A Breakdown and Analysis of The December, 2014 Sony Hack

13/12/2014
ABreakdownandAnalysisoftheDecember,2014SonyHack
RiskBasedSecurity
Notjustsecurity,therightsecurity.
CallUs!(855)RBSRISK|Login
AboutRBS
News
Products
Services
Research
ContactUs
Home
SecurityIntelligence
IndustrySolutions
Compliance
CyberLiability
December5,2014ByRiskBasedSecurity
Note:ThisarticleisbeingupdatedalmostdailywithnewdevelopmentsregardingtheleaksfromtheSonyPicturesbreach.Changelogofupdates:
TheBeginning(November24)
SecondRoundofLeaks(December3)
TheAnalysisGame(December4)
TheNextChapter(December5)
TheAnalysisContinues(December7)
FifteenDaysUnderSiege(December8)
RealityandtheBlameGame(December9)
MyLifeAtTheCompany,Part1(December10)
AnotherDay,AnotherEmailSpool(December10)
CelebrityGossipandHackingBack(December11)
Debates,Goliath,andApologies(December12)
OnNovember25,anewchapterwasaddedtothechroniclesofdatatheftactivity.AgroupcallingitselfGOPorTheGuardiansOfPeace,hackedtheirwayintoSony
Pictures,leavingtheSonynetworkcrippledfordays,valuableinsiderinformationincludingpreviouslyunreleasedfilmspostedtotheInternet,andvagueallegationsit
allmayhavebeendonebyNorthKoreainretributionfortheimminentreleaseofanupcomingmovietitledTheInterview.
Whilepoliticallymotivatedattacksandtheftofintellectualpropertyisnothingnew,thisincidentcertainlystandsoutforseveralreasons.First,viaaPastebinlink,the
groupreleasedapackageandlinkstotorrentfileshostedonfoursitesconsistingof26parts,brokenoutinto251GBfiles,andone894MBrarfile.Thefileswerealso
uploadedtothefilesharinggiantsMEGAandRapidgator,butremovedbysitemanagersshortlyafter.TheresearchersatRBSwereabletoaccessthefilesand
analyzethecontentpriortotheinformationgoingoffline,aswellasreachouttoGOP.
TheresultsoftheanalysisprovideunprecedentedinsightintotheinnerworkingsofSonyPicturesandleakedthepersonalinformationofapproximately4,000past
andpresentemployees.Asifthesensitiveemployeeinformationwasnttroublingenough,theleakalsorevealedcuriouspracticesatSony,suchasmoneyordersused
topurchasemovieticketsthatwereapparentlyresoldbacktoSonystaff.
TheGuardiansOfPeacemadetheircontactinformationavailableforabrieftime.RBSresearchersusedthatopportunitytocontacttothegroupseekingcommentand
receivedthefollowingresponse:
IamtheheadofGOP.
Iappreciateyouforcallingus.
Thedatawillsoongetthere.
Youcanfindwhatwedoonthefollowinglink.
ThelinkprovidedonlyledtoaFacebookpagethatwasnotinuse.Thefollowingtimelinegivesmoreperspectiveandanalysisofthedetailsoftheintrusionbasedon
informationmadeavailableviapublicsources.
TheBeginning(November24)
OnNovember24th,aRedditpostappearedstatingthatSonyPictureshadbeenbreachedandthattheircompleteinternalnetwork,nationwide,hadsignsthatthe
breachwascarriedoutbyagroupcallingthemselvesGOP,orTheGuardiansOfPeace.ThiscomesthreeyearsafteralargeseriesofattacksagainstSonybecame
public.
Withinhours,Geek.comhadreportedthatSonyjustgothacked,doxxed,andshutdownasSonywentintopanicmodeoverthebreach.Minutesaftertheoriginal
redditpostappeared,thethreadexplodedwithcommentsandfeedbackaboutthecontent.Severallinkstoadditionalfileswereincludedwithinthecommentsthat
includedtwotextfilesthatlistedadditionalfilenamesthatweresaidtobecominginasubsequentleakofinformationfromtheSonynetwork.
Inordertobetterunderstandthebreachandtheramifications,RiskBasedSecurity(RBS)reachedouttotheGuardiansofPeaceandaskedformoreinformation.
Duringthebriefemailconversation,theystatedthatadditionaldataleakswereforthcoming,andthattheyhadobtainedoveradozenterabytesofdatafromvarious
Sonyservers.Themailwentontosaythatadditionalinformationwouldbepublishedsoon,andprovidedalinktoaFacebookpagethatappearedtobeclosed.
https://www.riskbasedsecurity.com/2014/12/abreakdownandanalysisofthedecember2014sonyhack/
1/12
13/12/2014
MovieLeaks(November26th)
Afewdaysafterthetheinitialbreachreportwasannounced,fourtorrentlinkswerepublishedtotorrenttrackersthatcontainedunreleasedmoviesfromSony,
obtainedbyGOPduringtheattack.ThesetitlesincludedAnnie(December19),MrTurner(December19),andToWriteLoveOnHerArms(March2015).According
toseveraltorrenttrackingsites,thesefileshavebeendownloadedover100,000times.
OnDecember1st,NBCNewsairedasegmentreportingthattheFBIwereinvestigatingthebreachandthepossibilitythatNorthKoreawasinvolved.Whilethismay
soundfarfetchedatfirst,NorthKoreahasaclearmotiveinattackingSony.OnDecember25th,SonyisreleasingamoviecalledTheInterview,whichfollowsthe
storyoftwocelebrityTVhoststhatgetachancetointerviewKimJongun.BeforeheadingtoNorthKorea,theyareaskedbytheC.I.A.toassassinatehim.Despite
themoviebeinglabeledacomedy,NorthKoreahasstatedthatifthemovieisreleased,theywouldconsideritanactofwar.
WhentheBBCreachedouttoNorthKoreanofficialsaskingiftheywerebehindtheattackonSony,theyweregivenacuriousresponseofWaitandsee.North
KoreahadalsocomplainedtotheUnitedNationsaboutthemovieearlierthisyearinJuly,whilenotnamingitspecifically.
FirstoftheLeaks(December1)
OnDecember1st,GOPstartedpublishingthefullcacheofdatafilestakenfromSonysserverswiththefirstchunktotalingarespectable24.87GBofcompressed
files.Surprisinglyenough,theGOPappearstohaveusedcompromisedserversonSonysnetworktouploadandseedthetorrentfortheleakeddata,aswellas
uploadingittoMEGAandRapidGator.Withinhoursoftheupload,MEGAremovedalllinkstothedata.[Dec9update:subsequentanalysisbyMarioGreenly
suggestsSonyisnotseeding/uploadingdata,onlydownloadingit,likelyinanattempttoslowprogressforotherdownloaders.]
Firstleakeddatasummary,someanalysiscourtesyofIdentityFinder:
26.4GBinsize,containing33,880filesand4,864folders.
