Download - A Breakdown and Analysis of the December, 2014 Sony Hack

13/12/2014 ABreakdownandAnalysisoftheDecember,2014SonyHack

https://www.riskbasedsecurity.com/2014/12/abreakdownandanalysisofthedecember2014sonyhack/ 1/12

RiskBasedSecurity

Notjustsecurity,therightsecurity.

CallUs!(855)RBSRISK|Login

AboutRBSNewsProductsServicesResearchContactUs

HomeSecurityIntelligenceIndustrySolutionsComplianceCyberLiability

ABreakdownandAnalysisoftheDecember,2014SonyHackDecember5,2014ByRiskBasedSecurity

Note:ThisarticleisbeingupdatedalmostdailywithnewdevelopmentsregardingtheleaksfromtheSonyPicturesbreach.Changelogofupdates:

TheBeginning(November24)SecondRoundofLeaks(December3)TheAnalysisGame(December4)TheNextChapter(December5)TheAnalysisContinues(December7)FifteenDaysUnderSiege(December8)RealityandtheBlameGame(December9)MyLifeAtTheCompany,Part1(December10)AnotherDay,AnotherEmailSpool(December10)CelebrityGossipandHackingBack(December11)Debates,Goliath,andApologies(December12)MyLifeAtTheCompany,Part2(December13)

OnNovember25,anewchapterwasaddedtothechroniclesofdatatheftactivity.AgroupcallingitselfGOPorTheGuardiansOfPeace,hackedtheirwayintoSonyPictures,leavingtheSonynetworkcrippledfordays,valuableinsiderinformationincludingpreviouslyunreleasedfilmspostedtotheInternet,andvagueallegationsitallmayhavebeendonebyNorthKoreainretributionfortheimminentreleaseofanupcomingmovietitledTheInterview.

Whilepoliticallymotivatedattacksandtheftofintellectualpropertyisnothingnew,thisincidentcertainlystandsoutforseveralreasons.First,viaaPastebinlink,thegroupreleasedapackageandlinkstotorrentfileshostedonfoursitesconsistingof26parts,brokenoutinto251GBfiles,andone894MBrarfile.ThefileswerealsouploadedtothefilesharinggiantsMEGAandRapidgator,butremovedbysitemanagersshortlyafter.TheresearchersatRBSwereabletoaccessthefilesandanalyzethecontentpriortotheinformationgoingoffline,aswellasreachouttoGOP.

TheresultsoftheanalysisprovideunprecedentedinsightintotheinnerworkingsofSonyPicturesandleakedthepersonalinformationofapproximately4,000pastandpresentemployees.Asifthesensitiveemployeeinformationwasnttroublingenough,theleakalsorevealedcuriouspracticesatSony,suchasmoneyordersusedtopurchasemovieticketsthatwereapparentlyresoldbacktoSonystaff.

TheGuardiansOfPeacemadetheircontactinformationavailableforabrieftime.RBSresearchersusedthatopportunitytocontacttothegroupseekingcommentandreceivedthefollowingresponse:

IamtheheadofGOP.Iappreciateyouforcallingus.Thedatawillsoongetthere.Youcanfindwhatwedoonthefollowinglink.

ThelinkprovidedonlyledtoaFacebookpagethatwasnotinuse.Thefollowingtimelinegivesmoreperspectiveandanalysisofthedetailsoftheintrusionbasedoninformationmadeavailableviapublicsources.

TheBeginning(November24)

OnNovember24th,aRedditpostappearedstatingthatSonyPictureshadbeenbreachedandthattheircompleteinternalnetwork,nationwide,hadsignsthatthebreachwascarriedoutbyagroupcallingthemselvesGOP,orTheGuardiansOfPeace.ThiscomesthreeyearsafteralargeseriesofattacksagainstSonybecamepublic.

Withinhours,Geek.comhadreportedthatSonyjustgothacked,doxxed,andshutdownasSonywentintopanicmodeoverthebreach.Minutesaftertheoriginalredditpostappeared,thethreadexplodedwithcommentsandfeedbackaboutthecontent.SeverallinkstoadditionalfileswereincludedwithinthecommentsthatincludedtwotextfilesthatlistedadditionalfilenamesthatweresaidtobecominginasubsequentleakofinformationfromtheSonynetwork.

Inordertobetterunderstandthebreachandtheramifications,RiskBasedSecurity(RBS)reachedouttotheGuardiansofPeaceandaskedformoreinformation.Duringthebriefemailconversation,theystatedthatadditionaldataleakswereforthcoming,andthattheyhadobtainedoveradozenterabytesofdatafromvariousSonyservers.Themailwentontosaythatadditionalinformationwouldbepublishedsoon,andprovidedalinktoaFacebookpagethatappearedtobeclosed.



MovieLeaks(November26th)

Afewdaysafterthetheinitialbreachreportwasannounced,fourtorrentlinkswerepublishedtotorrenttrackersthatcontainedunreleasedmoviesfromSony,obtainedbyGOPduringtheattack.ThesetitlesincludedAnnie(December19),MrTurner(December19),andToWriteLoveOnHerArms(March2015).Accordingtoseveraltorrenttrackingsites,thesefileshavebeendownloadedover100,000times.

OnDecember1st,NBCNewsairedasegmentreportingthattheFBIwereinvestigatingthebreachandthepossibilitythatNorthKoreawasinvolved.Whilethismaysoundfarfetchedatfirst,NorthKoreahasaclearmotiveinattackingSony.OnDecember25th,SonyisreleasingamoviecalledTheInterview,whichfollowsthestoryoftwocelebrityTVhoststhatgetachancetointerviewKimJongun.BeforeheadingtoNorthKorea,theyareaskedbytheC.I.A.toassassinatehim.Despitethemoviebeinglabeledacomedy,NorthKoreahasstatedthatifthemovieisreleased,theywouldconsideritanactofwar.

WhentheBBCreachedouttoNorthKoreanofficialsaskingiftheywerebehindtheattackonSony,theyweregivenacuriousresponseofWaitandsee.NorthKoreahadalsocomplainedtotheUnitedNationsaboutthemovieearlierthisyearinJuly,whilenotnamingitspecifically.

FirstoftheLeaks(December1)

OnDecember1st,GOPstartedpublishingthefullcacheofdatafilestakenfromSonysserverswiththefirstchunktotalingarespectable24.87GBofcompressedfiles.Surprisinglyenough,theGOPappearstohaveusedcompromisedserversonSonysnetworktouploadandseedthetorrentfortheleakeddata,aswellasuploadingittoMEGAandRapidGator.Withinhoursoftheupload,MEGAremovedalllinkstothedata.[Dec9update:subsequentanalysisbyMarioGreenlysuggestsSonyisnotseeding/uploadingdata,onlydownloadingit,likelyinanattempttoslowprogressforotherdownloaders.]

