An 'Hour of Code'? How About 5 Minutes for Security?

By

This week marked an "Hour of Code," a not-for-profit effort that backers believe will teach up to 100 million people to be computer programmers. The code.org website claims over 3.8 billion lines of code have been written by students and even President Obama got into the act by typing in a single line of JavaScript. Maybe next year, backers can talk about hackers with 5 minutes to discuss computer security—a much neglected field.

While the President was typing in his one-liner, Sony's film division is being publicly humiliated due to a major computer security breech. A group of unknown—but widely assumed to be North Korean-sponsored—hackers broke into Sony Pictures Entertainment network. The "Guardians of Peace" (GOP) group scooped up a vast amount of information, including employee social security numbers, company passwords, upcoming movies, sensitive email discussing Hollywood negotiations and decision-making, and how much people are getting paid. 

GOP says they have sucked down nearly 100 terabytes of Sony corporate data and will continue to release company information unless "The Interview," a comedy about a plot to assassinate North Korean leader Kim Jong-un, is canceled. Financial information documenting corporate relationships and how much money the company has actual made on pictures could be damaging.

You can't make this up. One hopes Sony has the movie rights to its own turmoil.

Critics say that Sony's internal cybersecurity practices have been poor, while new reports claim the company has launched a distributed Denial of Service (DDoS) counterattack on GOP servers distributing Sony's dirty laundry. Back in 2005, Sony Pictures was raked over the coals for security weaknesses by an outside auditor. 

Others note Sony BMG ended up distributing its own form of spyware back in 2005 through 22 million CDs as a measure to protecting its music. The Sony software deeply embedded itself into the operating system, infringed on copyright of open-source code, and was designed not to be easily uninstalled.  Hackers used security holes created by the Sony code for their own purposes, causing further problems.  A series of class action lawsuits forced Sony to withdraw CDs with the code and pay damages.

While one might be justified in a bit of schadenfreude at Sony's current circumstances—Hollywood is gleefully feasting upon every information disclosure—we should be more circumspect. The FBI isn't willing to point at North Korea, but the country's leader has motive, means, and opportunity. Is this a purely criminal matter or an act of state-sponsored terrorism?

If it is "terrorism," that would open the door for involvement beyond the FBI to include the National Security Agency (NSA) and the Department of Defense's U.S. Cyber Command. Given the "victim" is a single company without a threat to national infrastructure or resources, the U.S. military may be content to simply observe and monitor than get involved.

How do you punish a cyberattack of this nature? More importantly, how do you prevent attacks like this in the future? 

There are no easy answers at the moment, only ironies.  "Blackhat," a Michael Mann film about a convicted hacker released from jail to shut down a cybercrime network, arrives in theatres next month.  The Sony-North Korea conflict over "The Interview" doesn't have the high-voltage intensity of a Michael Mann film, but it isn't unreasonable to start thinking about five minutes of security for every hour we start talking about code. 




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Contributing Editor

SHARE THIS ARTICLE
Related Articles

Enhancing Cybersecurity Measures for Modern Businesses

By: Contributing Writer    7/2/2025

Cyberattacks are rising, and businesses of all sizes feel the pressure. Small companies often think they're too small to be targets. They aren't. Hack…

Read More

Lessons Learned from Enterprise Oracle Cloud Migrations

By: Contributing Writer    7/1/2025

Switching to Oracle Cloud can feel daunting. Security risks, unexpected expenses, and performance troubles often turn what seems like an effortless up…

Read More

Protecting Business Assets with Smarter Security Frameworks

By: Contributing Writer    7/1/2025

Protecting your business is more challenging than ever. Cyber threats are increasing every day. Hackers target small and large businesses alike, searc…

Read More

Emerging Trends in Technology and Their Impact on Future Innovations

By: Contributing Writer    7/1/2025

Technology is changing faster than ever. Business owners often struggle to keep up. What's trending today might be outdated tomorrow. Falling behind c…

Read More

Tech Podcast Award Winners Bring Excitement and Enthusiasm to a Range of Important Tech Topics

By: TMCnet Staff    6/18/2025

Tech Podcast Award winners produce engaging, informative, and often entertaining content, bringing valuable insight from industry front lines to the e…

Read More