IT Support and Hardware for Clinics
32.4K views | +12 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

The Hackers' Shocking, Pointless Defeat of 'The Interview'

The Hackers' Shocking, Pointless Defeat of 'The Interview' | IT Support and Hardware for Clinics | Scoop.it

The latest, strangest turn in the Sony hack saga, an ongoing sequence of cyber-attacks seemingly motivated by Seth Rogen and James Franco's "assassination of Kim Jong-un" comedy The Interview, has a film studio taking a seemingly unprecedented step: letting movie theaters pull the movie entirely in the wake of terrorist threats. The film was due for release on Christmas Day and now may not be shown in any theater—certainly not the major chains (AMC, Regal, Cinemark, Cineplex) that most Americans attend. It's a shocking turn, especially since it's motivated by extremely vague threats ("The world will be full of fear…remember the 11th of September 2001…we recommend you to keep yourself distant from the places at that time.").

In one obvious sense, then, the terrorists have won. But if their goal really was to prevent people from seeing Kim Jong Un’s fictional assassination, then it may turn out to be a pointless victory.

It remains to be seen how this situation will play out exactly—but it’s easy to guess. Within hours of The Interview getting yanked from theaters, news hit that Sony is apparently considering a premium online release for the film. That seems like the most logical step—both from a profit standpoint and a safety one. Sony stands to lose millions in this whole affair, not to mention whatever penalties they might owe the film’s creative personnel, so any money that could be recouped on VOD would help offset that. It also makes a certain sense that theaters are acting in unison on this—as vague as the threat might be, it would take just one incident to create enormous liability for them. The New York Times pointed out that shopping malls, in which many theaters reside, helped lobby for the decision to avoid screening The Interview.


The Interview could very well benefit, in a cruel and unusual sort of way, from all this bizarre publicity.


Still, many are pointing out the scary precedent of Sony bowing to unspecified threats, especially when the Department of Homeland Security said the threats were not credible. Say someone disagrees with the premise of an upcoming film—one that deals with a hot-button issue like abortion or race, for example. If a terror threat gets called in, would theaters be compelled to make the same decision they made here? Though the Sony hackers have displayed their might in a sense—by ripping hundreds of terrabytes of information from its private servers to publicly embarrass the company—they haven’t demonstrated the capability to make good on the more horrifying threat they made Tuesday.

The Internet has enabled the hackers’ power, but it has also neutered them: The Interview will almost certainly be seen, whether in theaters or not. In 1990, a similar situation would have doomed a film to utter obscurity. Even in 2001, the Arnold Schwarzenegger action vehicle Collateral Damage, which was due for release on October 5, 2001 and was pushed to the next February because it depicted a bomb attack in the U.S., was basically forgotten outside of that pop-culture history footnote. But because of on-demand technology, The Interview could very well benefit, in a cruel and unusual sort of way, from all this bizarre publicity. Were the situation not so financially harmful and publicly embarrassing for Sony, it’d be easy to conspiratorially regard it as some kind of high-concept publicity stunt to convince us of The Interview’s political bravery.

Still, who knows if that will translate into online viewings—or what Sony will even charge for the privilege of watching it in one’s own home, free of a terrorist threat. That’s how precedent-setting this is: Nothing like this has ever happened before. Three years ago Universal weighed releasing its comedy Tower Heist on VOD three weeks after it hit theaters, at $60 a pop, to generate public interest. Theaters threatened to boycott and the decision was scrapped. We lived in strange times then—but stranger times now.



more...
Paul Gill's curator insight, December 25, 2014 3:37 PM

Dear Kim Jong-un and everyone else - Merry Christmas - um, regarding The Interview - What was the Point?  

Scoop.it!

Sony Hack: Ties to Past 'Wiper' Attacks?

Sony Hack: Ties to Past 'Wiper' Attacks? | IT Support and Hardware for Clinics | Scoop.it

The "wiper" malware attack against Sony Pictures Entertainment has numerous commonalities with previous wiper attacks in Saudi Arabia and South Korea, anti-virus firm Kaspersky Lab reports.

While that's no smoking gun proving that the same group is behind all three attacks, "it is extraordinary that such unusual and focused acts of large-scale cyber destruction are being carried out with clearly recognizable similarities," says Kurt Baumgartner, a Kaspersky Lab principal researcher, in a blog post.


