Hackers have stolen personal data, including credit-card authentication credentials, of 15,363 Roku users, with individual user account data selling for just 50 cents each on the Dark Web. 

Some Roku users were locked out of their accounts, with data thieves coopting them to make nefarious in-app purchases. 

Roku began to notify affected customers on Friday via email with this message. 

The streaming company also released this statement to Next TV: “Roku’s security team recently detected suspicious activity that indicated a limited number of Roku accounts were accessed by unauthorized actors using login credentials obtained from third-party sources (e.g., through data breaches of third-party services that are not related to Roku). In response, we took immediate steps to secure these accounts and are notifying affected customers. Roku is committed to maintaining our customers’ privacy and security, and we take this incident very seriously.” 

Bleeping Computer was first to report the data breach on Monday. 

The data breach, which occurred "earlier this year," according to Roku, stemmed from what's described as a "credential stuffing" attack, whereby hackers steal usernames and passwords from, say, Roku, then try them out in a range of other services. 

Fortunately, Roku's data doesn't include social security numbers, full payment account numbers, or dates of birth.

In what appears to be a massive and decade-long data heist, the Justice Department has successfully indicted two hackers allegedly working both with China's Ministry of State Security and for their own profit, who DOJ said stole terabytes (and hundreds of millions of dollars worth) of intellectual property, confidential business information and personal information over 10 years and in over 10 different countries, including the U.S. 

The ll-count indictment, which was returned by a grand jury in Spokane, Wash., charges Li Xiaoyu (李啸宇), 34, and Dong Jiazhi (董家志), 33, with conducting the hacking campaign, targeting industries as divergent as high tech manufacturing, gaming software and solar energy, as well as COVID-19 research. 

The hacks involved hundreds of companies, governments, non-governmental organizations (NGOs), dissidents, clergy, and human rights activists, often targeting companies in countries with strong tech industries. 

DOJ said they conducted the hacks from a safe haven provided by the Chinese government, and with help from the government.

Related: Justice Charges Chinese Hackers

One hack involved a California software gaming company (not identified other than as a subsidiary of a Japanese company). They allegedly stole the source code for two games, one of which had not yet been released. Another was of a U.S. educational software company and included the personally identifiable information (PII) of millions of teachers and students.*

There were also gaming software hacks of companies in Sweden and Lithuania. 

“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” said Assistant Attorney General for National Security John Demers in announcing the indictments. 

Related: FCC Seeks Input on Excluding Foreign Tech 

The hack was first identified on Department of Energy computers in Eastern Washington state.  

The hackers allegedly placed malicious shell programs and credential-stealing software on the computers they hacked--often hiding them in the recycle bin--allowing them to hijack those computers. 

The indictment charges the hackers with "conspiring to steal trade secrets from at least eight known victims, which consisted of technology designs, manufacturing processes, test mechanisms and results, source code, and pharmaceutical chemical structures." 

The defendants could face up to 50 years in prison. They are each charged with one count of conspiracy to commit computer fraud (a maximum of five years in prison); one count of conspiracy to commit theft of trade secrets (a maximum of ten years); one count of conspiracy to commit wire fraud, (20 years maximum; one count of unauthorized access of a computer (five years maximum) and seven counts of aggravated identity theft (a mandatory sentence of two non-consecutive years).  

Related: House GOP Leaders Tell President to Get Tougher on Chinese Hackers

House Energy & Commerce Committee Republicans, who just this week called on the Trump Administration to come down harder on China's hacking regime (see link, above), praised the move but want more. 

"Earlier this week, Energy and Commerce Committee Republican Leader Greg Walden (R-Ore), Foreign Affairs Committee Republican Leader Michael McCaul (R-Tex.), and Financial Services Republican Leader Patrick McHenry (R-N.C.) wrote a letter to President Trump urging action from the administration, including imposing sanctions, to hold China-linked hackers accountable," they said in response to the DOJ action. "Today, the Department of Justice indicted two Chinese hackers – working on behalf of the Chinese government – on 11 counts of hacking in an effort to access critical information, including sensitive data about potential COVID-19 vaccines. This is a strong step in the right direction, but more must be done."

