Most hacks like this begin with a phishing attack, which involve sending emails to employees to get them to click on malicious attachments or visit web sites where malware is surreptitiously downloaded to their machines.
Hackers also get into systems through vulnerabilities in a company's web site that can give them access to backend databases. Once on an infected system in a company's network, hackers can map the network and steal administrator passwords to gain access to other protected systems on the network and hunt down sensitive data to steal. New documents released by the attackers yesterday show the exact nature of the sensitive information they obtained to help them map and navigate Sony's internal networks.
Among the more than 11, newly-released files are hundreds of employee usernames and passwords as well as RSA SecurID tokens and certificates belonging to Sonywhich are used to authenticate users and systems at the companyand information detailing how to access staging and production database servers, including a master asset list mapping the location of the company's databases and servers around the world.
The documents also include a list of routers, switches, and load balancers and the usernames and passwords that administrators used to manage them. All of this vividly underscores why Sony had to shut down its entire infrastructure after discovering the hack in order to re-architect and secure it.
The hackers claim to have stolen a huge trove of sensitive data from Sony, possibly as large as terabytes of data, which they are slowly releasing in batches. Judging from data the hackers have leaked online so far this includes, in addition to usernames, passwords and sensitive information about its network architecture, a host of documents exposing personal information about employees. The leaked documents include a list of employee salaries and bonuses ; Social Security numbers and birth dates; HR employee performance reviews, criminal background checks and termination records; correspondence about employee medical conditions; passport and visa information for Hollywood stars and crew who worked on Sony films; and internal email spools.
All of these leaks are embarrassing to Sony and harmful and embarrassing to employees. But more importantly for Sony's bottom line, the stolen data also includes the script for an unreleased pilot by Vince Gilligan, the creator of Breaking Bad as well as full copies of several Sony films , most of which have not been released in theaters yet.
These include copies of the upcoming films Annie , Still Alice and Mr. Notably, no copy of the Seth Rogen flick has been part of the leaks so far. Initial reports have focused only on the data stolen from Sony. But news of an FBI flash alert released to companies this week suggests that the attack on Sony might have included malware designed to destroy data on its systems.
The five-page FBI alert doesn't mention Sony, but anonymous sources told Reuters that it appears to refer to malware used in the Sony hack. The alert warns about malware capable of wiping data from systems in such an effective way as to make the data unrecoverable. The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods.
WIRED spoke with a number of people about the hack and have confirmed that at least one of these payloads was found on Sony systems. So far there have been no news reports indicating that data on the Sony machines was destroyed or that master boot records were overwritten.
But Jaime Blasco, director of labs at the security firm AlienVault , examined samples of the malware and told WIRED it was designed to systematically search out specific servers at Sony and destroy data on them. Blasco obtained four samples of the malware, including one that was used in the Sony hack and was uploaded to the VirusTotal web site. IOC are the familiar signatures of an attack that help security researchers discover infections on customer systems, such as the IP address malware uses to communicate with command-and-control servers.
The other malware samples don't contain references to Sony's networks but do contain the same IP addresses the Sony hackers used for their command-and-control servers. Blasco notes that the file used in the Sony hack was compiled on November Other files he examined were compiled on November 24 and back in July.
The sample with the Sony computer names in it was designed to systematically connect to each server on the list. Sony responded by suing Hotz, a move that reportedly infuriated many in the hacker community. Many experts say the attack on the PlayStation Network in April could have been an act of vilgilante justice resulting directly or indirectly from Sony's lawsuit against Hotz.
Abrams also noted that even before the Hotz incident, Sony had drummed up "significant antipathy" as the result of a scandal involving Sony CDs that automatically installed a rootkit that made users' computers vulnerable to attack.
The PlayStation Network attack appears to have set off an avalanche of follow-ups. Sony's now a new target of interest.
Other hackers seem to have joined up for reasons other than political or monetary gain. Sites like hassonybeenhackedthisweek. Sony has since promised to boost its security systems and review existing procedures. Still, according to experts, many of the attacks used to breach Sony's sites are fairly basic hacks that the company could easily have protected against.
Pascal enlisted a nurse to give sleep-deprived staffers B12 shots. Another former executive says he hired a private investigator after being hacked multiple times following the incursion. As a sign of their resilience, staffers created a video of how they were carrying on, in which they extolled the virtues of going back to basics and having face-to-face conversations. The Sony legal team advised that it should not be released to the public.
No one wanted to tell that story. But in an increasingly data-driven industry, the attack provided a wake-up call for the rest of Hollywood. The internal management of security and privacy issues has improved. Attorney Bryan Freedman, who represented several parties affected by the Sony hack, says studios share an ethical responsibility to work together to prevent it from happening again. Whether or not the government ever arrests Park if he exists , there likely will always be those who hold on to their doubts.
I do think other people would probably feel vindicated. The multiple lawsuits filed by current and past Sony employees in late and early were consolidated into a class action led by Michael Corona, who worked for the company from to Sony settled after losing a bid to get it tossed. They allege he was not only involved in the Sony hack, but also the WannaCry 2.
Although many Hollywood breaches never come to light, with companies quietly paying the ransoms demanded by the criminals, several are known. It was said to be one of at least a half-dozen extortion attempts against Hollywood firms around that time.
UTA says no personal data of its clients or employees had been compromised. On July 27, , HBO became the victim of a coordinated cyberattack in which a staggering 1. Smith, the hackers demanded money though the figure was redacted in the version of the letter THR viewed at the time and claimed that HBO was their 17th target.
Nearly five months later, federal prosecutors pinned the theft on an Iranian military hacker. This story first appeared in the Nov. To receive the magazine, click here to subscribe. Sign up for THR news straight to your inbox every day. Illustration by: Lincoln Agnew. All Rights reserved.
0コメント