On November 24, 2014, a hacking group that identified itself as "Peacekeepers" (GOP) leaked the release of confidential data from Sony Pictures movie studios. The data includes personal information about Sony Pictures employees and their families, e-mails between employees, information on corporate executive salaries, unreleased copy of Sony movies, and other information. The perpetrators then used a wiper variant of Shamoon wiper to remove Sony's computer infrastructure.
In November 2014, the GOP group demanded that Sony withdraw its film The Interview , a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threaten a terrorist attack in a movie theater that plays the film. After the major US cinema network chose not to screen the film in response to this threat, Sony chose to cancel the premiere and the main release of the film, opting to jump directly to a downloadable digital release followed by a limited digital theatrical release the following day.
US intelligence officials, after evaluating the software, techniques and sources of the network used in the hack, alleged that the attack was sponsored by North Korea. North Korea has rejected all responsibility.
Video Sony Pictures hack
Hacking and performers
The exact duration of the hack is unknown. US investigators say that the perpetrator spent at least two months to copy important files. A recognized member of the Guardians of Peace (GOP) who claims to have hacked states that they have access at least one year before its discovery in November 2014, according to Wired . The hackers involved claim to have taken more than 100 terabytes of data from Sony, but the claim has never been confirmed. The attack was carried out using malware. Although Sony is not specifically mentioned in its advisory, US-CERT says that the attackers use the Server Message Block (SMB) Worm Tool to carry out attacks on major entertainment companies. Components of the attack include hearing implants, backdoor, proxy tools, destructive hard drive tools, and destructive target cleaning tools. These components clearly indicate the intention to get repetitive entries, extract information, and are destructive, and remove evidence of an attack.
Sony was made aware of hacking on Monday, November 24, 2014, because the previously installed malware made many of Sony's employee computers unusable for software, with warnings by groups calling themselves Peacekeepers, along with some of the secret data taken during hacking. Some Twitter accounts associated with Sony are also taken over. It follows messages that some Sony Pictures executives have received via email on the previous Friday, November 21; message, coming from a group called "God'sApstls" [ sic ], demanding "monetary compensation" or vice versa, "Sony Pictures will be bombarded as a whole". These email messages are largely ignored by executives, lost in volumes they have received or treated as spam emails. In addition to malware activation on November 24, the message included a warning for Sony to decide on their actions at 11 pm that night, although no real threat was made as the deadline passed. In the days after this hacking, The Guardians of Peace began leaking unreleased movies and began releasing pieces of confidential data to attract the attention of social media sites, even though they did not mention what they wanted in return. Sony quickly set up an internal team to try to manage data loss to the Internet, and contacted the FBI and private FireEye security firm to help protect Sony employees whose personal data were exposed by hacking, repairing damaged computer infrastructure and tracking the source of the leak. The first public report on North Korea's relationship to the attack was published by Re/code on November 28 and later confirmed by NBC News.
On December 8, 2014, in addition to the eighth major data of confidential information, the GOP threatened Sony with language related to the September 11 attacks that caught the attention of the US security services. North Korean state sponsored hackers are suspected by the United States of involvement in the section because of the special threat made against Sony and the cinema show The Interview , a comedy about Kim Jong-un's assassination attempt. North Korean officials had previously expressed concerns about the film to the United Nations, which stated that "to allow the production and distribution of such films on assassinations of heads of sovereign sovereigns should be regarded as the least terrorist sponsorship as good as an act of war."
In its first quarter finances for 2015, Sony Pictures set aside $ 15 million to deal with the ongoing damage from hacking. Sony has improved its cyber security infrastructure as a result, using solutions to prevent hacks or similar data loss in the future. Chairman Sony Amy Pascal announced on the back of a hack that he will release in May 2015, and will instead become more involved with film production under Sony.
Maps Sony Pictures hack
Information obtained
According to a letter dated December 8, 2014, from SPE to its employees, the SPE learned on December 1, 2014 that personally identifiable information about employees and their dependents may have been obtained by unauthorized individuals as a result of "cyber cruelty". attacks ", including names, addresses, social security numbers and financial information On December 7, 2014, C-SPAN reported that hackers stole 47,000 unique Social Security numbers from SPE computer networks.