Previous, high-profile wiper malware attacks - designed to erase data from PC and file-server hard drives and delete the master boot record, so the machines cannot boot - have included the use of "Shamoon" malware against Saudi Aramco, and "Dark Seoul" malware against South Korean banks and broadcasters. The attacks - respectively launched in 2012 and 2013 - each resulted in an estimated 30,000 hard drives being erased. The identify of the attackers has never been confirmed - although South Korea published evidence of North Korean ties to Dark Seoul. Security experts say insiders, hacktivists or a nation state could be responsible.

Baumgartner sees an extensive list of similarities between the Shamoon and Dark Seoul campaigns, and the Nov. 24 Destover - also known as Wipal - malware campaign against Sony. From a timing perspective, for example, Kaspersky Lab says attackers compiled both the Dark Seoul and Destover wiper executable files 48 hours or less before the wiper attacks commenced, while Shamoon was compiled five days before the payload was set to "detonate."

For Sony, that timeline offers new clues about just how badly the company had likely been breached. "It is highly unlikely that the attackers spear-phished their way into large numbers of users, and highly likely that they had gained unfettered access to the entire network prior to the attack," Baumgartner says, because it would have been very difficult to steal so much data and infect numerous systems in less than 48 hours.

Technical Similarities

Technically speaking, Shamoon and Destover both used commercially available EldoS RawDisk drivers, which enable developers to create applications that can gain direct access to Windows disks, thus allowing them to evade security restrictions or file locking, Baumgartner says. "The Destover droppers install and run EldoS RawDisk drivers to evade NTFS security permissions and overwrite disk data and the MBR itself," he says. But the overwritten data wasn't just random zeros and ones. "Just like Shamoon, the DarkSeoul wiper event included vague, encoded pseudo-political messages used to overwrite disk data and the master boot record," he says.

By overwriting the master-boot record, or MBR, attackers could make it impossible to boot an infected Windows machine. But the good news, Baumgartner says, is that based on previous attacks, the attackers didn't forcibly wipe all data being stored on the disk, which ultimately made recovering whatever was being stored on the drive easier. "In the case of the DarkSeoul malware, the overwritten data could be restored using a method similar to the restoration of the Shamoon 'destroyed' data," he says. "Destover data recovery is likely to be the same."

Shamoon, Dark Seoul and Destover were all hit-and-run attacks committed by groups about which nothing is known. "All attempted to disappear following their act, did not make clear statements but did make bizarre and roundabout accusations of criminal conduct, and instigated their destructive acts immediately after a politically charged event that was suggested as having been at the heart of the matter," Baumgartner says.

The graphic and warning used by the "Whois" team that claimed credit for Dark Seoul, and the "Guardians of Peace" - or G.O.P. - group that's claimed credit for hacking Sony, are aesthetically quite similar, including similar fonts, colors, warning language and love of skull graphics.

Not New: Sabotage, Ransomware

But the technical, timing and aesthetic similarities don't prove that the same group was behind all three attacks, and security experts say that whoever launched Destover may have just carefully studied Shamoon or Dark Seoul.

And sabotage attacks launched against individuals and businesses are nothing new. On an individual level, for example, "what we are seeing a lot of is so-called ransomware, which is effectively a monetized version of this type of [wiper malware] attack," Roel Schouwenberg, a security researcher at Kaspersky Lab, tells Information Security Media Group.

While security experts say large-scale wiper attacks are rare, cybercriminals do sometimes employ these tactics. In June, for example, criminals used a distributed-denial-of-service attack against source code hosting firm Code Spaces to obscure their simultaneous 12-hour hack attack in which they deleted most of the business's data, machine configurations as well as onsite and offsite backups, and then demanded a ransom. Instead, Code Spaces shuttered.

Leaked: PII For Actors, Directors

For Sony, the breach is embarrassing for executives and puts employees and freelancers at risk. The list of leaked data includes Social Security numbers for numerous current and former employees and freelancers, including actor Sylvester Stallone, Australian actress Rebel Wilson and director Judd Apatow, The Wall Street Journal reports.

"More than 600 files that contained Social Security numbers - these included Acrobat PDFs, Excel spreadsheets, and Word docs - with more than 47,000 unique SSNs were publicly available," says Todd Feinman, president and CEO of data loss and leak-prevention firm Identity Finder, in a blog post, referencing data that had been leaked by Dec. 3.

The leaked information is reportedly now circulating on BitTorrent sites, meaning that anyone can download the files and potentially use the data to commit identity theft. The risk of ID theft - for example to fraudulently open credit card accounts or take out mortgages in someone else's name - for 15,000 current and former employees is high, Feinman warns, because their full names, birthdates, and home addresses are also included in the leaked Sony data.

Sony has not responded to repeated requests for comment on the hack attack.



more...
No comment yet.