Includes47,426uniqueSocialSecurityNumbers(SSN)
15,232SSNbelongedtocurrentorformerSonyemployees
3,253SSNappearedmorethan100times
18filescontainedbetween10,860and22,533SSNeach.
Exampleofemployeedatafound:
Onefile(\HR\Benefits\MayoHealth\MayoXEROXassessmentfeed)contains402fullSocialSecuritynumbers,internalemails,plaintextpasswords,and
employeenames
Anadditional3000ormoreSocialSecuritynumbers,names,contactdetails,contactphonenumbers,datesofbirth,emailaddresses,employmentbenefits,
workerscompensationdetails,retirementandterminationplans,employeespreviousworkhistory,executivesalaries,medicalplans,dentalplans,genders,
employeeIDs,salesreports,copiesofpassportinformationandreceiptsfortravel,aswellasmoneyorderdetailstopurchasemovieticketstoresellbacktothe
Sonystaff.Theleakedinformationalsoincludeddocuments,payment,andaccountinformationtoordercustomjewelryfromTiffany&COviaemail.
SecondRoundofLeaks(December3)
Bythispoint,wecanonlyimaginehowSonywasinfullpanicmodeattemptingtorespondto,andcontainthebreach.Bythispoint,Sonyexecutiveshadconfirmed
theleakeddatawasauthentic.Themainstreammediawascomingtogripswiththeordeal,exploringideasontheramifications,andtheresultingfallout.Initial
analysisofthedatafromthefirstsetoffilesdisclosedhadbegun,astheseconddisclosureoffilesoccured.AGOPmemberidentifyingthemselvesastheleaderofthe
grouptoldRBSTodaymoreinterestingdatawillbepresentedforyou.beforepointingRBStoanewlinkcontainingadditionalfiles,aspartoftheemaildialogue
established(interestingly,onemailcamefromHushmailwhoisknowntocooperatewithfederalagencies).Thesecondleakwasconsiderablysmaller,amere1.18GB
containingtwofilesnamedBonus.rarandList.rar.Whilethefilesaresmall,theyperhapscontainthemostsensitivedatatobedisclosedbythispoint.This
includesfullsecuritycertificateinformation,internalandexternalaccountcredentials,authenticationcredentialswithplaintextpasswordsforsystemssuchastheSony
YouTubepage,UPSaccounts.
Bonus.rarfilesummary:
33.7MBcompressed
Containsplaintextcredentials(~500total),serverinformation,internalIPaddressesandotherdata.
Listofsecuritycertificatesforservers,users,andservices,andalistofwhateachcertificateisrelatedto.
CredentialsincludeYouTubelogininformationfortheSonyPictures,Spidermanmovie,EvilDeadMoive,GrownupsTheMovie,andThisistheendmovie
channels,completelistofoldersocialmediaaccountsforcampaignsonfacebookandtwitter.
121FTPplaintextcredentials,includingthemainSonyPicturesFTPserver.
PlaintextCredentialsformajornewsandmediasiteslikeNYtimes,LATimes,DailyVariety,hollywoodreporter.com,indiewire.com.
Plaintextpasswordsinformatslikesony12345forcriticalinternalandforwardfacingservices.
UsernamepasswordscombosinafilenamedMyPAsswordscontain:novell,mediataxi,inflight,fidelity,spiDR,SPIRIT,sonystylefamilycenter,FEDEX,
Connect,SPTI,AcronTASS,SPECourier,Concur,SPCPress,AIM,HRConnect,AMEX,outlookallincleartextwithusernameandpasswordcombos.
AccountingandpaymentinformationforAMEXforTheInterviewinplaintext.
AccountingandpaymentandotherrelatedcredentialsforDeathataFuneral
List.rarfilesummary:
1.8MBcompressed
ThreefilescontaininginternalandexternalPCdata,Linuxservers,andWindowsservers
TheAnalysisGame(December4)
Whenanalyzinghighprofilebreaches,itiscommonforthemediaandsecuritycompaniestomakemistakes.Thisoftenoccursduetoconflictingorunclear
informationthatseemsvalidonthesurface,butfallsapartunderheavyscrutiny.Forexample,aGizmodoarticlesaysthatSonystoredpasswordinformationina
foldercalledPassword.AbetterexplanationisthatthearchivereleasedbyGOPwascreated,andthehackersnamedthatfolder,notSony.Belowisascreenshotof
someofthecontentsofthePasswordfolderfromtheGOPBonus.rarfile:
ScheduleADemo!
2/12
13/12/2014
Asmorejournalistscommittimetocoveringthebreach,moredetailsemerge,makingthisaconstantlyunfoldingstory.Italsolendstoaformofpublicdebate,where
onejournalistmaycallintoquestionconclusionsofanother.Forexample,Wiredreleasedanarticletodaythatwentintodetailabouthowthecompromisemayhave
happened(malwaredubbedwiper)andalsocalledoutotherjournalistssayingtheNorthKoreanlinkisnotlikely.WhiletheymakegoodpointsabouttheGOP
groupandhownationstatesgenerallyconductcomputerintrusions,thereisalsothepossibilitythatitwasspecificallydesignednottolooklikesuchanattackfor
plausibledeniability.OritmaybeassimpleasNorthKoreasuggestingtheymayhavehadahandinit,tobolsterthenotionthattheyareseriouscontendersin
Internationalcomputerintrusionsforespionageandspying,liketheircounterparts.
Whatiscuriousinthisstory,isthattheFBIreleasedaFlashAlertregardingmalwarethatcomesafterthereportedattacksonSony.Thiswarningcomesverylatein
thegame,andalsoleadstomorequestionsaboutthesecurityanalystsbroughtintofigurethingsout.ThesamearticlementionsthatMandiantwasbroughtinto
addressthisbreachbeforeitbecamepublic.Yet,Mandianthasnotmadeastatementonthematter,whilebeingnotoriouslymediafriendlyinblaminghackersources,
specificallytheChinese,eveniftheymaynothavebeeninvolved.
AccordingtoRe/code,SonyissettoannouncethattheyhaveattributedtheattackstoNorthKorea,makingthisahesaid,shesaidordealintheshortterm.Forthose
interestedinmoredetailsonthemalwarefoundinSonysystemsthatmayhavebeenthepointofcompromise,ArsTechnicahasreleasedamoredetailedarticle
focusingonit.
TheNextChapter(December5)
Asmentioned,thisstoryisunfoldingeveryday.Newinformation,newperspective,andnewdeductionscomeeveryday.RiskBasedSecurityhasbeentracking
breachesforaverylongtime,andhasfrequentlyseensuchhighprofilebreachesunfoldoveryears.Aftertheinitialweeksormonthsofabreach,mostnewsoutlets
andsecuritycompaniesloseinterest.Longtermthough,partofthestoryincludestheeventualinvestigation,consultants,lawsuits,stockpricefluctuations,andmore.
