Support NeoGAF

[Broder Salsa]

Riskbasedsecurity did an extremely interesting breakdown of the whole thing, even if extremely long, that is frequently updated. I would quote a portion but really don't even know where to start or end. So just going to post the latest update

Another Day, Another Email Spool (December 10)
Today also brought the sixth disclosure from GOP, a single file named sony6.rar, that was uploaded to bittorrent tracking and file sharing sites. As usual, the file was quickly removed from the file sharing sites. The file contains another mail spool named “lweil00.ost”, which belongs to Leah Weil, Senior Executive Vice President and General Counsel for Sony Pictures Entertainment. Some details about the 3.84GB mail spool include a list of folders, number of emails, and a brief summary of the content.
Some of the folder names and mail count:

• Admin: 56
• Alertline: 286
• Audit Reports: 28
• Calendar: 6,815
• Compliance dept: 45
• Contacts: 178
• Conversation history: 2
• Deleted items: 4,296
• Designated Employee Notice: 59
• Division Head Meetings: 205
• Executive comp: 60
• Inbox: 41,229
• Sec filings: 30
• SEC FCPA: 102
• Sent emails: 36,586
• SPE Board: 19
• SPE Subsidiaries Report:3
• Legal: 78

Brief list of highlights:

• Deleted mail contains email retention orders (current financial information email need to be held for 6 years as of 15th jan 2015 that will change to 2 years for all emails unless on legal hold)
• SKY Perfect TV data leaked June of this year, including 10,000 customers name, email addresses, addresses, phone numbers, Pay-TV access control numbers (B-cas#), IC cards, and subscription information which may include payment details. (SKY PerfecTV is responsible for parts of AXN, owned by Sony.)
• Discussions with Paula Askanas and others about uploading fake torrents to frustrate would-be pirates.
• Instructions for how to respond to previous Sony hacking incidents with approved wording for Twitter and Facenook.
• Extensive communications about the 2011/2012 attacks against Sony by Anonymous, including the #opsony threat, sharing pastebin links pertaining to Sony, vulnerabilities on Sony sites (e.g. “Subject: FW: ALERT – ANONYMOUS THREAT – XSS exploited on scajobs.sony.com!!”), details of internal investigations about hacking incidents, and employees attempting to ‘geo locate’ the hackers and match their handles to other aliases.
• Internal concern that Mark Zuckerberg might sue Sony over the movie “The Social Network”.
• Correspondence between Sony staff about George Clooney wanting to direct a movie based on Hack Attack. Concerns are expressed over potential legal issues if media giant Rupert Murdoch’s name is used within the movie since its based on a real story.
• Emails about previous Sony breaches including SPE, Sony PlayStation, and other divisions of the company.
• Emails about harassing calls from ANTI-SOPA protestors

.

https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/

 

[strafer]

How will they recover from this?

 

[BeforeU]

This is just crazy man

 

[Sch1sm]

How will they recover from this?

With another Adam Sandler movie.

 

[Ghazi]

North Korea brought the fist down. Kinda wish The Interview had never haopened, now.

 

[OmegaSmash]

Kinda weird how, as far as I know, nothing from Playstation has leaked out yet.

 

[TheSeks]

I'd see a George Clooney movie on Rupert Murdoch's "hack"ing scandal.

 

[Nazgul_Hunter]

Kinda weird how, as far as I know, nothing from Playstation has leaked out yet.

Why? This was Sony Pictures. Not sce

 

[OmegaSmash]

Why? This was Sony Pictures. Not sce

Really? Everyone was making it sound like it was the entirety of Sony that got hit with leaks.

 

[Jonnax]

Kinda weird how, as far as I know, nothing from Playstation has leaked out yet.

Playstation are a different company that is owned by the same parent company as Sony Pictures.

 

[Upsidedown Fuji]

Man, Sony can't catch any breaks as of late. I think they'll recover but after this I wouldn't be surprised if there were a major overhaul of the company. With all the attacks Sony has sustained over the past few years, it really make them look like an easy target although they must have very beefy security measures in place... I'd expect so at least.

If only this hacking effort were focused on something actually important like uncovering nasty government secrets or whatnot.

