Views /Opinion

Sony hack attack signals threat to destroy not just steal data

By Chris Strohm
The hacking of Sony Pictures Entertainment points to a type of attack security experts have long dreaded: one that uses the sophistication of a foreign government to destroy systems rather than just steal data.
There have been a handful of such incidents around the world and they are likely to grow more common, either to further a political agenda or hide evidence of theft or espionage, said Michael Chertoff, former secretary of the US Homeland Security Department.
“Either for political or economic reasons, at some point sophisticated actors are going to be more willing to use destructive malware,” Chertoff, co-founder and executive chairman of The Chertoff Group, a global security consultancy based in Washington, said in an interview.
The attack at Sony Corp’s entertainment unit, announced November 25, crippled computer systems and gave the perpetrators access to confidential employee information including executive salaries. It also put unreleased films including “Annie,” set for theatres on December 19, on file-sharing sites. The breach occurred a month before Sony’s scheduled release of “The Interview,” a comedy about a CIA plot to kill North Korea’s leader. The attack used a so-called wiper virus that erases data and can bring down networks with thousands of computers and prevent companies from being able to conduct business.
Attacks using malware that cripple computers is one of the top concerns cited by National Security Agency Director Michael Rogers and other senior Obama administration officials, while Mountain View, California-based cybersecurity company SentinelOne predicts in a new report that such attacks will shut down power grids and other critical computers in 2015.
The Sony attack demonstrates that not only critical infrastructure is at risk, Chertoff said. “The potential for cyber weapons to be deployed continues to increase,” he said. Most US companies confront an unfair fight when it comes to defending against malicious software that can cause physical damage, especially if the hackers are well-resourced foreign governments or their hired guns using powerful attack tools, he said.
Cybersecurity companies say they are bracing for more destructive attacks in the months ahead. “If attacks like those against Sony continue against other US companies, 2015 will be a year of disrupted services,” said Ron Gula, chief executive officer for Tenable Network Security Inc, based in Columbia, Maryland.
“Most US-based companies have been preparing to avoid an embarrassing and financially damaging loss of sensitive data,” Gula said in an email. “They are not prepared for pure destruction of data.” Sony investigators have found malware that contained Korean language code and have linked the attack to a group associated with North Korea known as DarkSeoul, a person familiar with the investigation said. That group wiped out the computers of South Korean banks and broadcasters in March 2013.
North Korea has denied being behind the attack, according to a report by Voice of America. An unnamed North Korean diplomat in New York said his country had nothing to do with it, according to the report.
Prior to the Sony attack, destructive malware had been used in attacks inside the US, said a law enforcement official. The official didn’t talk about the Sony attack.
Destructive malware has more often been found in private networks than in critical infrastructure in the US, the official said. When asked if the malware could cause damage similar in scope to a 2012 attack on Saudi Aramco that crippled 30,000 computers, the official said it’s possible.
To be sure, destructive attacks are by far still the exception, as most hackers are driven by profit motives, said Trey Ford, global security strategist for Boston-based software security company Rapid7. WP-BLOOMBERG

By Chris Strohm
The hacking of Sony Pictures Entertainment points to a type of attack security experts have long dreaded: one that uses the sophistication of a foreign government to destroy systems rather than just steal data.
There have been a handful of such incidents around the world and they are likely to grow more common, either to further a political agenda or hide evidence of theft or espionage, said Michael Chertoff, former secretary of the US Homeland Security Department.
“Either for political or economic reasons, at some point sophisticated actors are going to be more willing to use destructive malware,” Chertoff, co-founder and executive chairman of The Chertoff Group, a global security consultancy based in Washington, said in an interview.
The attack at Sony Corp’s entertainment unit, announced November 25, crippled computer systems and gave the perpetrators access to confidential employee information including executive salaries. It also put unreleased films including “Annie,” set for theatres on December 19, on file-sharing sites. The breach occurred a month before Sony’s scheduled release of “The Interview,” a comedy about a CIA plot to kill North Korea’s leader. The attack used a so-called wiper virus that erases data and can bring down networks with thousands of computers and prevent companies from being able to conduct business.
Attacks using malware that cripple computers is one of the top concerns cited by National Security Agency Director Michael Rogers and other senior Obama administration officials, while Mountain View, California-based cybersecurity company SentinelOne predicts in a new report that such attacks will shut down power grids and other critical computers in 2015.
The Sony attack demonstrates that not only critical infrastructure is at risk, Chertoff said. “The potential for cyber weapons to be deployed continues to increase,” he said. Most US companies confront an unfair fight when it comes to defending against malicious software that can cause physical damage, especially if the hackers are well-resourced foreign governments or their hired guns using powerful attack tools, he said.
Cybersecurity companies say they are bracing for more destructive attacks in the months ahead. “If attacks like those against Sony continue against other US companies, 2015 will be a year of disrupted services,” said Ron Gula, chief executive officer for Tenable Network Security Inc, based in Columbia, Maryland.
“Most US-based companies have been preparing to avoid an embarrassing and financially damaging loss of sensitive data,” Gula said in an email. “They are not prepared for pure destruction of data.” Sony investigators have found malware that contained Korean language code and have linked the attack to a group associated with North Korea known as DarkSeoul, a person familiar with the investigation said. That group wiped out the computers of South Korean banks and broadcasters in March 2013.
North Korea has denied being behind the attack, according to a report by Voice of America. An unnamed North Korean diplomat in New York said his country had nothing to do with it, according to the report.
Prior to the Sony attack, destructive malware had been used in attacks inside the US, said a law enforcement official. The official didn’t talk about the Sony attack.
Destructive malware has more often been found in private networks than in critical infrastructure in the US, the official said. When asked if the malware could cause damage similar in scope to a 2012 attack on Saudi Aramco that crippled 30,000 computers, the official said it’s possible.
To be sure, destructive attacks are by far still the exception, as most hackers are driven by profit motives, said Trey Ford, global security strategist for Boston-based software security company Rapid7. WP-BLOOMBERG