Theentirepictureofamajorcompromiseistherealvalue,asthatiswherecompaniescanfullylearnoftherisksofabreach.
TodaytheGuardiansofPeacehavecontactedRBS,andlikelyothercompaniesorjournalists,withathirdlinktoleakeddataalongwithashortstatementandrequest
callingforotherstojointhem:
Anyonewholovespeacecanbeourmember.
Pleasetellyourmindattheemailaddressbelowifyoushareourintention.
PeacecomeswhenyouandIshareoneintention!
jack.nelson63vrbu1[at]yopmail.com
YoucandownloadapartofSonyPicturesinternaldatathevolumeofwhichistensofTerabytesonthefollowingaddresses.Theseincludemanypieces
ofconfidentialdata.
Thedatatobereleasednextweekwillexciteyoumore.
TheleakeddatahasbeenuploadedasBitTorrentlinkstovariousfilesharingsitesviathesamemethodsusedinpreviousdisclosures,someofwhichareservedoff
breachedSonyPicturesEC2serversaswellasbeinguploadeddirectlytotheRapidGatorfilesharingservice.Asbefore,RapidGatorquicklyremovedthedatawithin
threehoursofitbeingposted.
Thetorrentisbrokeninto22filesspanning52partswhichappeartobejustover100GBofcompresseddata.ThisleakhasbeentitledFinancialdataofSony
PicturessoitlikelycontainsfinancialdetailsofSonyPictures,thebudgetsofmovies,ormore.
BasedonthehistoryofcontactfromGOP,itappearsthateachdayanewemailaddressisused,anditsuggeststheaccountsmaybecompromisedemailaccounts.
WhetherthesearefalloutfromtheSonybreachorviaanothersourceremainsunknown.
3/12
13/12/2014
TheAnalysisContinues(December7)
TherehavebeenseveralnewsoutletsandsecurityfirmsresearchingtheSonyPicturesbreachandanalyzingthedisclosedfilesasaresultofthecompromise.An
interestingandunexpecteddevelopmentsurfacedontoday,whensecurityresearcherDanTentlerannouncedearlyinthedaythathehadhadavisitfromFBIbutwas
nothomeatthetime.
JusttowarnothersecurityfolkworkingontheSonyleakstheFBIjustvisitedmyhome.Iwasntthere,soImnotsurewhattheywanted.
Hefollowedupwithacommentthatwasmadetohiswife:
accordingtomywife,whoansweredthedoor,theystartedtheconversationwiththewordsillegallydownloading.
Mr.TentlerhasbeenconductinghisownanalysisandhasreportedontheSonyincident.Hepostedalistofnodeswheretheleakscouldbefoundwhichmayexplain
theFBIsinterestandthesubsequentillegaldownloadingcommentmadetohiswife.
Nowthatthefileshavebeendownloadedfromthepubliclyavailablesources,RBShashadachancetodoapreliminaryanalysisofthecontents.Thefollowingisa
screenshotshowingasampleofthefiles,toputitintobetterperspectivewhatisleaked.Notethatfilenamesarelogical,notdescriptiveandhumanfriendly:
These22individualfilesmakeupthreelargerfilescontainingalargesetofnewlyreleaseddata,predominantlybasedonfinancialinformation:
FileSPE_03_01.RAR(MostlyfromSonyBrasil)
30,916individualFiles,2,970Folders.16.4GB/9.99GB(Compressed)
Bankingstatements,bankaccountinformationincludingwiretransferswiftcodesetc.
Financialyearreports
Financialyearforecasts
Budgetreports
Overheadreports
Receiptandtransactionaccountstatementsofcomputerhardware,vehicle(toyotahilux,mitsubishispacewagon),caraccessoriesgoingbackto1998
InternalinformationforSonyPicturesReleasingInternationalportal,screenshots,walkthroughsandotherusageinformation.
FileSPE_03_02.RAR(FromSonyPicturesImageworks,Vancouver,andSonyPictures)
89,800Files,10,990Folders.88.6GB/48.9GB(Compressed)
AccountinginformationusingTrintechInc.software
Licensingcontracts
AccessDigital(Exyflix)
AmazonEurope
AmazonJapan
ClickpayMultimedia
Comcast
EagleEye
Gaia
Google(YouTube)
MediaVault
MGO
Microsoft
Playstation
Sena
SonyElectronics
Sonyvisualproductsin
videofutur
Yota(akamore)
Vendors(Toomanytolist)
SonyIndiaFinancialreports.
528PayrollsforImageworksCanadawithstafffullnames,contactnumbersandresidentialaddresses.
BritishColumbiaPersonalTaxCreditReturnsscansofseveralemployeeswithfullpersonalinformationincludingsocialsecuritynumber.
Photocopiesandscansofdriverlicenses,passportsandothertaxrelateddocumentsexposingabunchofpersonalcredentials,homeaddresses,fullnames,date
ofbirths,socialsecuritynumbersandmore.
FederalTaxReturns
4/12
13/12/2014
FileSPE_03_03.RAR
113,002Files,39,612Folders.57.1GB./48.1GB(Compressed)
Incidentreportswithfullnames,incidentlocations,injurysandpostionsheldwithsony.
SPEGlobalSecurityGuidelinesv2
ULtrainingusers,fullnames,addresses,emailaddressesandcommonsetcleartextpasswords
copiesofemployeementcontractsandagreemtns,passports,driverslicense,ssn,signatures.
Ongoing(December7)
TheLATimesreportedonDecember5th,andhassaidthattheFBIhaveconfirmedit,thatjusthoursbeforethe3rdleakwaspublishedonline,anunknownamountof
SonyemployeesreceivedthreateningemailswhicharebelievedtohavebeensentbytheGOP.
TheemailswhichwerewritteniswhatwasdescribedasbrokenEnglish,wantedemployeestosignastatementdisassociatingthemselveswithSony,andiftheydid
not,werewarnedthatnotonlyyoubutyourfamilywillbeindanger.AccordingtotheLATimes,theemailincludedastatementthatmakessuggeststhedigital
headachesforSonyaregoingtocontinuetoforsometimetocome.
Itsfalseifyouthinkthiscrisiswillbeoveraftersometime,theemailsaid,accordingtoacopyobtainedbyVariety.AllhopewillleaveyouandSony
Pictureswillcollapse.ThissituationisonlyduetoSonyPictures.
Addingtothespeculationabouthowthecompromisehappened,BloombergisreportingthatthecompromiseandfirstleakofdatahappenedattheSt.RegisBangkok
hotelinThailandaccordingtoanunnamedpersonfamiliarwiththeinvestigation.
FifteenDaysUnderSiege(December8)
Latelastnight,afteralongweekofpreviousdisclosures,theGOPhasreleasedthenextbatchofleakeddata.Thenewroundconsistsoffourarchivesmakingtwo
largefiles,currentlybeingseededfromserversownedbySonyPicturesasbefore.Thetorrentthatincludesallfilesisonly2.8GBthistimeandhasalsobeenuploaded
toafewfilesharingwebsites,althoughweexpectthemtobetakendownquicklylikepreviousGOPuploads.
