The Sony hack was the worst corporate cyberattack ever, and now anyone with $30,000 in Bitcoin and the ability to use Tor can buy the type of exploit used to hack Sony on underground cyberweapon websites, according to ex-hacker Jon Miller.

The malware used to carry out the Sony hack wasn’t custom-made, Miller pointed out on 60 Minutes this Sunday. Miller said he could easily buy similar exploits from Russian hackers on darknet markets, and there are plenty of people who have the technical know-how to carry out the attack themselves.

Advertisement

“There are probably three, four, five thousand people that could do that attack today,” Miller said, emphasizing that it didn’t take much to rip apart a huge corporation.

When you look at it in contrast to the capabilities that the United States government are deploying, it is nowhere close to being sophisticated.

My favorite analogy is the malware that was used to hack Sony is like a moped, and the malware being deployed by United States intelligence agencies is like an F-22 fighter jet. It’s much more sophisticated, it’s much harder to detect.

Advertisement

The bottom line: Companies are as unprepared for attacks from run-of-the-mill malware as they are for top-shelf state-sponsored cyber espionage.

[CBS via CNET]

Advertisement