Sony Breach: Leaked Salaries, Confidential Data Points To Major Lapse
The attackers who infiltrated Sony Pictures Entertainment bringing the company's corporate network to a standstill for more than a week, also appear to have gained access to the company's email server and databases containing sensitive files.
Stolen data surfaced on a variety of public forums over the last several days, exposing the salaries of the company's senior executives and revealing personal information of thousands of employees. Some of Sony's pending and unreleased films have also leaked to some online forums. The digital downloads were made available in an apparent attempt to strike a financial blow to Sony's movie division. A hacktivist group calling itself #GOP is claiming responsibility for the attack.
An internal memo from the studio's senior executives acknowledges the data breach and notes that a "large amount of confidential Sony Pictures Entertainment data has been stolen," according to Reuters, which viewed the document.
[Related: Report: FBI Flash Alert Warns Of Destructive Malware Danger]
Few details are available about the attack, which purportedly began Nov. 24, targeting Microsoft Windows PCs. An FBI "flash" alert issued this week following the attack warns organizations about the use of destructive malware, which may have been one of the tactics used by the Sony attackers.
"This is a bad sign for Sony but regrettably it's not something that the security industry hasn't dealt with before," said Kevin Wheeler, founder and managing director at Dallas-based information security services company InfoDefense. ’Every attack on an organization in the last five or six years included some type of malware as a component of it.’
Solution providers say Sony is very likely getting outside assistance to support its incident response capabilities, determine the scope of the lapse and ensure that all threats are contained and removed. Destructive malware may have been used in the breach points to a multi-staged attack with numerous entry and egress points, said a senior security consultant who assisted Sony in previous security incidents. Sony reportedly sought the assistance of Mandiant, the professional security services arm of security vendor FireEye.
The leaked information appears to point to a broad compromise at Sony, impacting multiple systems, according to TK Keanini, chief technology officer of network security vendor Lancope. Sony is a target because the structure of its businesses involves a complex supply chain, giving attackers a way to gain access to proprietary data and intellectual property, including films that are heavily controlled by the studio, Keanini said.
Sony has been the bane of hacktivists following security research in 2005 that uncovered a rootkit embedded in Sony BMG music CDs as part of its digital rights management (DRM) schemes. The company removed the malicious software and agreed to pay out millions to settle lawsuits stemming from the matter. The company suffered a massive data breach in April 2011 when attackers brought down its PlayStation Network and compromised sensitive account data of millions of PlayStation Network users. Initially the breach impacted 77 million users, but another breach at Sony Entertainment grew the tally of those affected by another 24.6 million users.
In June, Sony agreed to pay $15 million to users of the services impacted by its massive 2011 data breach and nearly month-long outage of its popular PlayStation Network and Qriocity music service. The agreement settled 65 class action lawsuits filed following the breach.
Investigators attempting to identify the attackers behind the latest Sony breach are said to be investigating whether North Korea may be responsible. The movie studio is releasing a comedy on Christmas about two journalists recruited by the CIA to kill North Korean leader Kim Jong-un.