Firstleakeddatasummary,someanalysiscourtesyofIdentityFinder:

26.4GBinsize,containing33,880filesand4,864folders.Includes47,426uniqueSocialSecurityNumbers(SSN)15,232SSNbelongedtocurrentorformerSonyemployees3,253SSNappearedmorethan100times18filescontainedbetween10,860and22,533SSNeach.

Exampleofemployeedatafound:

Onefile(\HR\Benefits\MayoHealth\MayoXEROXassessmentfeed)contains402fullSocialSecuritynumbers,internalemails,plaintextpasswords,andemployeenamesAnadditional3000ormoreSocialSecuritynumbers,names,contactdetails,contactphonenumbers,datesofbirth,emailaddresses,employmentbenefits,workerscompensationdetails,retirementandterminationplans,employeespreviousworkhistory,executivesalaries,medicalplans,dentalplans,genders,employeeIDs,salesreports,copiesofpassportinformationandreceiptsfortravel,aswellasmoneyorderdetailstopurchasemovieticketstoresellbacktotheSonystaff.Theleakedinformationalsoincludeddocuments,payment,andaccountinformationtoordercustomjewelryfromTiffany&COviaemail.

SecondRoundofLeaks(December3)

Bythispoint,wecanonlyimaginehowSonywasinfullpanicmodeattemptingtorespondto,andcontainthebreach.Bythispoint,Sonyexecutiveshadconfirmedtheleakeddatawasauthentic.Themainstreammediawascomingtogripswiththeordeal,exploringideasontheramifications,andtheresultingfallout.Initialanalysisofthedatafromthefirstsetoffilesdisclosedhadbegun,astheseconddisclosureoffilesoccured.AGOPmemberidentifyingthemselvesastheleaderofthegrouptoldRBSTodaymoreinterestingdatawillbepresentedforyou.beforepointingRBStoanewlinkcontainingadditionalfiles,aspartoftheemaildialogueestablished(interestingly,onemailcamefromHushmailwhoisknowntocooperatewithfederalagencies).Thesecondleakwasconsiderablysmaller,amere1.18GBcontainingtwofilesnamedBonus.rarandList.rar.Whilethefilesaresmall,theyperhapscontainthemostsensitivedatatobedisclosedbythispoint.Thisincludesfullsecuritycertificateinformation,internalandexternalaccountcredentials,authenticationcredentialswithplaintextpasswordsforsystemssuchastheSonyYouTubepage,UPSaccounts.

Bonus.rarfilesummary:

33.7MBcompressedContainsplaintextcredentials(~500total),serverinformation,internalIPaddressesandotherdata.Listofsecuritycertificatesforservers,users,andservices,andalistofwhateachcertificateisrelatedto.CredentialsincludeYouTubelogininformationfortheSonyPictures,Spidermanmovie,EvilDeadMoive,GrownupsTheMovie,andThisistheendmoviechannels,completelistofoldersocialmediaaccountsforcampaignsonfacebookandtwitter.121FTPplaintextcredentials,includingthemainSonyPicturesFTPserver.PlaintextCredentialsformajornewsandmediasiteslikeNYtimes,LATimes,DailyVariety,hollywoodreporter.com,indiewire.com.Plaintextpasswordsinformatslikesony12345forcriticalinternalandforwardfacingservices.UsernamepasswordscombosinafilenamedMyPAsswordscontain:novell,mediataxi,inflight,fidelity,spiDR,SPIRIT,sonystylefamilycenter,FEDEX,Connect,SPTI,AcronTASS,SPECourier,Concur,SPCPress,AIM,HRConnect,AMEX,outlookallincleartextwithusernameandpasswordcombos.AccountingandpaymentinformationforAMEXforTheInterviewinplaintext.AccountingandpaymentandotherrelatedcredentialsforDeathataFuneral

List.rarfilesummary:

1.8MBcompressedThreefilescontaininginternalandexternalPCdata,Linuxservers,andWindowsservers

TheAnalysisGame(December4)

Whenanalyzinghighprofilebreaches,itiscommonforthemediaandsecuritycompaniestomakemistakes.Thisoftenoccursduetoconflictingorunclearinformationthatseemsvalidonthesurface,butfallsapartunderheavyscrutiny.Forexample,aGizmodoarticlesaysthatSonystoredpasswordinformationinafoldercalledPassword.AbetterexplanationisthatthearchivereleasedbyGOPwascreated,andthehackersnamedthatfolder,notSony.BelowisascreenshotofsomeofthecontentsofthePasswordfolderfromtheGOPBonus.rarfile:

ScheduleADemo! +



Asmorejournalistscommittimetocoveringthebreach,moredetailsemerge,makingthisaconstantlyunfoldingstory.Italsolendstoaformofpublicdebate,whereonejournalistmaycallintoquestionconclusionsofanother.Forexample,Wiredreleasedanarticletodaythatwentintodetailabouthowthecompromisemayhavehappened(malwaredubbedwiper)andalsocalledoutotherjournalistssayingtheNorthKoreanlinkisnotlikely.WhiletheymakegoodpointsabouttheGOPgroupandhownationstatesgenerallyconductcomputerintrusions,thereisalsothepossibilitythatitwasspecificallydesignednottolooklikesuchanattackforplausibledeniability.OritmaybeassimpleasNorthKoreasuggestingtheymayhavehadahandinit,tobolsterthenotionthattheyareseriouscontendersinInternationalcomputerintrusionsforespionageandspying,liketheircounterparts.

Whatiscuriousinthisstory,isthattheFBIreleasedaFlashAlertregardingmalwarethatcomesafterthereportedattacksonSony.Thiswarningcomesverylateinthegame,andalsoleadstomorequestionsaboutthesecurityanalystsbroughtintofigurethingsout.ThesamearticlementionsthatMandiantwasbroughtintoaddressthisbreachbeforeitbecamepublic.Yet,Mandianthasnotmadeastatementonthematter,whilebeingnotoriouslymediafriendlyinblaminghackersources,specificallytheChinese,eveniftheymaynothavebeeninvolved.

AccordingtoRe/code,SonyissettoannouncethattheyhaveattributedtheattackstoNorthKorea,makingthisahesaid,shesaidordealintheshortterm.ForthoseinterestedinmoredetailsonthemalwarefoundinSonysystemsthatmayhavebeenthepointofcompromise,ArsTechnicahasreleasedamoredetailedarticlefocusingonit.

TheNextChapter(December5)

Asmentioned,thisstoryisunfoldingeveryday.Newinformation,newperspective,andnewdeductionscomeeveryday.RiskBasedSecurityhasbeentrackingbreachesforaverylongtime,andhasfrequentlyseensuchhighprofilebreachesunfoldoveryears.Aftertheinitialweeksormonthsofabreach,mostnewsoutletsandsecuritycompaniesloseinterest.Longtermthough,partofthestoryincludestheeventualinvestigation,consultants,lawsuits,stockpricefluctuations,andmore.Theentirepictureofamajorcompromiseistherealvalue,asthatiswherecompaniescanfullylearnoftherisksofabreach.

