I saw the Blackhat movie yesterday, and in my opinion, it was not that great. Realistic? Yes, but formulaic and even predictable, with a little hacking thrown in to make it seem original. The script—while well-researched—felt as if it had been churned out of a script-writing program like Final Draft. I was hoping for a movie like Sneakers, which is realistic, but not at all formulaic and it’s very funny besides.
And speaking of blackhats, some purported members of Lizard Squad have recently been arrested for the Christmas attacks on Microsoft Xbox and Sony PlayStation networks during a joint investigation by the FBI and the British police. The Daily Mail reported that Jordan Lee-Bevan was arrested in Southport, Merseyside on January 16, 2015. In Finland, seventeen-year-old Julius “Ryan/Zeekill” Kivimäki was questioned last month, while Vincent Omari, Twickenham, south-west London, was arrested and released on bail shortly after they gave interviews to Sky News on December 27, 2014, about the alleged role of Lizard Squad in the Christmas gaming attacks.
Ironically, according to KrebsOnSecurity, Lizard Squad’s website, LizardStresser[dot]su, which they used to “coordinate attacks and sell subscriptions to its attacks-for-hire service” was hacked by another hacker group, Finest Squad. Brian Krebs acquired a copy of their user account information database—unfortunately stored unencrypted! Apparently the same information was also sent to the FBI. You can read more about the battles between Lizard Squad and Finest Squad on Business Insider’sarticle.
The number of independent theaters showing The Interview has been updated at Variety. Although not in the main list, Michael Moore’s theater, The Bijou, in Traverse City, Michigan, and George RR Martin’s theater, Jean Cocteau Cinema in Santa Fe, New Mexico, will also be showing the film.
David Drummond, SVP Corporate Development and Chief Legal Officer, posted today on the official Google blog, “Last Wednesday Sony began contacting a number of companies, including Google, to ask if we’d be able to make their movie, “The Interview,” available online. We’d had a similar thought and were eager to help—though given everything that’s happened, the security implications were very much at the front of our minds…. [W]e could not sit on the sidelines and allow a handful of people to determine the limits of free speech in another country (however silly the content might be).”
The Art House Convergence offered Sony a way to distribute The Interview, so there will be limited showings of the movie starting on Christmas Day. Here is a list of theaters currently showing the movie according to Variety, which they will continue to update.
In a statement released on Tuesday, 12/23/2014, President Obama praised Sony’s decision to release the movie.
In other news, North Korea experienced massive Internet outages for much of Monday, but Internet access was restored on Tuesday according to Reuters.
On December 17, Matt Mason (@MattMason), chief content officer at BitTorrent, tweeted that “Sony should release The Interview as a BitTorrent Bundle. This is the very thing the platform is designed for.”
Okay! An unlikely hero rides to the forefront!
What is BitTorrent?
BitTorrent is file-sharing software that uses a peer-to-peer computer model. Peer-to-peer means that files transfer from device to device instead of getting them from a centralized server.
How it works: The hoster of a file breaks a large file into smaller, equal-sized pieces and stores the pieces on seed computers. Then the hoster creates a small torrent descriptor file that they advertise. The torrent software is installed on a client computer. When the client decides to download a file, the software locates the pieces on seed computers and starts transferring pieces. The pieces typically arrive out of order and are re-arranged into the proper order when the transfer of all the pieces completes. That means the download can be stopped at any time and re-started without having to start the download over. When the file has been completely downloaded, the client with the completed file becomes a seed computer for other clients to download the pieces.
According to Wikipedia, an estimate of monthly BitTorrent users was about 250 million in January 2012. That means that as the file pieces are distributed to seed computers and downloaded by client computers who then become seed computers, the speed of file distribution increases.
You may even have been using BitTorrent already and didn’t know it. It is a component in Amazon S3 Simple Storage Service, an online service providing cloud applications, backup, and content distribution. Open source and free software projects use it to distribute downloads. Blizzard Entertainment’s Blizzard Downloader client (Diablo III, Starcraft II, and World of Warcraft) uses it for games, content, and patches. Universities sponsoring BOINC distributed computing projects often offer BitTorrent to reduce bandwidth costs. It supports Facebook and Twitter.
Why could BitTorrent release The Interview when the major theater chains couldn’t?
The peer-to-peer model would make it difficult for the attackers to stop downloads of the file.
