Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • Report of Sony Picture Attack

    Uploaded by

    Mohammad Zahid
    35 views5 pages
    On November 24, 2014, Sony Pictures Entertainment was hacked by a group called The Guardians of Peace, who were able to breach Sony's security systems and bring their networks down. This resulted in the theft of over 100 terabytes of data, including social security numbers, salaries, unreleased movies, and other private information that was posted online. The hackers demanded that Sony not release the film The Interview. This paper discusses security controls like malware protection, monitoring, encryption, and incident response that could have limited the impact of the hack and prevented it from resembling a fictional Hollywood hacker plot.

    Original Description:

    Original Title

    (Report of Sony Picture Attack)

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    On November 24, 2014, Sony Pictures Entertainment was hacked by a group called The Guardians of Peace, who were able to breach Sony's security systems and bring their networks down. This resulted in the theft of over 100 terabytes of data, including social security numbers, salaries, unreleased movies, and other private information that was posted online. The hackers demanded that Sony not release the film The Interview. This paper discusses security controls like malware protection, monitoring, encryption, and incident response that could have limited the impact of the hack and prevented it from resembling a fictional Hollywood hacker plot.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    35 views5 pages

    Report of Sony Picture Attack

    Uploaded by

    Mohammad Zahid
    On November 24, 2014, Sony Pictures Entertainment was hacked by a group called The Guardians of Peace, who were able to breach Sony's security systems and bring their networks down. This resulted in the theft of over 100 terabytes of data, including social security numbers, salaries, unreleased movies, and other private information that was posted online. The hackers demanded that Sony not release the film The Interview. This paper discusses security controls like malware protection, monitoring, encryption, and incident response that could have limited the impact of the hack and prevented it from resembling a fictional Hollywood hacker plot.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    ABSTRACT

    On November 24, 2014, an occurrence nearly hauled directly out of a 90's programmer film
    changed into an enormous PC hack. A gathering considering itself The Guardians of Peace
    (GOP) figured out how to penetrate Sony Pictures Entertainment and bring their frameworks
    down to a sudden stop. Coming about because of this break the GOP professes to have taken
    more than 100 terabytes of information containing Social Security numbers, compensations,
    motion pictures, and other actually recognizable data. In no time, the taken information was
    posted on the Internet alongside requests from the GOP bunch that included not delivering The
    Interview. This paper will bring up a portion of the Critical Controls that might have been used
    to limit the effect the GOP had on the Sony penetrate. Using even a couple of the Critical
    Controls, for example, malware safeguards, checking, review logs, encryption, controlled
    utilization of managerial accreditations, and occurrence reaction might have given the important
    executions needed to keep a 90's programmer film from transforming into the real world.
    When Sony Computer were hacked it was spreaded all our the network and each and every
    network which is been connected with that hacked computer was also got hacked and a window
    is been displayed over the all computer

    This picture shows that there privacy has been compromised by the hackers and they aren’t been
    able to and links are been shown in the picture which shows that there compromised data is been
    places over these links they can check if they have any issues

    Loss of Sony :

    ● 100 terabytes of data


    ● Social Security Numbers
    ● Motion pictures
    ● List Employees salary ,bonuses,compensation
    ● Checks given to Actors
    ● Unreleased movies
    ● Actors numbers
    ● Passport and visa information of Actors of Hollywood
    ● Seven L:awsuit files to sony
    ● $45 million Loss
    ● They Have to stop release of there movies due to Hacker pressure

    Attack Working

    It is a Trojan attack and its real name is WannaCry . It consist of Three Parts

    ● Wiper dropper
    ● Wipe data
    ● Override disk

    Wiper Dropper :

    What it does it get all to to hacker server

    Wipe Data :
    It wipes all data from the hard disks and also from those which is connected to this network

    Override Disk :

    Here it will override all data with there own code and make it unusable for others and from here
    they perform system tasks and get access to system

    Language :
    It is been made using .Net in C# Language Here is its working shown in following diagram

    Solution
    When this attack happened at that time there was no Ethical hacking team available at Sony
    Pictures. When this happened they assigned some of higher professionals to counter this but they
    weren't able to handle this . Then the FBI entered to check the vulnerability and they found that
    this attack was done by North Korean hackers due their language pack.
    Some of the strategies that they have to use in order to counter that attack are following :

    1. Data of Authorize and Unauthorized Devices


    2. Malware Defence system
    3. Data recovery Capability
    4. Continuous check of system
    5. Secure Configuration for all devices
    6. Wireless Access Control
    7. Security Professionals
    8. Secure Network Engineer
    9. Penetration Tester
    10. Account Monitoring Control

    You might also like