TodaytheGuardiansofPeacehavecontactedRBS,andlikelyothercompaniesorjournalists,withathirdlinktoleakeddataalongwithashortstatementandrequestcallingforotherstojointhem:

Anyonewholovespeacecanbeourmember.Pleasetellyourmindattheemailaddressbelowifyoushareourintention.PeacecomeswhenyouandIshareoneintention!

jack.nelson63vrbu1[at]yopmail.com

YoucandownloadapartofSonyPicturesinternaldatathevolumeofwhichistensofTerabytesonthefollowingaddresses.Theseincludemanypiecesofconfidentialdata.

Thedatatobereleasednextweekwillexciteyoumore.

TheleakeddatahasbeenuploadedasBitTorrentlinkstovariousfilesharingsitesviathesamemethodsusedinpreviousdisclosures,someofwhichareservedoffbreachedSonyPicturesEC2serversaswellasbeinguploadeddirectlytotheRapidGatorfilesharingservice.Asbefore,RapidGatorquicklyremovedthedatawithinthreehoursofitbeingposted.

Thetorrentisbrokeninto22filesspanning52partswhichappeartobejustover100GBofcompresseddata.ThisleakhasbeentitledFinancialdataofSonyPicturessoitlikelycontainsfinancialdetailsofSonyPictures,thebudgetsofmovies,ormore.

BasedonthehistoryofcontactfromGOP,itappearsthateachdayanewemailaddressisused,anditsuggeststheaccountsmaybecompromisedemailaccounts.WhetherthesearefalloutfromtheSonybreachorviaanothersourceremainsunknown.



TheAnalysisContinues(December7)

TherehavebeenseveralnewsoutletsandsecurityfirmsresearchingtheSonyPicturesbreachandanalyzingthedisclosedfilesasaresultofthecompromise.Aninterestingandunexpecteddevelopmentsurfacedontoday,whensecurityresearcherDanTentlerannouncedearlyinthedaythathehadhadavisitfromFBIbutwasnothomeatthetime.

JusttowarnothersecurityfolkworkingontheSonyleakstheFBIjustvisitedmyhome.Iwasntthere,soImnotsurewhattheywanted.

Hefollowedupwithacommentthatwasmadetohiswife:

accordingtomywife,whoansweredthedoor,theystartedtheconversationwiththewordsillegallydownloading.

Mr.TentlerhasbeenconductinghisownanalysisandhasreportedontheSonyincident.HepostedalistofnodeswheretheleakscouldbefoundwhichmayexplaintheFBIsinterestandthesubsequentillegaldownloadingcommentmadetohiswife.

Nowthatthefileshavebeendownloadedfromthepubliclyavailablesources,RBShashadachancetodoapreliminaryanalysisofthecontents.Thefollowingisascreenshotshowingasampleofthefiles,toputitintobetterperspectivewhatisleaked.Notethatfilenamesarelogical,notdescriptiveandhumanfriendly:

These22individualfilesmakeupthreelargerfilescontainingalargesetofnewlyreleaseddata,predominantlybasedonfinancialinformation:

FileSPE_03_01.RAR(MostlyfromSonyBrasil)

30,916individualFiles,2,970Folders.16.4GB/9.99GB(Compressed)Bankingstatements,bankaccountinformationincludingwiretransferswiftcodesetc.FinancialyearreportsFinancialyearforecastsBudgetreportsOverheadreportsReceiptandtransactionaccountstatementsofcomputerhardware,vehicle(toyotahilux,mitsubishispacewagon),caraccessoriesgoingbackto1998InternalinformationforSonyPicturesReleasingInternationalportal,screenshots,walkthroughsandotherusageinformation.

FileSPE_03_02.RAR(FromSonyPicturesImageworks,Vancouver,andSonyPictures)

89,800Files,10,990Folders.88.6GB/48.9GB(Compressed)AccountinginformationusingTrintechInc.softwareLicensingcontracts

AccessDigital(Exyflix)AmazonEuropeAmazonJapanClickpayMultimediaComcastEagleEyeGaiaGoogle(YouTube)MediaVaultMGOMicrosoftPlaystationSenaSonyElectronicsSonyvisualproductsinvideofuturYota(akamore)

Vendors(Toomanytolist)SonyIndiaFinancialreports.528PayrollsforImageworksCanadawithstafffullnames,contactnumbersandresidentialaddresses.BritishColumbiaPersonalTaxCreditReturnsscansofseveralemployeeswithfullpersonalinformationincludingsocialsecuritynumber.Photocopiesandscansofdriverlicenses,passportsandothertaxrelateddocumentsexposingabunchofpersonalcredentials,homeaddresses,fullnames,dateofbirths,socialsecuritynumbersandmore.FederalTaxReturns



FileSPE_03_03.RAR

113,002Files,39,612Folders.57.1GB./48.1GB(Compressed)Incidentreportswithfullnames,incidentlocations,injurysandpostionsheldwithsony.SPEGlobalSecurityGuidelinesv2ULtrainingusers,fullnames,addresses,emailaddressesandcommonsetcleartextpasswordscopiesofemployeementcontractsandagreemtns,passports,driverslicense,ssn,signatures.

Ongoing(December7)

TheLATimesreportedonDecember5th,andhassaidthattheFBIhaveconfirmedit,thatjusthoursbeforethe3rdleakwaspublishedonline,anunknownamountofSonyemployeesreceivedthreateningemailswhicharebelievedtohavebeensentbytheGOP.

TheemailswhichwerewritteniswhatwasdescribedasbrokenEnglish,wantedemployeestosignastatementdisassociatingthemselveswithSony,andiftheydidnot,werewarnedthatnotonlyyoubutyourfamilywillbeindanger.AccordingtotheLATimes,theemailincludedastatementthatmakessuggeststhedigitalheadachesforSonyaregoingtocontinuetoforsometimetocome.

Itsfalseifyouthinkthiscrisiswillbeoveraftersometime,theemailsaid,accordingtoacopyobtainedbyVariety.AllhopewillleaveyouandSonyPictureswillcollapse.ThissituationisonlyduetoSonyPictures.

Addingtothespeculationabouthowthecompromisehappened,BloombergisreportingthatthecompromiseandfirstleakofdatahappenedattheSt.RegisBangkokhotelinThailandaccordingtoanunnamedpersonfamiliarwiththeinvestigation.

FifteenDaysUnderSiege(December8)

Latelastnight,afteralongweekofpreviousdisclosures,theGOPhasreleasedthenextbatchofleakeddata.Thenewroundconsistsoffourarchivesmakingtwolargefiles,currentlybeingseededfromserversownedbySonyPicturesasbefore.Thetorrentthatincludesallfilesisonly2.8GBthistimeandhasalsobeenuploadedtoafewfilesharingwebsites,althoughweexpectthemtobetakendownquicklylikepreviousGOPuploads.

