What Would Joe Do?
Peggy Aycinena is a freelance journalist and Editor of EDA Confidential at www.aycinena.com. She can be reached at peggy at aycinena dot com.
Synopsys hacked: Closes barn door, hires Mandiant
November 18th, 2015 by Peggy Aycinena
It’s pretty hard to believe that Synopsys has been hacked. And not just any hack, but 4 months’ worth, per the company’s own announcement, of some unauthorized ‘somebody’ having access to everything that Synopsys sells. Seriously? How could Synopsys have left the barn door open?
Consider Google. Last year in response to North Korea’s gleeful mega-hack into Sony as punishment for producing the then-not-yet-released satire, “The Interview”, the entire entertainment industry fled into their caves trembling. Very few were willing to distribute the movie because of North Korea’s proven prowess as a cyber-bully.
Then Google’s management showed some balls. They said hell no. No Nation State/cyber-bully gets to legislate censorship, and they made the movie available through Google Play.
David Drummond, Google’s SVP of Corporate Development and Chief Legal Officer, posted this at the time: “Sony and Google agreed that we could not sit on the sidelines and allow a handful of people to determine the limits of free speech in another country (however silly the content might be).”
Not stated in Drummond’s quote, but certainly implied: Oh, and North Korea? Bring it on.
Hence the [silly] movie was seen widely, and Google and its Fabulous Force Field [read, IT Superstars] lived to tell the tale.
So back to this week’s announcement from Synopsys. This Numero Uno EDA company, which fancies itself one of the great software companies of the world – albeit unappreciated by the larger semiconductor supply chain, of course – couldn’t protect their own crown jewels. Again, seriously?
Google took on an entire Nation State and survived. How can Synopsys not have had that same level of IT Firewall/Force Field in place?
And now Synopsys has hired Mandiant. I clearly don’t get out enough, because prior to my recent conversation with SmartFlow CEO Ted Miracco, I had never even heard of the company.
It turns out Mandiant provides IT forensics support for ferreting out miscreants on behalf of their clients. And the company also published a report several years ago, freely available on their website, detailing the efforts of an entire branch of the Chinese Army dedicated 24×7 to worldwide hacking, either for military or commercial purposes.
So connecting these dotted lines, without any proof of course: Should we maybe conclude that it was indeed a Nation State that happily came and went through Synopsys’ barn door between July and October of this year? Hence Mandiant to the rescue?
Actually, does it matter? The situation’s still the same. Google took on a Nation State and survived. Clearly Synopsys needed to take a page from that playbook: Be prepared. Expect the worst. Man up. Close the barn gate before the damage is done.
And for pity’s sake, if you do screw up please don’t expect your legendary customer base to not be just a little upset. After all, haven’t you resisted encouraging customers to move designs to the Cloud because there are so many security concerns out there?
Really? Hacked For 4 months? Seriously?