Sony Pictures computer network commandeered by hackers

Discussion in 'privacy problems' started by hawki, Nov 24, 2014.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,952
    Location:
    DC Metro Area
    "According to multiple reports and accounts on the Reddit website, the invasion has brought the company to a standstill, making it impossible for staff to log on to their machines.

    The hacking collective, which is referring to itself by the monicker #GOP, has left a message on the employee’s computers claiming to have obtained “top secret” data.

    The message (pictured) explains that if Sony Pictures refuses to “obey” the hackers unspecified demands by 11PM GMT on Monday 24 November, the data will be shown "to the world."

    http://www.trustedreviews.com/news/sony-pictures-computer-network-commandeered-by-hackers

    "Widespread hack at Sony Pictures Entertainment reportedly brings down entire computer system

    Sony appears to have once again been targeted by malicious hackers. On Monday, Sony Pictures Entertainment – the company’s motion picture, television production and distribution arm – was essentially brought to a standstill as a result of a bizarre security breach.

    http://www.techspot.com/news/58950-...res-entertainment-reportedly-brings-down.html
     
    Last edited by a moderator: Nov 24, 2014
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,952
    Location:
    DC Metro Area
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  5. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    Breaches at Sony are not news anymore, they're routine.
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Exclusive: FBI warns of 'destructive' malware in wake of Sony attack | Reuters

    BBC News - North Korea refuses to deny Sony Pictures cyber-attack
     
  7. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://www.welivesecurity.com/2014/12/02/sony-pictures-hacking-five-films-leak-online/
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,952
    Location:
    DC Metro Area
    Who Done It?

    "Sony to name N. Korea as source behind cyber attack - Dec 3, 2014 1:46pm EST

    (Reuters) - Sony Corp's Sony Pictures Entertainment will name North Korea as the source of the hacking attack that knocked out the company's computer systems for over a week, tech blog Re/code reported, citing two sources close to the investigation....."

    http://www.reuters.com/article/2014...estigation-nkor-idUSKCN0JH28920141203?rpc=401

    .......................
    " Sony Hack: Studio Security Points to Inside Job - 7:30 AM PST 12/03/2014

    Inside the studio, though, sources say there is little evidence that North Korea is behind the attack. Cybersecurity expert Hemanshu Nigam also finds it hard to believe that North Korea is the perpetrator. Instead, he theorizes an employee or ex-employee with administrative access privileges is a more likely suspect. For the studio — which has laid off hundreds of employees over the past year in an effort to contain costs — the possibility of a disgruntled employee wreaking havoc is very real."

    http://www.hollywoodreporter.com/news/sony-hack-studio-security-points-753509
    ................................
    "North Korea's cyberattacks may have been imitated for Sony attack

    The Associated Press Posted: Dec 03, 2014 9:05 AM ET Last Updated: Dec 03, 2014 9:35 AM ET


    Some cybersecurity experts say it is unlikely North Korea was behind the cyberattack that crippled Sony Pictures' computers and possibly leaked unreleased movies online......

    'State-sponsored attackers don't create cool names for themselves like 'Guardians of Peace' and promote their activity to the public," said cybersecurity expert Lucas Zaichkowsky.
    He said the details he has seen point instead to hacktivists, who break into computers to make a political point, often one involving the free exchange of information on the internet. Hacktivists have targeted Sony in the past..............

    Given that the hackers were apparently able to obtain unreleased movies as well as personnel records, Social Security numbers, passport photos, technical documents and other material, Young said it is unlikely they used just a single point of access.
    "It's much more likely that attackers were able to exploit a series of vulnerabilities, misconfigurations and poor network architecture to continuously increase their level of access over time," he said.

    A security expert who was part of the South Korean government's investigation into March 2013 cyberattacks blamed on North Korea said there is not enough evidence to point the finger at the North for the Sony incident even though there are similarities."

    http://www.cbc.ca/news/technology/n...-have-been-imitated-for-sony-attack-1.2858659
     
    Last edited: Dec 3, 2014
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Sony Got Hacked Hard: What We Know and Don’t Know So Far
    http://www.wired.com/2014/12/sony-hack-what-we-know/

    For those socially inclined -
    https://twitter.com/kimzetter
    https://twitter.com/KimZetter/status/540268256984981505
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,952
    Location:
    DC Metro Area
    Hackers Threaten Sony Employees and Their Famlies In New Email

    "Hackers have struck again at Sony Pictures Entertainment, threatening employees of the studio in a new email obtained by Variety.

    The GOP group, which hacked Sony on Nov. 24, said it planned to eradicate all of Sony Pictures Entertainment.

    Employees were told to turn off their handheld devices after receiving the message, sources tell Variety.

    'We are aware of the situation and are working with law enforcement,' a spokesman said in a statement...........


