Clues Point to Long-Duration Hack at Sony

The attack on Sony Pictures Entertainment appears to have been long-lived and targeted.
The attack on Sony Pictures Entertainment appears to have been long-lived and targeted.

With each passing day, evidence mounts that the attack on Sony Pictures Entertainment was a long-duration hacking event that gave malicious actors extensive access to the company’s network and data.

The hack started out looking like a particularly nasty example of hacktivism – with thousands of SPE systems wiped of all data. Going on two weeks after revelations of the hack, however, the incident appears to be something much more dire: a massive breach of corporate security that gave malicious attackers access to gigabytes – and possibly terabytes- of sensitive data.

With only a fraction of the allegedly stolen data trove released, the ripple effects of the incident are already washing up against other Sony divisions and firms with direct or indirect ties to the company.

The latest developments in the saga include publication of some 40 gigabytes of internal files. As described by buzzfeed.com, the files include:

“email exchanges with employees regarding specific medical treatments they are undergoing…a  disciplinary letter (that) details a manager’s romantic relationship and business travel history with a subordinate…(and) extensive stores of personal employee files.” There are leaked performance evaluations, detailed compensation reports for Sony’s executives, including their last three years of compensation at Sony…(and) salary information on almost 7,000 employees, from those on multimillion-dollar contracts to those earning less than $21,000.”

No effort was made to disguise the identity of any individual mentioned in the released documents.

And, as the public pours over the released documents, other firms with direct or indirect links to SPE are being drawn into the mire. The latest among them: consulting firm Deloitte. A document containing sensitive compensation details on thousands of Deloitte employees was among those leaked by the Sony hackers. Its source is reportedly a former Deloitte employee who had taken the document to a new job at SPE, only to have their computer pillaged in the hack.

Recent data published by the hackers also reveal detailed IT operations information involving SPE and its many contractors. As CSO Magazine reported on Thursday, the leaked data includes “hundreds of files containing passwords and credentials for access to internal- and third party applications and services.”

The breadth of the data stolen suggests that attackers had access to Sony’s internal network for a long period prior to launching the final, destructive attack on November 24th. And that conclusion is buttressed by subsequent analysis of the malware used in the attack. Specifically, analysis by a number of firms including PacketNinjas, Trend Micro and BlueCoat, which reveal that the malicious software used in the attack was pre-programmed with both IP addresses and hard coded credentials stolen from Sony.

Read more of our coverage of the Sony hack here.

Comments are closed.