Haha I remember this story. I haven't fully read this article but do they mention that their passwords were shown during an interview? (source, in french: <a href="http://www.tuxboard.com/tv5-monde-mots-de-passe-clair-interview/" rel="nofollow">http://www.tuxboard.com/tv5-monde-mots-de-passe-clair-interv...</a>)
I once worked as a consultant to a subsidiary of one of the larger Cybersecurity vendors.<p>Many institutions have weak cybersecurity including healthcare concerns. In this Fortune article about he Sony hack, the CEO said basically that they did not want to spend the money for Cybersecurity. <a href="http://fortune.com/sony-hack-part-1/" rel="nofollow">http://fortune.com/sony-hack-part-1/</a><p>Target and Lowe's POS terminals were hacked because they were told to upgrade their software to a newer version of the OS and they didn't do it. The CEO of Target was canned as a result.<p>Many firms and other institutions love the power of computing without spending the money and hiring the expertise needed to maintain the security. There are private security contractors that these groups can hire <i>to ensure that their environment is fully secure </i>.<p>In addition to financial audits, shareholders should insist on cyber security audits to ensure that the firm or institution is acting in a responsible manner.<p>Obviously acting in a responsible manner regarding Cybersecurity is not a guarantee, but many cases of hackers breaking in is because of not even making the attempt to be secure.
Hijacking live broadcasts seems to be one of the ultimate hacker accomplishments. There is something about it that is far more disconcerting than just defacing a webpage. Seems like it would feel far more invasive, popping on your living room tv. Would love to know how much someone like the BBC spend on security, must be huge.<p>The most famous TV hack, Max Headroom [1] (NSFW), from what I recall involved overriding the terrestrial signal, presumably with very powerful broadcasting hardware. BBC are digital now, so I am surprised they haven't had a successful incident yet.<p>[1] <a href="https://www.youtube.com/watch?v=tWdgAMYjYSs" rel="nofollow">https://www.youtube.com/watch?v=tWdgAMYjYSs</a>
<i>"Any substantial delay would have led satellite distribution channels to cancel their contracts, placing the entire company in jeopardy."</i><p>Can someone explain that a little more? Are satellite carriage contracts so twitchy that going dark on a channel for more than a few hours forfeits your service?
"The attackers used seven different points of entry. Not all of them were part of TV5Monde or in France. In one case, a company based in the Netherlands was targeted because it supplied the remote controlled cameras used in TV5's studios."<p>= cameras with a backdoo^^^^cloud integration/permanently connected to manufacturers server.
I'd be really interested in seeing informed commentary on what is gained by this.<p>In general, crippling hacks aren't terribly useful -- they're embarassing and harmful to the targets, especially in shaking confidence. But they're not particularly useful to a general attacker. Having insider access to a television or broadcast entity would itself be useful.<p>Other options might be to test (or prove) the capability to take a target down, particularly in preparation for other more advanced capabilities.<p>The more successful parasites don't disable hosts, but hijack them to their own ends. That is something I'd find more troubling.<p>Online searches don't show much at Schneier or other security-minded blogs. Am I missing something?<p>I did find a Friday Squid discussion: <a href="https://www.schneier.com/blog/archives/2015/04/friday_squid_bl_473.html" rel="nofollow">https://www.schneier.com/blog/archives/2015/04/friday_squid_...</a>
> And that is indicative of a new trend: attacks with physical-world consequences.<p>In general, I think all attacks made against computers have physical world consequences. Time, money, disrupted services...
The cost is $3m per year for each year after the attack for extra protection ... I'd argue they were discounting their security posture by $3m every year before the attack.