An 'Hour of Code'? How About 5 Minutes for Security?

By Doug Mohney December 12, 2014

This week marked an "Hour of Code," a not-for-profit effort that backers believe will teach up to 100 million people to be computer programmers. The code.org website claims over 3.8 billion lines of code have been written by students and even President Obama got into the act by typing in a single line of JavaScript. Maybe next year, backers can talk about hackers with 5 minutes to discuss computer security—a much neglected field.

While the President was typing in his one-liner, Sony's film division is being publicly humiliated due to a major computer security breech. A group of unknown—but widely assumed to be North Korean-sponsored—hackers broke into Sony Pictures Entertainment network. The "Guardians of Peace" (GOP) group scooped up a vast amount of information, including employee social security numbers, company passwords, upcoming movies, sensitive email discussing Hollywood negotiations and decision-making, and how much people are getting paid. 

GOP says they have sucked down nearly 100 terabytes of Sony corporate data and will continue to release company information unless "The Interview," a comedy about a plot to assassinate North Korean leader Kim Jong-un, is canceled. Financial information documenting corporate relationships and how much money the company has actual made on pictures could be damaging.

You can't make this up. One hopes Sony has the movie rights to its own turmoil.

Critics say that Sony's internal cybersecurity practices have been poor, while new reports claim the company has launched a distributed Denial of Service (DDoS) counterattack on GOP servers distributing Sony's dirty laundry. Back in 2005, Sony Pictures was raked over the coals for security weaknesses by an outside auditor. 

Others note Sony BMG ended up distributing its own form of spyware back in 2005 through 22 million CDs as a measure to protecting its music. The Sony software deeply embedded itself into the operating system, infringed on copyright of open-source code, and was designed not to be easily uninstalled.  Hackers used security holes created by the Sony code for their own purposes, causing further problems.  A series of class action lawsuits forced Sony to withdraw CDs with the code and pay damages.

While one might be justified in a bit of schadenfreude at Sony's current circumstances—Hollywood is gleefully feasting upon every information disclosure—we should be more circumspect. The FBI isn't willing to point at North Korea, but the country's leader has motive, means, and opportunity. Is this a purely criminal matter or an act of state-sponsored terrorism?

If it is "terrorism," that would open the door for involvement beyond the FBI to include the National Security Agency (NSA) and the Department of Defense's U.S. Cyber Command. Given the "victim" is a single company without a threat to national infrastructure or resources, the U.S. military may be content to simply observe and monitor than get involved.

How do you punish a cyberattack of this nature? More importantly, how do you prevent attacks like this in the future? 

There are no easy answers at the moment, only ironies.  "Blackhat," a Michael Mann film about a convicted hacker released from jail to shut down a cybercrime network, arrives in theatres next month.  The Sony-North Korea conflict over "The Interview" doesn't have the high-voltage intensity of a Michael Mann film, but it isn't unreasonable to start thinking about five minutes of security for every hour we start talking about code. 




Edited by Maurice Nagle

Contributing Editor

SHARE THIS ARTICLE
Related Articles

Modern Moms Shaping Influence

By: Maurice Nagle    7/19/2018

Everyone knows Mom knows best. The internet is enabling a new era in sharing, and sparking a more enlightened, communal shopping experience. Mommy blo…

Read More

Why People Don't Update Their Computers

By: Special Guest    7/13/2018

When the WannaCry ransomware attacked companies all over the world in 2017, experts soon realized it was meant to be stopped by regular updating. Even…

Read More

More Intelligence About The New Intelligence

By: Rich Tehrani    7/9/2018

TMC recently announced the launch of three new artificial intelligence events under the banner of The New Intelligence. I recently spoke with TMC's Ex…

Read More

Technology, Innovation, and Compliance: How Businesses Approach the Digital Age

By: Special Guest    6/29/2018

Organizations must align internally to achieve effective innovation. Companies should consider creating cross-functional teams or, at a minimum, incre…

Read More

Contribute Your Brain Power to The New Intelligence

By: Paula Bernier    6/28/2018

The three events that are part of The New Intelligence are all about how businesses and service providers, and their customers, can benefit from artif…

Read More