Sony hasn’t always had the best of times when it comes to being hacked, back in 2011 Sony basically had to rebuild the PlayStation Network (PSN) because of a hack which rendered the service off-line for almost a whole week.
Plus the fact the PSN hack could have leaked up to 10 million user accounts which included credit card details. And again in 2011 they lost 25 Million Customer Account Details Through SOE (Sony Online Entertainment).
The hack was so bad, it basically shut down Sony Pictures – the above picture is a photo of a desktop in the Sony Pictures office and apparently all computers were showing this. Similar images came from various sources in different offices showing that this is indeed a seriously pervasive attack.
If you downloaded the archive from the URLs in the pictures, it contains text files which are basically HUGE lists of filenames, files that have leaked from Sony servers. And there’s some serious stuff in there including Hollywood stars passport scans, ppk files (SSH private keys), password lists and much much more.
There’s some discussion on the contents and analyse on Reddit here: I used to work for Sony Pictures.
The password lists/SSH keys also led to the compromise of many more related services and accounts (many film related Twitter accounts were hacked).
Sony Pictures is investigating a breach that has seen hackers supposedly steal reams of internal data and splash defacements across staff computers. The company is now in lock-down as it wrestles with the problem.
The beleaguered company, writes Variety, has requested staff disconnect their computers and personal devices from the Sony network and shut down virtual private networks.
Cracking group Guardians of Peace claimed responsibility for a defacement appearing on staff machines that it stole internal corporate data. The group says it will leak more details to the public web depending on what Sony ‘decided’ in what appeared to be a reference to demands quietly sent to the company earlier.
Source: The Register
Sony Pictures e-mail servers were still totally off-line the day after the attack and they made a statement saying it could take between 1-3 weeks to rectify the matter.
It seems like the attackers are really leaking the files they stole too as details of Sony employees were leaked including personal details and salaries.
It’s getting worse for Sony: the latest dump from the raid that’s brought the company to an IT standstill include the personal detas of staff.
Documents leaked through BitTorrent show the names, home addresses, salaries (and bonuses), and social security numbers of thousands of staff, including executives.
Sony Pictures Entertainment could not be reached for comment by the time of writing.
Some 17 executives, from programming to advertising, were listed as having salaries over US$1 million. Severance pays also appeared to be listed.
Source: The Register
It’s 8 days since the attack and Sony Pictures is still struggling to recover, it also seems like some unreleased movies might (including Annie) have been leaked during the compromise.
Sony, the studio behind “The Amazing Spider-Man” films and the “Breaking Bad” television series, restarted many of its computer systems on Monday after a Nov. 24 breach by a group calling itself #GOP, for Guardians of Peace. Executives at the entertainment company said they were also making progress in fighting the apparently related Internet pirating of five complete films, including the unreleased “Annie.”
Source: New York Times
The virus was pretty nasty and wiped all the machines + removed the master boot record rendering most of Sony’s Microsoft based desktops useless. There are some suspicions North Korea could be involved due to the malware used.
Back in August Sony was under attack by a massive DDoS attack aimed at PSN, and then just as they recovered – this.
The latest details to pop-up are that the leaked data dump is being seeded by a bunch of Amazon EC2 servers that host Sony PlayStation websites..which is odd, as the Sony Pictures network and the Sony PlayStation network should be totally separate.
Sony PlayStation website servers were used to distribute a 27.78GB archive potentially containing sensitive data swiped from Sony Pictures computers, it’s claimed.
Until early on Tuesday afternoon, San Francisco time, more than 60 systems seeding the archive on the BitTorrent network appeared to be virtual servers in the Amazon EC2 cloud, according to security researcher Dan Tentler.
A number of those fingered server instances – eg, 184.108.40.206 – are also serving websites for Sony Computer Entertainment. The EC2 instances serving up the data were checked by another researcher, who found some had SSL certificates signed by Sony.
Source: The Register
This is quite possibly the worst hack of a major US company ever perpetrated, especially in terms of business disruption and data loss – the financial implications of this could be HUGE. Especially for their biggest Christmas movie Annie.
I’m sure we’re going to see more data dumps dropping in the next week or so, it’s certainly an interesting case and it’s definitely not over yet.