Sony virus protection

Computer security companies had been predicting such exploit code in the wild for weeks , since an independent developer had exposed the presence of a "rootkit" tool on the Sony CDs. The rootkit technology hid the copy protection from view, but also left open a hole that could hide other software. Virus writers quickly took advantage of that hole, modifying an old Trojan horse to take advantage of the powerful inadvertent shielding provided by the Sony software. On Friday, Sony responded to the furor and announced that it will suspend production of CDs that contain this particular copy-protection technology and take a second look at its digital rights management strategy.

Antivirus companies are now offering a range of advice, and confusion remains about exactly what the software does and how dangerous it can be to a PC. Here are the basics that everyone should know about this potentially dangerous issue:.

The CDs involved are loaded with a relatively new kind of content protection created by British company First 4 Internet. When a listener puts the album into a computer's CD drive, it pops up a license agreement. If the listener accepts, it installs the copy protection rootkit onto the hard drive. The rootkit element of the software is used to hide virtually all traces of the copy protection software's presence on a PC, so that an ordinary computer user would have no way to find it.

The software acts to limit the number of copies that can be made of the CD and prevents a computer user from making unprotected MP3s from the music. A rootkit is a powerful piece of software that takes over control of a computer at the most fundamental level. In computer terms, it establishes "root" access, which is similar to administrative access, instead of access for just an ordinary user.

It can potentially prevent a computer user from detecting its presence or from performing certain tasks on their own PC. Like most computing tools, this is not intrinsically a bad thing, but can be abused. Virus writers use these tools to help take over computers and hide the presence of their work. Some aggrieved users may see little difference. Computer security companies do make a distinction between Sony's software and a virus , noting that this was distributed by a legitimate company with a legitimate business interest even if many people disagree with that business interest.

However, they are deeply critical of Sony's techniques and say that the amount of information given to users about what the software would do to a computer was wholly inadequate, and the lack of an uninstall tool was bad policy. Email accounts were accessed by multiple VPNs and proxy servers around the world as well, showing a deliberate effort to obscure their origins.

Multiple backdoors and Trojans were employed, launched by numerous Gmail accounts and fake Facebook profiles. You can see an illustration of the various accounts that were linked to Park below. What makes this all the more incredible is that until relatively recently, the entire country of North Korea had about a thousand available public IP addresses and a very low-bandwidth internet connection.

This was one of the reasons why a rogue collection of hackers was able to set up a DDoS attack on their ISP in January , to retaliate the Sony campaigns. Here are 5 lessons for IT security that can be gleaned from the charging document and the various North Korean hacking efforts. Awareness training needs to happen on a continuous, year-round basis. The hackers are getting better at crafting their phishing emails to look more genuine, and use insider information, corporate logos and templates, and almost-similar domain names and email addresses to fool recipients.

The goal of such programs should be assessment, education, reinforcement, and measurement in a continuous cycle.

Also, think about how you can offer incentives to your users to make the training less onerous and thereby more effective. Enterprises need better early warning intrusion detection mechanisms.

The North Koreans lived for many months inside the Sony and other networks, learning what servers to hit and which employee accounts to mimic. Each target acquired by the hackers was carefully picked and researched to improve the realism and the chances of their phished emails and watering holes ensnaring victims.

Other than the AMC theater company, they were incredibly successful at penetrating other corporate networks and spending months looking around inside to find the right targets. To complement your IDS, you also need to beef up your network segmentation. Separate data into the appropriate places where it makes sense. It is time to audit your access controls. Examine which employees have administrative rights and understand if these are too generous in terms of permissions.

The same principle seems to apply to the leaked documents. As long as a new organization didn't participate in the Sony attack itself, it has a First Amendment right to report on newsworthy information it finds in the documents.

Millions of PlayStation gamers were affected by the attack on Sony. Notably, this is not the first time Sony has been targeted by hackers, and it might not even be the most damaging incident. In , Sony's PlayStation network was attacked by hackers who stole personal information about millions of PlayStation gamers and took the network down for weeks. This attack was motivated by anger about Sony's lawsuit against an American hacker who attempted to reverse-engineer the PlayStation 3 to allow users to play third-party games not authorized by Sony.

Critics have argued that Sony has taken a lax approach to online security. They pointed out, for example, that the company laid off two security workers just weeks before the attacks. And security expert Chester Wisniewski told Gizmodo that the hackers' efforts in were made easier by Sony's flat-footed response.

They'd exploit a vulnerability in one Sony office, then use the same attack days later in another part of the world. The hackers' efforts in were made easier by Sony's flat-footed response. Last month's attack makes it clear that Sony still hasn't fully locked down its network.

Yet it's hard to know whether this means that Sony has particularly lax security practices — or if it just happens to be the favorite target of hackers. Hardening a corporate network as large as Sony's is really difficult, and even a company that takes every precaution may still be vulnerable to a sufficiently determined and talented attacker.

In his view "the level of sophistication" of last month's attack was "extremely high. First and foremost, lots of companies should be investing more in network security. Companies like Sony tend to under-invest in locking down their networks because it seems like a needless expense until disaster strikes. Cleaning up the mess from this latest attack will cost Sony millions; hopefully that will inspire other large companies to hire additional security experts.

Second, companies should make sure they're well-prepared to respond to attacks. For example, making regular backups can allow a company to recover in the event that hackers delete important data. Finally, corporate executives should bear in mind that their decisions might be unexpectedly exposed to the light of day. If you're a senior executive at a big company, it's a good idea to avoid sending overly embarrassing emails or having embarrassingly lopsided pay scales.

The FBI is still investigating. In the past, the perpetrators of major attacks have often been apprehended. Meanwhile, journalists will continue to pore through the leaked documents. A huge amount of data has been released already, and much of it hasn't been carefully analyzed. There might be more data coming out in the future. We don't know if any major scoops are still hidden in that vast haystack.

Update: Since this article was published, I've added information about the "movie of terrorism" message, Aaron Sorkin's New York Times op-ed, and Sony's call for journalists to delete the stolen files. I've also changed the article to reflect growing evidence that North Korea was behind the attacks.

Our mission has never been more vital than it is in this moment: to empower through understanding. Financial contributions from our readers are a critical part of supporting our resource-intensive work and help us keep our journalism free for all. Please consider making a contribution to Vox today to help us keep our work free for all. Cookie banner We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audiences come from.

By choosing I Accept , you consent to our use of cookies and other tracking technologies. The Sony hack: how it happened, who is responsible, and what we've learned.

By Timothy B. Share this story Share this on Facebook Share this on Twitter Share All sharing options Share All sharing options for: The Sony hack: how it happened, who is responsible, and what we've learned. Reddit Pocket Flipboard Email. What happened to Sony? Someone claiming to be a former Sony employee posted this screenshot, which allegedly shows the message that appeared on Sony employees' computer screens: Sony's network was down for days as administrators struggled to repair the damage.

Some people have blamed North Korea for the attacks. Were they responsible?