Unlikepreviousdisclosuresthatwerestraightforward,thisgroupoffilescomesshortlyaftertheappearanceofaPastebinlink(now404)thatpurportstobefromtheGOP,andgivesareasonfortheattacksonSonyPictures,linkingittothenowcontroversialmovie,TheInterview.Thereisspeculationthatthenewannouncementmaynotbeauthenticasitdidnotgetsentoutviathepreviouschannels,andsuggestsanalmostafterthoughtofblamingthemoviefortheiractions.WithinhoursofthisbeingpublishedonPastebinithadbeenremovedbutwascachedbyGoogleonDecember8,201415:43:58GMT.Sincethen,thecachehasalsobeenremovedwhichmaybeduetoSonycomplaints.AccordingtoOwenWilliams,SonyhasbeensendingoutDigitalMillenniumCopyrightAct(DMCA)takedownrequestsrelatedtothebreachandsubsequentdisclosures.RBSmanagedtocapturethetextbeforeitwasremovedfrombothPastebinandGooglecache:

byGOP

WearetheGOPworkingallovertheworld.WeknownothingaboutthethreateningemailreceivedbySonystaffers,butyoushouldwiselyjudgebyyourselfwhysuchthingsarehappeningandwhoisresponsibleforit.

MessagetoSONY

WehavealreadygivenourcleardemandtothemanagementteamofSONY,however,theyhaverefusedtoaccept.Itseemsthatyouthinkeverythingwillbewell,ifyoufindouttheattacker,whilenoreactingtoourdemand.Wearesendingyouourwarningagain.Docarryoutourdemandifyouwanttoescapeus.And,StopimmediatelyshowingthemovieofterrorismwhichcanbreaktheregionalpeaceandcausetheWar!You,SONY&FBI,cannotfindus.Weareperfectasmuch.ThedestinyofSONYistotallyuptothewisereaction&measureofSONY.

Thefollowingisasummaryofthefourthleak:

05_01.rar

mosokos.ost(AMicrosoftOutlookmailspool),3.5GBinsizemosokosisSteveMosko,PresidentofSonyPicturesTelevision.3,550fullcontactdetails,fullnames,emailaddresses,homeaddresses14,944sentemailsEmailcontentsincludeaccountinformation,passwordresetmails,personalemails,flightandtravelarrangementsAlsoincludesdiscussionsaboutinternaloperationswithinSony,the2013BreakingBadBlurayleak,discussionsaboutusingtorrentsandtheAXNnetworktodistributeHannibalEmailsfromfriendsandotherSonystaffaboutTVshowtorrentsanduploadstoYouTube,includingBreakingBad,KingofQueens,andHannibal.

05_A.rar

APascal1.ost(AMicrosoftOutlookmailspool),3.78GBinsizeAPascalisAmyPascal,CoChairman,SonyPicturesEntertainmentandChairman,SonyPicturesEntertainmentMotionPictureGroupOver5,000emailsincludedMostrecentInboxemailisfromNovember23,2014(likelywhenthemailspoolwastaken)Emailsconsistofsonyemployeerelations,personalinvoices,andpersonalemailsIncludestalkanddealsaboutupcomingmoviesContainscurrentandclosingbusinessdeals

ViewoftheAPascal1.ostOutlookmailspoolshowingthefolders:



Speculationandanalysisoftheoriginalcompromisemethodisongoing.TheRegisterreportsthatKasperskyhaspublisheddetailsonthemalwarethatallowedtheattackerstogainafootholdintotheorganization.Accordingtotheresearchers,themalwarehasbeennamedBKDR_WIPALLbyTrendMicroandDestoverbyKaspersky(whichelicitedawarningfromtheFBI),andwaspreviouslyseeninattacksagainstSaudiAramcobytheWhoIsTeamin2012.Kasperskyresearcherswentontosaythatthisbacksclaimsthatthemalwarewasusedinthe2013DarkSeoulattacks,possiblylinkingthesamegrouporgroupstoamultiyearcampaignofhighprofilecomputerintrusions.

SeeminglyunrelatedtotheGOPbreachofSonyPictures,butcoincidentalintiming,theSonyPlayStationNetworkappearstobesufferingtheirownproblemsasagroupcalledLizardSquadistakingcreditforacoordinatedlargescaledenialofserviceattack,thatfollowsapreviousoneAugustofthisyear.ViaTwitter,SonyPlayStationNetworkhasacknowledgedthatcustomersareexperiencingproblems,butdonotspecificallycitewhy.

CulverCitySonyemployeeswillbebriefedbytheFederalBureauofInvestigation(FBI)onWednesdayregardingtherecentattacks,accordingtotheHollywoodReporter.MichaelLynton,EntertainmentChiefatSony,hasalsocalledforanallhandsmeetingonFridaytofurtherdiscusstheissue.

RealityandtheBlameGame(December9)

Generallywhenahighprofilewidescopebreachoccurs,newsoutletsandsomesecuritycompaniesarequicktosayitwastheworkofanadvancedattacker,andthatthebreachisunprecedented.AccordingtoMashable,MichaelLynton(SonyPicturesCEO)sentalettertoallemployeesfeaturingaletterfromKevinMandia,ofMandiant,thecompanyhiredbySonytoinvestigatethebreach.Anexcerptfromtheletter:

Thisattackisunprecedentedinnature.ThemalwarewasundetectablebyindustrystandardantivirussoftwareandwasdamaginganduniqueenoughtocausetheFBItoreleaseaflashalerttowarnotherorganizationsofthiscriticalthreat,KevinMandia,MandiantSecurityConsulting

AllanalysistodatesuggeststhemalwarewasnotuniquetoSony,andmayhavebeenusedseveraltimesbefore.Tryingtosuggestthatmalwarethatevadesindustrystandardantivirussoftwareisunprecedentedisridiculous.Antivirussoftwareroutinelyfailstoidentifymalwareduetothearchaicsignaturebasedmodeltheyuse.Thesoftwareonlydetectswhatitknowstolookfor,andwithafewtinychanges,oldmalwarecanbemadeundetectableagainuntilanewsignatureiscreatedandpushedtocustomers.Thatsubscriptionmodelistheprofitcenteroftheantivirusindustry,andtheyhavelittlereasontoimproveit.Further,suggestingthisbreachwasunprecedentedtothesizeandscopesimplyisnttrueeither.Largescalecompromiseslikethishitthenewseveryyear.

IfyourecallonDecember4th,Re/codepublishedanarticlesayingthatSonywassettoofficiallyblameNorthKoreafortheattacks.Jumptotoday,amere5days



later,andtheFBIisofficiallysayingthereisnoattributiontoNorthKoreaaccordingtoReuters.

