Sony movie studio's chief executive, Michael Lynton, called the hacking against Sony Pictures like "burning down the company". He revealed that the studio's network was still down more than six weeks later and was expected to remain that way for weeks longer.
"They came in the house, stole everything, then burned down the house," Lynton told the AP. "They destroyed servers, computers, wiped them clean of all the data and took all the data."
How would you like someone to come in, steal everything on your computers and then erase all of the data?
January 10 hackers invaded military sites and on the 11th the White House announced hacking into its sites. Government officials said that China or Russia have THE ABILITY TO HACK INTO CONTROLS OF US power cut meanies and infrastructure.
Business should make internet security a key item for 2015.
It has now been disclosed that banks throughout the world, have been hacked for $300,000,000 to $900,000,000 in the last 12 months. One method is that hackers instruct ATM machines to disburse thousands of dollars at a set time of day, and the hackers just go by and pick up the cash. Most banks have not reported this in public for fear that it would undermine "confidence in banking" of bank customers. The sad part is, that we have found that most bank security systems are easy prey for hackers, because many bankers simply do not believe, or understand how vulnerable their institutions are.
We are seeing more and more attacks on business, government, municipalities, journalists and individuals. One service reported to us that they have "thousands of hacking attacks daily" and this is not something to ignore. Boothe Global Perspectives, has had experience with these attacks.
For example, one article that we wrote about Russia's invasion of the Ukraine, brought cyber attacks from Russia trying to close our site server down. Another article we published about HH the Dalai Lama, our article took a view supporting the Tibetan people which prompted thousands of attack hacks on our servers from China. In a third incident, when we spoke of the issue of freedom of speech regarding the movie THE INTERVIEW, cyber attacks from N. Korea tried to hack into our account. But our technology is good, and we have system protection, walls and security filters. We have taken steps to protect ourselves against hacking attacks, and thus far BootheGlobalPerspectives has not been shut down. If only banks, giant retailers, newspapers and big businesses (which have lost millions of confidential customer records) had put in the systems that BootheGlobalPerspectives has, they would have saved much in time, money and frustration, (not to detail the legal liability). Kim Zetter wrote an article published in Wired, that was excellent and we have quoted part of her work in this article. But we wish to specify a few things to begin to protect your firm. If you need help, internet security consultants can help. Because we work with banks and businesses from coast to coast and see what can happen we highly recommend that if you are a business or institution, you should take improved internet security steps in 2015.
Security systems like ours, are a must for hotels, banks, journalists, large and small retailers, or anyone who keeps private or confidential information, telephone companies, city and county computer systems, independent home office companies, retailers, public utilities, universities, hospitals, TV, Radio and broadcast companies, CPA's, attorneys, and especially police, security and national defense offices.
This is not a cold war, it is a war of technology, that could inflict huge damage to nations, companies, and individuals. Systems such as broadcasting, utilities, police work, and every day communications can be destroyed or disrupted by hackers.
Your deepest financial confidential records may be vulnerable. Your reputation is vulnerable.
We recently learned that homes that have remote security systems, that can control appliances, TV's, and security cameras, have been hacked and people can actually find that they and their computers can be used by "internet peeping Tom's" to eavesdrop on their lives. And it could get worse, if you consider digital internet based phone systems and internet controlled burglar alarm systems.
INITIAL BABY STEPS TO PROTECT YOUR COMPANY FROM HACKERS
- Back up everything in virus protected, off line computers, or vaulted CD's.
- Put in effect monitoring systems to alert you when someone is trying to break into your system.
- Monitoring system should be able to track the "hacker IP number, physical location, address, what they are looking at, date, time and computer services used"
- Encrypt every web page
- Change every home page from an HTTP to an HTTPS system
- Encrypt all communications, emails and electronic transmissions when possible
- Have systems in place that can dismantle or block GPS and tracking of your employees from outsiders
- Hire an exceptionally smart team that is experienced at this, and which can do ta coordinated unified program for you, and link this system together in a way that is constantly updated and improved. This is not the type of work you should give to someone without excellence of experience. Consider this, you are fighting a war of skills and expertise., against some of the smartest young people on earth. Do not hedge on the cost of getting excellence.
- Scan your "vaulted files" daily for virus, malware, and unwelcome bugs.
This is just a beginning, but can recommend that every person, every company should consider the above baby steps. We have seen too many banks, retailers, hotels and prisons that simply do not have internet protection. There are other suggestions that we can make, that we will not mention here, to preserve their integrity.
The next step in security, in light of recent developments in Paris, is to take physical steps, and electronic security (off line), that will provide some alarm, alert and security for your employees. We have written about this before, but we have recommended that even prisons should upgrade security from attacks, with over 12 prisons in the past year, attacked from without, and criminals set free. This puts greater responsibility on police, FBI, and individual security people to create measures to protect and defend your people. The combination of the "cyber hackers" and "terrorist nuts" should focus every CEO and business owner of the need for greater security. Those beautiful, open glass buildings, should have another dimension of security, and many businesses will begin to build not only electronic security walls, but physical walls for protection in the future. The concept of "courtyards" that can be accessed only by cleared employees is gaining renewed interest.