Although personal data may have been stolen, early news reports focused primarily on celebrity gossip and embarrassing details about the Hollywood film industry business and the affairs collected by the media from electronic files, including personal e-mail messages. Among the information revealed in the email is that Sony CEO Kazuo Hirai pressed Sony Pictures co-chairwoman Amy Pascal to "soften" the murder scene in the upcoming Sony movie The Interview . Many details relating to Sony Pictures' executive actions, including Pascal and Michael Lynton, were also released, in a way that seems intended to spur distrust between executives and other Sony employees.
Other e-mails released on the hack showed Pascal and Scott Rudin, a film and theater producer, discussing Angelina Jolie. In an email, Rudin calls Jolie a "very talented spoiled boy" because Jolie wants David Fincher to direct his film Cleopatra , which, according to Rudin, will interfere with Fincher's movie directing the planned film about Steve Jobs.. Amy Pascal and Rudin are also listed to have e-mail exchanges about Pascal's upcoming encounter with Barack Obama which includes characterizations portrayed as racist, leading to the resignation of Pascal from Sony. Both have suggested they should mention a movie about African-Americans after meeting the president, such as Django Unchained , 12 Years a Slave and The Butler , all of which describing slavery in the United States or the era of civil rights. Pascal and Rudin then apologize. Detailed lobbying efforts by politician Mike Moore on behalf of the Citizens Alliance and FairSearch against Google are also revealed.
This leak reveals some of the details of behind-the-scenes politics in the current Columbia Pictures Spider-Man movie series, including e-mails between Pascal and others to the various heads of Marvel Studios. Due to protests from fans, the Spider-Man license was eventually negotiated to be shared between the two studios. In addition to email, a copy of the script for the James Bond Movie Spectre , released in 2015, was obtained. Some future Sony Pictures movies, including Annie , Turner , Still Alice and To Write Love on His Arms , also leaked. The hackers intend to release additional information on December 25, 2014, which coincides with the release date of The Interview in the United States.
According to Dot Daily , based on leakage of e-mail, when he was in Sony, Charles Sipkins executives are responsible for following the orders of senior executives to edit Wikipedia articles about them.
In December 2014, a former employee of Sony Pictures Entertainment filed four lawsuits against the company for not protecting their data released on the hack, which includes Social Security numbers and medical information. Also at the same time Sony is also talking with Nintendo to create animated Super Mario Bros. movies. .
In January 2015, details unfolded about the MPAA lobbying of the United States International Trade Commission to mandate US ISPs either at the internet transit level or consumer-level internet service providers, to implement IP blocking websites and connect web sites. WikiLeaks publishes over 30,000 documents obtained through hacking in April 2015, with founder Julian Assange stating that the document archive "shows the workings of influential multinational corporations" that should be published.
In November 2015, after Charlie Sheen revealed she was HIV positive in a television interview with Matt Lauer, it was revealed that information about her diagnosis was leaked in an email between Sony's senior boss dated March 10, 2014. In December, Snap Inc., due to a hack, was revealed to have acquired Vergence Labs for $ 15 million in cash and stock, Epiphany Eyewear developers, and Scan mobile app for $ 150 million.
Threats surrounding Interview
On December 16, for the first time since hacking, "Peacekeepers" mentioned the upcoming movie The Interview by name, and threatened to take terrorist action against New York City's screening of Sunshine Cinema on December 18, as well as on major US release date, is set for December 25th. Sony pulled theatrical release the next day.
Seth Rogen and James Franco, The Interview stars, responded by saying they did not know if it must have been caused by the film, but then canceled all media appearances related to the movie beyond planned. York City premiere on December 16, 2014. Following the initial threats made to the theater that will show The Interview , several theater chains, including Carmike Cinema, Bow Tie Cinema, Regal Entertainment Group, AMC Cinema, and Cinema Cinemark, announces that they will not filter The Interview . On the same day, Sony stated that they would allow the theater to opt out of the Interview show, but then decided to fully withdraw the December 25 national release of the film, as well as announced that there was "no further release plan "to release movies on any platform, including home videos, in the future.
