There are many superlatives to describe the hack of Sony Pictures Entertainment. It has been called the “worst” and “most destructive” hack of all time. It has been likened to a nuclear bomb. It has been called an act of cyber warfare.
But, behind all the hyperbole, the Sony hack is just another hack – albeit a bad one. And like any other cyber crime, there are questions about the ‘whys’ and ‘how’s’ of the Sony hack that have yet to be answered to anyone’s satisfaction. Chief among them: how the attackers were able to sneak terabytes of data off of Sony’s corporate network without being noticed.
[Read more Security Ledger coverage of the Sony Pictures Hack here.]
The sad truth may be that making off with terabytes worth of data may be easier than you think.
Like you, I found this notion preposterous. But an informal poll of respected security experts that I conducted found then in agreement that the vast majority of enterprise environments aren’t instrumented to look for unusual traffic patterns of any sort.
And that’s true even of eye-popping anomalies like terabytes of data taking wing. Even in cases where data theft might consume network resources and otherwise disrupt service, the experts I polled weren’t confident that most enterprise IT shops would have the tools to spot the theft — forget about the subtle, rate limited and surreptitious transfers that even moderately sophisticated hacking groups will use to get data off a network.
Asked what methods remote hackers might use to steal as much as 100 terabytes of data, one security pro responded to me by email with “Start transfer. Wait.” “Ask your local IT wonk ‘what was the largest recent transfer outward from your network?’” he continued. “You’ll get no answer.”
Editor’s post: this column originally appeared on the Digital Guardian blog. Read the entire post here: The Art of Stealing Terabytes | Digital Guardian.