Sony Attacked y Cyber Criminals - Term Paper Example

?Sony Attacked y Cyber Criminals Introduction Sony is a multinational corporation with headquarters in Japan; it is made up of several divisions that deal with different products such as music, games, electronics, motion pictures production and financial services. The divisions of Sony include Sony Corporation that deals with electronics in USA, Sony music entertainment, Sony picture entertainment, Sony computer entertainment, Sony mobile communication and Sony financial that offers financial services. Cyber crimes, which are the attacks in companies or government websites, which compromises the data in those websites for personal fulfillment of hackers or profits, have been rising day by day and they have caused huge losses to organizations that have experienced them. Once such attack is the one that was experienced by Sony Corporation, a division of Sony that deals with electronics in the United States of America with headquarters in San Francisco. This paper will look into details that case of cyber attack into the company’s website, Sony corporation, the American division of the multinational Sony organization are one of the organizations that have been affected by the computer hackers into its system and compromising data that belong to its clients. The attack, which is credited to a hacking group called collective anonymous (Amoroso, 2007). It will also dwell on the process that the hackers used in order to gain access to the Sony website and how the attack was handled by Sony, in addition the various ways I which to avoid such incidents from happening again will be discussed. Threat actors Anonymous collective or ‘Anons’ as it is referred to which is the short form for its full name is a group that was formed in 2004 that is against any form of censorship of online interactions, any type of censorship by governments or organizations where they respond by hacking websites belonging to church organizations, government agencies or departments, or organizations. In the recent past attacks have been launched to websites that belong to US, Israel and Uganda governments and in organizations like MasterCard, Visa PayPal and Sony among others. Anonymous collective, which is the group, that is suspected to have been behind the hacking of the website of Sony, is a group that is largely decentralized in its command structure without any rules that govern it rather it is governed by ideas. What sort of people would go after this type of information and why? This group, was created for entertainment purposes and the information they get which is mainly user names and passwords of subscribers is used to threaten the company to stop the directives on tinkering of play station 3. The information that they stole would be important on online hackers since credit card information and passwords got from the website can be used to access bank accounts of the users, therefore, the likelihood of making money transfers to their accounts (Pankaj, 2005). Investigations into the attack by anonymous collective group on Sony are going on, and it is estimated to cost the firm a total of $170 million, in the investigation. The company discovered that the data of about 8500 users’ data had been accessed. The attack did not happen as a surprise to Sony as there were some warnings that had been sent to the company. The group, which was on a revenge mission, attacked MasterCard’s website in December and was after Sony corporation had arrested a young boy of 21 years for allegedly posting information on how to modify play station 3 gaming console on the internet. The group had also announced that it was on a revenge mission that it called ‘operation payback’ on its website anonnews.org, However, in May, the group, announced the group announced that it was not responsible for the attack, but its members, operating individually may have been behind the breach on the Sony site. How did they get it? The process, which the group may have used in the hacking of the website, involves the hackers, who are conversant in a programming language such as C, Ruby, Perl, Bash scripting among other languages in computer language. Assembly language of the processor is necessary for hacking since all other languages a computer uses will be interpreted as assembly language (In Gerdes, 2013). The second step is where the hackers gather information about their target, in this the hackers gathered information on the Sony. The kind of information they are likely to store in the target website, and the security systems that the organization has put in place this will involve testing the target to know the operating systems, the active ports and the firewall type that is being used in order to design the course of action. The next step the hackers try to hack the password or the authentication process of the target site, this can be done using brute force whereby the hacker tries to crack the password (Covaleski, 2013). This is difficult since the users are discouraged from using weak password in the internet, to make the cracking process faster, cutting of MD5 algorithms into quarters will be efficient or using graphic cards, which is one of the fastest method. Getting super user privileges will help that hacking to be able to gain access to all the information since such information as user data that are to be accessed to is highly protected, and it will require a lot of authentication to be able to access the information. Creating a buffer overflow is the most common method that is used; it allows the hacker access to more information than would have been allowed in a normal situation. For an organization of Sony’s magnitude, protecting their information is one of their security priorities as the information is key to whether the customers have faith in the company’s product or not. This in essence will require the organization to improve its’ security systems to ensure no intruders can access information on the website. Improving internet security for the organization will entail the following ways. One of the ways is to follow hacking forums to ensure the organization knows the latest methods of hacking and, therefore, adjust appropriately. The second way is to change preinstalled password in some software and programs as these are easily accessible to hackers. Making all users of the network to be aware of several security issues and practices within the network and how to ensure hackers do not capitalize on the pitfalls to hack the website can help keep hackers from accessing confidential information, the awareness can be done through social engineering. Performing mock attacks and penetration test to an organization’s website will help in identifying the weak point where the attacks are likely to happen; this information in return is used to strengthen the security systems. Identifying entry point into the internal network will help in identifying the start points of attack. In identifying these areas, an organization may require the services of professional and ethical worker who is conversant with the hacking profession. Proper configuring of firewalls for an organization will also help it in keeping away any intruders; the type of firewall to be used will depend on the specific security need of a company (Augastine, 2007). Authenticating process in organizations should try to minimize the use of passwords and use other methods of authenticating such as VPN or SSH which are more secure than passwords, smart cards or other similar technologies. Comments in website source codes since although they may seem harmless, they may contain indirect information that may help the hackers gain access to the website. Removing of default, test and example pages from new web server software, which may be a weak point for entry into the organizations software. How will the hackers be identified? With the current advancement in technology, hackers can be identified with the use of linguistics, that is the styles that they use to write in different forums, this use mainly uses function words which are very specific to different users even if the language skills is poor, it involves the writing style of different users. In identifying the researchers, use methods as stylometric analysis and latent Dirichlet allocation that can identify the difference between a conversation on stolen credit cards and from another one on exploit writing. One of the tools that are used is the Anonymouth, which takes a 500-word sample from a suspected hacker that will give away his writing style and hence help to identify him. How the organization would discourage and defend itself from attacks The attacks on Sony would have been preventable had the threats been taken seriously as Stringer, one of the top management of Sony explains, he argues that most of the users of PSN do not pay for the service hence it was the least expected of the places that the attackers would have targeted. Sony have however improved their security systems to avoid such breaches from happening in the future and to restore the confidence of their clients who had lost faith in the way the security breach was handled as they were informed a week later after it had occurred. Conclusion The cyber attack on the Sony website had serious ramifications on the reputation of the security systems of the company, the company had received warnings before but they were not taken seriously leading to the serious attack. The methods used by the hackers were not very sophisticated therefore, the attack was detected before it could have done complete damage. The organization n has however put measures in place to avoid future attacks and mitigate the damage caused by the attack. References Amoroso, E. G. (2007). Cyber security. Summit, NJ: Silicon Press. Augastine, P. T. (2007). Cyber security. New Delhi: Crescent Pub. Corp. Covaleski, J. (2013). Hacking. San Diego, CA: ReferencePoint Press. In Gerdes, L. I. (2013). Cybercrime. Pankaj, S. (2005). Hacking. New Delhi: A.P.H. Pub. Corp. Read More