Visit our other websites:    Consumer IT    On CE    eSP    Mobile Channels    ECI news    Digital Signage News EMEA    iChannels

At the End of the Rainbow: Security

PDF  | Print |  E-mail

The Interview

What does a rainbow have in common with the AV business?

You might make several analogies but the image I am looking for is the palette of colurs.

Just like a rainbow displays bands of different colours, we are not all alike-- no matter how much we shine when together like an ISE show.

Let's take AV system integrators as a group. Some are large operations, some small. Some include rental, residential or educational divisions; some don't. Some embrace the IT/AV convergence; some still try to avoid it.

For those that do embrace IP networking, who do try to exploit it to further their business, the news of the Sony hack carries importance.

Sony Corp., itself a major player in AV, transcends our category with its wide-flung business empire that includes Hollywood blockbusters.

Sony Pictures Entertainment Inc. (SPE) is the American entertainment subsidiary of Japanese multinational technology and its group sales in the fiscal year (March 31, 2014) was $8.054 billion. SPE has produced, distributed, or co-distributed successful franchises such as Spider-Man, Men in Black, Underworld, and Resident Evil.

One of the most embarrassing corporate hacks in history, it appears that the files include the social security numbers of 47,000 people including Sylvester Stallone, Judd Apatow and Rebel Wilson.

What happens in Hollywood can no longer stay in Hollywood: recently employees at Sony pictures opened their computers at work to find a skull splash page.

Skull Page

Sony employees were told the company email systems were down and to go home because the company’s networks had been hacked. Sony administrators reportedly shut down much of its worldwide network and disabled VPN connections and Wi-Fi access in an effort to control the intrusion.

A group, the Guardians of Peace, has taken responsibility. But who GOP are remains unclear but their correspondence indicates Sony failed to meet their demands. “We’ve already warned you, and this is just the beginning. We continue till our request be met.”

Most hacks like this begin with a phishing attack, which involve sending emails to employees to get them to click on malicious attachments or visit web sites where malware is surreptitiously downloaded to their machines. Or hackers also get into systems through vulnerabilities in a company’s web site that can give them access to backend databases. Once on an infected system in a company’s network, hackers can map the network and steal administrator passwords to gain access to other protected systems on the network and hunt down sensitive data to steal.

Among the more than 11,000 newly-released files are hundreds of employee usernames and passwords as well as RSA SecurID tokens and certificates belonging to Sony—which are used to authenticate users and systems at the company—and information detailing how to access staging and production database servers, including a master asset list mapping the location of the company’s databases and servers around the world.

The hackers claim to have stolen a treasure trove of sensitive data from Sony, as large as 100 terabytes of data. The leaked documents include a list of employee salaries and bonuses; Social Security numbers and birth dates; HR employee performance reviews, criminal background checks and termination records; correspondence about employee medical conditions; passport and visa information for Hollywood stars and crew who worked on Sony films; and internal email spools.

All of these leaks are embarrassing to Sony and harmful and embarrassing to employees. But more importantly for Sony’s bottom line, the stolen data also includes the script for an unreleased pilot by Vince Gilligan, the creator of Breaking Bad as well as full copies of several Sony films, most of which have not been released in theaters yet.

The attack on Sony might have included malware designed to destroy data on its systems.

Finger-pointing by Sony and the FBI suggests it may be related to a comedy film on North Korea, The Interview due for release. No.Korea denies this.

All of this vividly underscores why Sony had to shut down its entire infrastructure after discovering the hack in order to re-architect and secure it.

Which brings us back to the point: in the pro AV industry where more and more of our activity is in IP networks, the more aware we must be. Listen to these hackers…

I am the head of GOP who made you worry.

Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan. It's your false if you if you think this crisis will be over after some time. All hope will leave you and Sony Pictures will collapse. This situation is only due to Sony Pictures. Sony Pictures is responsible for whatever the result is. Sony Pictures clings to what is good to nobody from the beginning. It's silly to expect in Sony Pictures to take off us. Sony Pictures makes only useless efforts. One beside you can be our member.

Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the email address below if you don't want to suffer damage. If you don't, not only you but your family will be in danger.

Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely.

Give in to terrorists? Yes, Sony has cancelled its original plan to distribute The Interview that might have inspired the hack. The company claims theatre owners are reluctant and says it is searching for another “distribution strategy.” How convenient an excuse…and what a mistake that will not only encourage all types of hackers…it will EMPOWER them.

The point for the pro AV business is how security affects us all. Hire or grow your expert in security (security based on what risks your clients have, whether you are servicing hotels, museums, rock concerts, transport control rooms, or video walls in public walls.) Make security a priority because in a “networked world” we are all on IP networks that are targets for all the malcontents, terrorists and organized crime in the world.

You might have heard that at the end of the rainbow is a pot of gold. That's true...but it is buried under Security.

Go The Sony Hack, Full Story