Among the more they are looking for it more transparency. They have asked for a briefing from the Department of Treasure (and State) as well as whichever other agency the President deems relevant, so they can get a sense of the scope both of the attacks and the U.S. response.

* A spokesperson for major distance learning player Discovery Education said it was not the unnamed ed tech company cited in the DOJ indictment.

Bloomberg Businessweek appeared to have a major scoop on Oct. 4, when it reported on an investigation of an alleged spy hack by the Chinese government that infiltrated as far as CIA network servers.

The hack, the report said, originated with motherboards manufactured in China for San Jose, Calif.-based server tech vendor Super Micro Computer Inc. (aka “SuperMicro”). The tech company is alleged to have sold corrupted motherboards to unwitting clients including Apple and Amazon. These motherboards are said to have had tiny, grain-of-rice-sized chips embedded into them that would allow backdoor access to otherwise secure networks by Chinese operatives.

Related: Amazon Denies Report That AWS Elemental was Pawn in Chinese Chip Espionage

On Tuesday, Bloomberg published a follow-up, reporting that an unnamed U.S. telecom company found and removed “manipulated” SuperMicro hardware in August. This discovery, the news agency said, was provided by an Israeli security expert, after he read Bloomberg’s initial report last week.

Bloomberg said that its two veteran reporters behind the story talked to 17 sources working for Apple, Amazon and in the national intelligence community.

But the latest report represents a kind of doubling down for Bloomberg, which received extraordinarily vehement denials on its original story from Apple, Amazon and SuperMicro last week.

“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server," the computer giant said in a statement. “Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.”

Apple didn’t stop there. It’s VP of information security, George Stathakopoulos, sent a letter to key Congressional committee heads over the weekend, assuring them the story is simply “not true.”

“We are struck by the fact that the gravity and magnitude of the claims seemed to be undermined by their uncertainty around key details,” Stathakopoulos wrote.

Bloomberg said the investigation into the spy chips began in 2015, when Amazon purchased cloud video company Elemental Technologies and asked to audit some of their motherboards.

"As we shared with Bloomberg BusinessWeek multiple times over the last couple months, at no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems," Amazon said in an emailed statement. "Additionally, we have not engaged in an investigation with the government.”

Amazon later added, “[W]hen Amazon was considering acquiring Elemental, we did a lot of due diligence with our own security team, and also commissioned a single external security company to do a security assessment for us as well. That report did not identify any issues with modified chips or hardware.”

Still, it’s a world-shaking story … if it holds up,” noted New York Magazine.

But with two notoriously press-shy companies being so aggressive in their denials, New York wondered, if Bloomberg Businessweek, “a very cautious publication with extremely stringent editing standards, and two veteran reporters with decades of experience between them, got badly played by over a dozen sources spread across Apple, Amazon, and the national intelligence community.”

Orange is the New Black saw a sharp increase in demand around the world in the wake of a hack that spread the fifth season of the Netflix original series ahead of its scheduled premiere on the OTT SVOD service, according to data culled by Parrot Analytics.

Over a seven-day period, there was a rise in demand for the series following the breach, with demand in the U.S. up as much as 40% compared to that during the series’ fourth season, the company said.

A group of internet hackers that refers to itself as The Dark Overlord hacked into a production company that produced episodes of season five of the popular Netflix series and released 10 episodes from the new season after its demands for money were not met.

RELATED: Netflix Series Hacked, Other Programmers Could Follow

The leak of those episodes could cause demand to droop when Netflix releases season five of Orange is the New Black on June 9, Parrot Analytics predicted.

“The fact that stolen and leaked episodes are able to generate this much demand is significant,” Wared Seger, CEO of Parrot Analytics, said in a statement. “[A]lthough we don’t believe they [Netflix] will lose any subscribers, we do believe it is likely that when Season 5 launches in June, it may not generate as much demand as did the prior seasons.”

