You may already heard that around two weeks ago, the Sony Pictures Entertainment studio in Hollywood, California, got hacked. Why this hack is a little bit more extraordinary than others is because Sony Pictures has big movie-stars on its payroll, and pretty much everything else about the hack doesn’t just hurt Sony Pictures financially, it’s overall embarrassing for the company. Since the initial attack, a steady flow of documents and revelations have trickled into news reports and file-sharing sites this past week. To make matters worse, Sony got hacked again this week: this time its Playstation Network.
What got hacked?
Personal data such as social security numbers, home addresses, bonus plans and salaries of thousands of Sony Pictures’ employees have been disclosed online. Among the affected are Hollywood celebrities such as Sylvester Stallone, Rebel Wilson, and Anchorman director Judd Apatow. Some Hollywood stars took the opportunity to get out ahead of the leaks by sharing pictures and details of their private lives before they’re inevitably leaked across the web.
What does North Korea have to do with all this?
Well, some social media outlets speculated that the attack originated from North Korea. They reasoned that the North Korean government found out about a new movie called The Interview, starring James Franco and Seth Rogen. In the movie, Franco and Rogen play a talk show host and producer who are recruited by the CIA to assassinate North Korean-leader Kim Jong Un. The North Korean government denied the country’s involvement but supposedly called the hack a “righteous deed” and said that there are North Korean sympathizers around the world who could have caused the attack instead.
A security firm called Mandiant, discovered that the exploit was caused by a zero-day malware attack. Although Sony is offering its employees identity protection in response to the hack, they’re learning quickly that the saying “an ounce of prevention is worth a pound of cure” is painfully true in this case. More juicy details of the hack include the fact that a file with workplace complaints got leaked, which provided very sensitive insider information – including that some employees are apparently tired of Adam Sandler and his movies and that management may not get along with each other. Ouch. Details like this are off course picked up and blown up by the media all over the world, making it even more embarrassing for the entertainment giant. And it got worse for Sony….
Hacked again: Sony Playstation
So, how was this possible?
A DDoS is an attack where hackers make an attempt to starve the server of its resources such as memory, processing power, bandwidth or routing information. Here’s an example of what a DDoS attack may look like – The SYN-flood attack.
- This attack occurs when a hacker uses TCP/IP to establish a connection.
- When the requester initiates a connection request, it sends a TCP/SYN packet with a fake return address (the requester does not want its own address being discovered because they will be caught red-handed).
- When the computer receives the TCP/SYN packet from the requester, the computer will respond to the bogus address with a TCP/SYN-ACK packet. This packet is a “hey, I got your request, let’s start talking now”
- The computer will now wait for the TCP/ACK packet from the requester. No packet will ever arrive. Why? Because the original TCP/SYN packet was sent with a fake address. So the computer will just sit and wait because the TCP/SYN-ACK packet is now wandering in cyberspace. The attacker will repeat this process over and over until the computer freezes and crashes because of the processing and memory resources being completely exhausted.
- The hackers will have many more computers doing this attack, not just one. That is why the hackers are so successful. They will us all their resources and efforts on one server quickly and efficiently, just like a pack of lions that prey on only one zebra.
The Lizard Squad group (or individual) has made it clear that their early Christmas-gift to the world was a mass- DDoS attack on the Microsoft Xbox and Sony Playstation’s Network servers. The group also took things to Twitter and Tweeted that there was a bomb on a Sony executive’s plane which caused the FBI to step in. Lizard Squad claimed the hack was just “a small dose” of what was to come over the Christmas season:
Emsisoft Endpoint Protection: Award-Winning Security Made Simple
Experience effortless next-gen technology. Start Free TrialLooks like Sony has quite some damage-control to do over the holidays. Otherwise, some children (and adults) may in fact be disappointed when they cannot play their games online on Christmas morning.