Exclusive: How Sony is fighting back

Powered by SC Magazine
 

Systems that monitor staff and user behaviour could detect social attacks.

There are cushier jobs than leading Sony Entertainment Network’s burgeoning security shop, but Brett Wahlin was never one to shy from a challenge. So when the entertainment giant looked to revamp its security in the wake of the devastating hacking attacks against its PlayStation Network last year, the former McAfee Chief Security Officer answered the call.

By the end of 2011, Sony had been attacked more than 20 times by ‘hacktivists’ angry at its attempts to prevent modification to its PlayStation 3 console. The attacks ranged from petty denial of service attacks, to defacements and ultimately took Sony’s PlayStation Network online gaming platform offline for almost a month.

Wahlin joined Sony as its first CSO, when only four security staff remained at the company in October last year. The revamped security department is a smaller version of Microsoft’s Trustworthy Computing Group, following its tenets of security, privacy, reliability and business integrity. The new department, Wahlin says, is the “connective tissue” that ties Sony’s electronics and computer divisions together and is the company’s biggest investment in information security.

Sony wanted to expand beyond stock-standard information security, and enhance and automate processes, implement better software code audits and run regular internal penetration tests.

In October, Sony created a security operations centre (SOC) run by HP and Arcsight. Its staff report to Wahlin and analyse feeds from all corners of SonyEntertainment Network, including information security and CCTV feeds. The centre’s goal is to automate security prevention capabilities so staff may work on enhanced detection and response.

If the SOC and the fledgling security department are successful in building a resilient and adaptable security posture, it will be expanded to the various independent departments that make up the Sony brand.

Wahlin is a specialist in the field of social engineering, having served as a counter-intelligence officer in the US Military for eight years during the Cold War. SC Magazine Australia has previously reported on Wahlin’s work on complex social engineering defensive measures for McAfee, based on his counter-intelligence background. Under Wahlin’s leadership, McAfee also re-engineered and de-perimetrised its internal network.

To Wahlin, defending against the ‘Anonymous’ hacktivist collective means thinking like a modern-day social engineer. “The types of attacks we see are by groups with social agendas. The methods they use aren’t the same as the state-sponsored guys.”

Wahlin knows the state-sponsored attacker well. He fought them in the army, and at McAfee. That enemy prefers to target supply-chain organisations, governments and the corporations they deal with.

But Anonymous is different, and aims to damage targets, not profit from them. “At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different.” This new strategy will stand on the shoulders of the tried and tested model Wahlin built at McAfee.

Locking down

Like many large organisations, Sony is not a single beast but a network of thousands of minds in hundreds of countries. To a social engineer, each staffer is a potential target with different levels of vulnerability and privilege. Sony’s customers – millions of PlayStation gamers – also are counted as victims and vectors of attack.

Wahlin is drafting an ambitious strategy to combat the threat. The strategy combines social engineering psychology with data analytics and user education, using Wahlin’s counter-intelligence, FBI-inspired human behaviour profiling methods and advanced fraud detection systems.

We are looking to see if there are there key elements within a person’s interaction with their environment. That could be interaction with badging systems, with telephones – when and who do they call– and with systems like browser habits and applications used,” he says. “All these things allow us to set up a pattern for users, so when something different happens we can respond.”

Wahlin plans to have these complex information streams pour into Sony’s SOC. There, the process of separating normal from the abnormal would be automated. The centre would know, for example, what applications staff typically use, the web sites they normally visit and so on.

If we detect unusual activity, it may be that someone’s been owned by a Trojan that we don’t know about, and we can stop data flying out the door.” Similar monitoring systems could detect social engineering attacks made against staff by monitoring Sony’s IP phone network and building a profile of who users call, when, for how long and what actions they take during the call.

Wahlin is also melding the social engineering craft with Sony Entertainment Network’s fraud team which monitors the PlayStation Network for suspicious transactions. Here, Wahlin is considering how counter intelligence strategies could help analyse user buying habits – including purchases of music, movies and games – to increase the effectiveness of the anti-fraud team.

You start to see a lot of similarities to the social engineering tradecraft in the Cold War... they have a discrete set of characteristics and targets and if we can begin to adapt some of the pattern recognition to a digital-based [environment]... we may be able to detect fraud more effectively.”

Wahlin is particularly interested in coupling available fraud detection systems with social engineering prevention methods to reduce false positives that result in legitimate transactions on the PlayStation Network being blocked. The security team is now building a profile on what makes a typical gamer to generate data that Wahlin hopes will position Sony to detect fraud and fight social engineering attacks by phone, email and physical intrusion.

Education

Why do people keep clicking on [bad] links, why do they give out information that they shouldn’t over the phone, and what are the barriers to change this?” Those questions underpin Sony Entertainment Network’s education strategy, dubbed Security Transformation. It strives to examine why users are resistant to change and provide a method to make security a habit.

The Security Transformation program rides on the coattails of Sony’s workplace safety education strategy which pushed home the personal benefit of safe practice – put simply, be safe if you don’t want to go to hospital.

For the program, Wahlin is researching how to tie good security practice to the values of staff. But this becomes complex in an organisation the size of Sony. “Your typical education program of emails, mouse pads and posters – no one pays attention to that,” he says.

Everyone has their own hot buttons, different genders, age groups, ethnic backgrounds, and even job types – they all have a different innate senses of satisfaction that you have to meet in order for staff to see security as valuable. “Then we need to get them to repeat it until it’s [a] habit.” 

This article first appeared in SC Magazine's March print edition.

Copyright © SC Magazine, Australia


Exclusive: How Sony is fighting back
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1428

Vote