As Kim Zetter in WIRED wrote:
We closed 2014 with new revelations about one of the most significant hacks the NSA and its partnering spy agency, the UK’s GCHQ, are known to have committed. That hack involved Belgium’s partly state-owned telecom Belgacom. When the Belgacom hack was first exposed in the summer of 2013, it was quickly hushed up. Belgian authorities made nary a sound of protest over it. All we knew was that the spy agencies had targeted system administrators working for the telecom in order to gain access to special routers the company used to manage customer cell phone traffic. New revelations about the Regin malware used in the hack, however, show how the attackers also sought to hijack entire telecom networks outside of Belgium so they could take control of base stations and monitor users or intercept communications. Regin is clearly just one of many tools the spy agencies have used to undermine private company networks. These and other efforts the NSA has employed to undermine encryption and install backdoors in systems remain the biggest security threat that computer users face in general."
Controversy still swirls around the Sony hack and the motivation for that breach. But whether the hackers breached Sony’s system to extort money or a promise to shelve The Interview, hacker shakedowns are likely to occur again. The Sony hack wasn’t the first hacker extortion we've seen. But most of them until now have occurred on a small scale—using so-called ransomware that encrypts a hard drive or locks a user or corporation out of their data or system until money is paid. The Sony hack—possibly perpetrated by hacktivists aided by a disgruntled insider or nation-state-backed hackers, according to the government and various alternative theories—is the first high-profile extortion breach that involved threats of data leaks. This kind of hack requires more skill than low-level ransom-ware attacks, but could become a bigger problem for prominent targets like Sony that have a lot to lose with a data leak." (Note from BGP: There is another breed of internet reporting extortion. This is a group of bottem feeders who search out photos or mug shots of people in embarrassing situations and post their photos or mug shots on line. These photos are renewed, internet optimized and kept up for months, sometimes for years. Many of these extortionists ask for money from the people, to take the photos down. We saw such a man, who posed as a reporter for the Dallas Morning News, who would put up mug photos, of prominent Dallas citizens and link them with key words so that every time a person did an internet search for that person, his "mug shot" would hit first in Google searches. When we notified the publisher of the paper, of this activity the paper ignored it, and has continued to let the Dallas Morning News publish items from this mug shot specialist.' It smells a little like "ransom-ware" and legitimate businessmen should avoid associating with such activities.)
The Sony hack announced another kind of threat we haven’t seen much in the U.S.: the data destruction threat. This could become more common in 2015. The attackers behind the breach of Sony Pictures Entertainment didn't just steal data from the company; they also deleted it. It’s a tactic that had been used before in attacks against computers in South Korea, Saudi Arabia and Iran—in South Korea against banks and media companies and in Saudi Arabia and Iran against companies and government agencies involve in the oil industry. Malware that wipes data and master boot records to render systems inoperable. Good data backups can prevent an attack like this from being a major disaster. But rebuilding systems that are wiped like this is still time-consuming and expensive, and you have to make sure that the backups you restore are thoroughly disinfected so that lingering malware won’t re-wipe systems once restored." Screenshot of global hacking attacks in progress. Most but not all attacks come from China to the US.
"Bank Card Breaches Will Continue
Card issuers and retailers are moving to adopt more secure EMV or chip-‘n’-PIN cards and readers, which use an embedded microchip that generates a one-time transaction code on in-store purchases and a customer-entered PIN that makes stolen data less useful to card thieves. As a result, card breaches like this are expected to decline. But it will take a while for chip-‘n’-PIN systems to be widely adopted.
Though card issuers are slowly replacing old bank cards with new EMV cards, retailers have until October 2015 to install new readers that can handle the cards, after which they’ll be liable for any fraudulent transactions that occur on cards stolen where the readers are not installed. Retailers no doubt will drag their feet on adopting the new technology, and card numbers stolen from older DNV cards can still be used for fraudulent online purchases that don’t require a PIN or security code. There’s also a problem with poor implementation; cards stolen in the recent Home Depot hack show that hackers were able to exploit chip-‘n’-PIN processing systems because they were poorly implemented. With the shift to EMV cards, hackers will simply shift their focus. Instead of going after retailers for card data they’ll simply target card processors that handle payroll accounts. In recent hacks involving the theft of $9 million and $45 million, hackers broke into the networks of companies responsible for processing pre-paid card accounts for payroll payments. After artificially increasing the balance and withdrawal limit on a handful of payroll accounts, mules around the world then cashed out the accounts through hundreds of ATM withdrawals in various cities."
(BGP Comment: All of the above said, please consider the importance of this. It is a matter of control of your private information, your business, confidential dealings, strategies, and memos. Consider all of the things that happen in your computers and your company. Do you want someone to have the ability to crash to computers, invade your privacy, and wipe our your information. Not to mention, those millions of people who have had their credit cards and bank accounts invaded and money stolen through ATM or electronic withdrawals.
We contacted our internet Guru, who does this for a living. For privacy reasons, we will call him "Sherlock" and he said: "Should companies desire, I and my team can put together a presentation for your management or your board of directors and give an overview of what the dangers are, and what can be done to protect your company. But these meetings require time, travel and preparation, so must be arranged in advance, with time and travel devoted to you compensated accordingly.") In our opinion, 2015 is the year that this type of service should be taken seriously.