“For digital original series where the entire season is released at once, we observe that they are hugely popular for two or three days before demand begins to decay exponentially. We have seen this phenomenon for every SVOD platform, be it Netflix, Amazon, Hulu or elsewhere,” added Kayla Heeds, the firm’s industry data scientist.

According to Parrot Analytics’s 2016 global Digital Originals Report, Orange is the New Black was the fourth-most popular digital original series last year, ahead Stranger Things, but behind Fuller House, Gilmore Girls and Marvel’s Luke Cage.

Parrot Analytics tracks cross-platform usage via a mix of A.I. and global data, and analyzes petabytes of content demand data from consumers in 249 countries.

“This … is … bad.”

The chief information officer at Liberty Global, Veenod Kurup, mouthed those words, mostly to himself, as he saw the Guy Fawkes mask of Anonymous appear in the YouTube video.

It was bad enough that there was an outage in the system, and a big one. Hundreds of thousands of homes and counting — eventually 2.2 million, or nearly two of every three of Liberty’s Netherlands broadband subscribers — were now essentially unplugged.

Worse, the cause wasn’t a late summer storm or a lightning strike, but something far more devious: a breach in the company’s cyber defenses through an overwhelming distributed denial-of-service (DDoS) attack on company servers.

Transfixed by the video, Kurup and other executives realized the unfolding tech nightmare was getting worse. It appeared to be the sinister work of Anonymous, the infamous global Internet vigilante group known for ferocious attacks.

The Liberty executives listened in disbelief in their offices near Amsterdam as the eerie synthesizer-distorted voice on the screen explained how the next attacks would be even harsher. The target: Liberty Global’s newly acquired Ziggo operations in the Netherlands.

The audio ended with a version of the group’s signature coda: “We are Anonymous. We are legion. We do not forget. We do not forgive. F---k your bad services. Expect us.”

When it ended, the room fell silent for a second.

Over the ensuing 72 hours of August 2015, a bizarre chain of events would leave Liberty executives flummoxed, and forever wary. The crisis would embroil an eclectic set of characters, including frazzled cable engineers, detectives with the Dutch Police’s High-Tech Crime Unit, cyber gumshoes at the National Cyber Security Centre, the digital vigilante group known as Anonymous, copycat hackers looking for Internet glory and the true perpetrators, who briefly evaded authorities despite their crude methods.

In bringing down Liberty Global’s Ziggo network, the criminals and the manhunt to capture them yielded some crucial lessons for the many media companies — indeed, any major industrial concern — that will inevitably confront this insidious peril of the Internet Age: that they will be victimized by a hacker or attacker hell-bent on stealing data, demanding money or bringing the system down.

Hacking is big business, and it’s getting bigger. Cybercrime inflicts annual costs to the global economy exceeding $400 billion, according to a study by the Center for Strategic and International Studies, sponsored by cybersecurity firm McAfee. Costs could reach up to $2.1 trillion globally by 2019, according to Juniper Research. Other estimates put the figure at a mind-boggling $6 trillion within five years, including lost productivity, fraud and post-attack disruption.

Cable operators and other ISPs rarely speak about cybercrime for fear of inadvertently revealing network vulnerabilities, but given the widespread, mostly unauthorized revelations about the Netherlands cyberattack, Liberty executives agreed to share limited details to clarify the episode.

Sometimes a breach occurs for all the wrong reasons. A company can do all the right things, create the best safeguards and vigorously review security, but may overlook a tiny flaw in the system.

Liberty’s network, like that of many ISPs, is attacked constantly in a variety of ways (see chart), but the attempts are kept at bay with increasingly sophisticated safeguards. Though outages at big ISPs from hackers are rare, the odds continue to grow in the hackers’ favor as digital commerce and cloud computing thrive. Wireless operations are, in many ways, even more vulnerable.