Unlikepreviousdisclosuresthatwerestraightforward,thisgroupoffilescomesshortlyaftertheappearanceofaPastebinlink(now404)thatpurportstobefromthe
GOP,andgivesareasonfortheattacksonSonyPictures,linkingittothenowcontroversialmovie,TheInterview.Thereisspeculationthatthenewannouncement
maynotbeauthenticasitdidnotgetsentoutviathepreviouschannels,andsuggestsanalmostafterthoughtofblamingthemoviefortheiractions.Withinhoursof
thisbeingpublishedonPastebinithadbeenremovedbutwascachedbyGoogleonDecember8,201415:43:58GMT.Sincethen,thecachehasalsobeenremoved
whichmaybeduetoSonycomplaints.AccordingtoOwenWilliams,SonyhasbeensendingoutDigitalMillenniumCopyrightAct(DMCA)takedownrequests
relatedtothebreachandsubsequentdisclosures.RBSmanagedtocapturethetextbeforeitwasremovedfrombothPastebinandGooglecache:
byGOP
WearetheGOPworkingallovertheworld.
WeknownothingaboutthethreateningemailreceivedbySonystaffers,butyoushouldwiselyjudgebyyourselfwhysuchthingsarehappeningandwho
isresponsibleforit.
MessagetoSONY
WehavealreadygivenourcleardemandtothemanagementteamofSONY,however,theyhaverefusedtoaccept.
Itseemsthatyouthinkeverythingwillbewell,ifyoufindouttheattacker,whilenoreactingtoourdemand.
Wearesendingyouourwarningagain.
Docarryoutourdemandifyouwanttoescapeus.
And,StopimmediatelyshowingthemovieofterrorismwhichcanbreaktheregionalpeaceandcausetheWar!
You,SONY&FBI,cannotfindus.
Weareperfectasmuch.
ThedestinyofSONYistotallyuptothewisereaction&measureofSONY.
Thefollowingisasummaryofthefourthleak:
05_01.rar
mosokos.ost(AMicrosoftOutlookmailspool),3.5GBinsize
mosokosisSteveMosko,PresidentofSonyPicturesTelevision.
3,550fullcontactdetails,fullnames,emailaddresses,homeaddresses
14,944sentemails
Emailcontentsincludeaccountinformation,passwordresetmails,personalemails,flightandtravelarrangements
AlsoincludesdiscussionsaboutinternaloperationswithinSony,the2013BreakingBadBlurayleak,discussionsaboutusingtorrentsandtheAXNnetworkto
distributeHannibal
EmailsfromfriendsandotherSonystaffaboutTVshowtorrentsanduploadstoYouTube,includingBreakingBad,KingofQueens,andHannibal.
05_A.rar
APascal1.ost(AMicrosoftOutlookmailspool),3.78GBinsize
APascalisAmyPascal,CoChairman,SonyPicturesEntertainmentandChairman,SonyPicturesEntertainmentMotionPictureGroup
Over5,000emailsincluded
MostrecentInboxemailisfromNovember23,2014(likelywhenthemailspoolwastaken)
Emailsconsistofsonyemployeerelations,personalinvoices,andpersonalemails
Includestalkanddealsaboutupcomingmovies
Containscurrentandclosingbusinessdeals
ViewoftheAPascal1.ostOutlookmailspoolshowingthefolders:
5/12
13/12/2014
Speculationandanalysisoftheoriginalcompromisemethodisongoing.TheRegisterreportsthatKasperskyhaspublisheddetailsonthemalwarethatallowedthe
attackerstogainafootholdintotheorganization.Accordingtotheresearchers,themalwarehasbeennamedBKDR_WIPALLbyTrendMicroandDestoverby
Kaspersky(whichelicitedawarningfromtheFBI),andwaspreviouslyseeninattacksagainstSaudiAramcobytheWhoIsTeamin2012.Kasperskyresearchers
wentontosaythatthisbacksclaimsthatthemalwarewasusedinthe2013DarkSeoulattacks,possiblylinkingthesamegrouporgroupstoamultiyearcampaignof
highprofilecomputerintrusions.
SeeminglyunrelatedtotheGOPbreachofSonyPictures,butcoincidentalintiming,theSonyPlayStationNetworkappearstobesufferingtheirownproblemsasa
groupcalledLizardSquadistakingcreditforacoordinatedlargescaledenialofserviceattack,thatfollowsapreviousoneAugustofthisyear.ViaTwitter,Sony
PlayStationNetworkhasacknowledgedthatcustomersareexperiencingproblems,butdonotspecificallycitewhy.
CulverCitySonyemployeeswillbebriefedbytheFederalBureauofInvestigation(FBI)onWednesdayregardingtherecentattacks,accordingtotheHollywood
Reporter.MichaelLynton,EntertainmentChiefatSony,hasalsocalledforanallhandsmeetingonFridaytofurtherdiscusstheissue.
RealityandtheBlameGame(December9)
Generallywhenahighprofilewidescopebreachoccurs,newsoutletsandsomesecuritycompaniesarequicktosayitwastheworkofanadvancedattacker,and
thatthebreachisunprecedented.AccordingtoMashable,MichaelLynton(SonyPicturesCEO)sentalettertoallemployeesfeaturingaletterfromKevinMandia,
ofMandiant,thecompanyhiredbySonytoinvestigatethebreach.Anexcerptfromtheletter:
Thisattackisunprecedentedinnature.Themalwarewasundetectablebyindustrystandardantivirussoftwareandwasdamaginganduniqueenoughto
causetheFBItoreleaseaflashalerttowarnotherorganizationsofthiscriticalthreat,KevinMandia,MandiantSecurityConsulting
AllanalysistodatesuggeststhemalwarewasnotuniquetoSony,andmayhavebeenusedseveraltimesbefore.Tryingtosuggestthatmalwarethatevadesindustry
standardantivirussoftwareisunprecedentedisridiculous.Antivirussoftwareroutinelyfailstoidentifymalwareduetothearchaicsignaturebasedmodeltheyuse.
Thesoftwareonlydetectswhatitknowstolookfor,andwithafewtinychanges,oldmalwarecanbemadeundetectableagainuntilanewsignatureiscreatedand
pushedtocustomers.Thatsubscriptionmodelistheprofitcenteroftheantivirusindustry,andtheyhavelittlereasontoimproveit.Further,suggestingthisbreachwas
unprecedentedtothesizeandscopesimplyisnttrueeither.Largescalecompromiseslikethishitthenewseveryyear.
IfyourecallonDecember4th,Re/codepublishedanarticlesayingthatSonywassettoofficiallyblameNorthKoreafortheattacks.Jumptotoday,amere5days
6/12
13/12/2014
later,andtheFBIisofficiallysayingthereisnoattributiontoNorthKoreaaccordingtoReuters.
