Hackers na Sony Pictures

[Jorge-Vieira]

Sony Makes First Detailed Comments on Hack

Sony Pictures has finally commented on that massive hack, offering further details about the situation.
CEO Michael Lynton sent a memo to all Sony Pictures employees apologising for the hack and reassuring them about the company’s security measures. In the memo, he included a note from Kevin Mandia, the founder of Mandiant, the security company which has been drafted in by the company to investigate the attack.
As you can see in the full memo bellow, Mandia says that hack was “unprecedented in nature” and “undetectable by industry standard antivirus software”.

Over the last week, some of you have asked about the strength of our information security systems and how this attack could have happened. There is much we cannot say about our security protocols for obvious reasons, but we wanted to share with you a note we received today from Kevin Mandia, the founder of the expert cybersecurity firm that is investigating the cyber-attack on us. The investigation is ongoing, but Mr. Mandia’s note is helpful in understanding the nature of what we are dealing with. Full text below.
We also want to thank you once again for your resilience and resourcefulness in carrying out our critical day-to-day activities under incredibly stressful circumstances. As a result of your efforts, we have made great progress moving our business forward, and we will continue to do so.
— — —
Dear Michael,
As our team continues to aid Sony Pictures’ response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.
This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.
In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.
We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.
Sincerely,
Kevin Mandia

Noticia:
http://www.eteknix.com/sony-makes-fi...comments-hack/

[Jorge-Vieira]

Hackers warn Sony to not release 'The Interview' movie

The hackers behind the breach into Sony have warned the company of the consequences of releasing its upcoming movie 'The Interview' with Seth Rogen and James Franco.

Sony Pictures Entertainment have been warned about releasing "the movie of terrorism", which depicts the assassination of North Korean leader Kim Jong-un. Over the weekend, the two stars of the movies took to Saturday Night Live, having a laugh at it all. The hackers on the other hand, are quite serious.

They said: "We have already given our clear demand to the management team of SONY, however, they have refused to accept. It seems that you think everything will be well, if you find out the attacker, while no reacting to our demand. We are sending you our warning again. Do carry out our demand if you want to escape us. And, Stop immediately showing the movie of terrorism which can break the regional peace and cause the War! You, SONY & FBI, cannot find us. We are perfect as much. The destiny of SONY is totally up to the wise reaction & measure of SONY".

Noticia completa:
http://www.tweaktown.com/news/41747/...vie/index.html

[Jorge-Vieira]

Sony Hackers Release Celebrity Alias Names

The latest haul of Sony Pictures data has revealed a number of interesting celebrity aliases. The aliases are fake names used by celebrities to stay discreet whenever they book hotel rooms or make big purchases for example.The names leaked include ‘Johnny Madrid’, or as most of us know him as, Tom Hanks. There’s also ‘Mr Perry’, which happens to be Jude Law. Perhaps most interesting is Daniel Craig – no, it’s not James, it’s Williams. Olwen Williams.
Bellow is a selection of the names leaked to Fusion.com:

“Sarah Michelle Gellar: goes by “Neely O’Hara” (probably a Valley of the Dolls reference)
Tobey Maguire: goes by “Neil Deep”
Natalie Portman: goes by “Lauren Brown”
Clive Owen: goes by “Robert Fenton” (his wife’s name is Sarah-Jane Fenton)
Taye Diggs: goes by “Scott Diggs” (his real name)
Jude Law: goes by “Mr. Perry”
Daniel Craig: goes by “Olwen Williams” (an homage to his grandfather, Olwyn Williams)
Jessica Alba: goes by “Cash Money”

You can see the full list here.

Source: Fusion.com, Via: TIME Magazine

Noticia:
http://www.eteknix.com/sony-hackers-...y-alias-names/

[Jorge-Vieira]

FBI Has Yet To Find North Korea Link In Sony Hack

Since the massive security breach at Sony Pictures has occurred, speculation has been that North Korea was behind it. Sony, with the help of cybersecurity firm Mandiant and the FBI, has been investigating the perpetrators behind the breach. However, a senior FBI official stated has stated that government agency has not confirmed that North Korea is behind the attack,

“There is no attribution to North Korea at this point,” said Federal Bureau of Investigation assistant director of its cyber division Joe Demarest on Tuesday at a cybersecurity conference sponsored by Bloomberg Government.

This is the first time that a senior FBI official has said anything publicly regarding the agency’s investigation into the attack on Sony. He went on to say that, to date, there has been no confirmation of government involvement but didn’t offer up any further explanations.

North Korea, which has denied any involvement, has been suspected of being behind the cyber attack due to the country’s stance on Sony Picture’s upcoming movie “The Interview” in which the plot revolves around the planned assassination of the country’s leader Kim Jong Un.

