A Look Through The Sony Pictures Data Hack: This Is As Bad As It Gets
Tom Gara, and Charlie Warzel. writing in the December 2, 2014 online website, BuzzFeedNews.com, note that “after sifting through almost 40 gigabytes of leaked internal data, one thing is clear: Sony Pictures appears to have suffered the most embarrassing, and all-encompassing hack of internal corporate data ever made public.” “The data dump, which was extensively reviewed by BuzzFeed News, include employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rational for leaves of absence. There are spreadsheets containing the salaries of 6,800 global employees, along with social security numbers of 3,500 U.S. staff. And, there is extensive documentation of the company’s operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan — to the results of sales meetings with local TV executives,” the publication wrote. Mr. Gara and Mr. Warzel add that these documents are “just a fraction of the approximately 100 terabytes of data hackers claim to have taken from Sony.” The hackers warned that the purloined data “will be made available online, once they figure out how to distribute such an enormous amount of information.”
“The documents, released this past weekend, “are but a fraction of the approximately 100 terabytes of data,” the hackers claim to have purloined from Sony’s database. The hackers have boasted/warned, that they intend to make the data “freely available online — once they figure out how to distribute such a vast amount of information,” BuzzFeed noted.
“The hackers, who call themselves — The Guardians of Peace — took credit for the hack; and, emailed members of the media with links to download dozens of compressed files each containing vast troves of data stolen from the Sony Pictures servers. Earlier, the hackers had released high-quality video files of five unreleased Sony films. The box office impact of that release, analyst’s told BuzzFeed News….probably won’t be that bad. But, the broader cost to Sony of this new round of leaks — to its reputation, its employees morale, and its commercial standing — seems impossible to estimate,” Mr. Gara and Mr. Warzel wrote.
BuzzFeed News observed that “the leak is particularly embarrassing — because it comes just three and one half years after Sony, and its gaming customers suffered through a three-week long hacking nightmare that brought the company’s PlayStation gaming networks offline; and, compromised the personal and financial information of up to 25M customers (though the company did not confirm how many accounts had financial information stolen),” the publication noted.
“In the days after the April 2011 breach,” Mr. Gara and Mr. Warzel write that “Sony enlisted three, independent computer security and forensic consulting firms — to assess its [IT] security infrastructure; and, identify the culprit of the attack,” according to a letter Sony sent to members of Congress. Years after that hack, Sony Pictures still seems to have a long ways to go,’ the authors note. “One of the files leaked this past weekend was a word document titled — “Passwords” that contained an executive’s computer, Lotus Notes, and American Express user names and passwords, as well as Amex credit card numbers, expiration dates, and four-digit security codes.”
Incredibly, BuzzFeed News wrote, “the roughly 40 gigabytes of company information now available online, sat on company servers — without encryption, with a vast majority of the sensitive, personal files containing no password protection. Currently, the stolen data trove is available to download, potentially placing the information in the hands of a hacker, scammer, criminal, media organization, or curious citizen who knows their way around a torrent file.”
“The release of such sensitive data, could easily eclipse the leaking of five unreleased films, in terms of impact on the company’s bottom line,” BuzzFeed News contends. “Financially, it will cost more to clean up this mess, than what they would lose at the box office,” said a movie industry source who requested anonymity because of ties to Sony. “Firewalls, consultants, all that stuff is expensive.” “Sony Pictures employees, now face the grim prospect of extremely personal information bouncing around the Internet forever. The documents lifted from company servers include email exchanges with employees regarding specific medical treatments they are undergoing, while one disciplinary letter details a manager’s romantic relationship and business travel history with a subordinate. None of the names on the file is redacted,” BuzzFeed noted. “In some cases, extensive stores of personal employee files — documents that had nothing to do with Sony corporate business — were included in the breach. One document swept up in the hack…outlines the breastfeeding diet of a senior executive.”
“Leaked performance evaluations cover, sometimes in great detail, how individual employees failed to live up to the expectations of their managers. There are also detailed compensation reports for Sony executives, including their last three years of compensation at Sony, their target bonus, actual bonus, and base salary. It also compares them to similarly situated employees in other companies , and reviews their proposed contracts for the next three years,” Mr. Gara and Mr. Warzel note. “Alongside that: salary information on almost 7,000 employees, from those on multi-million dollar contracts — to those earning less than $21,000.”
BuzzFeed News notes that “some believe that the work might have been the work of hackers backed by the North Korean government, which has expressed outrage at an upcoming Sony Pictures comedy film, The Interview, which is built around an attempt to assassinate North Korean leader Kim Jong-Un. North Korean officials have previously described the unreleased film as an act of war, and in a letter to U.N. Secretary General Ban Ki-moon, the country’s United Nations ambassador said the film was a form of terrorism.”
“When asked by the BBC on Tuesday if their country [North Korea] was responsible for the Sony Pictures hack, a North Korean government spokesman replied, “Wait and see.” And this may just be the beginning, BuzzFeed warns: “We have much more interesting data,” the hackers said in an email sent to the media, including BuzzFeed News. “If you find special interest, send an email.”
The cyber security website, The Hacker News, reports that Sony Pictures has hired FireEye’s Mandiant Incident Response Team “to clean up the damage,” as well as forensically who the likely perpetrator/s are. V/R, RCP