ThereisnoattributiontoNorthKoreaatthispointJoeDemarest,AssistantDirectoroftheFBICyberDivision

IthasalsocometolightviaMashable,viatheleakedemailarchivesfromthefourthleak(December8),thatMichaelLynton(CEO),AmyPascal(Chairman),andotherexecutivesreceivedanemailfromhackerscallingthemselvesGodsApstls.Intheemail,quotedbelow,thegroupthreatensgreatdamagetoSonyPicturesunlessfinancialcompensationwasprovided:

WevegotgreatdamagebySonyPictures.

Thecompensationforit,monetarycompensationwewant.

Paythedamage,orSonyPictureswillbebombardedasawhole.

Youknowusverywell.Weneverwaitlong.

Youdbetterbehavewisely.

FromGodsApstls

ThisgoesagainstsubsequentpostsfromtheGuardiansofPeace(GOP)whosaidtheintrusionwasrelatedtothereleaseofthemovie,TheInterview.Atthispointitisnotclearifasinglecoordinatedgroupofattackersischangingtheirpublicpersonaoriftherearemorethanonegroupthathaveaccesstothenetwork.

MorefalloutfromtheSonyPicturescompromisecomesintheformoftheattackersusingSonyscertificatestodigitallysigntheDestovermalware.AsreportedbyKasperskyLabs,thesignedmalwareappearedonDecember5thandwillresultinadditionalmalwarebeingsigned,andlikelyrendersubsequentattacksmoreeffective.[Update:Itturnsoutthiswasaprankcarriedoutbyasecurityresearcher,whofiguredoutthepasswordofthecertificate(sameasthefilename),anddecidedtosignthemostamusing/ironicthinghecouldthinkof,themalwareitself.Wearealsotoldthatthreeothercertificatesusedapasswordofpassword.]

MyLifeAtTheCompany,Part1(December10)

Nowthatjournalistsandsecuritycompanieshavehaddaystoreviewtheincredibleamountofleakeddata,analysishasshiftedtofocusmoreonthecontentsoftheemailsofAmyPascal,CoChairman,SonyPicturesEntertainmentandSteveMosko,PresidentofSonyPicturesTelevision.ThishasrevealedodddetailssuchasSonycontinuingtomakeconsiderablemoneyfortheshowSeinfeld,SonyexecutivesconcernedovertheendingofthemovieTheInterview,andthatGeorgeClooneyisverysavvy.

TodayalsobroughtthefifthleakofdatafromtheGuardiansofPeace(GOP),titledGiftofSonyfor5thday:MyLifeAtTheCompanyPart1.Asbefore,theleakeddatawasuploadedtovariousbittorrenttrackingwebsiteswiththedownloadconsistingoffive1GBparts

TodayGOPappearstoofreleasedanotherdropofdatathistimetitledGiftofSonyfor5thday:MyLifeAtTheCompanyPart1.Theleakhasbeenuploadedtoviatorrenttrackersandthe.torrentfileuploadedinasinglerarfiletosmallerfilehostingwebsitesasbefore.

Thetorrentfileconsistsof5parts,all1GBandinRARformat(spe_05_01.part[15].rar).TheGOPhavealsoincludedanewstatementwiththisdisclosure,againdirectedatSonyPicturesemployees.Themessagestatesthattheystillhavelargeamountsofinformationtodisclose,includingpersonalinformationandmoreemailspools.Thestatementreads:

ToSPEemployees.SPEemployees!DontbelievewhattheexecutivesofSPEsays.TheysayasiftheFBIcouldresolveeverything.ButtheFBIcannotfindusbecauseweknoweverythingaboutwhatsgoingoninsidetheFBI.Westillhavehugeamountofsensitiveinformationtobereleasedincludingyourpersonaldetailsandmailboxes.IfcontinuedwrongdoingsoftheexecutivesofSPEdriveustomakeanunwanteddecision,onlySPEshouldbeblamed.Nowisthetimeforyoutochoosewhattodo.Wehavealreadygivenmuchtimeforyou.

ThenewlyleakeddataincludesinformationaboutSonysantipiracyefforts,entertainmentdealsintheworks,internalproceduresrelatedtotrackingtorrentsandotherillegaldownloading.ItalsocontainsadocumentthatoutlinesSonyscooperationwith5majorInternetServiceProviders(ISPs)tocollectfulldataformonitoringillegaldownloads.Inaddition:

MotionPictureAssociationofAmerica(MPAA)listofoutstandingissuesandotherpiracyrelatedinformation.EnhancedContentProtectionproposals,drafts,anddocuments.PotentialMiddleEastpartnershipdealsfrom2012.WagesofinternationalemployeesfromSonyAustraliaandSonyChinaContactinformationofmorethan2,500employees,additionaldigitalcertificates,documentsonInternetsecurity,securityadvisoriesthatmayimpactSonysystemsResearchdocuments,internalinformationaboutSonycamerasbeingproduced,NATOStudioAugust2014TechMeetingsAgendawithtalksaboutnewtechnologybeingproducedbySonyProjectnondisclosureagreements,budgets,financialforecastsfor20132015,informationaboutprojectsschedules,deals,costs,profits,advertisingrevenue,andadvisorfees.

AntipiracyinformationfromGoogle,YouTube,Netflix,andFarncombeincluding:

TotalnumberofnoticessenttoISPswith100%successrate(2,537,932)Alertssenttosubscribers(1,475,848)Alertsthatwerenotsentbutshouldofbeen(41,917)Abreakdownofwhichcontent,howmanytypesofalertssent,andacknowledgementsfor2012,2013,and2014Confidentialdocumentsoutliningdeals,proceduresformonitoring,andservicesprovidedbyFarncombeLargeamountofproposalstoGoogle,YouTube,andotherservicesabouthowtocensorsearchresults,removecontentfromitssearchContentprotectiondocumentation



DocumentsandinternaltrackingofconsolehackinginformationforthePlayStationincluding:

27thChaosCommunicationsCongress(CCC),Consolehacking2010,PS3Epicfail.VerisignFraudAlert:Phishingthelatesttacticsandpotentialbusinessimpact.BHUSA09MarlinspikeDefeatSSLPAPER1us14RosenbergReflectionsOnTrustingTrustZoneWP

Avarietyofdocumentsonrelationswiththefollowingcompanies:AXN,AMCNetworks,HoytsAustralia,AnimaxUK,Channel5UK,Chello,GrupoClarin,2waytraffic,Dailymotion,ComedyTime,DirecTV,Crackle,Apple,iTunes,Google,YouTube,Hotfile,BBC,BITAG,Telstra,Rogers,Showtime,Sky,Skype,SNEI,Telus,Tesco,VirginMedia,TVN,Verizon,Telefonica,TTNET,Turner,TrueNet,Videotron,VUDU,Voole,Redline,andSingNet.Thedataondealsisextensivetosaytheleast.Belowisasmallsamplingofthefoldersanddocuments:

AftertheseriesofincidentswithSonyin2011,manyanalystswerecuriousabouthowitwouldaffectSonysstockprice.BetweenApril4,2011andOctober12,2011,Sonysstockpricedroppedfrom$31.45to$20.06.Thatbegsthequestionifthisroundofincidentsisalsoaffectingtheprice.