Evolving prevention and detection strategies are as elaborate as they are endless: “honeypots,” for example, are computer systems set up to act as a decoy to lure cyber-attackers and study their methods. Liberty had long ago implemented a holistic approach to security beyond just firewalls, with a 24-hour monitoring team in a global security operations center. Highly trained executives followed a thoughtful crisis-management process. Recent upgrades had already reduced malware infection rates by 25% since January 2015. With a comprehensive plan backed by best practices, the network security team was comfortable the company could withstand most cyber attacks.

THE ATTACK BEGINS

But last summer, a rupture suddenly and quietly appeared in the front lines. And like all successful attacks, the intruders caught the fortress completely by surprise. It was as if the cable giant had built reinforced steel walls with spotlights and guard dogs in front of the house and then left a window open in the new annex out back.

Around 9:30 pm on Tuesday, Aug. 18, Liberty technicians got word that Ziggo, an incumbent cable operator acquired by Liberty months earlier, was reporting outages.

Ziggo had only just begun the process of integrating its system into Liberty’s, but no matter: Liberty owned them now and complaints were lighting up call centers by the thousands. In just hours, hundreds of thousands of customers would be without broadband services.

Ziggo and Liberty engineers quickly huddled on a conference call to determine the cause of the outage. More often than not, the problem can be traced to an equipment failure. Not this time. Within an hour, the engineers, because of the mushrooming volume of outages, quickly realized Ziggo was under a distributed denial of service (DDOS) attack. This was a Priority 1 incident.

Liberty Global’s chief technology officer, Balan Nair, knew reaction time was critical. “The key to solving all this is a function of how quickly you react initially and how good your team is,” he said. “Up and down the ladder, everyone was taking this very seriously. They were burning the midnight oil on this.”

A distributed denial-of-service attack typically floods a company’s network by inundating it with connection requests, leaving the targeted server overwhelmed, a lot like Lucy at the chocolate factory, frozen by its inability to keep pace with commands. Often the culprit is using an army of hijacked Web browsers or malware-infected computers, or botnets. According to a report by TrendMicro Research, $150 can buy a week-long DDoS attack on the black market.

Indeed, DDOS attacks are common — Liberty, like many cable operators, fends off up to 10 Gigabits of DDOS attacks — per day. This particular attack targeted DNS servers, which redirect domain names to correct IP addresses. Social media chatter about the outage began building — for those that could still get online.

Social media, in fact, supplied the first clues to identifying the perpetrator. Several groups began to claim credit via Twitter. Then came the YouTube video. As it played against a still photo of a Guy Fawkes mask, the synthesized voice began its threat:

“We, Anonymous, have a message to company Ziggo … now we’re going to hold Ziggo offline for a few days because Ziggo offers bad service. This is the last warning. We are Anonymous. We not forgive. We do not forget. F---k your bad services. We are Legion. Expect us.”

Recalls Kurup: “That shook us to the bone.”

The nature of a DDOS attack is that it ebbs and flows, and by 5 a.m. on Aug. 19, several hours after the first thrust, the attack seemed to ebb with the countermeasures of Ziggo and Liberty engineers. Liberty executives breathed a moment of relief: Customers could be back online when they awoke.

The DDOS attack had not been so unique or complex, so why had the network become so suddenly vulnerable?

While the tech teams were puzzled at first, they soon realized the cause. Despite defenses that Liberty Global had in place, the firewalls in front of newly acquired Ziggo’s DNS servers had not been set up according to Liberty Global standards, and had collapsed. Firewalls prevent routine unauthorized access, but not the kind of voluminous attacks of the sort that targeted Ziggo.

Moreover, the attackers had caught Liberty at its weakest moment — in the middle of migrating an entire network. As the DDoS attack ebbed, Liberty and Ziggo engineers were left chewing on a tough question: how to instantly migrate Ziggo’s network into Liberty’s — usually a months-long task with tests, changes and documentation required — in one day.

