It’s easy to think no one is safe on the Internet anymore. On December 1, tech giant Sony joined retailers like Home Depot and Target on the list of apparently vulnerable computers. A large-scale hacking effort hit its films division, Sony Pictures.
There are quite a few reasons for consumers to be aware of this developing story. First off, if you’re a PlayStation owner, you might be wondering if your data was compromised. In addition, if you’re an Internet user, you might be wondering how to keep yourself safe from future hacks. To help address those concerns, let’s go over what we know and what you need to do to protect yourself.
On December 1, the FBI issued a “flash” warning to business owners warning them of a dangerous new strain of malware. The FBI later confirmed that this malware had been used in an attack on Sony Pictures. Sony issued a statement describing the attack that afternoon.
According to Sony, screens across the company went black, their contents replaced by the message “Hacked by #GOP.” GOP, in this case, stands for Guardians of Peace, a known group of cybercriminals. The group also threatens to release “secrets” stolen from Sony servers.
Sony suspects that North Korea, or a nation acting as its proxy, may have engineered the attack out of a desire to stop the new James Franco/Seth Rogen movie “The Interview.” In the film, Rogen and Franco are TV personalities sent by the CIA to assassinate North Korean leader Kim Jong Un. The North Korean government has condemned the film in letters to the United Nations and the White House. A representative of the North Korean government denied responsibility in the attack.
The hackers compromised several screener copies of yet-unreleased Sony movies, including WWII drama “Fury” and the forthcoming remake of “Annie.” They also gained access to a great deal of confidential internal information. The Social Security numbers of several celebrities and the home addresses of many Sony employees have already been made public.
The exact extent of the leak is, as of yet, unknown. Sony has brought in an outside security expert to determine the extent of the damage while the FBI conducts an investigation into the origin of the attack.
On December 8, hacker group Lizard Squad launched another attack, this time targeting the PlayStation Network’s login server. Sony has not indicated whether consumer records were affected by the attack and the outage lasted only a few hours.
While there is no direct evidence linking the two events, the timing is suspicious, at the very least. Until Sony completes its investigation, there’s no way to know whether or not the same vulnerability was exploited by both groups. At time of press, the gaming network is secure.
What we’ve learned
As it turns out, individual web users aren’t the only victims who need to beware of suspicious downloads. In each of the big security breaches this year, corporate computer users have downloaded devastating malware onto company computers. Even the best security software couldn’t have protected against user negligence.
There’s no need for individual consumers to panic. No user data appears to have been compromised. PlayStation Network users might consider changing their passwords, but no further action is needed. Unless you work for Sony, it’s unlikely your personal information was compromised.
The real lesson from the Sony hack should be the prevalent threat of malware. Even with the highest caliber security software, downloading a dangerous file can do serious damage to your computer- and your identity. Here are a few guidelines to help keep you safe online:
- Don’t open attachments within emails unless you’re expecting them. The rise of email worms that spread using contact lists means we should always be suspicious of attachments. If you need to share a picture or document, consider using a secure upload service. Try free apps like Dropbox or Google Drive to keep your files safe and shareable.
- Don’t follow links if you don’t know where they’re going. A malicious program could be cleverly disguised behind a news headline. If you don’t recognize the host of the website, just don’t click it.
- Safeguard your login information. Don’t share usernames or passwords for any service with anyone. Any piece of identifiable information you publish can be used to fish for more passwords.
Continue to follow identity monitoring best practices. Check your debit/credit card statements. Change your passwords regularly and make sure it’s not easy like “123password” Keep an eye on your investment accounts. Report suspicious account activity immediately.
Andy Anderson is a Creative Thinker, Problem Solver and Vice President of Marketing at CDC Federal Credit Union in Atlanta, GA.