Sony Pictures corporate network compromised by a major attack

  • 24 November 2014
  • 72 replies
  • 253 views

Userlevel 7
Badge +54
Editor's note: See the latest on Sony pulling the movie The Interview here.
 
by Pierluigi Paganini on November 24th, 2014
 

The Sony Pictures corporate network was targeted by a major cyber attack that has brought off-line every computer within the company.

The corporate network of Sony Pictures is reportedly breached and taken offline, the news was published on TheNextWeb website. Sony Pictures manages distribution of the Sony film and TV productions.
The attackers breached the service this morning, meanwhile a thread started on Reddit social news website announcing that every computer in the network was shut down due to a hack.
The Reddit thread reported that an image was visible on all employee computers, reading “Hacked by #GOP” and demanding their “requests be met” along with links to leaked data. Below the image displayed on the company computers, the text appeared on the image reads:
 
 
http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/sony-pictures-hacked.jpg
 
Full Article

72 replies

Userlevel 7
Badge +54
Posted on 25 November 2014.
 
EXCERPT
 
According to an internal source that talked to The Next Web, all Sony employees have been instructed to go home for the day and work from there, but not to connect the company’s corporate network or check their work email.

They have also been instructed to turn off their computers and disable Wi-Fi on their mobile devices while the IT department investigates the breach.

The message identifies a hacker group named #GOP as the perpetrators of the breach. It seems that they managed to compromise one server and then access the rest of the network. The URLs included in the image all point to a ZIP file containing supposedly stolen files containing financial information, private keys for servers, and more.
 
Full Article
 
There are several stories and rumours being thrown around right now about this one. A publicity stunt is just one of them.
http://www.computerworld.com/article/2851797/security0/fake-gop-pwns-sony-networks-worldwide.html
Userlevel 7
Badge +3
 (Reuters) - Sony Pictures Entertainment is investigating to determine if hackers working on behalf of North Korea might be responsible for a cyber attack that knocked out the studio's computer network earlier this week, the technology news site Re/code reported.  
 
 http://www.reuters.com/article/2014/11/29/us-sony-cybersecurity-northkorea-idUSKCN0JD0KA20141129
  
Userlevel 7
By  Stephen McBridePublished  November 30, 2014
 
North Korean-backed hackers operating from China have become the prime suspects in last week's ransomeware attack on Sony Pictures, Re/code reported.
 
The motive could be objections to a forthcoming movie, to be released by Sony Pictures, called "The Interview", a comedy in which two journalists are recruited by the CIA to assassinated North Korean leader Kim Jong Un. Pyongyang articulated its disappointment in a strongly worded letter to UN secretary-general, Ban Ki-moon, in June, describing the film as "undisguised sponsoring of terrorism, as well as an act of war".
 
full article
Userlevel 7
Badge +3
 
The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures: According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information.
 
 Sony Breach May Have Exposed Employee Healthcare, Salary Data — Krebs on Security
Userlevel 7
Badge +3
 
Sony Pictures will officially name North Korea as the source of a hacking attack that has exposed sensitive files and brought down its corporate network last week, two sources close to the investigation tell Re/code. An announcement could come as soon as today.
Details of what Sony and the security firm Mandiant will announce are still being finalized. But the sources confirm that North Korea will be named as the source of the attack
 
 http://recode.net/2014/12/03/sony-to-officially-name-north-korea-as-source-of-hack-attack/
Userlevel 7
Badge +3
 
(Reuters) - Hackers used tools in a devastating cyber attack on Sony Pictures Entertainment that were based on ones used in similar attacks conducted against South Korea by North Korea, a person familiar with the company's investigation said on Wednesday.
 
The person, who was not authorized to publicly discuss Sony's probe into the attack which is being led by FireEye's Mandiant forensics unit, said that investigators made the connection to North Korea as they reviewed evidence left by the hackers.
 
  http://www.reuters.com/article/2014/12/03/us-sony-cybersecurity-investigation-nkor-idUSKCN0JH28920141203
 
Userlevel 7
Badge +54

Breach gets a bit stranger as auditors' wages seemingly spotted in movie studio dump

By Shaun Nichols, 4 Dec 2014  Bean-counting giant Deloitte has been pulled into Sony Pictures' ongoing nightmare – the one in which the movie giant was comprehensively hacked and gigabytes of sensitive files leaked online.
Unreleased films, draft scripts, criminal record checks on staff, doctors' notes, passwords, encryption certificates, social security numbers, wage lists, employees' personal details, sales documents, and much, much more from the studio has been dumped onto file-sharing networks by miscreants.
 And now, as pointed by culture blog Fusion, that embarrassing cache contains what seems to be financial records from Sony auditors Deloitte.
 
