OTR Interviews

Sony hack attack: Is your email next?

This is a rush transcript from "On the Record," December 15, 2014. This copy may not be in its final form and may be updated.

GRETA VAN SUSTEREN, FOX NEWS HOST: Well, the hacked emails from Hollywood's biggest executive stars just keep rolling in. How could that happen? Could and your computer be next? Tech expert Morgan Wright joins us. Nice to see you, Morgan. Glad to have you back.


VAN SUSTEREN: All right, was Sony an easy target for these emails or was it a sophisticated attack?

WRIGHT: Both. I think you're going to find out there's a lot of things they did not do well, like keeping way too much information out and not encrypting things but according to the FBI, this attack would have bypassed it 90 percent of the computer defenses that companies have out there, so it was a very sophisticated attack, definitely state sponsored and they are definitely punishing Sony.

VAN SUSTEREN: All right, who are they and why Sony?


VAN SUSTEREN: Who are they?

WRIGHT: It's got to be North Korea. Look, you just connect enough dots. If it walks like a duck, quacks like a duck, so you got the movie coming out. They sent a letter to the U.N. threatening you know war because they declared this an act of war. Sony was the one releasing the picture and, Greta, it's not just anonymous when they do the attacks. They get the information and release it like they did in Ferguson. This is an ongoing punishment for what went on.

VAN SUSTEREN: I've been to North Korea three times. You know, I didn't see all of North Korea, nobody does, because they so much control it, but it just seems odd to me that North Korea -- I mean, I know they are upset about this movie, but that they would be sort of hip to the other problems about the war on women and that kind of stuff and that they would be that deeply involved.

WRIGHT: Well, you know. ...

VAN SUSTEREN: They made the comments about the disparate pay.

WRIGHT: Well, you know, when you look at what units 61398 did at the Chinese people army, they actually went out on social media, they are very sophisticated, they understood things, and they can put things in context to get you to accept e-mails and do things. North Korea is learning lessons from their neighbors.

VAN SUSTEREN: I will say one thing though. I was at a dinner one night in North Korea and they asked me about one of the senior executives what the Fox News said to the New York Times, they were clearly sending a message that they were watching, that they were paying attention.


WRIGHT: Any nation that can build nuclear weapons can build cyber tools, cyber weapons. And so, I don't put a pass at them. Was it totally North Korea? Yeah, there's a lot of involvement there, but they have a lot of support, too.

VAN SUSTEREN: All right. Let's stay here at Fox, they make us change our password all the time here at Fox News. The changes in passwords all time do it if they are coming in through some other back door?

WRIGHT: It's one thing. It's like changing the locks on your house all the time. It does prevent a lot of things. Locks keep honest people honest passwords, make sure that even if you share it, that threat goes away. But passwords aren't the only issue. I think, Greta, we have to change our mindset. Companies have to assume now that they are going to get hacked.


VAN SUSTEREN: We can get rid of the passwords now?


VAN SUSTEREN: We're going to get hacked.

WRIGHT: The issue with Sony was they kept way too much information. They hoarded information, personally identifiable information. It's like a company storing credit cards from five years ago.

VAN SUSTEREN: I thought you couldn't delete everything. I thought things didn't truly get deleted.


WRIGHT: Think about data retention policy. Why do they keep emails like this if it wasn't related to the business? This stuff needs to go away.

VAN SUSTEREN: Why did they write emails like this?


VAN SUSTEREN: They are dumb enough to keep them. They are dumb enough to write them, but it is probably dumb enough to keep them.

WRIGHT: But that goes back to a policy Sony should have. If it's not business-related, it's like Lois Lerner stuff. Emails should have been kept. There is a law around here. If the data retention policy says here's what we keep, here's what we don't. This stuff should have been encrypted. This stuff was sitting down in the open. It should have been sitting encrypted. Data at rest should be encrypted, it would have made it much more difficult to release.

VAN SUSTEREN: Morgan, thank you. Always nice to see you.

WRIGHT: You bet, Greta.