An 'Hour of Code'? How About 5 Minutes for Security?

By Doug Mohney December 12, 2014

This week marked an "Hour of Code," a not-for-profit effort that backers believe will teach up to 100 million people to be computer programmers. The code.org website claims over 3.8 billion lines of code have been written by students and even President Obama got into the act by typing in a single line of JavaScript. Maybe next year, backers can talk about hackers with 5 minutes to discuss computer security—a much neglected field.

While the President was typing in his one-liner, Sony's film division is being publicly humiliated due to a major computer security breech. A group of unknown—but widely assumed to be North Korean-sponsored—hackers broke into Sony Pictures Entertainment network. The "Guardians of Peace" (GOP) group scooped up a vast amount of information, including employee social security numbers, company passwords, upcoming movies, sensitive email discussing Hollywood negotiations and decision-making, and how much people are getting paid. 

GOP says they have sucked down nearly 100 terabytes of Sony corporate data and will continue to release company information unless "The Interview," a comedy about a plot to assassinate North Korean leader Kim Jong-un, is canceled. Financial information documenting corporate relationships and how much money the company has actual made on pictures could be damaging.

You can't make this up. One hopes Sony has the movie rights to its own turmoil.

Critics say that Sony's internal cybersecurity practices have been poor, while new reports claim the company has launched a distributed Denial of Service (DDoS) counterattack on GOP servers distributing Sony's dirty laundry. Back in 2005, Sony Pictures was raked over the coals for security weaknesses by an outside auditor. 

Others note Sony BMG ended up distributing its own form of spyware back in 2005 through 22 million CDs as a measure to protecting its music. The Sony software deeply embedded itself into the operating system, infringed on copyright of open-source code, and was designed not to be easily uninstalled.  Hackers used security holes created by the Sony code for their own purposes, causing further problems.  A series of class action lawsuits forced Sony to withdraw CDs with the code and pay damages.

While one might be justified in a bit of schadenfreude at Sony's current circumstances—Hollywood is gleefully feasting upon every information disclosure—we should be more circumspect. The FBI isn't willing to point at North Korea, but the country's leader has motive, means, and opportunity. Is this a purely criminal matter or an act of state-sponsored terrorism?

If it is "terrorism," that would open the door for involvement beyond the FBI to include the National Security Agency (NSA) and the Department of Defense's U.S. Cyber Command. Given the "victim" is a single company without a threat to national infrastructure or resources, the U.S. military may be content to simply observe and monitor than get involved.

How do you punish a cyberattack of this nature? More importantly, how do you prevent attacks like this in the future? 

There are no easy answers at the moment, only ironies.  "Blackhat," a Michael Mann film about a convicted hacker released from jail to shut down a cybercrime network, arrives in theatres next month.  The Sony-North Korea conflict over "The Interview" doesn't have the high-voltage intensity of a Michael Mann film, but it isn't unreasonable to start thinking about five minutes of security for every hour we start talking about code. 




Edited by Maurice Nagle

Contributing Editor

SHARE THIS ARTICLE
Related Articles

Why Blockchain Could Be a Gamechanger

By: Paula Bernier    1/22/2018

Blockchain has become closely associated with the controversial topic of cryptocurrency. And that's fine because blockchain is an enabling technology …

Read More

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More