 

[Ingueferroque]

This is the biggest tech story of the year.
Imagine if world war 3 started over a Seth Rogen movie..

 

[wildfire]

Really? Everyone was making it sound like it was the entirety of Sony that got hit with leaks.

Most didn't do that.

 

[Broder Salsa]

Really? Everyone was making it sound like it was the entirety of Sony that got hit with leaks.

I don't think many said that. However there is some overlaps.

Anti-piracy information from Google, YouTube, Netflix, and Farncombe including:

• Total number of notices sent to ISPs with 100% success rate (2,537,932)
• Alerts sent to subscribers (1,475,848)
• Alerts that were not sent but should of been (41,917)
• A breakdown of which content, how many types of alerts sent, and acknowledgements for 2012, 2013, and 2014
• Confidential documents outlining deals, procedures for monitoring, and services provided by Farncombe
• Large amount of proposals to Google, YouTube, and other services about how to censor search results, remove content from its search
• Content protection documentation

Documents and internal tracking of console hacking information for the PlayStation including:

• 27th Chaos Communications Congress (CCC), Console hacking 2010, PS3 Epic fail.
• Verisign Fraud Alert: Phishing – the latest tactics and potential business impact.
• BHUSA09-Marlinspike-DefeatSSL-PAPER1
• us-14-Rosenberg-Reflections-On-Trusting-TrustZone-WP

and the update from yesterday included:

• Emails about previous Sony breaches including SPE, Sony PlayStation, and other divisions of the company.

 

[AnathemicOne]

North Korea brought the fist down. Kinda wish The Interview had never haopened, now.

Wait, North Korea actually being the hackers wasn't a joke?

 

[sappyday]

Has Rogen, Franco, or Goldberg say something on the matter?

 

[thefro]

It sounds like they basically took every piece of data Sony Pictures has and completely compromised their entire network.

This could go on for a long time.

 

[waypoetic]

Zuckerberg wants to sue Sony over The Social Network? Why?

And North Korea; it's just a movie yo.

 

[MikeHattsu]

Guess they'll continue posting email spools over the next months then.

 

[Slayven]

So who is going to get fired? Somebody is going to have to take the blame.

 

[Aiii]

How will they recover from this?

Did you ever look at a TV show or Movie trailer and think to yourself "boy, which production company bankrolled this?"

If the answer is no, they'll just release movies and shows people want to see and earn money from it.

The only people that should be worried is the management of Sony Pictures US and the tech guys responsible for security.

 

[MarkMclovin]

I'd love to know how a hack like this is done. Seems insane that so much different data ranging from inboxes to movies can be taken. All of which would be stored in completely different area's of the environment and thus, difficult to get to.

 

[jts]

Wait, North Korea actually being the hackers wasn't a joke?

No, but Sony is.

 

[infiniteloop]

Wait, North Korea actually being the hackers wasn't a joke?

No evidence of north korea involvement

http://www.theguardian.com/technology/2014/dec/10/fbi-doubts-north-korea-link-sony-pictures-hack

 

[Joe Shlabotnik]

Wait, North Korea actually being the hackers wasn't a joke?

I don't think it's been completely confirmed but the sophistication of the hack greatly narrows the possible sources. The news today says it would have bypassed the security of 90% of companies in the world. It basically has to be state-sponsored.

 

[infiniteloop]

I'd love to know how a hack like this is done. Seems insane that so much different data ranging from inboxes to movies can be taken. All of which would be stored in completely different area's of the environment and thus, difficult to get to.

Different data types, but it'll all be stored on similar servers. If you can get onto one, easy enough to get to the others.

 

[Blackhead]

goddam didnt realise the extent of the breach and private data obtained until now :0

 

[Starviper]

How hard is it to get the entirety of the breached data? There's been so many ridiculous releases i'm getting more and more tempted to start going through some of it myself.

 

[Nickodamus Rex]

Has Rogen, Franco, or Goldberg say something on the matter?

Well, a joke response at least, during Francos monologue on SNL last week.

http://www.youtube.com/watch?v=P5NNUt7GFeY


Anyway, I read most of the Jobs emails...very entertaining stuff. Not often you hear juicy top-level stuff like this, outside of an occasional Hollywood tell-all book. Poor Sony.