ThereisnoattributiontoNorthKoreaatthispointJoeDemarest,AssistantDirectoroftheFBICyberDivision
IthasalsocometolightviaMashable,viatheleakedemailarchivesfromthefourthleak(December8),thatMichaelLynton(CEO),AmyPascal(Chairman),and
otherexecutivesreceivedanemailfromhackerscallingthemselvesGodsApstls.Intheemail,quotedbelow,thegroupthreatensgreatdamagetoSonyPictures
unlessfinancialcompensationwasprovided:
WevegotgreatdamagebySonyPictures.
Thecompensationforit,monetarycompensationwewant.
Paythedamage,orSonyPictureswillbebombardedasawhole.
Youknowusverywell.Weneverwaitlong.
Youdbetterbehavewisely.
FromGodsApstls
ThisgoesagainstsubsequentpostsfromtheGuardiansofPeace(GOP)whosaidtheintrusionwasrelatedtothereleaseofthemovie,TheInterview.Atthispointit
isnotclearifasinglecoordinatedgroupofattackersischangingtheirpublicpersonaoriftherearemorethanonegroupthathaveaccesstothenetwork.
MorefalloutfromtheSonyPicturescompromisecomesintheformoftheattackersusingSonyscertificatestodigitallysigntheDestovermalware.Asreportedby
KasperskyLabs,thesignedmalwareappearedonDecember5thandwillresultinadditionalmalwarebeingsigned,andlikelyrendersubsequentattacksmore
effective.[Update:Itturnsoutthiswasaprankcarriedoutbyasecurityresearcher,whofiguredoutthepasswordofthecertificate(sameasthefilename),and
decidedtosignthemostamusing/ironicthinghecouldthinkof,themalwareitself.Wearealsotoldthatthreeothercertificatesusedapasswordofpassword.]
Nowthatjournalistsandsecuritycompanieshavehaddaystoreviewtheincredibleamountofleakeddata,analysishasshiftedtofocusmoreonthecontentsofthe
emailsofAmyPascal,CoChairman,SonyPicturesEntertainmentandSteveMosko,PresidentofSonyPicturesTelevision.ThishasrevealedodddetailssuchasSony
continuingtomakeconsiderablemoneyfortheshowSeinfeld,SonyexecutivesconcernedovertheendingofthemovieTheInterview,andthatGeorgeClooneyis
verysavvy.
TodayalsobroughtthefifthleakofdatafromtheGuardiansofPeace(GOP),titledGiftofSonyfor5thday:MyLifeAtTheCompanyPart1.Asbefore,the
leakeddatawasuploadedtovariousbittorrenttrackingwebsiteswiththedownloadconsistingoffive1GBparts
TodayGOPappearstoofreleasedanotherdropofdatathistimetitledGiftofSonyfor5thday:MyLifeAtTheCompanyPart1.Theleakhasbeenuploadedto
viatorrenttrackersandthe.torrentfileuploadedinasinglerarfiletosmallerfilehostingwebsitesasbefore.
Thetorrentfileconsistsof5parts,all1GBandinRARformat(spe_05_01.part[15].rar).TheGOPhavealsoincludedanewstatementwiththisdisclosure,again
directedatSonyPicturesemployees.Themessagestatesthattheystillhavelargeamountsofinformationtodisclose,includingpersonalinformationandmoreemail
spools.Thestatementreads:
ToSPEemployees.
SPEemployees!
DontbelievewhattheexecutivesofSPEsays.
TheysayasiftheFBIcouldresolveeverything.
ButtheFBIcannotfindusbecauseweknoweverythingaboutwhatsgoingoninsidetheFBI.
Westillhavehugeamountofsensitiveinformationtobereleasedincludingyourpersonaldetailsandmailboxes.
IfcontinuedwrongdoingsoftheexecutivesofSPEdriveustomakeanunwanteddecision,onlySPEshouldbeblamed.
Nowisthetimeforyoutochoosewhattodo.
Wehavealreadygivenmuchtimeforyou.
ThenewlyleakeddataincludesinformationaboutSonysantipiracyefforts,entertainmentdealsintheworks,internalproceduresrelatedtotrackingtorrentsand
otherillegaldownloading.ItalsocontainsadocumentthatoutlinesSonyscooperationwith5majorInternetServiceProviders(ISPs)tocollectfulldatafor
monitoringillegaldownloads.Inaddition:
MotionPictureAssociationofAmerica(MPAA)listofoutstandingissuesandotherpiracyrelatedinformation.
EnhancedContentProtectionproposals,drafts,anddocuments.
PotentialMiddleEastpartnershipdealsfrom2012.
WagesofinternationalemployeesfromSonyAustraliaandSonyChina
Contactinformationofmorethan2,500employees,additionaldigitalcertificates,documentsonInternetsecurity,securityadvisoriesthatmayimpactSony
systems
Researchdocuments,internalinformationaboutSonycamerasbeingproduced,NATOStudioAugust2014TechMeetingsAgendawithtalksaboutnew
technologybeingproducedbySony
Projectnondisclosureagreements,budgets,financialforecastsfor20132015,informationaboutprojectsschedules,deals,costs,profits,advertisingrevenue,
andadvisorfees.
AntipiracyinformationfromGoogle,YouTube,Netflix,andFarncombeincluding:
TotalnumberofnoticessenttoISPswith100%successrate(2,537,932)
Alertssenttosubscribers(1,475,848)
Alertsthatwerenotsentbutshouldofbeen(41,917)
Abreakdownofwhichcontent,howmanytypesofalertssent,andacknowledgementsfor2012,2013,and2014
Confidentialdocumentsoutliningdeals,proceduresformonitoring,andservicesprovidedbyFarncombe
LargeamountofproposalstoGoogle,YouTube,andotherservicesabouthowtocensorsearchresults,removecontentfromitssearch
Contentprotectiondocumentation
7/12
13/12/2014
DocumentsandinternaltrackingofconsolehackinginformationforthePlayStationincluding:
27thChaosCommunicationsCongress(CCC),Consolehacking2010,PS3Epicfail.
VerisignFraudAlert:Phishingthelatesttacticsandpotentialbusinessimpact.
BHUSA09MarlinspikeDefeatSSLPAPER1
us14RosenbergReflectionsOnTrustingTrustZoneWP
Avarietyofdocumentsonrelationswiththefollowingcompanies:AXN,AMCNetworks,HoytsAustralia,AnimaxUK,Channel5UK,Chello,GrupoClarin,
2waytraffic,Dailymotion,ComedyTime,DirecTV,Crackle,Apple,iTunes,Google,YouTube,Hotfile,BBC,BITAG,Telstra,Rogers,Showtime,Sky,Skype,SNEI,
Telus,Tesco,VirginMedia,TVN,Verizon,Telefonica,TTNET,Turner,TrueNet,Videotron,VUDU,Voole,Redline,andSingNet.Thedataondealsisextensiveto
saytheleast.Belowisasmallsamplingofthefoldersanddocuments:
AftertheseriesofincidentswithSonyin2011,manyanalystswerecuriousabouthowitwouldaffectSonysstockprice.BetweenApril4,2011andOctober12,
2011,Sonysstockpricedroppedfrom$31.45to$20.06.Thatbegsthequestionifthisroundofincidentsisalsoaffectingtheprice.