HereweseethestockvaluebetweenNovember25th,whenthebreachbecamepublic,andtoday.Notethatinourexperience,wefrequentlyseestockpricesdropasanimmediatereactiontosuchevents,butoftenreturntotheoriginalvaluewithinthreemonths.

YesterdaywereportedthatattackershadusedaSonydigitalcertificate(spe_csc.pfx)tosignthemalwarebelievedtohavebeenusedinthecompromise.Ithascometolightthatthiswasactuallyaprankofsorts,carriedoutbysecurityresearcherswhofiguredouttheeasytoguesspasswordsprotectingthecertificates.RBShasseenaportionofthechatloginwhichtheyguessthepasswords.AfterplacingthesignedmalwareonVirusTotal,Kasperskyapparentlymadetheassumptionthatitcamefromtheattackers.SteveRagansummarizedtheprankinanarticlelastnight,andColinKeigherwhowasclosetothesourceoftheprank,publishedablogthismorninggivingadditionaldetails.

Perhapsthemostinterestingdevelopmentthoughisthepossibledoxxing(publishingpersonalinformation)oftheSonyhackers.ViatwoPastebindocuments,therealname,address,nickname,birthday,andotherpersonaldetailsoffivepeoplearelisted.Giventhelackofprovenanceforthisinformation,RBSisnotgoingtofurtherpropagateit.Theintroductiontextgivesasummaryoftheallegedhackers:

SonyhackersDX.theyhackersfromTunisiaHackerTeambutcoveringasGuardiansofPeaceforopWeekofHorrortoattackUSAandsupportSyriaandgovermentsthatfightUSA(china,korea,iran).

AnotherDay,AnotherEmailSpool(December10)

TodayalsobroughtthesixthdisclosurefromGOP,asinglefilenamedsony6.rar,thatwasuploadedtobittorrenttrackingandfilesharingsites.Asusual,thefilewasquicklyremovedfromthefilesharingsites.Thefilecontainsanothermailspoolnamedlweil00.ost,whichbelongstoLeahWeil,SeniorExecutiveVicePresidentandGeneralCounselforSonyPicturesEntertainment.Somedetailsaboutthe3.84GBmailspoolincludealistoffolders,numberofemails,andabriefsummaryofthecontent.

Someofthefoldernamesandmailcount:

Admin:56Alertline:286AuditReports:28Calendar:6,815Compliancedept:45Contacts:178Conversationhistory:2Deleteditems:4,296DesignatedEmployeeNotice:59DivisionHeadMeetings:205Executivecomp:60Inbox:41,229Secfilings:30SECFCPA:102Sentemails:36,586SPEBoard:19SPESubsidiariesReport:3Legal:78



Brieflistofhighlights:

Deletedmailcontainsemailretentionorders(currentfinancialinformationemailneedtobeheldfor6yearsasof15thjan2015thatwillchangeto2yearsforallemailsunlessonlegalhold)SKYPerfectTVdataleakedJuneofthisyear,including10,000customersname,emailaddresses,addresses,phonenumbers,PayTVaccesscontrolnumbers(Bcas#),ICcards,andsubscriptioninformationwhichmayincludepaymentdetails.(SKYPerfecTVisresponsibleforpartsofAXN,ownedbySony.)DiscussionswithPaulaAskanasandothersaboutuploadingfaketorrentstofrustratewouldbepirates.InstructionsforhowtorespondtopreviousSonyhackingincidentswithapprovedwordingforTwitterandFacenook.Extensivecommunicationsaboutthe2011/2012attacksagainstSonybyAnonymous,includingthe#opsonythreat,sharingpastebinlinkspertainingtoSony,vulnerabilitiesonSonysites(e.g.Subject:FW:ALERTANONYMOUSTHREATXSSexploitedonscajobs.sony.com!!),detailsofinternalinvestigationsabouthackingincidents,andemployeesattemptingtogeolocatethehackersandmatchtheirhandlestootheraliases.InternalconcernthatMarkZuckerbergmightsueSonyoverthemovieTheSocialNetwork.CorrespondencebetweenSonystaffaboutGeorgeClooneywantingtodirectamoviebasedonHackAttack.ConcernsareexpressedoverpotentiallegalissuesifmediagiantRupertMurdochsnameisusedwithinthemoviesinceitsbasedonarealstory.EmailsaboutpreviousSonybreachesincludingSPE,SonyPlayStation,andotherdivisionsofthecompany.EmailsaboutharassingcallsfromANTISOPAprotestors.

Giventheseverityofthisbreach,alongwiththehistoryofpreviousSonyincidents,itisworthrememberingthefirstpartofa2007articletitledYourGuideToGoodEnoughCompliancebyAllanHolmes.Itisagoodreminderthatsecurityisnotjusttechnology,butamindset,andthatfailingtoworktowardasecureenvironmentmayhavelonglastingrepercussions.

CelebrityGossipandHackingBack(December11)

ThecultureofwatchingcelebrityliveshascaptivatedtheTVwatchingaudienceforyearsnow,withrealityshowsdominatingnewsandairtime.WiththeSonyPicturesexecutivemailspoolsbeingleakedoverthelastfewdays,thoseanalyzingthecontentsarerunningintoemailsfromhighprofileactorsandactressesthatcommunicatewiththem.Aspreviouslymentioned,GeorgeClooneytakesahardline,intelligentapproachtoemailsandknowingthecontentscouldleakout.

NowwelearnofdramabetweenAmyPascalandScottRudinoverthehighlyanticipatedupcomingbiopiconSteveJobs,inwhichthereisseriousdisagreementoverAngelinaJoliesdisappointmentthatdirectorDavidFincherwouldbeinvolvedinJobsinsteadofherownmovie,Cleopatra.DespitethedifferencesbetweenPascalandRudin,theleakedemailsshowtheydohaveonethingincommon:jokingaboutPresidentObamasrace.InanotherexchangebetweenPascal,MichaelLynton,andClintCulpepper,theyarecandidintheirfeelingsforanactoraskingformoremoneytopromoteamovieviasocialmedia:

Imnotsaying[KevinHarts]awhore,buthesawhore.ClintCulpepper(President,ScreenGems)

Withtheleakedemails,thepublicisalsolearningawidevarietyofpersonalinformationaboutcelebrities.Inadditiontoemailaddresses,analystsarefindingoutaliasescelebritiesusewhentraveling,phonenumbers,andmore.TheseincludeBradPitt,JuliaRoberts,TomHanks,andmoreaccordingtoSophos.

