Slashdot Mirror
What the Sony Hack Looked Like To Employees (slate.com)
An anonymous reader writes: The cyber attack on Sony was one of the highest profile hacks in the past several years. Slate tracked down two dozen people who worked there at the time, and asked them what it was like on the inside while it was happening. Quoting: "The telephone directory vanished. Voicemail was offline. Computers became bricks. Internet access on the lot was shuttered. The cafeteria went cash-only. Contracts—and the templates those contracts were based on—disappeared. Sony's online database of stock footage was unsearchable. It was near impossible for Sony to communicate directly with its employees—much less ex-employees, who were also gravely affected by the hack—to inform them of what was even happening and what to do about it. 'It was like moving back into an earlier time,' one employee says." Some employees had their workloads doubled, some had nothing to do. While the hack brought the company together at the beginning, it eventually descended into recriminations and lawsuits.
I was never sold on that explanation. The notion that North Korea even could pull it off - let alone would - I find to be absurd. Certainly if they had the ability, someone in that crew would have been aware of the Streisand Effect by now and would have said it was an awful idea. I watched The Interview, which was an awful movie - if the North Koreans wanted it to go away the right thing to do would have been to let it fail on its own. Had Sony not gotten this free PR for it, the movie would have promptly fallen into the same realm as Manos: Hands of Fate and various other un-watchables.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I only watched that pile of shit because of all the ruckus. NK is simply not equipped to have done this and there's no benefit from doing it. If their goal was to ensure the movie was never released that failed badly, it WAS released specifically because of this "attack" Honestly, and I'll probably take lots of flack for saying it, I think this was an amateur (or group there of) that got lucky and an inept IT department was the icing on the cake. "Computers became bricks." Hold on, that's totally not how network attacks work, at all, by any stretch of the imagination. I'm going to assume that employees who say "no internet connection" warnings were the ones who had their computers "bricked".
Let us not forget either, that it was hardly the only high-profile hack on Sony in recent years which showed them to be exhibiting signs of severe negligence with regards to network security basics. In 2011 the PlayStation network was hacked, interrupting service for weeks and compromising the personal details of approximately 77 million accounts.
Hint to "network security" noobs working for high-profile businesses; storing the user's own passwords at the client-side, even encrypted, is a stupid, catastrophically naive approach to alleviating load on your authentication servers. Allowing global administrative access through the same channel once you've done this is doubly so.
What would the DPRK have to do with rootkits on shitty music CDs?
Oh, wait, _that_ hack... I guess I'm getting old.
Lets be real here. There are perfectly logical reasons why they would refer to their computers as bricks. The most likely being every single activity they do on their computer could require network access. Another possibility, and I live this at work, is PCoIP. If/when the network connection goes down, so does my ability to do literally anything computer related.
Could the North Koreans have done it? Sure. Could it have been an inside job? Absolutely. My opinion is - inside job. Since there is apparently no evidence one way or another, my opinion (inside job) is no less (and no more) valid than somebody else's opinion that North Korea did it.
None of them can see the clouds; The polished wings don't care.
I'd bet that the security people there, initially, were overruled by higher management.
I've seen too many instances where management skips basic security because "it's easier" or because their egos cannot stand having an IT nerd tell THEM what to do. And then there's plain nepotism.
Eventually, the people who know the risks move on to better companies. And then when the breach is discovered, management can blame it on whomever was the last to leave.
I'd hoped that you'd gotten it through your skull
About what's figurative and what's literal
But just now
You stated
You literally couldn't do anything computer related
That really makes me want to literally
Uh... Go back in time so your parents never dated? ...That seems kind of harsh.
*Looks up PCoIP*. Ah, shit.
I was never sold on that explanation. The notion that North Korea even could pull it off - let alone would - I find to be absurd. Certainly if they had the ability, someone in that crew would have been aware of the Streisand Effect by now and would have said it was an awful idea. I watched The Interview, which was an awful movie - if the North Koreans wanted it to go away the right thing to do would have been to let it fail on its own. Had Sony not gotten this free PR for it, the movie would have promptly fallen into the same realm as Manos: Hands of Fate and various other un-watchables.
I thought it wasn't awful, it wasn't great, but it was more or less an average to slightly below average comedy flick.