 

[GifGafIsTheBestGaf]

sony should go inquisition style from the very top to the very bottom on sony pictures and start anew

what a fucking catastrophe

 

[Ingueferroque]

How hard is it to get the entirety of the breached data? There's been so many ridiculous releases i'm getting more and more tempted to start going through some of it myself.

Err

 

[Broder Salsa]

Apparently we got Christmas gifts coming up.

My Life At The Company, Part 2 (December 13)


Today brought the seventh leak of data from the Guardians of Peace (GOP), titled “My Life At The Company – Part 2”. This follows a Pastebin post in which they warn Sony executives that an important message has been sent to them:

by GOP
Important
Message to SPE executives
I’ve sent you a message.
Confirm your mailboxes.

The Pastebin post with links to the newly leaked information from Sony networks is accompanied by another message saying that upcoming Christmas leaks will contain larger quantities of data and it will be “more interesting”. One thing that is already interesting is that GOP says if anyone sends an email titled “Merry Christmas” to one of five provided email addresses, they will take requests with what should be in the upcoming leak:

We are preparing for you a Christmas gift.
The gift will be larger quantities of data.
And it will be more interesting.
The gift will surely give you much more pleasure and put Sony Pictures into the worst state.
Please send an email titled by “Merry Christmas” at the addresses below to tell us what you want in our Christmas gift.

The actual data leaked today appears consists of 6.45GB of uncompressed data, distributed via bittorrent links that do not appear to be seeding from same 54 IP addresses previously seen. The data consists of 6,560 files throughout 917 folders. A screenshot showing a sampling of the leaked data:

A very brief analysis suggests this leak contains:

• Sony internal documents for tracking deals, expenditures, and revenue.
• Complete working folders for Jim Underwood (likely ex-Sony Executive VP, Worldwide Digital and Commercial Strategy [LinkedIn Profile])
• Documents related to the acquisition of Grouper Networks in 2006 and related material the following years.
• Many acquisition proposals, Sony’s perspective on the pros and cons to the deals, companies of interest, and potential profit, including Left Bank Pictures.
• Drafts on the best ways to battle piracy, from 2009 on.
• Enhanced Content Protection Overview written by Chris Odgers – complete analysis of possibilities of breaches, exploits, detection, and prevention methods for data streaming services to prevent hijacking.
• Emails about Australian TV not being finalized before screening started. This appears to be related to the recent run of older American TV shows like Starksy and Hutch.
• Breach monitoring and revocation rules for Phase 1 Service if the F1 Box is hacked.
• Business documents and dealings with Abril.com out of Brazil.

https://www.riskbasedsecurity.com/2...ember-2014-sony-hack/#mylifeatthecompanypart2

 

[Nokterian]

Holy moly the amount of stuff they have is scary.

 

[ElBoxyBrown]

Zuckerberg wants to sue Sony over The Social Network? Why?

And North Korea; it's just a movie yo.

I remember Zuckerberg was not happy that the movie portrayed him as an asshole. I guess he wanted to take it personal seeing as how that movie kinda sullied his image. This is my guess I could be wrong.

 

[wildfire]

That was long but a pretty good read.

 

[Scrooged]

How hard is it to get the entirety of the breached data? There's been so many ridiculous releases i'm getting more and more tempted to start going through some of it myself.

You may want to think twice about that.

 

[OraleeWey]

Sony should contact Anonymous so they can trace the [hack] back to the source.

 

[The Lamp]

How hard is it to get the entirety of the breached data? There's been so many ridiculous releases i'm getting more and more tempted to start going through some of it myself.

If you don't have the sense to mind your own business, I'm not going to feel an ounce of pity for you if you get in legal trouble for getting involved.

 

[DieH@rd]

Sony should contact Detective-GAF so they can trace the [hack] back to the source.

Fixed.

 

[PairOfFilthySocks]

Zuckerberg wants to sue Sony over The Social Network? Why?

Because it paints him in a remarkably bad light and is based on a book written by the bloke played by Andrew Garfield lol

 

[jts]

Sony should contact Anonymous so they can trace the [hack] back to the source.

They need to create a GUI interface using Visual Basic.