Changingtracks,theotherinterestingdevelopmentishowpeoplearereactingto,andlabelingSonyseffortstocurbpiracy.Morespecifically,someareconsideringand/orlabelingtheactionsasadenialofservice(DoS)attack.Inusingthatterm,theyareeffectivelysuggestingthatSonystacticsareillegal.ThetacticsinquestionarebasedonSonyusinghostedserverstopolluteabittorrentswarm,makingthedownloadingoftheillicitfiles(inthiscasetheleakeddata)moredifficult.Byintroducinghundredsorthousandsofpeersthatadvertisetheyhavepartsofthefile,andthenfailingtosendthem,wouldbedownloadersexperienceconsiderablyslowerrates.Insomecasesthiscausesthemtogiveuponthedownloadcompletely,andinothercasesmaymeanthedownloadcouldtakemorethanaday,ratherthananhourorthree.

Theuseofthetermdenialofserviceappearstooriginateinanarticlefromre/code,wheretheysaythatSonyisusinghundredsofcomputersinAsiatoexecutewhatsknownasadenialofserviceattackonsiteswhereitspilfereddataisavailable.Technically,thisistrueasadenialofserviceattackisjustthatitdeniessomelevelofservicetousers.However,inthiscaseSonyisattemptingtodenypeoplefromobtainingtheleakeddatafromtheirnetwork.Isthislegal?BasedonourunderstandingofU.S.computercrimelaws,theiractionsdonottechnicallyviolatetheComputerFraudandAbuseAct(CFAA,specifically18U.S.Code1030).However,accordingtotheDepartmentofJusticemanualonprosecutingcomputercrime,thismaybeupforinterpretationbyadistrictattorneyasfaraswhatconstitutesalegitimateuser:

Intruderscaninitiateadenialofserviceattackthatfloodsthevictimcomputerwithuselessinformationandpreventslegitimateusersfromaccessingit.[..]Prosecutorscanusesection1030(a)(5)tochargeallofthesedifferentkindsofacts.

Thisboilsdowntowhetherjournalistscanpublishthecontentsofmaterialthatwereillegallyobtainedbyathirdparty.TheStudentPressLawCenter(SPLC)maintainsagreatsummaryofthisissueandcitestheSupremeCourts2001decisionBartnickiv.Vopper,whichstruckdownwiretappingstatutesthatprohibitedthedisclosureofillegallyinterceptedcommunications.Withthisinmind,thenanyoneattemptingtodownloadtheleakedSonydata*are*legitimateusersandSonyseffortstodenythatservicemayviolatetheCFAA.Werenotlawyersandthisiscertainlyacasefullofgray,notblackandwhite.

TheonethingwecansaywithcertaintyisthatusingthetermDenialofService(DoS)orDistributedDenialofService(DDoS)areloadedterms,astheyaretypicallyusedtotodescribeeitheratechnicalattackagainstasystem(whereintentandethicsarentpartofthediscussion),ortheactionsofacriminal.ThisterminologygetsfurtherconfusingandmisleadingwhenitisaccompaniedwithphraseslikeWhenthehackeebecomesthehackerInasomewhatamusingtwisttotheongoingSonyPictureshackormoreaggressivewordinglikeSonyPicturesisemployinghackingtechniques,sincethisbeginstoascribespecificcriminalnotionstotheiractions.TheonethingSonyisdoingrightinallthismess,isdenyingeverything.

Debates,Goliath,andApologies(December12)

Wheneveralargebreachoccursandinvolvesthedisclosureofpersonalemail,evenifprofessional,severaldebatesreemerge.Thefirstrevolvesaroundtheethicsofreadingprivateemails.Ononehandthoseemails,whilepublic,werenevermeanttobepublished.Ontheotherhand,quitesimply,theyweremadepublic.Thisisnotadebatethatwillbewonasbothsideshavevalidpoints.Onethingtokeepinmindishowyouwouldfeelifyouremailswereleaked.RBShasbalancedthisdilemmabyanalyzingthemetadata(e.g.mailboxsize,numberofmails)ratherthanthecontent.Instead,wemakeobservationsaboutwhatothershavepublishedregardingthecontentandlinktotheirarticles.

Theseconddebatethatcropsbackupistheethicsofdownloadingstolencontentsuchasemails.Asmentionedonyesterdaysupdate,theSupremeCourt2001decisioninBartnickiv.Voppersaysthatdownloadingandusingstolenmaterialsuchasemailislegalforjournalists.However,currentintellectualproperty(IP)andcopyrightlawcouldtriviallychallengethatrulingifweretoreappearinfrontoftheSupremeCourt.Regardlessofthatdecision,KashmirHillremindsusthatsimplydownloadingthestolencontentmaypromptavisitfromfederalauthorities.NotonlyhasDanTentler(@viss)beenvisited,butSteveRaganhasalsohadaruninwith



theFBIovertheSonymaterial.Wehavelittledoubtthattheyarenottheonlytwotohavebeenvisited.WealsowanttoremindtheFBIthatvisitingjournalistsandresearcherswhoaredownloadingandanalyzingthematerialarenotwhoyouarereallyafter.AssumingyouaretryingtocatchtheindividualsthatactuallycompromisedSonysnetwork.Ifyoutreatthemassourcesinsteadofpersonsofinterest,youmayfindtheycanassistyouwithyourjob.

Thethirddebatethattendstocomeupamongjournalistsisifanalysisorsnippetsofsuchemailsshouldbepublishedafterdownloadingandreading.VarietyweighsinonthistopicinanarticletitledWhyPublishingStolenSonyDataisProblematicButNecessary.Whilesomeofthematerialcomingoutoftheleaksisverypersonalandembarrassing(e.g.racialjokes,callingprofessionalsobscenenames),suchleakscanalsoleadtoinformationthatisspecificallyofinteresttothepublicandshouldnotbekeptbehindcloseddoors.

Onthebadsideofsuchdisclosures,weseethattheleaksarerevealingverysensitiveinformationsuchasemployeeschildrenhealthinformationincludingspecialneeds,diagnoses,andtreatments.Theleaksfurthergoontorevealbirthdates,gender,healthconditions,andmedicalcostsforasmanyas34Sonyemployees,accordingtoBloomberg.Onthegoodsideofsuchdisclosures,wefindoutthattheMPAA,inconjunctionwithsixstudios,allegedlyplanstopayelectedofficialstoattackGoogleinanefforttocurbpiracydubbedProjectGoliath,accordingtoTechDirtandTheVerge.Thesetwothingsareprettymuchtheoppositeendsofthespectrumontheharmversusvalueofleakeddata.