On December 18, two messages (both allegedly from Guardians of Peace) were released. One, sent in a private message to Sony executives, stated that they would not release any further information if Sony had never released a movie and wiped its presence off the internet. The other, posted to Pastebin, a web application used for text storage that has been used by Guardians of Peace for previous messages, states that the studio has "suffered enough" and can release The Interview , but only if Scenes Kim Jong-un's death is not "too happy". This post also states that companies can not "test [them] anymore", and that "if [Sony Pictures] makes another, [them] will be here ready for battle".
President Barack Obama, in a late-year press conference on December 19, commented on Sony's hack and stated that he felt Sony had made a mistake in attracting the film, and that producers had to "not get into the pattern in which you were intimidated by this action." He also said, "We will respond proportionally and we will respond in place and time and the way we choose." In response to President Obama's statement, Sony Entertainment CEO Michael Lynton told CNN Anderson Cooper 360 that the public, the press and the President misunderstand the event. Lynton said the decision to abandon widespread liberation was in response to the majority of theaters that drew their performances and not to the threat of hackers. Lynton stated that they would look for other options to distribute films in the future, and noted "We have not given up yet and we have not backed away, we always have a desire to get the American public to see this movie."
On December 23, Sony chose to authorize about 300 largely independent cinemas to show the Interview on Christmas Day, as four major theater chains have not changed their initial decision not to show the movie. The FBI worked with these theaters to specify the specifics of previous threats and how to manage security for the show, but noted that no intelligence could be acted upon on previous threats. Sony Lynton stated on the announcement that "we are proud to make it available to the public and have stood for those who are trying to suppress freedom of speech". The Interview was also released to Google Play, Xbox Video, and YouTube on December 24th. No incidents are predicted by threats that occur in the release, and instead, unorthodox film releases make it a success because of the increased interest in the film following the attention it has received.
On December 27, the North Korean National Defense Commission issued a statement accusing Obama of being "the main leader forcing Sony Pictures Entertainment to distribute the film indiscriminately."
AS. allegations against North Korea
US government officials declared on December 17, 2014 their belief that the North Korean government was "engaged centrally" in hacking, although at first there was some debate within the White House whether or not to make these findings public. White House officials regarded the situation as a "serious national security issue", and the Federal Bureau of Investigation (FBI) officially declared on December 19 that they linked the North Korean government with cyber attacks. Including covert evidence, this claim was made based on the use of similar malicious hacking tools and techniques previously used by North Korean hackers - including North Korean cyberwarfare agents, Bureau 121 on South Korean targets. According to the FBI:
- "[A] The technical analysis of malware removal data used in this attack reveals links to other malware known to the previously developed North Korean FBI.For example, there are similarities in certain lines of code, encryption algorithms, data deletion methods , and compromised networks.
- "The FBI also observes significant overlaps between the infrastructure used in this attack and other malicious activities that the US government previously linked directly to North Korea.For example, the FBI found that some Internet protocol (IP) addresses are related to known Infrastructure North Korea is communicated with an IP address encoded into the malware removal data used in this attack. The FBI then clarifies that the source IP address is associated with a North Korean business group located in Shenyang in northeastern China.
- "Separately, the tools used in the SPE attacks bear a resemblance to cyber attacks in March last year against South Korean banks and media outlets, conducted by North Korea."
The FBI then clarified more details of the attacks, linking them to North Korea by noting that hackers are "careless" with the use of proxy IP addresses originating inside the North. At one point, hackers broke into Facebook Guardians of Peace and Sony servers without effective concealment. FBI Director James Comey stated that Internet access is tightly controlled in North Korea, and as such, it is unlikely that a third party has hijacked this address with no allowance from the North Korean government. The National Security Agency assists the FBI in analyzing attacks, particularly in reviewing malware and tracking its origins; The NSA director, Admiral Michael Rogers agreed with the FBI that the attack originated in North Korea. An NSA report disclosed published by Der Spiegel states that the agency has become aware of the origins of the hack due to their own cyber intrusion on the North Korean network they had established in 2010, following fears of technological maturity of the country.