And, “BitTorrent Bundle is a safe and legal way for Sony to release this film, and they would join the nearly 20,000 creators and rights holders now using the Bundle publishing platform,” said BitTorrent according to VentureBeat.
Why does BitTorrent think it is better to release the movie through them instead of through Sony’s own online video channels?
According to BitTorrent, by “using the paygate option, Sony are able to set the price for the film and release it widely without implicating anyone or exposing any third party to a terrorist threat,” and “it would strike a strong note for free speech.”
Sony Entertainment CEO Michael Linton told CNN on December 19th that “no ‘major video on demand distributor’ has been ‘willing to distribute’ the film. ‘We don’t have that direct interface with the American public, so we need to go through an intermediary to do that.’”
On 11/24/2014, the Guardians of Peace (#GOP) announced on Reddit that they had hacked Sony Pictures Entertainment’s network, alleging that #GOP had stolen 100 terabytes of data. The stolen data laid out for public consumption in various data dumps around the Internet included both employee information—social security numbers, dates of birth, medical records, salary information—and corporate information—spreadsheets containing Sony layoff information, business plans, their network architecture, movie scripts, and even actual movies—and other confidential information. Then the attackers destroyed data to emphasize that their demands were serious.
While Sony has not commented much publicly except to yank The Interview (formerly scheduled to be released on Christmas Day), there has been considerable speculation on the person or groups responsible. The story—as we know it at this moment—sounds like a movie plot. (Are you listening Sony? When ya gonna make this movie?) There are spies, hacking, extortion … all the elements of a great plot … except a hero/heroine.
Sony, you get to play the whimpering coward sniveling in the corner. Who is going to step up to be the hero or heroine? That is the real question. Bonnie Tyler says it best, I am holding out for a hero/heroine.
As I see it there are four possible hacker group combinations:
The North Koreans hacked Sony because of the movie Sony produced called The Interview. It’s a comedy, and probably not a very good one.
One or more disgruntled Sony employees took the data. To look for possible disgruntled employees, let’s count: How many people has Sony laid-off?
The North Koreans and the disgruntled employees (and possibly other groups) separately hacked Sony.
The North Koreans managed to get someone inside Sony.
In my opinion, stealing 100 terabytes of data took some time and someone inside Sony had to help. How did they get the data out? USB drives? According to Numion.com, to download 100 terabytes at 10 Gbps with 50% overhead would take over 33 hours! Also, the data sounds like it’s very organized. Whoever stole it knew where to look and what to take and what to post first to make it hurt. It has a personal feel to it. No, it’s more than the North Koreans.
North Korea: if you’re reading this, it’s just a movie. Get a sense of humor! Americans have made several movies about US presidents getting assassinated; here’s a few examples:
And of course, Wag the Dog cannot be left out of any movie list that discusses the death of a president’s political life.
I agree with President Obama that pulling the movie was a mistake. This is not a movie that I would have wanted to see, much less paid for. If you’d let it run, it would have been a brief news article, a week or two in the theaters and then … consigned to the $5 bin in Walmart. Now I want to see it!
However, there are some lessons we can all learn here:
Email is not private. Before you send any email, decide how you would feel if it ended up on the front page of the New York Times.
This is not the first time Sony has been publicly hacked. Remember the PlayStation Network debacle in April 2011, which affected 77 million customer accounts? This was followed by an attack May 2, 2011, on 24.5 million accounts at Sony Online Entertainment. Did Sony learn anything from those two incidents? Apparently not.
Compliance is not security! Doing the minimum necessary to comply with a law or laws is not enough to keep your corporate or personal information safe.
Just because you have a security breach doesn’t mean you have to lose a 100 terabytes of data. What were Sony’s security people doing?
If the company you work for does not take information security and privacy seriously, find someplace else to work. According to Forbes.com, Sony has had 195 security breaches from September 1, 2013 through June 30, 2014, according to leaked emails. However, it’s hard to determine the seriousness of the incidents from the information presented in the article. Were any of these breaches about tons of data spewing from Sony?
How can you tell if your employer is taking information security and privacy seriously? Do they say “information security is important” but cut the budget? Do they train employees on information security and privacy? Do they patch their systems and keep their software updated? Have they had a breach? What did they do?
If the company that you buy goods or services from does not protect your information, take your business elsewhere.
Vote with your feet and your money! Protect your information; there’s no one that it matters more to than you.
My bottom line? I’m outraged—both at Sony’s sloppy information security practices and their cowardice.
Intentional Privacy 