2. Overview
• Attack on Sony Pictures…Nov 24, 2014 by GOP - “Guardians of Peace”
• 111 Terabytes of Data Stolen
• Suspected Origin: North Korea
• 7 lawsuits filed against Sony, so far
• Controversy over “The Interview” which made $46 million to date
• Trojan designed for Sony’s network.
3. Sony Pictures hack
• On November 24, 2014, a hacker group which identified
name "Guardians of Peace" (GOP) leaked a release of
data from the film studio Sony Pictures.
itself by the
confidential
• The data included personal information about Sony Pictures
employees and their families, e-mails between employees,
information about executive salaries at the company, copies of then-
unreleased Sony films, and other information.
• The perpetrators then employed a variant of
the Shamoon wiper malware to erase Sony's computer infrastructure.
4. The Shamoon Wiper Malware
• Shamoon ,also known as W32.DisTrack,is a modular computer virus
targeting recent 32-bit NT kernel versions of Microsoft Windows. The
virus has been noted to have behaviour differing from other malware
attacks, due to the destructive nature and the cost of the attack and
recovery.Shamoon can spread from an infected machine to other
computers on the network. Once a system is infected, the virus
continues to compile a list of files from specific locations on the
system, upload them to the attacker, and erase them.
• A wiper is a class of malware whose intention is to wipe the hard
drive of the computer it infects.
5. Demands of GOP
• In November 2014, the GOP group demanded that Sony withdraw its
film The Interview , a comedy about a plot to assassinate North
Korean leader Kim Jong-un , and threatened terrorist attacks at
cinemas screening the film.
• After major U.S. cinema chains opted not to screen the film in
response to these threats, Sony elected to cancel the film's formal
premiere and mainstream release, opting to skip directly to a
downloadable digital release followed by a limited digital theatrical
release the next day.
7. Data stolen and leaked
• Personal data on employees
• Movies and Scripts
• Performance reports and salary information
• Source code, Private keys, passwords, certificates
• Production schedules, Box office projections
• Executives email correspondence
• Brad Pitt phone number
8. Movie Leaks
• A few days after the the initial breach report was announced, four torrent
links were published to torrent trackers that contained unreleased movies
from Sony, obtained by GOP during the attack. According to several
torrent tracking sites, these files have been downloaded over 100,000
times.
• NBC News aired a segment reporting that the FBI were investigating the
breach and the possibility that North Korea was involved. North Korea has
a clear motive in attacking Sony. Sony is releasing a movie called The
Interview , which follows the story of two celebrity TV hosts that get a
chance to interview Kim Jong-un. Before heading to North Korea, they are
asked by the C.I.A. to assassinate him. Despite the movie being labelled a
comedy, North Korea has stated that if the movie is released, they would
consider it an “act of war”.
9.
10. Conclusion
• United States intelligence officials, after evaluating the software,
techniques, and network sources used in the hack, alleged that the
attack was sponsored by north korea.