Comments on the Sony Hack
I don’t have a lot to say about the Sony hack, which seems to still be ongoing. I want to highlight a few points, though.
- At this point, the attacks seem to be a few hackers and not the North Korean government. (My guess is that it’s not an insider, either.) That we live in the world where we aren’t sure if any given cyberattack is the work of a foreign government or a couple of guys should be scary to us all.
- Sony is a company that hackers have loved to hate for years now. (Remember their rootkit from 2005?) We’ve learned previously that putting yourself in this position can be disastrous. (Remember HBGary.) We’re learning that again.
- I don’t see how Sony launching a DDoS attack against the attackers is going to help at all.
- The most sensitive information that’s being leaked as a result of this attack isn’t the unreleased movies, the executive emails, or the celebrity gossip. It’s the minutiae from random employees:
The most painful stuff in the Sony cache is a doctor shopping for Ritalin. It’s an email about trying to get pregnant. It’s shit-talking coworkers behind their backs, and people’s credit card log-ins. It’s literally thousands of Social Security numbers laid bare. It’s even the harmless, mundane, trivial stuff that makes up any day’s email load that suddenly feels ugly and raw out in the open, a digital Babadook brought to life by a scorched earth cyberattack.
These people didn’t have anything to hide. They aren’t public figures. Their details aren’t going to be news anywhere in the world. But their privacy has been violated, and there are literally thousands of personal tragedies unfolding right now as these people deal with their friends and relatives who have searched and read this stuff.
These are people who did nothing wrong. They didn’t click on phishing links, or use dumb passwords (or even if they did, they didn’t cause this). They just showed up. They sent the same banal workplace emails you send every day, some personal, some not, some thoughtful, some dumb. Even if they didn’t have the expectation of full privacy, at most they may have assumed that an IT creeper might flip through their inbox, or that it was being crunched in an NSA server somewhere. For better or worse, we’ve become inured to small, anonymous violations. What happened to Sony Pictures employees, though, is public. And it is total.
Gizmodo got this 100% correct. And this is why privacy is so important for everyone.
I’m sure there’ll be more information as this continues to unfold.