One of the highest profile hackings in recent months isn’t newsworthy because of the number of consumers affected - in this case, when Sony Pictures was hacked five films (four of which are currently unreleased) were leaked onto file sharing websites, resulting in a significant potential for revenue loss. But even worse, the hackers proved they were after more than just the films; employee information, Social Security numbers for both Sony employees and celebrities, the private aliases of a number of celebrities, and more were accessed from the servers.
In an interesting twist, the hackers—whom investigators believe may be North Korean, operating out of China—have actually posted a list of demands to Sony, demands which have so far been unmet. The latest demand is that Sony
Pictures pull the release of the James Franco and Seth Rogen film The Interview, a comedy that is supposedly about assassinating North Korean supreme leader Kim Jong-Un. Failure to comply by aborting the December 25th release of the film has been threatened with dire consequences.
While most of us don’t move in the same circles as Sony executives and filmmakers, this entire event must serve as a stark warning for the public.
Reports are already circulating that the hackers accessed two specific files in the Sony servers that were poorly labelled and therefore easily targeted. The first was literally named “passwords,” and the second contained “publicity bibles,” (link withheld by ITRC in order to protect the celebrities) which are the private names, addresses, and contact information for the celebrities who star in Sony’s films. This private information allows the actors to book flights and hotel reservations, make public appearances, and have as normal a lifestyle as possible; this information now makes it even easier for individuals to physically track down these exposed celebrities.
But apart from the unfortunate naming of the files that allowed hackers to zoom in on that content, the content of the files was especially alarming. In the password file, for example, there were allegedly passwords such as “password” and “s0ny123,” making the hackers’ jobs even easier.
This will hopefully be an example that sticks with consumers, especially where data security is concerned. It is vital that all users with any kind of computer access secure their content with strong, unique passwords in order to prevent hacking.
How do strong passwords protect you? In an article for DarkReading.com, Robert Graham describes the method in which hackers can systematically “guess” your password, even if you didn’t fall victim to handing it over through a phishing attempt. Graham highlights the math involved: a hacker can “guess” up to one billion character combinations per second, meaning that your five-letter password can be cracked in about ten seconds. But since this grows exponentially, it takes longer to crack longer passwords; where a six-word password will take 1,000 seconds for the hacker’s software to guess, an eight-word password will take 115 days for the computer to guess. If you add in a combination of letters (both uppercase and lowercase), numbers, and symbols like punctuation marks, the task becomes even more difficult.
However, if that hacker does uncover your password, he’s got complete access to everything you’ve done online if you don’t generate unique passwords. It’s tempting to come up with one really strong, easy to remember password, and then use it on all your accounts. Don’t do that. Create a new password that is equally strong enough to protect you on all of your accounts.
One way to do that might be to come up with a system for remembering. Don’t be tempted to use a password reminder program (or worse, a file on your computer called “passwords”), although an old-fashioned notebook that stays locked up can help you if you need it. You can also create a mental system that only you would recognize, such as incorporating the name of the company or website in some unobvious way into the password, then shifting the rest of your combination around slightly so that you can still remember it but a criminal can’t detect it. However you choose to create a password, remember that it’s a good idea to change passwords on highly sensitive accounts like your email or online banking from time to time.