The fag end of 2014 has turned out to be terrible for Sony Pictures Entertainment Company. Sony Pictures, an American company that manages distribution of the company’s film and TV productions has been apparently hacked by #GOP or “Guardians of Peace”. According to the Reddit thread, an image appeared on all employees’ computers reading “Hacked by #GOP”.
Employees at Sony Pictures were unable to access their computer systems. According to a publication, Sony employees were warned not to connect to the company’s corporate network or to check email. Sony Pictures IT teams also asked their staff to turn off their computers as well as they were asked to disable Wi-Fi on their mobile devices.
The text in the image shown on employee computers reads as below.
Hacked By #GOP Warning: We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your Internal data, Including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT).It was followed by many zip files that apparently contain the information the hackers believe Sony do not want anyone to see. A post on a Reddit shared information about the data that was leaked by #GOP. Reddit mentioned that the entire .zip file of leaked information weighed 217 MB. The ZIP files included a list of filenames of a number of documents pertaining to financial records along with private keys for access to servers. In addition to the breach and data leak, hackers also targeted Twitter accounts owned by Sony Pictures.
A post on a Reddit thread shared the below information about the data that was leaked.
ZIP file contains 3 files, LIST1, and LIST2 followed by a “Readme” file.
The Readme contains a list of e-mails.
the “#GOP” refers to “Guardians of Peace” apparently.
Contents of README.txt:
These two files are the lists of secret data we have acquired from SPE.
Anyone who needs the data, send an email titled ��To the Guardians of Peace�� to the following email addresses.
marc.parker-8t52ebo@********
emma.murphy-0ohbp3m1@********
lisa.harris-cxkjch3@********
john.murphy-7o2h3uh3@********
axel.turner-ffqbv9c@********
lisa.harris-ezd6e1j@********
mike.morris-f2iyqki@********
abc@****.com
lena@****.com
john@****.com
In Addition, The two files, LIST1 and LIST2 seem to contain file names of several PDF, DOC, and Excel files related to Internal Financial Reports.
File size information:
638359749 list1.txt
397802180 list2.txt
Rather large text files, mostly just a list of what looks like the contents of a fileserver.
A source within Sony has confirmed to TNW (The Next Web) that the hack and image that have appeared on employee’s computers inside Sony Pictures is real. They also said that “only a single server was compromised and the attack was spread from there.”
However, it was unclear how the attackers gained access to this particular system, who is #GOP, and what have they got against Sony?
It is also to be noted that the email-ids used in the ransom were created using disposable email-id service providers , hence it is very much possible to peek into the inboxes of these disposable email-ids *without authentication* and whenever such email-ids are used it is very difficult for the investigators to track the perpetrators. However, it also shows us how many people are really interested in this story and their expectations from such criminals.
Another interesting aspect is that disposable email service providers sometimes provide live RSS feeds of the inboxes.