Full Article
Userlevel 7
Badge +56
Salaries for Seth Rogen and James Franco revealed by Sony breach:
http://time.com/3617437/sony-pictures-hackers-seth-rogen-james-franco-paid-the-interview/
Userlevel 7
Badge +54
Now we are getting somewhere with the Malware identified.
 
by Pierluigi Paganini on December 4th, 2014
 
EXCERPT
 
Experts at Trend Micro have detected the malware as BKDR_WIPALL, malware that in the first stage of the attack chain starts with BKDR_WIPALL.A, which is the main installer and is disguised as an executable file named “diskpartmg16.exe.”
http://securityaffairs.co/wordpress/wp-content/uploads/2014/12/WIPALL-Sony-Pictures-malware-infection-chain-Trend-Micro.jpg
The malware BKDR_WIPALL.A adopts the XOR 0x67 encryption to protect a set of usernames and passwords used to gain the access in the targeted organization’s shared network.
 
Full Article
Userlevel 7
Badge +54
Going by how this article is reading, the hackers knowledge of the IT infrastructure at SONY was not just details it was everything in its entirety, BUT was that by snooping around during a staged attack OR inside information I expect that will be the next big news on this brech.
 
12/4/2014 Sara Peters
 
EXCERPT
 
"The data includes RSA SecurID tokens; global network maps detailing databases and enterprise servers; and access credentials/files for QA servers, staging servers, production servers, routers, switches, load balancers, FTP servers, email accounts, and third-party applications -- including UPS, FedEx, McAfee, Google Analytics, iTunes, Sprint, and Verizon.
 
So, how does a company recover? Burn whatever's left and build something entirely new and different?"
 
Full Article
Userlevel 7
The following article is a update

Sony's Cyber-Whodunit Is a Page-

Turner

By Richard Adhikari • E-Commerce TimesECT News Network
12/05/14 6:59 AM PT
 
Who breached Sony Pictures' network and why continues to be a puzzle a week after news of the hack first emerged.
Some speculate it was an inside job. A few have pointed fingers at North Korea, which returned its own one-finger salute in response. Others discount that possibility.
In the meantime, the FBI has issued a warning stating destructive malware is on the loose.
Details of Sony's executive reimbursement and business dealings have been published on the Web, and the company might be in for a thrashing. In addition to being put at a disadvantage in business dealings, it could face lawsuits and government action.
 
full article
Userlevel 7
The following article is a update

Sony Hackers Dump Personal Data on 47,000 People, Celebs Included

By Mike Lennon on December 05, 2014
 
The attackers behind the recent devastating hack against Sony have leaked what appears to be sensitive personal data on roughly 47,000 individuals, including celebrities, according to a company that has analyzed the files.
Sony Pictures acknowledged earlier this week that a “brazen” cyber attack resulted in hackers getting their hands on a "large amount" of confidential data, including customer information and unreleased movies, as well as employee and other corporate files.
“Some SSNs appeared in more than 400 different locations, giving hackers more opportunities to wreak havoc," said Todd Feinman, President and CEO, Identity Finder, a firm that analyzed the files allegedly taken from Sony and released by the attackers.
After running the files though its “Sensitive Data Manager” solution, Identity Finder discovered the following buried within various leaked files:
• 601 files containing SSNs
• 75 Acrobat PDFs
• 523 Excel spreadsheets
• 3 Word documents
• 47,426 unique SSNs
• 15,232 SSNs belonged to current or former Sony employees
• 3,253 SSNs appeared more than 100 times.
• 18 files contained between 10,860 and 22,533 SSNs each.
• 1,123,798 copies of compromised SSNs
• The SSNs appeared more than 1.1 million times inside 601 publicly-posted files stolen by hackers.
 
full article
Userlevel 7
Badge +56
This story is becoming more crazy by the minute.
Userlevel 7
Badge +54
Do you want crazy @ 
Sony Kept Passwords in File Named "Password"
The real question is, can Webroot detect any of the malware used on Sony's systems?
Userlevel 7
Badge +3
 
(Reuters) - Forensics experts hired by Sony Corp to investigate the massive cyber attack at its Hollywood studio said the breach was unprecedented, well-planned and carried out by an "organized group," according to an email obtained by Reuters on Saturday.
 
Kevin Mandia, the top executive at FireEye Inc's Mandiant forensics unit, made the comments in an email to Michael Lynton, chief executive of Sony Pictures Entertainment (SPE).
 
