With the recent attack on the Sony corporate network, you might be asking yourself what they did wrong. The initial results are starting to come out and tit is pointing to some obvious issues with Sony Corporate Security. In an article by Christina Warren, we find that it looks like the IT staff at Sony was doing some really stupid things.
The details of how much was data was compromised and how that compromise happened is still unravelling but what we do know right now is that thousands and thousands of documents — including HR data, social security numbers, payroll information and internal sales contracts — have all been leaked to the public.
We also know that the FBI has issued a Flash Alert warning to U.S. companies to be on the lookout for nasty malware that destroys data on the target’s computers after taking the data that it needs.
In other words, after grabbing all of the files from a server or cluster, the malware then makes a point to wipe the hard drives of all those machines connected to an internal network. This would be like setting fire to a house after robbing it of all of its valuables. This is scary stuff.
For Sony, this isn’t the first time the company’s external or internal systems have been compromised. Cybersecurity agency Packet Ninjas has identified over 900 domains (many representing internal systems) associated with Sony that have been compromised over the last 12 years.
Sony didn’t do itself any favors by using some truly abysmal passwords to protect some of its internal, private documents.
If there is anything positive that can come from this Sony attack it’s the teaching opportunity it can provide not just for other large corporations or movie studios, but for individuals and small business owners.