[Cryptography] Sony "root" certificates exposed

[Jerry Leichter]

On Dec 15, 2014, at 10:02 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> There were also certificates for a JP Morgan Chase electronic corporate banking application....
Given that, the attackers could likely have stolen millions before they were noticed.  The whole movie business revolves around corporations set up for particular movies, or particular parts of particular movies - and those one-off corporations have sudden large expenses.  Someone with access to the corporate accounts should have been able to shift large amounts of money without it looking suspicious - especially as they also had the access needed to manipulate or create schedules so that it would really look like a shoot was starting up.  It would take a while for anyone to notice.

The guys who did this were after (a) mayhem; (b) lulz; in some combination.  Much more of (a) than of (b).  They weren't after money, nor were they trying to do damage to the broader industry, much less the American economy.
                                                        -- Jerry