The North Korean news agency, KCNA, denied a "wild rumor" about North Korea's involvement, but said that "Hacking on SONY Pictures may be a good action from supporters and sympathizers with the DPRK in response to its appeal." North Korea offered to be part of a joint investigation with the United States to determine the identity of the hackers, threatening the consequences if the United States refused to collaborate and continue the allegations. The US refused and asked China for investigative assistance. A few days after the FBI announcement, North Korea temporarily suffered a national Internet disruption, which the country claimed to be a US response to hacking efforts.
The day after the FBI allegations of North Korean involvement, the FBI received a supposedly hacked e-mail linking to a YouTube video titled "You idiot!", Apparently mocking the organization.
On December 19, 2014, US Secretary of Homeland Security Jeh Johnson released a statement saying, "The cyber attacks against Sony Pictures Entertainment are not just attacks on companies and employees, it is also an attack on our freedom of expression and the way we live." other organizations to use the Maya World Security Framework developed by the National Institute of Standards and Technology (NIST) to assess and limit the risk of cyberspace and protect against cyber threats. On the same day, US Secretary of State John Kerry published his statement condemning North Korea over cyber attacks and threats to cinema and movie goers. "The provocative and unprecedented attacks and subsequent threats only strengthen our resolve to continue working with partners around the world to strengthen cybersecurity, promote acceptable norms of state behavior, uphold freedom of expression, and ensure that the Internet remains open, interoperable, safe and reliable, "he said.
On January 2, 2015, the United States mounted additional economic sanctions on North Korea that had been approved for the hacking, which North Korean officials referred to as "without reason for bad blood moves against" the country.
Doubts about allegations against North Korea
Members of the press and cybersecurity experts have expressed doubts about the claim that North Korea is behind hacking. Cyber ​​security experts independently analyzed the hacking separately from the FBI - including Kurt Stammberger from cyber security firm Norse, DEFCON's manager and Cloudflare researcher Marc Rogers, Hector Monsegur, and Kim Zetter, a security journalist at Wired magazine - tend to agree that North Korea may not be behind the attack.
Michael Hiltzik, a Los Angeles Times correspondent, said all evidence against North Korea is "indirect" and that some cybersecurity experts are "skeptical" about the attack on North Korea. Cybersecurity expert Lucas Zaichkowsky said, "State-sponsored attackers are not creating cool names for themselves like 'Guardians of Peace' and promoting their activities to the public." Kim Zetter of Wired magazine called the evidence released against the government "fragile". Former Hector Monsegur hacker, who hacked Sony, explained to CBS News that the execution of one or a hundred terabytes of data "unnoticed" would take months or years, not weeks. Monsegur doubts the allegations that North Korea's internet infrastructure is inadequate to handle the transfer of so much data. He believes that it can be done by a Chinese, Russian, or North Korean hacker who works overseas, but most likely is a deed of a Sony employee.
Stammberger provided for the FBI Norse's findings suggesting the hack is an inside job, stating, "Sony is not just hacked, it's a company basically nuked from within." We are deeply convinced that this is not a master-minded attack by North Korea and people- insiders are key to implementing one of the most devastating attacks in history. "Stammberger believes that security failures may stem from six disgruntled Sony employees, based on their past expertise and discussions of these people made in the chat room. Norse employees identified these people from a list of workers eliminated from Sony during the restructuring in May 2014, noting that some have made very open and angry responses to their dismissal, and would be in the right position to identify means to access the security section from the Sony server. After a three-hour private briefing, the FBI formally rejected the Norse's alternative assessment.