 Sony investigator says cyber attack 'unparalleled' crime | Reuters
 
Userlevel 7
Badge +3
 By Kelly Fiveash, 7 Dec 2014
 
North Korea has dismissed claims that it was behind the crippling hack of struggling film studio Sony Pictures.
But a spokesman at the country's National Defence Commission said today that the attack on the company's computer system "might be a righteous deed of the supporters and sympathisers" with Norkers as they attempt to "put an end to US imperialism."
 
 http://www.theregister.co.uk/2014/12/07/north_korea_denies_sony_hack_attack_dubs_it_a_righteous_deed/
Userlevel 7
The following article is a update

Norks DENY massive Sony hack attack – dubs it a 'righteous deed'

By Kelly Fiveash, 7 Dec 2014
 
North Korea has dismissed claims that it was behind the crippling hack of struggling film studio Sony Pictures.
But a spokesman at the country's National Defence Commission said today that the attack on the company's computer system "might be a righteous deed of the supporters and sympathisers" with Norkers as they attempt to "put an end to US imperialism."
 
full article
Userlevel 7
Badge +54
Another artcile here HOWEVER one phrase stands out more than anything and is a huge lesson for other businesses just looking on thinking about how pleased that it was not them. It is past the time that businesses large and small took a step back and examined their own systems with a very critical eye.
 
by Lisa Vaas on December 8, 2014
 
"An anonymous ex-employee describes the information security at Sony Pictures as "a complete joke".
It's difficult to know where to put such damning revelations because we have no idea how fair a picture they paint.
With facts so thin on the ground, perhaps we should search for lessons instead.
If nothing else, the Sony Pictures attack is a reminder to look to our own companies and our own responsibilities within them. Or, as Naked Security's Mark Stockley put it:
Rather than pointing and feeling smug about it, we should take a long, cold look at our own systems and ask how they'd look strewn over Pastebin.
From what little we know for sure about the breach, and what we can imply from the information apparently leaked so far, Sony's security problems don't seem all that unusual."
 
Full Article
 
 
Userlevel 7
By Jamie Hinks
 
Sony Pictures Entertainment faces being left completely red-faced after reports began to emerge that it contributed to its latest data breach by storing thousands of passwords in a folder entitled "Password".
Personal details of some 47,000 employees and actors have been leaked online in recent days and the much-publicized leak contains confidential details including social security numbers and reams of other tidbits, according to The Telegraph.
 
The controversially named "Password" folder contains 139 Word documents, Excel spreadsheets, zip files and PDFs that give access to passwords and usernames for everything from internal computers to social media accountsfull article
.
Userlevel 7
The following article is a update:

Hackers demand Sony pull the plug on 'The Interview'

By Martyn Williams
 
The group claiming responsibility for the Sony Pictures hack has denied it threatened Sony employees and demanded the studio halt the release of a movie thatmakes light of an assassination attempt on the leader of North Korea.
 
 
The message was posted on the Github website and claims to be from the the Guardians of Peace, a previously unknown hacker group that claimed responsibility for the attacked on Sony Pictures more than two weeks ago
It says the group has no knowledge of threats against Sony Pictures employees and their families, which were emailed to some employees on Friday.
 
full article
 
Userlevel 7
Badge +56
I guess this is North Korea admitting they are behind it.
Userlevel 7
As far as i am concerned, I think so too, though I am sure they will continue to deny it.
Userlevel 7
Badge +54
December 11, 2014   By Jose Pagliery
 

The average company is one bad click, misplaced password or disgruntled employee away from getting hacked.

At Sony (SNE) Pictures, the company basically put out the welcome mat for hackers.
Leaked documents show that Sony employees kept lists of passwords in spreadsheets on their computers. Also, employees kept the Social Security numbers of 47,426 people -- including Conan O'Brien and Sylvester Stallone -- lying around in unencrypted files. That's extremely reckless.
The Sony Pictures mega-hack, chock-full of erased computers and exposed documents, is only the latest example of how hackers can attack companies' computer networks with frightening ease.
 
Full Article including Video
Userlevel 7
Badge +54

Apologist comments don't sit well with all security professionals.

by Dan Goodin - Dec 11 2014
 
EXCERPT
 
"The level of sophistication is extremely high and we can tell...that [the hackers] are organized and certainly persistent," Demarest said, according to IDG News. "In speaking with Sony and separately, the Mandiant security provider, the malware that was used would have slipped or probably gotten past 90% of Net defenses that are out there today in private industry and [likely] challenged even state government."
 
 
Full Article

Reply