Sony Pictures hacked - list of stolen files released
Discussion
Sony Pictures was hacked the other day, and the hackers have released a list of the files they have apparently got hold of, and it's not good reading for Sony:
File list said:
- PDF files that apparently contain the passports, visas, and other associated identity documents of cast and crew for various Sony productions, such as actors Jonah Hill, Cameron Diaz, and Angelina Jolie (plus a file called Emmerich, Roland Greencard.pdf).
- Over 700 documents containing passwords, including spreadsheets and Word files titled "FTP passwords", "ResearchPasswords", "ACCOUNTING PASSWORDS", "Personal passwords" and other files named for specific creative resource sites. There is also a file called "CA Breach Notification for User Names and Passwords (MoFo).pdf," which someone at Sony will likely be referring to shortly.
- 179 Outlook archival .pst mailboxes, including the mail folder of an executive at Sony Pictures Releasing Canada, an IT Audit Supervisor at Sony, as well as many "archive.pst" and "backup.pst" files.
- Password protected documents -- with their passwords in their names. (PASSWORD PALABRA SECRETA NISSAN.xlsx, PwC 2007 Report_PASSWORD_pwcemc60.pdf).
- IT audit documents (PASSWORD EQUAL TO USER NAME.xls, ACCOUNTS WITHOUT PASSWORDS.xls).
- Sensitive business documents including film budgets ("JR_Accrued Mktg Cost 0513 - Evil Dead.xls") and contract documents ("Cameron Diaz -- Pre-approved Medical Rider.doc").
- Personal credentials including private key files and 1Password database backups.
- Media files for television shows that aren't Sony Pictures products and may have been pirated copies on an employee's desktop (they look like torrented files)
But the best two are the following:- Over 700 documents containing passwords, including spreadsheets and Word files titled "FTP passwords", "ResearchPasswords", "ACCOUNTING PASSWORDS", "Personal passwords" and other files named for specific creative resource sites. There is also a file called "CA Breach Notification for User Names and Passwords (MoFo).pdf," which someone at Sony will likely be referring to shortly.
- 179 Outlook archival .pst mailboxes, including the mail folder of an executive at Sony Pictures Releasing Canada, an IT Audit Supervisor at Sony, as well as many "archive.pst" and "backup.pst" files.
- Password protected documents -- with their passwords in their names. (PASSWORD PALABRA SECRETA NISSAN.xlsx, PwC 2007 Report_PASSWORD_pwcemc60.pdf).
- IT audit documents (PASSWORD EQUAL TO USER NAME.xls, ACCOUNTS WITHOUT PASSWORDS.xls).
- Sensitive business documents including film budgets ("JR_Accrued Mktg Cost 0513 - Evil Dead.xls") and contract documents ("Cameron Diaz -- Pre-approved Medical Rider.doc").
- Personal credentials including private key files and 1Password database backups.
- Media files for television shows that aren't Sony Pictures products and may have been pirated copies on an employee's desktop (they look like torrented files)
important files said:
INSURANCE for security breaches.doc
Security Breach Course of Action.v1.txt
Whoops!Security Breach Course of Action.v1.txt
From that list of filenames, I get the sense this is the content of someone's personal laptop - probably nicked or lost - rather than a corporate server that has been breached by some uber-skilz crypto warrior through 15 proxies and 8 time-zones whilst suspended from the ceiling of a clean-room, dodging laser-beams and two-step bio-authenticating himself with a freshly severed sysadmin's finger and eyeball.
eharding said:
From that list of filenames, I get the sense this is the content of someone's personal laptop - probably nicked or lost - rather than a corporate server that has been breached by some uber-skilz crypto warrior through 15 proxies and 8 time-zones whilst suspended from the ceiling of a clean-room, dodging laser-beams and two-step bio-authenticating himself with a freshly severed sysadmin's finger and eyeball.
Yeah, except they managed to take over their corporate network forcing Sony to take it offline and send staff home...Sonic said:
eharding said:
From that list of filenames, I get the sense this is the content of someone's personal laptop - probably nicked or lost - rather than a corporate server that has been breached by some uber-skilz crypto warrior through 15 proxies and 8 time-zones whilst suspended from the ceiling of a clean-room, dodging laser-beams and two-step bio-authenticating himself with a freshly severed sysadmin's finger and eyeball.
Yeah, except they managed to take over their corporate network forcing Sony to take it offline and send staff home...eharding said:
Presumably by using the credentials they'd found on this poor sod's laptop?
Who knows... probably by phishing someone in IT or management, but undoubtably there was some successful privilege escalation involved which is far more common than you'd believe possible on corporate networks.Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff