FBI Cites North Korea for Sony Hack

The threat by hackers to bring down Sony Pictures because of a comedy portraying the North Korean Dictator has been linked to malware specific to North Korean hackers, reports the FBI Cyberterrorism Division.

(See below for security suggestions from a 45-year-vetran of computer security.)

While it takes a certain amount of skill to produce malware which can transfer massive amounts of information from a big company, the software to do so is available on the Dark Net for less than $1000.

But in this case, it is important to know that the hackers first gained access to the Sony internal network through the theft of someone’s password.

Companies still fail to train their employees in computer security after all these years since the first hacks.

Computer systems need the equivalent of a dead bolt on all doors to their system which not only blocks entry to the system but also blocks the system from transmitting most information.

How Important Is CyberSecurity?

Ironically, in a way, these hackers may have done us a big favor in the free world by finally showing the average person just how important cybersecurity is to our way of life.

It is tempting to say there are far more important targets such as the infrastructure, but that isn’t true, the Sony hack has struck at the heart of every democracy – freedom of speech – and Sony folded when faced with the consequences of their own corporate irresponsibility.

Personally I had nearly given up on my four decade effort to bring computer security to the forefront of corporate and personal awareness. No one really pays attention.

I began in computer security by helping secure a 360-65 mainframe computer in Arlington, Mass. which was owned by Wang Labs and often did work for various governments. We started by taking down the giant sign which identified us as a computer center.

I also covered security in a number of computer publications over the years, including writing The Locksmith Column for TechRepublic over a number of years.

For individuals I can only say that it is almost impossible to really secure any computer system if more than one person has administrator level access so keeping your information private means keeping it not just off the Internet but off any computer you own which is ever connected to the Web.

This isn’t nearly as difficult as you might think. For example, my company keeps records in the cloud via Google Drive but no spreadsheet or document contains any credit card number, social security number, or identifying information about the staff or owners other than that available in public sources.

Many credit card companies offer greatly enhanced security which almost no one uses.

For example, while we only deal with giant companies we know well, every now and then we want to buy from someone we don’t know so we use a one-time only code which can never be used again to place a charge against that credit card account.

But most people still publish incredible amounts of highly personal information online in social networks.

For example, while few families would publish cute pictures of their kids and announce where they go to school, play, and who their friends are, let alone what party they are attending next week if they were talking to a known child molester, they think nothing of posting the information on the Web where thousands of criminals are just waiting for such details.

Similarly, when you post your holiday travel plans in advance on Facebook or elsewhere, you are also telling house breakers when you will be away from home.

The silly things people do when they think they are securing their homes and businesses can best be shown by comparing the average computer security to a private home with an alarm system and locked steel door with a large glass panel. Surprise, no burglar will worry about breaking down the door when they can just paste some sheets of flypaper on the glass and break in with a small hammer by taking out the entire piece of glass.

If you think your home is secure because you have an expensive lock on the door but have a dozen big windows with no special security devices then you have precisely enough security to keep out the average three-year-old.

The same goes for most people’s computer security where “1,2,3,4,5,6,7” is now the most common password only recently replacing “password” itself as the most common.

Think how secure your passwords to online services are.