Sony Pictures computer network commandeered by hackers

On the other side of things, I'll also say these trillion dollar media organizations have some actual dirt. I just wish instead it was whistle blowing and not extortion.

 

Sony fights spread of stolen data by using “bad seed” attack on torrents

http://arstechnica.com/tech-policy/...en-data-by-using-bad-seed-attack-on-torrents/

 

https://www.schneier.com/blog/archives/2014/12/comments_on_the.html

 

What goes around, comes around. Sony had no issues with compromising users equipment with their rootkits. Now the shoe is on the other foot, right where it belongs. It's too bad that security companies and governments are hyping the attack to cover their incompetence. As far as I'm concerned, it couldn't happen to a more deserving company.

 

To me, the scariest thing about this is how vulnerable major systems/networks are to hacking in general. What if we had enemies that wanted to go after important infrastructure? Nawwwwww....

 

We do. The enemy is Iran. They are good. Are reported to have invaded several infrastructure systems already.

http://www.reuters.com/article/2014/12/12/us-cybersecurity-iran-fbi-idUSKBN0JQ28Z20141212?rpc=401

http://gizmodo.com/report-iran-has-been-hacking-major-infrastructure-for-1665961011

 

Agree. +1. And don't forget Sony's pushing hard for SOPA.

Also:

'Hackers released a seventh cache of files leaked from Sony Pictures Entertainment on Saturday, along with a promise of more to come.

Someone claiming to be a member of hacking group Guardians of Peace sent an email to journalists that listed two web addresses where new Sony information could be found.

The email also said that a "Christmas gift" would be arriving soon that will "put Sony Pictures into the worst state.'"

http://www.hollywoodreporter.com/news/sony-hackers-promise-deliver-large-757492

Meanwhile, because of all this "The Interview" is likely to be a huge blockbuster which will generate enormous sums for Sony. Possibly the biggest publicity stunt ever. If the offficial Trailer is a fair representation of the film, it's hilarious.

As to N Korea, to use those famous words: "If they can't take a joke, &$%@'em!"

Didn't the North Koreans get to see Woody Allen in "Bananas?"

I guess Governments who work political prisoners to death in slave/work camps and their hacking allies don't understand satire and lack a sense of humor.

That brutal regime gets no sympathy from me and neither does Sony.

What goes around, comes around.

 

Yeah, they don't understand Guantanamo sense of humor.

Oh yes, because North Korea and Sony are more or less the same thing.

 

Hackers vs. James Bond: 'SPECTRE' script stolen in Sony attack

http://www.reuters.com/article/2014/12/13/us-sony-cybersecurity-bond-idUSKBN0JR0ML20141213

See also:
Sony hackers PINCH early version of James Bond Spectre script
http://www.theregister.co.uk/2014/12/14/early_james_bond_spectre_film_script_swiped_by_sony_hackers/

 

"Sony demands media delete 'stolen' data from hacked emails, report says

Sony Pictures sent a letter to several media outlets Sunday demanding they delete troves of emails delivered by hackers that resulted in an immense information dump which exposed the private dealings of the studio.

The New York Times reported that it and other media outlets received a letter from David Boies, an attorney hired by Sony, on Sunday. Boies characterized the hacked emails as "stolen documents," and asked outlets to cease publishing more information from them"

http://mashable.com/2014/12/14/sony-responds-legal-threat/?utm_campaign=Feed: Mashable (Mashable)&utm_cid=Mash-Prod-RSS-Feedburner-All-Partial&utm_medium=feed&utm_source=feedburner

Presents some very interesting legal issues. Clearly, under the first amendment Sony can not prevent publication of the documents or the material they contain, but that does not give the media a free pass of immunity from a criminal or civil proceeding post publication. For example,by analogy, if you were writing up the burglary of a home, there would be a recognizable distinction between saying “The thief took a cache of potentially embarrassing personal communications and intimate letters” and publishing the content of those communications and letters after having received them second- or third-hand from the thief. However, under the Federal National Stolen Property Act, in at least one case, stolen FBI documents were found not to be goods, wares, or merchandise subject to The Act because they are not ordinarily bought or sold in commerce. A bit of a legal sticky-wicket and a smart move by Sony.