The engineers hatched an audacious scheme. Senior managers, confident the team could execute, approved the plan instantly.

“They said, ‘You know what you need to do — do it,’ ” said Kick Fronenbroek, a senior security specialist for Liberty Global.

At some point on the second day, another threatening YouTube video surfaced. This one was more specific, and raised questions about the attacker’s true identity. Posted by someone ominously dubbed “AnonNazi,” it featured a crudely drawn, green, animated, hooded character with a synthesized voice, emblazoned with a banner with swastika icons.

The voice claimed full credit for the earlier attack, dismissing Anonymous. “Some other people are claiming it was Anonymous, but it was not. We attacked the DNS service because of the bad service that Ziggo provides …” AnonNazi boasted.

His next utterances were pointed.

“Because of bad service we want you to pay all of the customers all of their money back for about one week. If you don’t accept this, we will continue with more powerful attacks,” the voice threatened. “You have been warned.”

The question burning on everyone’s mind: if this wasn’t the real Anonymous, who in the hell had just brought down service to nearly 2 million homes? Executives at Ziggo and Liberty were baffled.

Around 4 p.m. on that second day, Aug. 19 — after the first attack, and before the migration of the network — there was another, more ferocious assault using a different entry method.

Again, consumers and businesses across the country were digitally stranded with no broadband service. In just 24 hours, the national network had absorbed two unprecedented cyberattacks. “We had outages before, but this is the first big one we had,” Kurup said. “Nothing like it before.”

That roughly 2 million customers were without broadband (TV service worked fine) was enough. But the self-proclaimed attackers, AnonNazi, took to social media to pour salt in the wound: Liberty stood helpless — for the moment — as a second wave of digital torpedoes directed by the same hackers penetrated the bulkheads.

“We now understand the weakness, but we also see that the system is allowing it to happen,” Kurup said. “We knew we could fix this problem.”

The crisis was escalating. On YouTube, Ziggo was threatened with new attacks. At the same time, the attackers announced a new target, KPN, a Dutch telecommunications company.

The Dutch Ministry of Security and Justice called the attack “serious,” and Liberty executives called in the High-Tech Crime Unit of the Dutch Police Services Agency.

A growing team of technicians were tackling the DDOS attack, and by the evening on the second day, had counteracted the menace of the incoming traffic. The traffic issue was becoming more manageable.

By about 3 a.m. on Aug. 20 — about 50 hours into the attacks — engineers had redirected the flow of traffic, essentially by offloading it to island data centers.

Working around the clock, the teams had finally migrated the network and successfully updated defenses. All mitigation steps in Liberty’s elaborate security protocol were in place. Engineers at Ziggo and Liberty were content for the moment. The back window was shut.

Although the attackers had managed to inflict inconvenience, the company had reason to be proud of how it battled back. Its fast reaction preserved customers’ data and privacy, and minimized downtime for countless business and residential subscribers. An endto- end security plan made the attack manageable. And the incident left Liberty’s security team with invaluable battlefield experience.

As Liberty stated in its annual report, “the overload impacted 2.2 million customers, yet within 24 hours, our teams were moving 130,000 customers per hour to more resilient infrastructure. Two days later, full service was restored.”

Liberty now was intent on winning the war. Fearing further attacks as a result of the threats hurled over YouTube, Liberty didn’t just drop the matter, as many corporate hacking victims do. The company pressed a criminal investigation, beginning a cat and mouse game to track down the culprits, while bracing for more attacks.

But a strange thing happened — nothing.

Much to the bewilderment (and relief) of executives, no large-scale DDoS hacking attempts were detected in the system. The threatened deadline came and went. Ironically, the hacker’s inaction provided a major clue.

Serious hackers, not to mention ransomware, vow a certain time for an attack — and stick to it. That this code was not honored virtually confirmed suspicions that Anonymous wasn’t behind the attack.

