Broder Salsa
Banned
Riskbasedsecurity did an extremely interesting breakdown of the whole thing, even if extremely long, that is frequently updated. I would quote a portion but really don't even know where to start or end. So just going to post the latest update
https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/
Another Day, Another Email Spool (December 10)
Today also brought the sixth disclosure from GOP, a single file named sony6.rar, that was uploaded to bittorrent tracking and file sharing sites. As usual, the file was quickly removed from the file sharing sites. The file contains another mail spool named lweil00.ost, which belongs to Leah Weil, Senior Executive Vice President and General Counsel for Sony Pictures Entertainment. Some details about the 3.84GB mail spool include a list of folders, number of emails, and a brief summary of the content.
Some of the folder names and mail count:
Brief list of highlights:
- Admin: 56
- Alertline: 286
- Audit Reports: 28
- Calendar: 6,815
- Compliance dept: 45
- Contacts: 178
- Conversation history: 2
- Deleted items: 4,296
- Designated Employee Notice: 59
- Division Head Meetings: 205
- Executive comp: 60
- Inbox: 41,229
- Sec filings: 30
- SEC FCPA: 102
- Sent emails: 36,586
- SPE Board: 19
- SPE Subsidiaries Report:3
- Legal: 78
.
- Deleted mail contains email retention orders (current financial information email need to be held for 6 years as of 15th jan 2015 that will change to 2 years for all emails unless on legal hold)
- SKY Perfect TV data leaked June of this year, including 10,000 customers name, email addresses, addresses, phone numbers, Pay-TV access control numbers (B-cas#), IC cards, and subscription information which may include payment details. (SKY PerfecTV is responsible for parts of AXN, owned by Sony.)
- Discussions with Paula Askanas and others about uploading fake torrents to frustrate would-be pirates.
- Instructions for how to respond to previous Sony hacking incidents with approved wording for Twitter and Facenook.
- Extensive communications about the 2011/2012 attacks against Sony by Anonymous, including the #opsony threat, sharing pastebin links pertaining to Sony, vulnerabilities on Sony sites (e.g. Subject: FW: ALERT ANONYMOUS THREAT XSS exploited on scajobs.sony.com!!), details of internal investigations about hacking incidents, and employees attempting to geo locate the hackers and match their handles to other aliases.
- Internal concern that Mark Zuckerberg might sue Sony over the movie The Social Network.
- Correspondence between Sony staff about George Clooney wanting to direct a movie based on Hack Attack. Concerns are expressed over potential legal issues if media giant Rupert Murdochs name is used within the movie since its based on a real story.
- Emails about previous Sony breaches including SPE, Sony PlayStation, and other divisions of the company.
- Emails about harassing calls from ANTI-SOPA protestors
https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/