Sony’s Internet security has once again failed to protect user data following another successful cyber attack on their website.
Hackers gained access to personal information from over a million account holders on the Sony Pictures website by means of a simple technique, claiming their intention was to highlight the poor standard of security employed by the Japanese company.
Security experts voiced their agreement with the hackers, who call themselves Lulz Security, and questioned why certain basic measures hadn’t been taken to fix the holes in Sony’s security that in April led to the data theft of over 100 million user accounts.
Experts said that the method used by Lulz Security was a well-known hacking technique and that it could have easily been blocked. Graham Cluley from Internet security company Sophos said that any website that takes itself seriously should be able to prevent such simple attacks.
Cluley said that Sony is “becoming the whipping boy of the computer underground,” and predicted it will have its hands full over the coming months as more and more hackers step up to humiliate the beleaguered electronics giant.
Lulz Security, whose name refers to the internet slang LOL, or “laugh out loud”, stole personal information from over one million user accounts, publishing postal and email addresses, phone numbers and passwords online. It also said it could have leaked more information had it not been for a lack of resources.
Lulz called Sony’s cyber security “disgraceful and insecure,” claiming user passwords were stored as simple text files without any encryption. It encouraged fellow hackers to steal as much information as they could from the website.
The message it sent out to the owners of hacked accounts was simple: “Blame Sony”. And it appears many customers agree.
In a media interview, Ohio-based IT trainer Tim Rillahan was one user whose information was published online. He said that he had yet to hear anything from Sony about the attack, which had taken place almost 24 hours before.
"Sony stored our passwords in plain text instead of encrypting the information. It shows little respect to us, their customers,” said Rillahan. "I have since been changing my passwords on every site that uses a login.”
John Bumgarner from the US Cyber Consequences Unit said that storing password information unencrypted was totally unacceptable for any Internet-based company, let alone one of Sony’s standing. "It's time for Sony to press the reset button on their cyber security program before another incident occurs," said Bumgarner.
The relatively unknown Lulz Security came into notoriety last weekend after it hacked the PBS television website, publishing a fake story claiming that iconic rapper Tupac, who died 15 years ago, was alive and living in New Zealand.
Key Points – Cyber Security (source: Visiongain)
- In 2011, the global budget for cyber security will top $12.5 billion.
- Major players include Boeing Defense, Space and Security; F-Secure Corporation; Kaspersky Lab; McAfee; Microsoft; Northrop Grumman Corporation; and Symantec Corporation.