Readers have no doubt been advised of the Sony computer hack that came to reveal Hollywood’s endemic racism, among other items. So sordid are the details that authority over the studio was simply relinquished to Al Sharpton. I must admit that the complete rehabilitation of no-longer fat Albert has been breathtaking. This dumb, rhyming, mush-mouthed, formerly jheri-curled charlatan has been remolded by his handlers into a real life Morgan Freeman character. His counsel sought by the president, his imprimatur required for any race impacting initiative. My God, the deplorable humiliation of feigning respect for this farcical fuck. Consulting Beetlejuice on affairs of state would be no less ludicrous. But this post isn’t about the identical real estate on the bell curve occupied by those two men. It’s about the easiest hack.
So how does one with formidable technical skills gain access to a hardened network? By perhaps the most counterintuitive method: use no technical skills at all. The softest target is the one between a man’s ears. And how does one gain access via that route? Easy, you ask for it…skillfully. From the rumors I have read, this is what occurred at Sony. The technique is called social engineering, which is techno-jargon for running a confidence game with computers. Kevin Mitnik is often regarded as the godfather of computer hacking. But in reality he was an old-fashioned con-man in a new-fashioned environment. Penetrating a sophisticated array of logical firewalls with access control lists and intrusion detection systems is very difficult. Asking a system administrator for his password is quite easy. And if you ask in a way that bypasses his critical faculties, he just may give it to you. It’s a tactic we’ll return to discuss in a much broader sense. Here’s one article of many speculating on how the Sony hack was executed.
U.S. investigators have evidence that hackers stole the computer credentials of a system administrator to get access to Sony’s computer system, allowing them broad access, U.S. officials briefed on the investigation tell CNN. The finding is one reason why U.S. investigators do not believe the attack on Sony was aided by someone on the inside, the officials tell CNN.
The revelation is part of what is behind the government’s conclusion that hackers operating on behalf of North Korea were responsible. The government is expected to publicly blame the reclusive regime as early as Friday. The hackers ability to gain access to the passwords of a top-level information technology employee allowed them to have “keys to the entire building,” one official said.
How exactly those system administrator credentials were “stole” is unfortunately not expanded upon. Though there is much to wager it is the result of a spear-phishing attack.
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source.
Here’s one version of a spear phishing attack: The perpetrator finds a web page for their target organization that supplies contact information for the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator. The email asks the employee to log into a bogus page that requests the employee’s user name and password or click on a link that will download spyware or other malicious programming. If a single employee falls for the spear phisher’s ploy, the attacker can masquerade as that individual and use social engineering techniques to gain further access to sensitive data.
If that was too esoteric, let me put it in terms of a conceptual email exchange between a fake Kakistocrat and say longtime commenter Rob…
Hey Rob, it’s me at the Cacizstocrazyblog. I’ve attached a link in my email and would appreciate if you’d go there and log in to your Gmail account so that I can link your account to my comment section. Then we can fast track all of your posts without moderation or delay. Thx buddy!
Rob of course wants access to premium Kakistocracy content and first dibs on our lengthy comment threads, and so promptly clicks on the link to a fake Gmail log-in page that is used to capture his credentials and harvest them in service to the nefarious kakistocratic designs of Toddy Cat most likely. Was a computer hacked in that instance? No, a person was. They were spear-phished. Here’s another related recent example.
Internet Corporation for Assigned Names and Numbers or ICANN, the global authority on providing unique web addresses across the world, was breached by hackers. According to the blog post by ICANN, hackers used ‘spear fishing’ to break into its systems in late November.
Email messages were sent to ICANN staff members which appeared to be coming from ICANN’s own domain. As a result several ICANN employees’ emails were compromised.
According to the post, the hackers accessed internal emails, gained administrative privileges to the Centralised Zone Data Service which was used to gather information such as names, postal addresses, emails and phone numbers. ICANN says the passwords were encrypted, but it has deactivated them as a precautionary measure. A members-only ICANN GAC wiki page was also accessed
In every phishing or spear-fishing attack, a mark is convinced to relinquish something of great value out of misplaced trust for a malicious actor. In most computer-related instances, what they relinquish are their otherwise well-guarded credentials. Though can we extrapolate the principle forward into society at-large? Have the people of the West been victim to the greatest spear-fishing attack in history? Have they relinquished something of irreplaceable value to those they thought to trust, who are actually mortal enemies in process of using it to attack them?
Dear friend, enter your children’s future and log on to multi-cult liberalism.com. Be sure to check the box that says you’re not racist!
Though for reference, if someone asks kindly for the keys to your country, you may want to make certain it’s Al Sharpton who’s actually on the other end of the line.