Noticia completa:
http://hothardware.com/news/fbi-has-...Hh8cb2E6jTk.99

[Jorge-Vieira]

Sony’s Losses From Massive Hack Could Top $100M

Anyone who thinks hacking is harmless has never had to pay the bill following the aftermath. For Sony, the tab to clean up the mess left behind by the recent ransomware attack on its systems could reach as high as $100 million, no small sum even for a major movie studio. The only good news is that the tally will likely be less than the estimated $171 million Sony paid as a result of hackers infiltrating its PlayStation Network (PSN) several years ago.

Cybersecurity experts who have studied past attacks point out that there are costs associated with investigating the security breach, repairing and/or replacing infected systems, and beefing up security so that future attacks of the same nature don't occur again. On top of all that, you have to factor in lost productivity -- Sony's workers were forced to shut down their systems and use pen and paper to get work done when the attack first took place.

Sony is still assessing the damage and doesn't yet have a number to share, though it undoubtedly will be high -- this is considered the biggest cyberattack on a company's systems located in the U.S. Insurance will help pay part of the bill, but not all of it.

Noticia completa:
http://hothardware.com/news/sonys-lo...MgRvJKZx3om.99

[Winjer]

Não tenho pena deles, tendo em conta como andam a lixar os trabalhadores.

[reiszink]

"Sonyleaks" a caminho...

Uma das majors está em crise: um ataque informático sem precedentes revelou dinheiros, críticas internas e segredos que prometem alterar as relações de poder em Hollywood.

http://www.publico.pt/culturaipsilon...a-sony-1678985

[Jorge-Vieira]

Insider emails show Sony's plans for a Jump Street/MIB collaboration

Surrounding all the negativity that Sony have been experiencing recently thanks to their PlayStation store hack and a myriad of different issues with the Sony Pictures raid by #GOP hackers, finally something funny, interesting and cool has come out of the fray.

Reported as ready to film around July 2015, some insider emails have been snagged showing that 'MIB Jump Street' is set to become a very real and very hilarious thing. The first snippet we have here is from Jonah Hill himself in which he has a pitch for the movie title.

It's funny to note that he seems to send emails the same way his characters talk, did you find yourself reading out in his Jump Street voice? He then expanded on these thoughts after being kicked back at first.

Backed up by Sony pictures co-chairman Amy Pascal, the final snippet we're going to show you here is a full-fledged backing from this massive corporation - marking this crazy idea as a very real and very cool ordeal.

This was backed up by Hannah Minghella, the President of Production at Colombia Pictures who commented "there is nothing I want to do more than make this movie... beyond exciting..."

Noticia completa:
http://www.tweaktown.com/news/41833/...ion/index.html

[Winjer]

A resposta da Sony é hilariante.

Sony fights back against hackers, stolen file sharers – by firing a DDoS back at them

When the hackee becomes the hacker… In a somewhat amusing twist to the ongoing Sony Pictures hack and massive breach of sensitive files and unreleased films, the company is now fighting back. According to two unnamed sources, Sony is now using “hundreds of computers” to perform a DDoS on websites where you can download the leaked data. Better yet, Sony is apparently using Amazon’s cloud servers — Amazon Web Services — to perform the DDoS. While I’m all for proactive security measures, Sony might be taking it a little bit too far here.The report, from Recode, says that Sony is using hundreds of computers in Asia to DDoS “sites where its pilfered data is available.” Beyond that, very few technical details of the attack are available, but I don’t think that Sony is simply doing a standard DDoS on a bunch of websites — that would (probably) be illegal, and I suspect a complete breach of Amazon’s terms of service. It is more likely that Sony is poisoning the BitTorrent swarms that are sharing the stolen data, making it very hard for people to download data — and if they do succeed in downloading, the poisoning should mean that the data is too corrupt to be of any use.
There are various types of torrent poisoning, but they’re all fairly effective. Sony is probably using a mix of interdiction — spamming peers with hundreds of servers, to prevent legitimate users from connecting to the peer to download the block of data — and index poisoning, which floods the swarm with lots of messages saying “hey, we have the block you’re looking for!” but then the block isn’t there, or it has been intentionally corrupted. In both cases, if this report is accurate, Sony could be making it very hard for people to download the torrents full of sensitive data, celebrity contact details, unreleased movies, and so on.
The warning message that appear on Sony Pictures computers, after it was hacked by the Guardians of Peace

At first it’s fairly hard to believe that Sony — an upstanding multinational megacorporation — could be involved in such nefarious tactics. There are precedents, though — way back in Napster and Kazaa times, it wasn’t unusual for a publisher (or an outside agency) to upload fake or corrupt files. In more recent times, a commercial company called MediaDefender performed a variety of torrent poisoning attacks at the behest of most major film studios and music labels. It is somewhat unusual that Sony is reportedly performing the DDoS itself; to be honest, I wouldn’t be surprised if it is actually a third-party agency that’s doing it under Sony’s guidance.
As for the tidbit in Recode’s report about the use of Amazon Web Services (AWS), I’m not quite sure what to make of it. I’m guessing Sony needed a quick pool of well-connected computing power, and the cloud was the obvious choice — but generally, most cloud providers frown upon illegal (or even questionable) activity.
Morally, I suspect Sony’s position is somewhat defensible — it’s trying to protect stolen data, after all — but I’m sure if the law (or Amazon) will see Sony’s antics in the same light. Generally, hacking and computer misuse laws exist to prevent people from doingunwarranted stuff to computer systems that they don’t own. Basically, if a system was designed to do one thing (like serving torrents), but you subvert it into doing something else — and you don’t own the remote system — you are a hacker in the eyes of the law.

