily envision that as having been the case, especially since I don't believe the hack affected anyone else in Sony, only the Sony Pictures unit. Not saying that's how it went, but I would not be surprised in the slightest.
If personnel information that is managed by computer is not strongly encrypted both at rest (in storage) and in transit (from storage to processing and back), then the employer, and the CTO and any IT manager personally, have acted with gross negligence. They all should have been fired by now, every single one of them.
Let us not forget either, that it was hardly the only high-profile hack on Sony in recent years which showed them to be exhibiting signs of severe negligence with regards to network security basics.
Sony Pictures, Sony Computer Entertainment, and Sony Music are all completely separate companies. Maybe they all have shitty security- but none of the same people are involved.
Maybe without the server access he couldn't even log on, which would count to me as losing your ability to do literally anything computer related.
> Sociopaths don't give a damn about how families will afford things like food and housing or what the impact to local economies are.
Like Janis in accounting? She don't give a fuck.
It's a Weird Al reference.
I've heard of this from my German relatives.- "Ach Ja, if only the Fuehrer knew what was going on, he'd put a stop to it."
None of them can see the clouds; The polished wings don't care.
From what I know the attackers used an entry point in South America. Apparently Sony had set up workstations there as part of a charity drive or some such and left the workstations running with unupdated access to the companies VPN. Some lucky hacker found the terminal and got into the network from a trusted machine, which they used to pivot into the unencrypted file system and exfiltrate the data. Among the data was a file with the unencrypted passwords to most of the network that they used to compromise every single machine. There was an Ars article about it at some point.
"There are lies, there are damn lies, and there are statistics"
the Sony hack for me is a great example of why a company should never have a monolithic software (OS) platform standard. Where I work has a mix of technologies (Linux/Windows/BSD/OSX) with the result being a bit of a pain to maintain and admin but a hacker will have his work cut out trying to deliver a single hack to knock out all the servers/desktops.
What guarantees did the providers of the software give Sony regarding compliance and indemnification in regards to not getting hacked?
systems were wiped, leaving them inoperable.
Large scale bricking is not supported by TFA. There's just one throw away comment about it, and nothing else supporting it.
Learn to love Alaska
To work for the Evil Empire? Have you seen what your employer and their cronies in the MPAA wanted to do to the Internet and companies like Google? Do you feel grossed out by that?
When the copyright term is "forever minus a day", live every day like it's the last.
I cant speak to the Sony Pictures attack, but for the PSN data breach in 2011, I was working there and although there was some chaos, the team came together like never before, working around the clock to restore services. I picked up a few gray hairs along the way, but eventually we got through it. On the other hand, the ridiculous amount of fire fights and production emergencies made working there incredibly ungratifying.
That's what I think of whenever I think of Sony and hack. And Lawsuit.
You type
like
William
Shatner talks.
Looking at context, I think literally was more appropriate than figuratively. "Figuratively" would have been wrong, he really wasn't able to do anything with his computer. "Literally" is OK but is completely unnecessary and, as a result, because it's generally only used in situations where there may be a doubt, is inappropriate. It's like saying "Look at this awesome phone I just bought and did not steal" unironically.
You are not alone. This is not normal. None of this is normal.
Why not. Someone comes to them and says for X million we will fuck up their shit. They might pay it.
I don't think NK was concerned about the film at all really. They don't care that the film got some PR. (Or if they did, they could have just been incompetent in handling the thing.) I think it was really more about NK getting some PR of their own... the sort of saber-rattling, "Fear us" thing they regularly engage in with their armed forces. Sony makes a good target for them to hack because (1) They took a swipe at NK with the film, (2) They are a non-governmental entity, so there's not likely to be any serious repercussions from the hack. Not to mention it was probably easier.
Weird Al uses periods properly. I'm sure of it, even without YouTube.