A subsequent Twitter post by AnonOps, which claims to have ties to the actual group, echoed many social-media commenters: “DDoS on #Ziggo is not an #Anonymous operation.”

HACKER VS. HACKER

Then the manhunt took a bizarre turn for investigators: the groups claiming credit for the attack began to insult and threaten one another on social media.

Some dismissed the poster AnonNazi as a pretender. Another self-proclaimed hacker, AnonymousScruggs, claimed credit for the attacks on Ziggo.

“They were having turf wars,” said John Fokker, who, with Ton Maas led the digital team for the High Tech Crime Unit of the Dutch National Police. “Most [professional hackers] are discreet about how they approach the company. They don’t have a beef on Twitter.”

Days later, on Aug. 26, a video narrated by the synthesized voice of a faint image, hooded and tinted purple, and posted by “Code Red,” drew Liberty’s attention:

The hackers began to “dox” one another, an attack wherein all of a target’s personal documents (email addresses, phone numbers and bank accounts) are released on the Internet. On the Twitter account of AnonNazi, a post read simply, “This account has been compromised by @BOEFII.”

Said another post by @BOEFII under a story about the attack on a media website in the Netherlands:

“I would like to thank everyone who participated in helping me to dox every single person from Anon_Nazi. They are destroyed and they will never cause any harm to Ziggo again.”

Had a bunch of glory-hungry hackers claiming credit for the same crime just turned on one another — outing each other in the process?

Top engineers at Liberty were left scratching their heads.

In addition to the police, Liberty called in digital detectives from the National Cyber Security Centre, which collects data and advises organizations on security, and a rapid response team from Deloitte, which focused more on forensics.

Over the next several days, Liberty engineers began turning over discs of data to investigators. Digital detectives scoured social media for clues, conducted interviews and studied logs of interactions between the Liberty/Ziggo servers and outside computers. Investigators searched for patterns and addresses that matched the information they were gathering about the attackers.

As the digital dust settled, Liberty executives reviewed detection and prevention measures all across the Liberty Global footprint. “We had already sanitized the entire system,” said Kurup.

Chasing the digital breadcrumbs, the public claims of credit, and the battle between the hackers, Fokker and Maas moved quickly and made two arrests early on.

Six weeks after the initial attack, on Oct. 7, 2015, Dutch police arrested four minors between 14 and 17 years old and one 21-year-old. The boys come from Berkelland, Lochem, Den Helder, Schoorl and Vinkeveen.

Police seized computers, mobile phones, external hard drives and USB sticks. The young suspects “wanted to show they were capable of having a major effect such as taking down an Internet provider,” the National Prosecutor’s Office said in a statement to Dutch media.

Under Dutch penal code, the suspected hackers face up to two years for the DDoS attack. Because of the extortion threats, they face a maximum of an additional 12 years behind bars. A trial date has not been set, but because of the suspects’ age, leniency will be sought.

Today, the Liberty and Ziggo engineers are sensitive about the incident. “If the same cast of characters had done this anywhere else in our global footprint — Germany, France, Belgium — it wouldn’t have even caused an outage,” said Kurup. “We would have intercepted it. It would have been logged as a routine attack.”

Kurup hopes the apprehension of the hackers, which made big headlines in the Netherlands, deters others. But no matter — the incident has made the entire company more vigilant, and that’s a good thing.

“It’s a constant battle,” Kurup said.

STATE of CYBERSECURITY

500M

Number of accounts that Yahoo said hackers had accessed containing passwords and personal details in 2016.

SOURCE : Yahoo

129%

Increase in DDoS attacks in Q2 2016 vs. Q2 2015

SOURCE : Akamai State of the Internet Security Report, Q2 2016.

45%

Increase in 2015 of detected security incidents over the year before for telecommunications companies.

SOURCE : PWC, The Global State of Information Security Survey 2016. Based on responses of more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs, and directors of IT and security practices from 127 countries.

100M

Number of fake tech-support scams blocked by Symantec in 2015, whereby pop-up error alerts steer victims to an 800 number where “tech- support reps” sell services.

