Demonstrating what a hacker can do, the “Guardians of Peace” released a whole terabyte of the company’s internal data this weekend. This included the e-mail box of Sony Pictures Releasing International President Steven O’Dell. And the hackers promised a “Christmas present” soon of even more data if the company does not relent and meet their unspecified demands.
The threat they delivered was a taunting one posted on Pastebin and Friendpaste…”We are preparing for you a Christmas gift,” The gift will be larger quantities of data. And it will be more interesting. The gift will surely give you much more pleasure and put Sony Pictures into the worst state. Please send an email titled by ‘Merry Christmas’ at the addresses below to tell us what you want in our Christmas gift.”
As the breach spills into another week, details have emerged that suggest the attack may have begun much earlier this year, or even earlier, and that the attackers were able to collect significant intelligence on the network from Sony Pictures’ own IT department. It’s clear that those behind the attack were deep inside Sony’s network for a long time before they set off the malware that erased Sony hard drives—and some of the data they collected could have been used in other attacks.
Among the files leaked by the attackers in the past week were lists of what appears to be all of the computers on Sony Pictures’ internal networks, including over 1,600 physical and virtual Linux and Unix servers, and 811 Windows servers. Additionally, a spreadsheet in the leak included the location, IP address, MAC address, Windows computer name, and assigned username of over 3,000 individual PCs in North America and over 7,700 more worldwide on Sony Pictures’ network. These details allowed the attackers to pick out Sony Pictures’ most vulnerable servers and infrastructure.
Also among the spoils in one of last week’s file dumps was a Sony Corp. CA 2 “root” certificate—a digital certificate issued by Sony’s corporate certificate authority to Sony Pictures to be used in creating server certificates for Sony’s Information Systems Service (ISS) infrastructure. This may have been used to create the Sony Pictures certificate that was used to sign a later version of the malware that took the company’s computers offline. There were also certificates for a JP Morgan Chase electronic corporate banking application, SSL certificates for sites including the Sony Pictures Store e-commerce site, and other certificates associated with intranet servers and other infrastructure from multiple telecommunications providers.
This hack provides plenty for companies to think about…loss of productivity, embarrassing release of information, impacts to reputation, significant costs, loss of potential future revenue and much, much more.