Finally,afterweeksofsilence,oneSonyexecutivehasbrokentheirsilenceandgoneonrecordabouttheleakedemails,albeitbriefly.AmyPascal,CoChairman,SonyPicturesEntertainment,hasapologizedandgivenanexplanationfortheraciallyinsensitivecommentsdirectedatPresidentObama.Foodforthoughtthisweekendifyouremailwaspublished,whatwouldyouhavetoapologizefor,ifanything?

MyLifeAtTheCompany,Part2(December13)

TodaybroughttheseventhleakofdatafromtheGuardiansofPeace(GOP),titledMyLifeAtTheCompanyPart2.ThisfollowsaPastebinpostinwhichtheywarnSonyexecutivesthatanimportantmessagehasbeensenttothem:

byGOP

Important

MessagetoSPEexecutives

Ivesentyouamessage.Confirmyourmailboxes.

ThePastebinpostwithlinkstothenewlyleakedinformationfromSonynetworksisaccompaniedbyanothermessagesayingthatupcomingChristmasleakswillcontainlargerquantitiesofdataanditwillbemoreinteresting.OnethingthatisalreadyinterestingisthatGOPsaysifanyonesendsanemailtitledMerryChristmastooneoffiveprovidedemailaddresses,theywilltakerequestswithwhatshouldbeintheupcomingleak:

WearepreparingforyouaChristmasgift.Thegiftwillbelargerquantitiesofdata.Anditwillbemoreinteresting.ThegiftwillsurelygiveyoumuchmorepleasureandputSonyPicturesintotheworststate.PleasesendanemailtitledbyMerryChristmasattheaddressesbelowtotelluswhatyouwantinourChristmasgift.

Theactualdataleakedtodayappearsconsistsof6.45GBofuncompresseddata,distributedviabittorrentlinksthatdonotappeartobeseedingfromsame54IPaddressespreviouslyseen.Thedataconsistsof6,560filesthroughout917folders.Ascreenshotshowingasamplingoftheleakeddata:

Averybriefanalysissuggeststhisleakcontains:



Sonyinternaldocumentsfortrackingdeals,expenditures,andrevenue.CompleteworkingfoldersforJimUnderwood(likelyexSonyExecutiveVP,WorldwideDigitalandCommercialStrategy[LinkedInProfile])DocumentsrelatedtotheacquisitionofGrouperNetworksin2006andrelatedmaterialthefollowingyears.Manyacquisitionproposals,Sonysperspectiveontheprosandconstothedeals,companiesofinterest,andpotentialprofit,includingLeftBankPictures.Draftsonthebestwaystobattlepiracy,from2009on.EnhancedContentProtectionOverviewwrittenbyChrisOdgerscompleteanalysisofpossibilitiesofbreaches,exploits,detection,andpreventionmethodsfordatastreamingservicestopreventhijacking.EmailsaboutAustralianTVnotbeingfinalizedbeforescreeningstarted.ThisappearstoberelatedtotherecentrunofolderAmericanTVshowslikeStarksyandHutch.BreachmonitoringandrevocationrulesforPhase1ServiceiftheF1Boxishacked.BusinessdocumentsanddealingswithAbril.comoutofBrazil.

Asotherresearchersandjournalistsperformamoreextensiveanalysis,wewillprovidelinks,summaries,andcommentaryonit.

BetweenSonyseffortstohinderacquiringthedataviathetorrents,andthefilesharingsitesrapidlyremovingleakeddata,somepeoplehavebeguntomaketheirownarchivesoftheleakeddataonadditionalsites.SomeofthemarebeingsharedviaTwitterandothersviaadditionalfilesharingsites.

Followinguponthelegalangle(coveredonDecember11update),BetabeathaspublishedanarticletitledNoGrayArea:ItsDefinitelyNotOKtoPublishEmailsFromtheSonyHackinwhichtheypointoutthemoralandethicalissuewithdisclosingdetailsoftheleakeddata.TheyarguethatavarietyofnewsoutletsincludingPerezHiltoncalledthedisclosureofcelebritynudephotosacrime,whilehavingnoissuepublishingprivateconversationsfromSonyexecutives.Thisisaninterestingobservationasitappearstoestablishthelinebetweenacceptable(leakedemails)andtaboo(nudecelebrityphotos)forjournalists.Wearesurethatthisisadebatethatwillrageonforsometime.[NotethatthePerezHiltonarticlethatmentionsthewordcrimecitesJenniferLawrencesstatementsinwhichshecalledthepublicationofherphotosasexcrime.]

BusinessInsiderhasalsopublishedanarticlecitinganITworkeremployedbyafirmthathasaccesstoSonyscomputernetworkthatsaysSonysnetworksecuritywasoutdatedandineffective.ThearticlegoesontoreferencethePasswordfolderthatcontainednumerouspasswords,butaswepreviouslynoted,thatwaslikelyatthehandsoftheattackers,notnecessarilySony.Inanotherarticlefromre/code,theyalsorevealthattheleakcontainsaveryrecentsecurityauditperformedbyPricewaterhouseCoopersLLPbetweenJuly14andAugust1.re/codereportsthattheauditfoundover100systemsthatwerenotbeingmonitoredbycorporatesecurity,whowerechargedwithoverseeingSonysinfrastructure.

RBSwillupdatethistimelinewithmoreinformationasitbecomesavailable.

FiledUnder:DataBreaches,NewsTaggedWith:GOP,GuardiansofPeace,SonyPictures

Richmond,VA(855)RBSRISKEMAILUS

Resources:

VulnDBVulnerabilityIntelligenceCyberRiskAnalyticsISO/IEC27001:2005PrecertificationConsultingYourCISOServicesSecurityIntelligenceReportsRiskAssessmentsSecurityProgramGapAnalysis

AboutUs

RiskBasedSecurity,Inc.,incorporatedin2011,wasestablishedtobettersupporttheusers/contributorstotheOpenSecurityFoundation,OSF,withthetechnologytoturnsecuritydataintoacompetitiveadvantage.

TheOSFswealthofhistoricaldata,combinedwiththeinteractivedashboardsandanalyticsofferedbyRiskBasedSecurityprovideafirstofitskindriskidentificationandsecuritymanagementtool.[ReadMore...]

LatestNews

ABreakdownandAnalysisoftheDecember,2014SonyHackDataBreachQuickViewReleasedFirstNineMonthsOf2014GeneralLiabilityvs.CyberLiabilityInsuranceWhyIsCyberLiabilityInsuranceSoDifficultForPeopleToUnderstand?HackingExposed78%OfAllRecordsCompromisedInFirstHalfOf2014JakeKounsAppearsOnEpisodeOfBoomBustRiskBasedSecurityToPresentAtBlackHatandDEFCON

TopofPage

Copyright2014RiskBasedSecurity.PrivacyPolicy.TermsofUse

Download - A Breakdown and Analysis of the December, 2014 Sony Hack

Top Related