An 'Hour of Code'? How About 5 Minutes for Security?

By Doug Mohney December 12, 2014

This week marked an "Hour of Code," a not-for-profit effort that backers believe will teach up to 100 million people to be computer programmers. The website claims over 3.8 billion lines of code have been written by students and even President Obama got into the act by typing in a single line of JavaScript. Maybe next year, backers can talk about hackers with 5 minutes to discuss computer security—a much neglected field.

While the President was typing in his one-liner, Sony's film division is being publicly humiliated due to a major computer security breech. A group of unknown—but widely assumed to be North Korean-sponsored—hackers broke into Sony Pictures Entertainment network. The "Guardians of Peace" (GOP) group scooped up a vast amount of information, including employee social security numbers, company passwords, upcoming movies, sensitive email discussing Hollywood negotiations and decision-making, and how much people are getting paid. 

GOP says they have sucked down nearly 100 terabytes of Sony corporate data and will continue to release company information unless "The Interview," a comedy about a plot to assassinate North Korean leader Kim Jong-un, is canceled. Financial information documenting corporate relationships and how much money the company has actual made on pictures could be damaging.

You can't make this up. One hopes Sony has the movie rights to its own turmoil.

Critics say that Sony's internal cybersecurity practices have been poor, while new reports claim the company has launched a distributed Denial of Service (DDoS) counterattack on GOP servers distributing Sony's dirty laundry. Back in 2005, Sony Pictures was raked over the coals for security weaknesses by an outside auditor. 

Others note Sony BMG ended up distributing its own form of spyware back in 2005 through 22 million CDs as a measure to protecting its music. The Sony software deeply embedded itself into the operating system, infringed on copyright of open-source code, and was designed not to be easily uninstalled.  Hackers used security holes created by the Sony code for their own purposes, causing further problems.  A series of class action lawsuits forced Sony to withdraw CDs with the code and pay damages.

While one might be justified in a bit of schadenfreude at Sony's current circumstances—Hollywood is gleefully feasting upon every information disclosure—we should be more circumspect. The FBI isn't willing to point at North Korea, but the country's leader has motive, means, and opportunity. Is this a purely criminal matter or an act of state-sponsored terrorism?

If it is "terrorism," that would open the door for involvement beyond the FBI to include the National Security Agency (NSA) and the Department of Defense's U.S. Cyber Command. Given the "victim" is a single company without a threat to national infrastructure or resources, the U.S. military may be content to simply observe and monitor than get involved.

How do you punish a cyberattack of this nature? More importantly, how do you prevent attacks like this in the future? 

There are no easy answers at the moment, only ironies.  "Blackhat," a Michael Mann film about a convicted hacker released from jail to shut down a cybercrime network, arrives in theatres next month.  The Sony-North Korea conflict over "The Interview" doesn't have the high-voltage intensity of a Michael Mann film, but it isn't unreasonable to start thinking about five minutes of security for every hour we start talking about code. 

Edited by Maurice Nagle

Contributing Editor

Related Articles

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More

Satellite Imaging - Petabytes of Developer, Business Opportunities

By: Doug Mohney    4/11/2018

Hollywood has programmed society into believing satellite imaging as a magic, all-seeing tool, but the real trick is in analysis. Numerous firms are f…

Read More

Blockchain in Space

By: Doug Mohney    4/10/2018

The fact is that everyone is putting a special spin upon blockchain this minute. Given that, it's no surprise a number of companies are discussing dis…

Read More