8/12
13/12/2014
HereweseethestockvaluebetweenNovember25th,whenthebreachbecamepublic,andtoday.Notethatinourexperience,wefrequentlyseestockpricesdropas
animmediatereactiontosuchevents,butoftenreturntotheoriginalvaluewithinthreemonths.
YesterdaywereportedthatattackershadusedaSonydigitalcertificate(spe_csc.pfx)tosignthemalwarebelievedtohavebeenusedinthecompromise.Ithascome
tolightthatthiswasactuallyaprankofsorts,carriedoutbysecurityresearcherswhofiguredouttheeasytoguesspasswordsprotectingthecertificates.RBShasseen
aportionofthechatloginwhichtheyguessthepasswords.AfterplacingthesignedmalwareonVirusTotal,Kasperskyapparentlymadetheassumptionthatitcame
fromtheattackers.SteveRagansummarizedtheprankinanarticlelastnight,andColinKeigherwhowasclosetothesourceoftheprank,publishedablogthis
morninggivingadditionaldetails.
Perhapsthemostinterestingdevelopmentthoughisthepossibledoxxing(publishingpersonalinformation)oftheSonyhackers.ViatwoPastebindocuments,the
realname,address,nickname,birthday,andotherpersonaldetailsoffivepeoplearelisted.Giventhelackofprovenanceforthisinformation,RBSisnotgoingto
furtherpropagateit.Theintroductiontextgivesasummaryoftheallegedhackers:
SonyhackersDX.theyhackersfromTunisiaHackerTeambutcoveringasGuardiansofPeaceforopWeekofHorrortoattackUSAandsupportSyriaand
govermentsthatfightUSA(china,korea,iran).
AnotherDay,AnotherEmailSpool(December10)
TodayalsobroughtthesixthdisclosurefromGOP,asinglefilenamedsony6.rar,thatwasuploadedtobittorrenttrackingandfilesharingsites.Asusual,thefilewas
quicklyremovedfromthefilesharingsites.Thefilecontainsanothermailspoolnamedlweil00.ost,whichbelongstoLeahWeil,SeniorExecutiveVicePresident
andGeneralCounselforSonyPicturesEntertainment.Somedetailsaboutthe3.84GBmailspoolincludealistoffolders,numberofemails,andabriefsummaryof
thecontent.
Someofthefoldernamesandmailcount:
Admin:56
Alertline:286
AuditReports:28
Calendar:6,815
Compliancedept:45
Contacts:178
Conversationhistory:2
Deleteditems:4,296
DesignatedEmployeeNotice:59
DivisionHeadMeetings:205
Executivecomp:60
Inbox:41,229
Secfilings:30
SECFCPA:102
Sentemails:36,586
SPEBoard:19
SPESubsidiariesReport:3
Legal:78
9/12
13/12/2014
Brieflistofhighlights:
Deletedmailcontainsemailretentionorders(currentfinancialinformationemailneedtobeheldfor6yearsasof15thjan2015thatwillchangeto2yearsfor
allemailsunlessonlegalhold)
SKYPerfectTVdataleakedJuneofthisyear,including10,000customersname,emailaddresses,addresses,phonenumbers,PayTVaccesscontrolnumbers
(Bcas#),ICcards,andsubscriptioninformationwhichmayincludepaymentdetails.(SKYPerfecTVisresponsibleforpartsofAXN,ownedbySony.)
DiscussionswithPaulaAskanasandothersaboutuploadingfaketorrentstofrustratewouldbepirates.
InstructionsforhowtorespondtopreviousSonyhackingincidentswithapprovedwordingforTwitterandFacenook.
Extensivecommunicationsaboutthe2011/2012attacksagainstSonybyAnonymous,includingthe#opsonythreat,sharingpastebinlinkspertainingtoSony,
vulnerabilitiesonSonysites(e.g.Subject:FW:ALERTANONYMOUSTHREATXSSexploitedonscajobs.sony.com!!),detailsofinternal
investigationsabouthackingincidents,andemployeesattemptingtogeolocatethehackersandmatchtheirhandlestootheraliases.
InternalconcernthatMarkZuckerbergmightsueSonyoverthemovieTheSocialNetwork.
CorrespondencebetweenSonystaffaboutGeorgeClooneywantingtodirectamoviebasedonHackAttack.Concernsareexpressedoverpotentiallegalissues
ifmediagiantRupertMurdochsnameisusedwithinthemoviesinceitsbasedonarealstory.
EmailsaboutpreviousSonybreachesincludingSPE,SonyPlayStation,andotherdivisionsofthecompany.
EmailsaboutharassingcallsfromANTISOPAprotestors.
Giventheseverityofthisbreach,alongwiththehistoryofpreviousSonyincidents,itisworthrememberingthefirstpartofa2007articletitledYourGuideTo
GoodEnoughCompliancebyAllanHolmes.Itisagoodreminderthatsecurityisnotjusttechnology,butamindset,andthatfailingtoworktowardasecure
environmentmayhavelonglastingrepercussions.
CelebrityGossipandHackingBack(December11)
ThecultureofwatchingcelebrityliveshascaptivatedtheTVwatchingaudienceforyearsnow,withrealityshowsdominatingnewsandairtime.WiththeSony
Picturesexecutivemailspoolsbeingleakedoverthelastfewdays,thoseanalyzingthecontentsarerunningintoemailsfromhighprofileactorsandactressesthat
communicatewiththem.Aspreviouslymentioned,GeorgeClooneytakesahardline,intelligentapproachtoemailsandknowingthecontentscouldleakout.
NowwelearnofdramabetweenAmyPascalandScottRudinoverthehighlyanticipatedupcomingbiopiconSteveJobs,inwhichthereisseriousdisagreementover
AngelinaJoliesdisappointmentthatdirectorDavidFincherwouldbeinvolvedinJobsinsteadofherownmovie,Cleopatra.Despitethedifferencesbetween
PascalandRudin,theleakedemailsshowtheydohaveonethingincommon:jokingaboutPresidentObamasrace.InanotherexchangebetweenPascal,Michael
Lynton,andClintCulpepper,theyarecandidintheirfeelingsforanactoraskingformoremoneytopromoteamovieviasocialmedia:
Imnotsaying[KevinHarts]awhore,buthesawhore.ClintCulpepper(President,ScreenGems)
Withtheleakedemails,thepublicisalsolearningawidevarietyofpersonalinformationaboutcelebrities.Inadditiontoemailaddresses,analystsarefindingout
aliasescelebritiesusewhentraveling,phonenumbers,andmore.TheseincludeBradPitt,JuliaRoberts,TomHanks,andmoreaccordingtoSophos.