As for NK's objectives, was their plan to stop The Interview, or to deter future projects? I doubt other studios are anxious to do another film critical of NK and draw a potential hack or something worse.
I stole this Sig
Yeah, a time before Sony was an evil fucking corporation. The late 19th century, I think.
You are welcome on my lawn.
If we were talking about any country that wasn't the DPRK, I would agree one hundred percent, because it's absurd.
That said, the normal rules don't apply to the DPRK, because by normal standards, the DPRK _is_ absurd. The entire country is built around a cult of personality centered on the Kim family, and propped up by the military elites. While it's dubious to what degree people actually buy in to it, it's very clear that they have to pretend to do so, because the alternative is pretty much risking getting sent to a prison camp for the rest of your life, along with your entire extended family.
I find it entirely plausible as a motive (nevermind Sony being a Japanese company, whom they have no particular love for). That's not to say it's proof by any means, and there are certainly other plausible explanations - but I don't think it's fair to rule out the possibility on grounds that "this isn't what normal nations do."
As for "could", they've pretty much also been accused of all sorts of hacking activity against South Korea. I guess if you don't believe they did that, then sure - but they're pretty much the number one suspect.
And lastly, the notion that Sony Pictures would go to this length to promote a movie, to the point of wrecking their operations and embarrassing the absolute crap out of their senior executives, getting lots of people fired... it's insane. They're going to spend more just fighting off the lawsuits alone, nevermind the cleanup, than they will ever make on "The Interview."
First, I don't work at Sony, nor did I in the past.
I do know that they ramped up and hired a bunch of people to build a CIRT after the PSN hack. The rumor that I heard was that those guys wound up in the wonderful situation of a CIRT, working for Corporate (Big Sony) that is responsible for everything, but doesn't have the power to necessarily tell the individual subsidiaries (like Sony Pictures) what to do, let alone do something like threaten to cut off network access unless issues are addressed.
So you could well wind up with a shitshow where one subsidiary is running a flat network, has executives who don't care, and tell IT to just "make it work" all the while cutting costs to the bone (that part about having Bain come in, in TFA, especially)? Yeah, I could easily envision that as having been the case, especially since I don't believe the hack affected anyone else in Sony, only the Sony Pictures unit. Not saying that's how it went, but I would not be surprised in the slightest.
Let us not forget either, that it was hardly the only high-profile hack on Sony in recent years which showed them to be exhibiting signs of severe negligence with regards to network security basics.
Sony Pictures, Sony Computer Entertainment, and Sony Music are all completely separate companies. Maybe they all have shitty security- but none of the same people are involved.
Maybe without the server access he couldn't even log on, which would count to me as losing your ability to do literally anything computer related.
> Sociopaths don't give a damn about how families will afford things like food and housing or what the impact to local economies are.
Like Janis in accounting? She don't give a fuck.
It's a Weird Al reference.
I've heard of this from my German relatives.- "Ach Ja, if only the Fuehrer knew what was going on, he'd put a stop to it."
None of them can see the clouds; The polished wings don't care.
From what I know the attackers used an entry point in South America. Apparently Sony had set up workstations there as part of a charity drive or some such and left the workstations running with unupdated access to the companies VPN. Some lucky hacker found the terminal and got into the network from a trusted machine, which they used to pivot into the unencrypted file system and exfiltrate the data. Among the data was a file with the unencrypted passwords to most of the network that they used to compromise every single machine. There was an Ars article about it at some point.
"There are lies, there are damn lies, and there are statistics"
What guarantees did the providers of the software give Sony regarding compliance and indemnification in regards to not getting hacked?
systems were wiped, leaving them inoperable.
Large scale bricking is not supported by TFA. There's just one throw away comment about it, and nothing else supporting it.
Learn to love Alaska
To work for the Evil Empire? Have you seen what your employer and their cronies in the MPAA wanted to do to the Internet and companies like Google? Do you feel grossed out by that?
When the copyright term is "forever minus a day", live every day like it's the last.
Looking at context, I think literally was more appropriate than figuratively. "Figuratively" would have been wrong, he really wasn't able to do anything with his computer. "Literally" is OK but is completely unnecessary and, as a result, because it's generally only used in situations where there may be a doubt, is inappropriate. It's like saying "Look at this awesome phone I just bought and did not steal" unironically.
You are not alone. This is not normal. None of this is normal.