    Read the email in full:

    I am the head of GOP who made you worry.

    Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan.It’s your false if you if you think this crisis will be over after some time. All hope will leave you and Sony Pictures will collapse. This situation is only due to Sony Pictures. Sony Pictures is responsible for whatever the result is. Sony Pictues clings to what is good to nobody from the beginning. It’s silly to expect in Sony Pictures to take off us. Sony Pictures makes only useless efforts. One beside you can be our member.

    Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places.

    Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage.

    If you don’t, not only you but your family will be in danger.

    Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely."

    http://variety.com/2014/film/news/h...ail-your-family-will-be-in-danger-1201372230/

    See also: http://gizmodo.com/sony-pictures-employees-are-getting-death-threats-from-1667494797
     
    Last edited: Dec 5, 2014
  13. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,952
    Location:
    DC Metro Area
    Last edited: Dec 5, 2014
  14. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,952
    Location:
    DC Metro Area
    Dunno why does everyone think North Korean Hackers are responsible for the Sony Hack.

    ~ Removed Off Topic Link ~
     
    Last edited by a moderator: Dec 5, 2014
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    Missing the big picture in the Sony hack
    http://www.scmagazine.com/missing-the-big-picture-in-the-sony-hack/article/386944/
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  18. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  19. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    624
    Location:
    United States
    http://threatpost.com/new-version-of-destover-malware-signed-by-stolen-sony-certificate/109777

    Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony.

    The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it’s representative of the genre of malware that doesn’t just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords.

    The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware.

    “In all three cases: Shamoon, DarkSeoul and Destover, the groups claiming credit for their destructive impact across entire large networks had no history or real identity of their own,” Kurt Baumgartner of Kaspersky Lab’s GReAT Team wrote in an analysis of the malware. “All attempted to disappear following their act, did not make clear statements but did make bizarre and roundabout accusations of criminal conduct, and instigated their destructive acts immediately after a politically-charged event that was suggested as having been at the heart of the matter.”

    The use of stolen digital certificates is a common tactic among malware authors and attackers looking for a way to get their creations past security systems. Many security technologies will trust files that are signed and let them pass by.

    “The stolen Sony certificates (which were also leaked by the attackers) can be used to sign other malicious samples. In turn, these can be further used in other attacks. Because the Sony digital certificates are trusted by security solutions, this makes attacks more effective,” Kaspersky researchers wrote in an analysis of the new malware.

    See more at: New Version of Destover Malware Signed by Stolen Sony Certificate
    http://threatpost.com/new-version-of-destover-malware-signed-by-stolen-sony-certificate/109777
     
    Last edited by a moderator: Dec 9, 2014
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    Sony hackers apparently wanted money
    http://www.net-security.org/secworld.php?id=17740
     
  21. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,043
    Sony attackers also stole certificates to sign malware
    http://arstechnica.com/security/2014/12/sony-attackers-also-stole-certificates-to-sign-malware/
     
  22. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Very good post, thanks Simplicity. Though they still focus on malware "as an industry" and last few paragraph somewhat smells advertising, still I have strong sympathy about "missing big picture", "over-focus on malware", and etc.etc.
    I nearly tired of such over focus on malware, either by AV vendor or in security community, they don't try to look or understand whole espionage campaign and to start just discussing everything on computer and network, and complete it.
    From the article (my bolded):
     
  23. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    I'm still amazed that nobody has come with the idea to block the internet completely until they find the criminals and all that was stolen recovered or deleted.
     
  24. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Yeah, agreed. And agreed also about that last paragraph. They get into this "a perfect world, on a perfect day, a perfect person using a perfect, semi sentient security system..." and "If only they had done x, y and z". Everyone looks back after something bad happened, and tries to plan on what they can do differently- that's progress. But everything is always less than perfect, a lot of times not even basic standard. Companies should, with their vast amount of money and resources, do some things different. They already know they're targets, Sony especially.

    I do have more sympathy for the home user that has to juggle their dentist wishing they flossed more ontop of protecting their 2 Windows PCs. But then again, these companies employ hundreds of thousands of people, and have to maintain hundred of thousands of systems across the entire globe- there's a lot of room for error.
     
  25. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Thank you for your input, Veeshush.
    I also feel more sympathy for home user than coporate. But sad fact is, most company are incredibly vulnerable just like many home user. There's no need to develop highly advanced attack to compromise them, most company's management don't value security much and leave everything to poor IT admin who has not enough rights with stingy budget, and they little dream of the fact they can be targeted.
    What they have to do first is not buying expensive protection system but making practical policy and to repeatedly educate all employee, and also give sufficient rights and at least minimal budget to that poor IT admin. Even basic security is much better to avoid some targeted attack as criminals will change the target to more vulnerable company.