Changingtracks,theotherinterestingdevelopmentishowpeoplearereactingto,andlabelingSonyseffortstocurbpiracy.Morespecifically,someareconsidering
and/orlabelingtheactionsasadenialofservice(DoS)attack.Inusingthatterm,theyareeffectivelysuggestingthatSonystacticsareillegal.Thetacticsinquestion
arebasedonSonyusinghostedserverstopolluteabittorrentswarm,makingthedownloadingoftheillicitfiles(inthiscasetheleakeddata)moredifficult.By
introducinghundredsorthousandsofpeersthatadvertisetheyhavepartsofthefile,andthenfailingtosendthem,wouldbedownloadersexperienceconsiderably
slowerrates.Insomecasesthiscausesthemtogiveuponthedownloadcompletely,andinothercasesmaymeanthedownloadcouldtakemorethanaday,rather
thananhourorthree.
Theuseofthetermdenialofserviceappearstooriginateinanarticlefromre/code,wheretheysaythatSonyisusinghundredsofcomputersinAsiatoexecute
whatsknownasadenialofserviceattackonsiteswhereitspilfereddataisavailable.Technically,thisistrueasadenialofserviceattackisjustthatitdeniessome
levelofservicetousers.However,inthiscaseSonyisattemptingtodenypeoplefromobtainingtheleakeddatafromtheirnetwork.Isthislegal?Basedonour
understandingofU.S.computercrimelaws,theiractionsdonottechnicallyviolatetheComputerFraudandAbuseAct(CFAA,specifically18U.S.Code1030).
However,accordingtotheDepartmentofJusticemanualonprosecutingcomputercrime,thismaybeupforinterpretationbyadistrictattorneyasfaraswhat
constitutesalegitimateuser:
Intruderscaninitiateadenialofserviceattackthatfloodsthevictimcomputerwithuselessinformationandpreventslegitimateusersfromaccessingit.
[..]Prosecutorscanusesection1030(a)(5)tochargeallofthesedifferentkindsofacts.
Thisboilsdowntowhetherjournalistscanpublishthecontentsofmaterialthatwereillegallyobtainedbyathirdparty.TheStudentPressLawCenter(SPLC)
maintainsagreatsummaryofthisissueandcitestheSupremeCourts2001decisionBartnickiv.Vopper,whichstruckdownwiretappingstatutesthatprohibitedthe
disclosureofillegallyinterceptedcommunications.Withthisinmind,thenanyoneattemptingtodownloadtheleakedSonydata*are*legitimateusersandSonys
effortstodenythatservicemayviolatetheCFAA.Werenotlawyersandthisiscertainlyacasefullofgray,notblackandwhite.
TheonethingwecansaywithcertaintyisthatusingthetermDenialofService(DoS)orDistributedDenialofService(DDoS)areloadedterms,astheyare
typicallyusedtotodescribeeitheratechnicalattackagainstasystem(whereintentandethicsarentpartofthediscussion),ortheactionsofacriminal.This
terminologygetsfurtherconfusingandmisleadingwhenitisaccompaniedwithphraseslikeWhenthehackeebecomesthehackerInasomewhatamusingtwistto
theongoingSonyPictureshackormoreaggressivewordinglikeSonyPicturesisemployinghackingtechniques,sincethisbeginstoascribespecificcriminal
notionstotheiractions.TheonethingSonyisdoingrightinallthismess,isdenyingeverything.
Debates,Goliath,andApologies(December12)
Wheneveralargebreachoccursandinvolvesthedisclosureofpersonalemail,evenifprofessional,severaldebatesreemerge.Thefirstrevolvesaroundtheethicsof
readingprivateemails.Ononehandthoseemails,whilepublic,werenevermeanttobepublished.Ontheotherhand,quitesimply,theyweremadepublic.Thisisnot
adebatethatwillbewonasbothsideshavevalidpoints.Onethingtokeepinmindishowyouwouldfeelifyouremailswereleaked.RBShasbalancedthis
dilemmabyanalyzingthemetadata(e.g.mailboxsize,numberofmails)ratherthanthecontent.Instead,wemakeobservationsaboutwhatothershavepublished
regardingthecontentandlinktotheirarticles.
Theseconddebatethatcropsbackupistheethicsofdownloadingstolencontentsuchasemails.Asmentionedonyesterdaysupdate,theSupremeCourt2001
decisioninBartnickiv.Voppersaysthatdownloadingandusingstolenmaterialsuchasemailislegalforjournalists.However,currentintellectualproperty(IP)and
copyrightlawcouldtriviallychallengethatrulingifweretoreappearinfrontoftheSupremeCourt.Regardlessofthatdecision,KashmirHillremindsusthatsimply
downloadingthestolencontentmaypromptavisitfromfederalauthorities.NotonlyhasDanTentler(@viss)beenvisited,butSteveRaganhasalsohadaruninwith
10/12
13/12/2014
theFBIovertheSonymaterial.Wehavelittledoubtthattheyarenottheonlytwotohavebeenvisited.WealsowanttoremindtheFBIthatvisitingjournalistsand
researcherswhoaredownloadingandanalyzingthematerialarenotwhoyouarereallyafter.Assumingyouaretryingtocatchtheindividualsthatactually
compromisedSonysnetwork.Ifyoutreatthemassourcesinsteadofpersonsofinterest,youmayfindtheycanassistyouwithyourjob.
Thethirddebatethattendstocomeupamongjournalistsisifanalysisorsnippetsofsuchemailsshouldbepublishedafterdownloadingandreading.Varietyweighsin
onthistopicinanarticletitledWhyPublishingStolenSonyDataisProblematicButNecessary.Whilesomeofthematerialcomingoutoftheleaksisverypersonal
andembarrassing(e.g.racialjokes,callingprofessionalsobscenenames),suchleakscanalsoleadtoinformationthatisspecificallyofinteresttothepublicandshould
notbekeptbehindcloseddoors.
Onthebadsideofsuchdisclosures,weseethattheleaksarerevealingverysensitiveinformationsuchasemployeeschildrenhealthinformationincludingspecial
needs,diagnoses,andtreatments.Theleaksfurthergoontorevealbirthdates,gender,healthconditions,andmedicalcostsforasmanyas34Sonyemployees,
accordingtoBloomberg.Onthegoodsideofsuchdisclosures,wefindoutthattheMPAA,inconjunctionwithsixstudios,allegedlyplanstopayelectedofficialsto
attackGoogleinanefforttocurbpiracydubbedProjectGoliath,accordingtoTechDirtandTheVerge.Thesetwothingsareprettymuchtheoppositeendsofthe
spectrumontheharmversusvalueofleakeddata.
