A Breakdown and Analysis of the December, 2014 Sony Hack

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/

Note: This article is being updated almost daily with new developments
regarding the leaks from the Sony Pictures breach. Changelog of updates:
The Beginning (November 24)
Second Round of Leaks (December 3)
The Analysis Game (December 4)
The Next Chapter (December 5)
The Analysis Continues (December 7)
Fifteen Days Under Siege (December 8)
Reality and the Blame Game (December 9)

—

On November 25, a new chapter was added to the chronicles of data theft
activity. A group calling itself GOP or The Guardians Of Peace, hacked
their way into Sony Pictures, leaving the Sony network crippled for days,
valuable insider information including previously unreleased films posted
to the Internet, and vague allegations it all may have been done by North
Korea in retribution for the imminent release of an upcoming movie titled
“The Interview”.

While politically motivated attacks and theft of intellectual property is
nothing new, this incident certainly stands out for several reasons. First,
via a Pastebin link, the group released a package and links to torrent
files hosted on four sites consisting of 26 parts, broken out into 25 1GB
files, and one 894 MB rar file. The files were also uploaded to the file
sharing giants MEGA and Rapidgator, but removed by site managers shortly
after. The researchers at RBS were able to access the files and analyze the
content prior to the information going off-line, as well as reach out to
GOP.

The results of the analysis provide unprecedented insight into the inner
workings of Sony Pictures and leaked the personal information of
approximately 4,000 past and present employees. As if the sensitive
employee information wasn’t troubling enough, the leak also revealed
curious practices at Sony, such as money orders used to purchase movie
tickets that were apparently re-sold back to Sony staff.

The Guardians Of Peace made their contact information available for a brief
time. RBS researchers used that opportunity to contact to the group seeking
comment and received the following response:

I am the head of GOP.
I appreciate you for calling us.
The data will soon get there.
You can find what we do on the following link.

The link provided only led to a Facebook page that was not in use. The
following time line gives more perspective and analysis of the details of
the intrusion based on information made available via public sources.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!