The lawyer, David Boise is well known for representing clients in high visibility cases. For example, he represented Al Gore in Bush v. Gore and was hired by The US Justice Department to prosecute ate up Microsoft in the the U.S. Justice Department's anti-trust suit against Microsoft.

 

No one is implying that Dick Cheney has a sense of humor nor has anyone said that others responsible for Guantanamo and the treatment of prisoners detained there is a barrel of laughs. And as far as Guantanamo and the war on Terror goes, haven't you seen "Team America" Americans are fully capable of tolerating comical satirical satire against it's excesses,misdeeds and political leaders, without attempting to destroy an entertainment company and it's employees.

Nor is anyone equating North Korea with Sony. To say that one has little sympathy for either is not equating the nature of their actions or behavior. If I say I hate the North Korean Government and Pistachio ice cream is not saying they are the same.

 

Sony’s International Incident: Making Kim Jong-un’s Head Explode
DEC. 14, 2014

TOKYO — When Sony Pictures began casting last year for a new comedy to be called “The Interview,” early scripts included the assassination of a fictionalized North Korean ruler. It was not until auditions began that actors learned that the movie would portray something much more brazen: the violent killing of the actual leader of North Korea, Kim Jong-un.
Sony’s executives now say they knew that basing a film on the assassination of a living national leader — even a ruthless dictator — had inherent risks. But the studio seems to have gotten much more than it bargained for by bankrolling what it hoped would be an edgy comedy.

~Reduced copyrighted content of this post. See link at bottom for more info.~

Full Story:

http://www.nytimes.com/2014/12/15/w...column-region&region=top-news&WT.nav=top-news

 

If another nation made a movie that portrayed the assassination of a sitting American president, we'd call it a terrorist threat or an act of war. When the USA does it, it's called entertainment. This has too many similarities to WWII when Hollywood was making anti-nazi propaganda movies at the behest of the government. I hope the rest of the world realizes that the Us government and their Hollywood mouth pieces do not express the views of the general public.

 

That's (last sentence) only true when it is common targeted attack and not state-sponsored sophisticated APT.
But in this particular case, I agree as obviously Sony's security practice was terrible and the attack was not so sophisticated.
I also doubt it is really by Notrh Korea, currently there has not been definite evidence, only guesses and they somewhat smells passing the back and political campaign.
AFAIK, tracing real culprit in APT is often hard as those attacker disguise attacker to make false accusation, though I don't want to call it as ADVANCED persistent threat.

 

The manner in which 'the offended' decided to get retribution is revolutionary. Sony did not adequately secure their assets or their computer systems. Emails have exposed the elitist attitude that the entertainment industry has in common. This may end up being more costly than the loss of the stolen assets. The hackers have released the data onto the internet and the data is being distributed worldwide. Participants care less, so the hackers were tactically brilliant. The toothpaste is out of the tube and Sony is trying to get it back in ... the hackers are probably enjoying this reaction and 'lack of reality'. Companies, large and small spend a ton more money on advertising than they do on security.

 

In Damage Control, Sony Targets Reporters

https://krebsonsecurity.com/2014/12/in-damage-control-sony-targets-reporters/

 

It's becoming commonplace for those who get hacked to claim APTs were used or that nation states were involved and not offer any evidence that either is true. APT is becoming a catch-all term for anything that defeats whatever they have in place. The term "nation states" is being perverted into unstoppable attackers. So-called APTs are not the exclusive property of nation states just as successful attacks against big corporations, defense contractors, or even governments themselves don't automatically imply that they've been used or that they were even required. Both are being used as excuses.