Finally,afterweeksofsilence,oneSonyexecutivehasbrokentheirsilenceandgoneonrecordabouttheleakedemails,albeitbriefly.AmyPascal,CoChairman,
SonyPicturesEntertainment,hasapologizedandgivenanexplanationfortheraciallyinsensitivecommentsdirectedatPresidentObama.Foodforthoughtthis
weekendifyouremailwaspublished,whatwouldyouhavetoapologizefor,ifanything?
TodaybroughttheseventhleakofdatafromtheGuardiansofPeace(GOP),titledMyLifeAtTheCompanyPart2.ThisfollowsaPastebinpostinwhichthey
warnSonyexecutivesthatanimportantmessagehasbeensenttothem:
byGOP
Important
MessagetoSPEexecutives
Ivesentyouamessage.
Confirmyourmailboxes.
ThePastebinpostwithlinkstothenewlyleakedinformationfromSonynetworksisaccompaniedbyanothermessagesayingthatupcomingChristmasleakswill
containlargerquantitiesofdataanditwillbemoreinteresting.OnethingthatisalreadyinterestingisthatGOPsaysifanyonesendsanemailtitledMerry
Christmastooneoffiveprovidedemailaddresses,theywilltakerequestswithwhatshouldbeintheupcomingleak:
WearepreparingforyouaChristmasgift.
Thegiftwillbelargerquantitiesofdata.
Anditwillbemoreinteresting.
ThegiftwillsurelygiveyoumuchmorepleasureandputSonyPicturesintotheworststate.
PleasesendanemailtitledbyMerryChristmasattheaddressesbelowtotelluswhatyouwantinourChristmasgift.
Theactualdataleakedtodayappearsconsistsof6.45GBofuncompresseddata,distributedviabittorrentlinksthatdonotappeartobeseedingfromsame54IP
addressespreviouslyseen.Thedataconsistsof6,560filesthroughout917folders.Ascreenshotshowingasamplingoftheleakeddata:
Averybriefanalysissuggeststhisleakcontains:
11/12
13/12/2014
Sonyinternaldocumentsfortrackingdeals,expenditures,andrevenue.
CompleteworkingfoldersforJimUnderwood(likelyexSonyExecutiveVP,WorldwideDigitalandCommercialStrategy[LinkedInProfile])
DocumentsrelatedtotheacquisitionofGrouperNetworksin2006andrelatedmaterialthefollowingyears.
Manyacquisitionproposals,Sonysperspectiveontheprosandconstothedeals,companiesofinterest,andpotentialprofit,includingLeftBankPictures.
Draftsonthebestwaystobattlepiracy,from2009on.
EnhancedContentProtectionOverviewwrittenbyChrisOdgerscompleteanalysisofpossibilitiesofbreaches,exploits,detection,andpreventionmethodsfor
datastreamingservicestopreventhijacking.
EmailsaboutAustralianTVnotbeingfinalizedbeforescreeningstarted.ThisappearstoberelatedtotherecentrunofolderAmericanTVshowslikeStarksy
andHutch.
BreachmonitoringandrevocationrulesforPhase1ServiceiftheF1Boxishacked.
BusinessdocumentsanddealingswithAbril.comoutofBrazil.
Asotherresearchersandjournalistsperformamoreextensiveanalysis,wewillprovidelinks,summaries,andcommentaryonit.
BetweenSonyseffortstohinderacquiringthedataviathetorrents,andthefilesharingsitesrapidlyremovingleakeddata,somepeoplehavebeguntomaketheirown
archivesoftheleakeddataonadditionalsites.SomeofthemarebeingsharedviaTwitterandothersviaadditionalfilesharingsites.
Followinguponthelegalangle(coveredonDecember11update),BetabeathaspublishedanarticletitledNoGrayArea:ItsDefinitelyNotOKtoPublishEmails
FromtheSonyHackinwhichtheypointoutthemoralandethicalissuewithdisclosingdetailsoftheleakeddata.Theyarguethatavarietyofnewsoutletsincluding
PerezHiltoncalledthedisclosureofcelebritynudephotosacrime,whilehavingnoissuepublishingprivateconversationsfromSonyexecutives.Thisisan
interestingobservationasitappearstoestablishthelinebetweenacceptable(leakedemails)andtaboo(nudecelebrityphotos)forjournalists.Wearesurethatthis
isadebatethatwillrageonforsometime.[NotethatthePerezHiltonarticlethatmentionsthewordcrimecitesJenniferLawrencesstatementsinwhichshecalled
thepublicationofherphotosasexcrime.]
BusinessInsiderhasalsopublishedanarticlecitinganITworkeremployedbyafirmthathasaccesstoSonyscomputernetworkthatsaysSonysnetworksecurity
wasoutdatedandineffective.ThearticlegoesontoreferencethePasswordfolderthatcontainednumerouspasswords,butaswepreviouslynoted,thatwaslikely
atthehandsoftheattackers,notnecessarilySony.Inanotherarticlefromre/code,theyalsorevealthattheleakcontainsaveryrecentsecurityauditperformedby
PricewaterhouseCoopersLLPbetweenJuly14andAugust1.re/codereportsthattheauditfoundover100systemsthatwerenotbeingmonitoredbycorporate
security,whowerechargedwithoverseeingSonysinfrastructure.
RBSwillupdatethistimelinewithmoreinformationasitbecomesavailable.
FiledUnder:DataBreaches,NewsTaggedWith:GOP,GuardiansofPeace,SonyPictures
Richmond,VA
(855)RBSRISK
EMAILUS
Resources:
VulnDBVulnerabilityIntelligence
CyberRiskAnalytics
ISO/IEC27001:2005PrecertificationConsulting
YourCISOServices
SecurityIntelligenceReports
RiskAssessments
SecurityProgramGapAnalysis
AboutUs
RiskBasedSecurity,Inc.,incorporatedin2011,wasestablishedtobettersupporttheusers/contributorstotheOpenSecurityFoundation,OSF,withthetechnologyto
turnsecuritydataintoacompetitiveadvantage.
TheOSFswealthofhistoricaldata,combinedwiththeinteractivedashboardsandanalyticsofferedbyRiskBasedSecurityprovideafirstofitskindrisk
identificationandsecuritymanagementtool.
[ReadMore...]
LatestNews
DataBreachQuickViewReleasedFirstNineMonthsOf2014
GeneralLiabilityvs.CyberLiabilityInsurance
WhyIsCyberLiabilityInsuranceSoDifficultForPeopleToUnderstand?
HackingExposed78%OfAllRecordsCompromisedInFirstHalfOf2014
JakeKounsAppearsOnEpisodeOfBoomBust
RiskBasedSecurityToPresentAtBlackHatandDEFCON
TopofPage
Copyright2014RiskBasedSecurity.PrivacyPolicy.TermsofUse
12/12

A Breakdown and Analysis of The December, 2014 Sony Hack

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

A Breakdown and Analysis of The December, 2014 Sony Hack

Hochgeladen von

Copyright:

Verfügbare Formate

13/12/2014

Das könnte Ihnen auch gefallen