Archive for the ‘Security’ Category


Sony hack threatens freedom of speech

Sony Pictures Entertainment logoWhen employees of Sony Pictures Entertainment saw their computer screens go as black as their morning coffee in mid-keystroke last month, nobody imagined the impact would have global implications.

Yet, another darkness descended with the shutdown and may persist for months if the “Sony hack” as many are calling it turns into the cyberterror devastation the alleged hackers claim will come.

Even if nothing much else results, the Sony hack likely will change the way corporations handle digital data. Otherwise, our most basic freedom is at risk.

The latest clarion call to improve digital security came early on the Monday before Thanksgiving when Sony employees were shut out of their computer network without warning. The blackout lasted days. Important files either vanished or were inaccessible. Sony Pictures, the American subsidiary of media conglomerate Sony Corp., soon learned that hackers calling themselves Guardians of Peace had sifted through and copied vast volumes of employee records and company correspondence. The hackers published some of the emails as proof — emails that revealed privileged discussions and compromised relationships within the company.

The attack was tied to the planned wide release on Christmas Day of the feature film “The Interview,” a political farce depicting the assassination of North Korean leader Kim Jong-un. The hackers called it a form of terrorism and promised to retaliate against cinemas that showed the movie. Cinema owners everywhere cancelled showings, prompting Sony to pull the movie from distribution.

Hollywoodites and government howled at Sony’s decision, with a long line of celebrities stretching from George Clooney to President Barack Obama saying Sony risked undermining free speech and freedom of expression by giving in. But Sony Pictures Chairman and CEO Michael Lynton insisted he had no choice once the cinemas backed out. The company now says it will opt for other means of distribution and a limited release.

Perhaps a bigger concern to Lynton and Sony is the huge hole this hack punches into the company’s reputation. Tens of thousands of personnel records wound up in the hackers’ hands in November — and this just 10 months after another security breach by a different hacker compromised individual records belonging to almost 48,000 Sony website visitors in Germany. If Sony employees’ bank accounts, health records, and credit histories are compromised en masse, and Sony customers can blame their own financial woes on the company, the cumulative legal redress heaped on Sony could easily exceed the $44 million it cost to make “The Interview.”

So, two things now appear certain. First, the high-profile blowback from Sony’s security breach serves as incentive for corporations who say they’ll get around to improving cybersecurity but keep putting it off.

Second, Sony’s apparent capitulation to the Guardians of Peace moves cyberterror out front as a proven tool for controlling the media marketplace. Lynton insisted his company’s actions were defensible and blamed misinformation for fueling public outrage. Meanwhile, free-speech advocates filled the gap between Sony’s actions and Lynton’s logic with shrill outcry, or in some cases overt silence. that Sony will find almost impossible to overcome even after agreeing to a smaller distribution.

Hacking predates the Web, goes on everywhere, and is evolving. In the first two weeks of December alone, more than two dozen attacks considered to be on the level of cybercrime or espionage were recorded against major financial institutions, governments agencies, news organizations, sports teams, and universities. Each revealed nagging flaws in the way we store our digital data, however none received the media attention they deserved because they lacked the PR firepower of Hollywood’s glitterati.

Sony showed that media companies can be bullied into acting against the public’s best interests, that everyone from individuals on up to conglomerates needs to take better care of securing our digital data, and that our basic freedoms are doomed if we don’t.

iPhones, iPads under attack from China?

WireLurker logoApple Inc. made its powerful brand name on the strength of intuitive technology that for years seemed immune to routine hacking. Now, a malware campaign afflicting China threatens to dampen that distinction and harm those here who rely on any one of an estimated 800 million iPads, iPhones and 64-bit Macs.

The WireLurker malware reportedly flourishes in China on pirated software. Once installed it burrows into the operating system and waits for peripherals to connect, whereby it records the information passed between the devices. Much of that information consists of serial numbers, phone numbers and iTune store identification information.

Then WireLurker installs benign-looking apps that sift for other identifiers including texting history, address books and other private files to pinpoint potential targets. WireLurker also imports regular updates from an attacker’s command servers, thus remaining on guard against counterattacks.

Security company Palo Alto Networks alerted Apple users on this side of the Pacific in a recently released white paper.

Although WireLurker poses no immediate threat here as yet, it represents a comprehensive approach to malware distribution not seen before with Apple products, Palo Alto Networks says.

To reduce the risk of infection, users of Apple devices are advised to take a few precautions:

  • Avoid downloads from any location other than iTunes or the Mac App Store. To ensure this, in the System Preferences panel, click on the check box next to “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)”
  • Avoid connecting or pairing your Mac or portables with other unsecured devices, whether they are Mac- or PC-based.
  • Keep the operating systems updated on all devices. The updates also plug holes in system security.
  • Keep all antivirus and anti-malware programs updated as well.

Keep in mind as well: The people most at risk are those who ignore every pop-up security warning Apple throws at them.

Palo Alto Networks is providing a tool to detect WireLurker infection on Mac and advises that removing WireLurker and the damage it causes will require expert attention.

Connect

Twitter Facebook Google Plus RSS Instagram Pinterest Pinterest LinkedIn


© Society of Professional Journalists. All rights reserved. Legal

Society of Professional Journalists
Eugene S. Pulliam National Journalism Center, 3909 N. Meridian St., Indianapolis, IN 46208
317/927-8000 | Fax: 317/920-4789 | Contact SPJ Headquarters | Employment Opportunities | Advertise with SPJ