The Sony hack was the worst corporate cyberattack ever, and now anyone with $30,000 (£20,500) in Bitcoin and the ability to use Tor can buy the type of exploit used to hack Sony on underground cyberweapon websites, according to ex-hacker Jon Miller.
The malware used to carry out the Sony hack wasn’t custom made, Miller pointed out on a US news programme this Sunday. Miller said he could easily buy similar exploits from Russian hackers on darknet markets, and there are plenty of people who have the technical know-how to carry out the attack themselves.
“There are probably three, four, five thousand people that could do that attack today,” Miller said, emphasising that it didn’t take much to rip apart a huge corporation.
When you look at it in contrast to the capabilities that the United States government are deploying, it is nowhere close to being sophisticated.
My favorite analogy is the malware that was used to hack Sony is like a moped, and the malware being deployed by United States intelligence agencies is like an F-22 fighter jet. It’s much more sophisticated, it’s much harder to detect.
The bottom line: companies are as unprepared for attacks from run-of-the-mill malware as they are for top-shelf state-sponsored cyber espionage.