I really need to catch up with the series. I stopped watching around the middle of season 2 (season 3 and 4 are better from what I understand).
Still, I have already been spoiled of what I suppose is the last scene of the series, and if it the implications are true, then yes, the show runners deserve commendation for their ballsiness.
Contrary to what people think, it is impossible to keep hackers out if they are really determined, resourceful and patient. This has been proven through legitimate security and penetration testing. The guys who did this were skilled and this was a focused attack. They were willing to take the risks of detection, which Sony really dropped the ball on right there, all things considered. This isn't the PSN attack 2.0. Sony Pictures may well be a separate network from PSN: different IP addresses, different domain, different security, etc. Their security may well be good enough to stop your usual hackers, who usually try a few times, and then go find an easier target. Determined hackers? All networks are vulnerable, if only because they have an internet connection.
Yes, I’m aware hacking into a corporation in order to steal information is not an easy or trivial task. I also know any system is ultimately vulnerable if the intruder is skillful and determined enough. But from what I have read, Sony Pictures really dropped the ball in terms of cybersecurity: Putting aside they didn’t report it the first time it happened, from what I understand, a lot of their passwords and credentials for critical systems were not encrypted but stored in plain text, which apparently was similar to how badly the situation was when the PSN was hacked. Even if they are separate divisions with separate infrastructures, you would believe someone at the Pictures division would have learned something from that, but then again, I suppose the horror tales I have heard/read from IT people working at large corporations are true after all (you know, how executives don’t really care about how unprotected their systems truly are despite the guys in charge constantly telling them, only to then harp on and blame them once the worst happens despite the IT guys warning them beforehand).
And then there is the fact that the claimed reason for these hackers risking prison was to stop the release of a movie with an unflattering depiction of North Korea’s dictator, which is ridiculous on so many levels… Of course, it’s possible that’s only an elaborate lie to deflect attention from their true intentions. Last time I checked, the authorities were still inconclusive about the source of the attack.
I do feel bad for the employees who got their personal information exposed though. Those are ultimately the true victims in all this mess.