+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

SONY INSIDER: 'The Security Team Has No F***ing Clue'

Dec 12, 2014, 19:41 IST

Following the Sony hacking scandal, in which thousands of documents from the company's movie studio were exposed, an IT worker employed by a firm that has access to Sony's computer network has described the company's security as a "mess."

Advertisement

"The security team has no f---ing clue," the employee told Business Insider, speaking about the team's unpreparedness for a cyberattack of this scale.

Our source told us that Sony's security was "outdated and ineffective." The person described Sony's security policies as "idiotic" and cast doubt on Sony's claim that it used industry-standard security software.

Sony Pictures CEO Michael Lynton sent a memo to staff in the days after the hack occurred. In the email, he quoted a security researcher from Mandiant who suggested that Sony couldn't really have done anything to protect against the attack:

This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organisations of this critical threat.

Advertisement

Our source described that letter as "pathetic," a criticism that has been shared by many security researchers. Security researcher Adam Caudill told Mashable that Sony Pictures and Mandriant described the attack as "unprecedented" only to save face. Another expert, Adrian Sanabria, told Mashable that "you should definitely be able to detect somebody copying 40GB of data systematically."

The employee who works with the Sony network said the company's internal IT team was "terrible," consisting of "incompetent people." 

We saw evidence of just how poor Sony's security was in the files that hackers posted online. A series of documents stored in a folder named "Password" contained login information for administration accounts, social media accounts, and even SSL certificates. An SSL certificate digitally signs a web page to prove that it's from that company.

Hackers used the passwords found in that folder to cause more damage, taking over Twitter accounts for Hollywood movies and using them to spread information about the hack.

Advertisement

The source close to Sony also claimed that the company hasn't learned from previous hacks.

In June 2011 the hacker group LulzSec, an offshoot from Anonymous, hacked into Sony Pictures. They claimed to have obtained "usernames, passwords, email addresses and dates of birth for thousands of people." The group used a common tactic against Sony Pictures, using an SQL injection attack to gain access to the company's computer network.

To our source's knowledge, nobody from Sony's computer security team was fired over that hack. That could mean that the same people who were meant to defend the company's servers in 2011 are still presiding over its security today.

We reached out to Sony for this story and will update if we hear back from them.

Advertisement
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article