By Neal O'Farrell, Security and Identity Theft Expert for CreditSesame.com
When Sony announced its most recent hack, the news was greeted with a lot of shrugging, yawning and here-we-go-agains. But maybe even more so this time because in the latest attack against the entertainment giant, we the people were not the target. So there was no trawling through hacker forums in search of kidnapped card numbers. No mass cancellation and replacement of credit and debit cards. And no free credit monitoring, for anyone. Whah!
But then something happened. Something the likes of which we breach-jaded consumers had never seen before. As the hackers started to slowly reveal their hostages, the world began to realize that this one was different. Very different.
It started with the release of some of Sony's biggest upcoming movies - movies that weren't due for release for weeks and even months. The unprecedented release not only took the steam out of the launch of those movies (which will probably hurt their profitability), it also gave an early Christmas present to millions of movie bootleggers.
Sony executives were further embarrassed by the release of detailed information on the costs and profitability for some of Sony's best-known movies of 2013. That was followed by the release of the personal information, including Social Security numbers, of more than 47,000 Sony employees and even some celebrities. The hackers even turned up the humiliation dial by suggesting that employees had the option of personally begging the hackers not to release their personal information.
But Sony's suffering was only beginning, as the hackers slowly released the contents of numerous emails that purport to be between Sony executives and about a variety of celebrities, from Angelina Jolie and Leonard DiCaprio to President Obama.
In previous mass hacks, the theft of email addresses usually meant a higher risk of phishing schemes. In the Sony hack, it involved the release of the contents of email.
Some of the sensitive topics of the released emails included:
- Embarrassing conversations about why actor Jennifer Lawrence didn't get paid as much as her male co-stars in the movie Hustle.
- Sony's efforts to hide its involvement with the movie by suggesting it be released under the Columbia Pictures name instead.
- Insights into how the movie industry planned to target Google in its efforts to combat online piracy.
- Secret plans for new movies and who might star in them, as well as the script for the latest and yet-to-be-released James Bond movie.
And as if the breach and the theft of intellectual property weren't bad enough, Sony and its reputation may never recover from the embarrassment and humiliation of what was in those email conversations.
If this becomes a trend, it could be very worrying for us all. Using hacking as a weapon against a business, through public humiliation, extortion, intellectual property theft and economic harm is a hack that can be tuned for the masses.
Hackers of all types and skill levels may start focusing on hacking to humiliate, embarrass, harass and extort anyone they choose. Your most sensitive emails, text messages, photos and videos could be used to hurt your reputation, humiliate and embarrass you, and even try to force you to pay up in order to kill the threat.
The hackers don't have to target you directly. With so much private information now available on hacker forums, more garden-variety criminals may be tempted to start buying this information and extorting its owners.
And we've already seen small signs of that trend. Like disgruntled spouses breaking into the Facebook accounts of their significant other and posting offensive messages and photos. And doxing has been growing in recent years, where hackers and others will post a wealth of personal information about an individual, often to simply make them afraid.
The impact on business could be significant too. The FBI admitted that the malware used in the attack on Sony was so sophisticated, it would have blown past 90% of security defenses. Which means all kinds of businesses must be worried about this new battle front where not only is their intellectual property the target of attacks, but highly sensitive and potentially embarrassing secrets and internal communications could be exposed to the world.
The torment isn't over for Sony. The hackers behind the humiliation are promising more, hinting at the release of a big "Christmas Gift" that will include more, and even more embarrassing secrets. Rest assured, the hacker world is taking note of how successful these hackers were in breaching and humiliating one of the world's biggest and most respected corporations. We may all be Sonys.
This post originally appeared on CreditSesame.com. Neal O'Farrell, Credit Sesame's Security and Identity Theft Expert, is one of the most experienced consumer-security experts on the planet. Over the last 30 years he has advised governments, intelligence agencies, Fortune 500 companies and millions of consumers on identity protection, cybersecurity and privacy. As Executive Director of the Identity Theft Council, Neal has personally counseled thousands of identity-theft victims, taken on cases referred to him by the FBI and Secret Service, and interviewed some of the nation's most notorious identity thieves.