[Jorge-Vieira]

A Sony a fazer ataques DDOS

[tiran]

http://www.businessinsider.com/joel-...ony-tv-2014-12

[Jorge-Vieira]

Amazon denies Sony is using its AWS to launch DDoS cyberattacks

Sony has been accused of launching distributed denial of service (DDoS) attacks against websites hosting its stolen content, using Amazon Web Service as a launch pad, according to unnamed sources speaking with Re/code. It would seem extremely unlikely - and easily identifiable - if Sony decided to use AWS to launch any form of DDoS attacks, with network monitoring company CloudFlare suggesting Sony didn't launch any counter-attacks.

Amazon sent the following statement to TweakTown:

"AWS employs a number of automated detection and mitigation techniques to prevent the misuse of our services. In cases where the misuse is not detected and stopped by the automated measures, we take manual action as soon as we become aware of any misuse. Our terms are clear about this. The activity being reported is not currently happening on AWS."

Not surprisingly, launching a full-blown counter-attack is illegal, with Jennifer Stisa Granic, director of Civil Liberties at the Stanford Center for Internet and Society providing ZDNet with the following statement: "It's illegal for companies to counter-attack. That line will be fuzzy depending on the tech used, but the law is clear, no unauthorized access except for lawfully authorized government activity."

Noticia:
http://www.tweaktown.com/news/41868/...cks/index.html

[Jorge-Vieira]

FBI says cyberattack that hit Sony would have worked against others

The FBI is still unsure what hacker group successfully compromised Sony Pictures Entertainment, but said 90 percent of companies would likely fall victim to the same tactics. FBI officials also have reportedly met with Sony employees to explain how to protect themselves due to personal information being stolen as part of the breach.

"[T]he malware that was used would have gotten past 90 percent of the Net defenses that are out there today in private industry and [would have been] likely to challenge even state government," said Joe Demarest, assistant director of the FBIU cyberdivision, at a Senate Banking Committee hearing.

Sony is working with Mandiant, a cybersecurity forensics company, and CEO Kevin Mandia confirmed that this type of attack would be difficult to prepare for. The Guardians of Peace took credit for the attack, with purported GOP members emailing the media additional details of the breach.

Noticia:
http://www.tweaktown.com/news/41888/...ers/index.html

[Jorge-Vieira]

Sony Reportedly ‘Spooked’ It Could Be Victimized by Cyberattack Again

Sony Pictures Entertainment is still trying to recover from a major data breach that saw several movies leaked online, personal employee data stolen, and confidential emails published for the world to see.
It looks like the company is worried it could be victimized again after the scheduled Christmas release of “The Interview,” which features Seth Rogen and James Franco. Considering the FBI noted that 90 percent of companies would likely fall victim to the same type of attack, it will be curious to see if Sony is able to quickly improve its defenses.
“They are spooked,” according to an anonymous government source, when speaking of Sony’s recent experiences following the data breach. The Department of Justice’s National Security Division is investigating the breach, indicating the federal government wants to verify if a foreign state government could be involved.
The FBI hasn’t been able to determine what hacker group is behind the breach, while a group called the “Guardians of Peace” claimed credit. Alleged ties to North Korea, which haven’t been verified, continue to seem like a possible source involved in the attack.

Noticia:
http://www.eteknix.com/sony-reported...d-cyberattack/

[Winjer]

Será que os problemas da Sony com hackers ainda não acabaram?

Guardians of Peace threaten Sony, saying a 'Christmas gift' is coming

The Guardians of Peace released more information stolen from Sony, and promised a large "Christmas gift" of additional data taken in a breach Sony suffered that started late last month. The leaked content reportedly contained more email correspondence and information related to Crackle, the online video website.


Here is part of the post from hackers (via Pastebin): "We are preparing for you a Christmas gift. The gift will be larger quantities of data. And it will be more interesting. The gift will surely give you much more pleasure and put Sony Pictures into the worst state."

The cybercriminals behind the Sony breach have released seven waves of stolen data and movies to the Internet, and will continue to do so. The FBI and cybersecurity companies are helping Sony clean up the mess, but the damage has clearly already been done.