Other investigations
Responding to allegations that the intrusion was the result of an inside job, or something other than a state-sponsored cyber attack, computer forensics specialist Kevin Mandia, president of the FireEye security firm, commented that there was "no evidence" that the insider was responsible for the attack and that evidence found by his security company supports the position of the United States government.
In February 2016, the Novetta analysis company issued a joint investigation report on the attack. The report, published in collaboration with Kaspersky Lab, Symantec, AlienVault, Invincea, Trend Micro, Carbon Black, PunchCyber, RiskIQ, ThreatConnect, and Volexity, concluded that organizations with good resources have intrused, and that "we strongly believe that SPE Attack is not an insider job or hacktivist ". The analysis says that the same group was involved in a military espionage campaign.
Due to the depth and scope of the malware device, the coded base structure being analyzed, TTP overlaps with similar attacks, and long trajectory activities associated with the Lazarus Group, Novetta does not believe that SPE attacks are committed by insiders or hacktivists, but rather by more organizations structured, sourced, and motivated.... Although our analysis can not support direct attribution of the nation-state or any other special group due to the difficulties of proper attribution in the cyber sphere, the official FBI attribution claims can be supported by our findings.
Legal response
On January 2, 2015, US President Barack Obama issued the Executive Order imposing additional sanctions on the North Korean government and North Korean arms dealers, particularly citing ongoing cyber attacks and North Korean policies.
Obama also issued a legislative proposal to Congress to update current legislation such as the Corruption and Corruption Organization Act and introduce new ones to allow federal and national law enforcement officials to better respond to cybercrime like the Sony hack, and to be able to prosecute crimes according to similar crimes, while protecting the privacy of Americans.
Public discussion
About reporting on hacking
In December 2014, Sony requested that the media stop covering hacking. Sony also threatened legal action if the media did not comply, but according to law professor Eugene Volokh, Sony's legal threat "is unlikely to win". Sony then threatened legal action against Twitter if it did not suspend the account of the person who posted the hacked material. American screenwriter Aaron Sorkin writes an opinion for The New York Times that the media helps hackers by publishing and reporting leaked information. On December 18, Reddit took an unusual step to ban a subpage called "SonyGOP" which was used to distribute hacked files.
About interesting Interview
Threats made directly at Sony during The Interview are seen by many as a threat to free speech. The decision to withdraw the film was criticized by several Hollywood filmmakers, actors and television hosts, including Ben Stiller, Steve Carell, Rob Lowe, Jimmy Kimmel and Judd Apatow. Some commentators compare the situation with the 2004 non-controversial release American Team: World Police , a film mocking the leadership of previous North Korean leader Kim Jong-il. The Alamo Drafthouse is ready to replace the The Interview with Team America until the Paramount Pictures movie distributor orders the theater to stop.
Given the threats made to Sony during the Interview , New District canceled March 2015's production plan for an adaptation of Pyongyang's graphic novel: A Journey in North Korea , set for starring Steve Carell. Hustler announced his intention to make a pornographic parody of The Interview . Hustler founder Larry Flynt said, "If Kim Jong-un and his men are upset before, wait till they see the movie we're going to make."
Outside the United States
In China, media coverage about hacking is limited, including in search engines except Google, which has provided 36 million results. Hua Chunying, a foreign affairs spokesman, "shy away from direct addressing" of Sony's hacking situation. On December 25, 2014, Russia sympathized North Korea, saying it was "quite understandable" that North Korea would be disappointed with the film. Russia says the threat of American retaliation is "counterproductive and dangerous", and that the US does not provide evidence of who hacked Sony.
Documentary
A documentary about the hacking of Sony is being developed by director Jehane Noujaim and producers Kareem Amer and Mike Lerner. Prior to November 2014, the group had been working on documentaries about international cyberattacks, and quickly shifted focus after Sony's disclosure of hacks. They anticipate presenting alternative theories about the identity of the hackers in the documentary.
See also
- 2013 cyberattack South Korea
- banking hacking SWIFT 2015-16
- North Korean banned activities
References
Source of the article : Wikipedia
0 Comments