Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

03:40 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly

Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers

A wrapup of the latest Sony attack fallout.

Sony is trying to stem the bleeding of its most recent colossal, complex cyberattack, but new corporate secrets keep spilling out. The latest leak is a draft script for the next James Bond film, Spectre.

This week, Sony alerted its staff to be on the lookout for fraudulent use of their identity information. The company confirmed that employees' Social Security numbers, credit card details, bank account information, healthcare information, and data about salary and compensation were exposed.

Also, journalists picking through the pile of internal Sony emails are unearthing conversations between company executives and others in Hollywood that are embarrassing, to say the least. BuzzFeed published some emails between Sony Pictures co-chair Amy Pascal and Scott Rudin, the producer of Moneyball, The Girl With the Dragon Tattoo, and many other big Hollywood movies.

Before a fundraiser for President Obama, Pascal and Rudin had a conversation that devolved into them joking about what the president's favorite films might be. They mention movies about slavery (Django Unchained and 12 Years A Slave), a movie about an African-American servant who works in the White House (The Butler), and two movies that star the African-American comedic actor Kevin Hart (Think Like A Man and Ride-Along).

In a long series of emails published by Gawker, Rudin called Angelina Jolie a "minimally talented spoiled brat" and producer Megan Ellison (daughter of Larry) a "28-year-old lunatic."

In response to those disclosures, Sony is now threatening the news media with legal action. Saturday, David Boies, a famous attorney representing the company, issued a letter to news organizations Saturday -- including Re/code, Gawker, The New York Times, The Wall Street Journal, the Los Angeles Times, Variety, and Bloomberg -- demanding that they cease using leaked data and destroy all copies of it.

    We are writing to ensure you are aware that [Sony Pictures Entertainment (SPE)] does not consent to your possession, review, copying, dissemination, publication, uploading, downloading, or making any use of the Stolen Information, and to request your cooperation in destroying the Stolen Information...

    Failure to comply means SPE will have no choice but to hold you responsible for any damage or loss arising from such dissemination by you, including any damages or loss to SPE or others, and including, but not limited, to any loss of value of intellectual property and trade secrets resulting from your actions.

It's rumored that Sony has also gone on the offensive in other ways. Re/code reported that two unnamed sources told them Sony was using Amazon Web Services servers in Asia to launch DDoS attacks against websites where the stolen data is available. Amazon has denied being a part of any such activity.

The scope of the Sony attack is certainly broad. "This attack is unprecedented in nature," Kevin Mandia, COO of FireEye and founder and CEO of Mandiant -- which is conducting the forensic investigation -- wrote in a Dec. 8 letter to Sony. "In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared."

Yet other security experts are challenging that assessment. In an interview with Dark Reading last week, Oren Falkowitz, founder and CEO of Area 1 Security, dismissed the definition of "unprecedented," saying, "Our team has seen these things before."

Ken Levine, president and CEO of Digital Guardian, said in an email:

    We have tremendous respect for Kevin Mandia and the team he's assembled at FireEye's Mandiant, but we completely disagree with the statement he made over the weekend. He is clearly offering Sony the opportunity to hide behind the veil of advanced persistent threats or APTs...

    The truth is, there is nothing new about what these attackers are doing. They are using the same tactics they've used before to get inside these organizations (someone clicks on an attachment with malware and the malware sits and waits) and FireEye and/or other security products could have, should have caught this.

Whether or not the nature of the attack is revealed to be relatively commonplace, one thing may make recovering from it uniquely difficult. The breached data included network maps, credentials, and nearly everything else a person would want to know about SPE's IT infrastructure -- making it impossible for the company to simply recover. It may need to rebuild entirely. Otherwise, it is setting itself up to be compromised all over again.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/16/2014 | 7:11:11 PM
Three Things Sony forgot: Baseball, Apple Pie and the Constitution.

I really don't know where to start with the latest from Sony.  Everyday brings more and more desperation.   Now they want to squelch freedom of speech ?  Last time I checked Sony does business in the United States of American not the United States of Sony.

Amazing how everyone else must bear the burdened of their pompous ineffectiveness.

Speaking of freedom of speech, isn't that what got Sony into this mess in the first place ?

Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-06
Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. A remote authenticated malicious user could gain access to user credentials via the uaa.log file if authentication is provided via query parameters.
PUBLISHED: 2019-12-06
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97....
PUBLISHED: 2019-12-06
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are n...
PUBLISHED: 2019-12-06
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.
PUBLISHED: 2019-12-06
An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext.