NEWS FROM THE LAB - Thursday, December 4, 2014

Who hacked Sony Pictures Entertainment and why? Posted by Sean @ 16:36 GMT

If you haven't kept up with the news about Sony Pictures Entertainment's breach, you really should catch up. Now. It's fast becoming the worst hack any company has ever publicly suffered.

Reuters: Exclusive: FBI warns of 'destructive' malware in wake of Sony attack
Krebs on Security: Sony Breach May Have Exposed Employee Healthcare, Salary Data
BuzzFeed: A Look Through The Sony Pictures Data Hack: This Is As Bad As It Gets

The FBI released a FLASH Alert about destructive malware on December 1st:


The destructive malware in question is a wiper similar to Shamoon. It uses the same benign driver for raw disk access.

On November 24th, this wallpaper was dropped on the computers of SPE employees:

Hacked By #GOP

Who is responsible for the attack?

North Korea has been suggested. That seems implausible to us.

The attackers apparently made demands:

  •  "We've already warned you, and this is just a beginning."

  •  "We continue till our request be met."

The demands have not yet been made public; when they were not met… the attackers dumped large amounts of SPE's data.

Theory: either the attackers are copyright reformist hackers targeting Hollywood — or — the attack was an attempted shakedown and extortion scheme. Hackers interested in copyright reform very often use better grammar than that found in the wallpaper above.

Which causes us to worry it's about extortion. And that's a big concern because it would mean the point of SPE's public "execution" was to warn to other companies that may already be hacked that the extortioners aren't bluffing.

Either way, Sony Pictures Entertainment may only be the first.

Edited: adjusted a sentence above to link to Shamoon.