 

Sony Hackers Threaten to Release a Huge ‘Christmas Gift’ of Secrets

http://www.wired.com/2014/12/sony-hack-part-deux/

For those socially inclined, you may view or follow Kim Zetter or Wired on Twitter:
https://twitter.com/kimzetter
https://twitter.com/wired

 

I can relate to it, and also AV vendor seems to compete each other to find "the most advanced attack". I don't know how many times Kaspersky used this term when they found new attack campagin.
As of often the case with those kind of terms, "APT" becoming just a trend word.
Anyway, companies have to understand those really sophisticated APT are rare, and most targeted attack can be avoided even w/out spending much money.
Just start from making practical policy and continuous education, it don't cost much.

 

Believe it Or Not? I don't, but it's a good way to kill a film. Although the leader of N Korea did say he considered the film, as originally filmed with a gory kill shot that has been toned down, an Act of War."

"Sony Hackers Threaten 9/11 Attack on Movie Theaters That Screen ‘The Interview’

The Sony hackers have threatened a 9/11-like attack on movie theaters that screen Seth Rogen and James Franco’s North Korean comedy “The Interview,” substantially escalating the stakes surrounding the release of the movie.................."

Full BS Here: http://variety.com/2014/film/news/s...heaters-that-screen-the-interview-1201380712/

 

Former Employees Are Suing Sony Over ‘Epic Nightmare’ Hack
(may be a game changer)

Cited at Wired.com
http://www.wired.com/2014/12/sony-getting-sued-former-employees-protecting-data/

And Reuters:
http://www.reuters.com/article/2014/12/16/us-sony-cybersecurity-classaction-idUSKBN0JU25120141216

 

"Carmike Cinemas Inc. (CKEC), the fourth-largest U.S. theater chain, won’t screen the Sony Pictures comedy “The Interview” following threats of violence by hackers, a person with knowledge of the situation said..............."

http://www.bloomberg.com/news/2014-...nterview-from-theaters-following-threats.html

 

NY premiere of "The Interview" nixed

LOS ANGELES — Sony will release The Interview on Christmas Day as planned, leaving it up to individual theater owners to decide whether to show the film in light of new threats of physical attacks from hackers that have devastated the studio, Mashable has confirmed.

Despite the push to move ahead as planned, the movie's New York premiere scheduled for Thursday at the Sunshine Cinema on the Lower East Side was abruptly canceled Tuesday evening. Landmark Theaters, which owns the cinema, announced the decision to nix the premiere, according to Deadline Hollywood."

http://mashable.com/2014/12/16/sony-interview-theaters-choice/?utm_campaign=Feed: Mashable (Mashable)&utm_cid=Mash-Prod-RSS-Feedburner-All-Partial&utm_medium=feed&utm_source=feedburner

"Sony Pictures execs are reportedly telling theaters the company "wouldn't object" if they didn't show "The Interview," the movie that the hackers who attacked Sony are apparently angry about........"

http://uk.businessinsider.com/sony-wouldnt-mind-if-theaters-didnt-show-the-interview-2014-12

"DHS finds no evidence for attack on theaters showing 'The Interview'.........."

http://www.cnet.com/uk/news/dhs-finds-no-evidence-for-attack-on-theaters-showing-the-interview/

 

The ripple effect could keep this going for years, however, death threats seem too radical and out of character for hackers. If these guys are not government and they get caught they will face some serious charges. If it is a government, it is an obvious attempt to cause economic and internal havoc (re: Sony employees suing Sony and Sony suing the media, and people concerned or afraid).

Unfortunately the Sony attack has a blueprint now and it may spur on hacker copy cats. So many corporations and their employees will be at risk (re: stolen info from recent hacks on Big Retail). Internal emails, employee confidential data, product secrets and corporate business strategy could be up for ransom across the board. Our response to this current escalation will determine what others see as an opportunity.

 

Article from Gawker shows the lengths SONY went to hush the story.

http://gawker.com/how-sony-gets-its-way-with-the-new-york-times-1671962097