SOURCE : Symantec

39%

Percentage of companies that cited “budget” as the biggest barrier to adopting advanced security processes and technology.

SOURCE : Cisco 2015 Security Capabilities Benchmark Study

54%

Percentage of companies that cited malicious software downloads as the leading cause of internal breaches.

SOURCE : Cisco Systems, Security Risk and Trustworthiness Study

93%

Percentage of cases in which it took attackers “minutes or less” to compromise systems. Organizations, meanwhile, took weeks or more to discover that a breach had even occurred — and it was typically customers or law enforcement that sounded the alarm, not their own security measures.

SOURCE : Verizon 2016 Data Breach Investigations Report

65%

Percentage of respondents who collaborate to improve cybersecurity and reduce cyber-risks, up from 50% in 2013.

SOURCE : PWC The Global State of Information Security Survey 2016, based on responses of more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices from 127 countries

HACKING 101: HOW TO GET IN

Cybercrime is any criminal act involving a computer and/or a network. Hacking is the unauthorized access into a computer system. Crimes can take any form, from outright theft of data or funds, damage to a network or harm to a reputation. Increasingly, one of the weakest links in security is the employee. Most attacks on companies involve some sort of malware, a broad term for malicious code, including Trojans, worms and viruses that steal or destroy data, often introduced through emails, downloads or other network weak spots. Some common terms below:

• “Phishing” attempts involve official-looking emails tempting employees to click on a link that can trigger countless malware possibilities. (Spear phishers focus narrowly on a single company or individual.)

• Distributed Denial of Service (DDoS) attackers use multiple hijacked computers to push through a huge volume of traffic through the network until it becomes overwhelmed and no longer functions.

• Botnets, also known as “zombie armies,” are groups of infected computers controlled by third parties for DDoS attacks or for distributing other malware.

• Trojan attacks allow attackers to remotely steal data and manipulate the computer.

• Ransomware demands a ransom after blocking access to the computer by encrypting files on the hard drive.

• Spyware allows attackers to go undetected on infected computers to track users movements on the Internet, even keystrokes for theft of accounts, etc.

• Adware redirects users to unwanted advertising.

• SQL injection inserts a nefarious code in a website/’s entry field that allow attackers to manipulate or steal or destroy data.

Embattled executive Amy Pascal is stepping down as co-chairman of Sony Pictures Entertainment and chairman of SPE Motion Picture Goup. Her departure comes in the wake of the computer hack perpetrated against Sony ahead of the premiere of the feature film The Interview and the subsequent release of leaked emails, executive salaries and other confidential studio information.

Pascal will officially vacate her current position in May and launch an independent production venture based at Sony.

Although Pascal had oversight of Sony Pictures Television, her focus was directed on Sony’s film business. She had been with the company since 1988, when she joined the staff of Columbia Pictures. Recent films produced under Pascal include Skyfall, The Amazing Spider-Man, Zero Dark Thirty and The Social Network.

Many of Pascal’s emails were among those leaked to the public in December after an attack against the studio’s computer systems believed to have been perpetrated by hackers working for the North Korean government, which was lampooned in the Sony film The Interview. Several emails in which Pascal wrote derisively of talent such as Angelina Jolie and Adam Sandler were among those leaked, as was an email exchange in which Pascal and producer Scott Rudin made racist jokes about President Obama’s taste in movies.

Bowing to threats of violence against theaters and potential patrons and caught amidst the hacking scandal that embarassed the studio, the movie became available online through Google Play, YouTube Movies, Microsoft’s Xbox Video and iTunes and the dedicated website www.seetheinterview.com on Christmas Eve.

The film opened to some 300 theaters on Christmas Day, a far cry from the 2,500 or more that were expected to be in play before things ran afoul. It subsequently ran in more independent theaters and then subsequently became available via In Demand, Netflix and Sony's Crackle OTT service

Read more at B&Chere.