Site icon Emsisoft | Cybersecurity Blog

Sony got hacked (again!) – no Playstation this Christmas?


You may already heard that around two weeks ago, the Sony Pictures Entertainment studio in Hollywood, California, got hacked. Why this hack is a little bit more extraordinary than others is because Sony Pictures has big movie-stars on its payroll, and pretty much everything else about the hack doesn’t just hurt Sony Pictures financially, it’s overall embarrassing for the company. Since the initial attack, a steady flow of documents and revelations have trickled into news reports and file-sharing sites this past week. To make matters worse, Sony got hacked again this week: this time its Playstation Network.

What got hacked?

Personal data such as social security numbers, home addresses, bonus plans and salaries of thousands of Sony Pictures’ employees have been disclosed online. Among the affected are Hollywood celebrities such as Sylvester Stallone, Rebel Wilson, and Anchorman director Judd Apatow. Some Hollywood stars took the opportunity to get out ahead of the leaks by sharing pictures and details of their private lives before they’re inevitably leaked across the web.

The World War II picture “Fury” starring Brad Pitt was stolen during the hack and  circulated online, and downloaded millions of times already. Other movies such as “Still Alice”, “Mr. Turner”, and “To Write Love on Her Arms” were also stolen and are currently being circulated as well. Sony’s loss from the hack  potentially will cost the company millions of dollars in lost revenue from theaters and Blu-Ray and DVD sales. Top-secret profitability information of movies in 2013 were leaked as well. It has been reported that over 100 terabytes of data was stolen from Sony. A group called ‘Guardians of Peace’ claims responsibility for this hack.

What does North Korea have to do with all this?

Well, some social media outlets speculated that the attack originated from North Korea. They reasoned that the North Korean government found out about a new movie called The Interview, starring James Franco and Seth Rogen. In the movie, Franco and Rogen play a talk show host and producer who are recruited by the CIA to assassinate North Korean-leader Kim Jong Un. The North Korean government denied the country’s involvement but supposedly called the hack a “righteous deed” and said that there are North Korean sympathizers around the world who could have caused the attack instead.

A security firm called Mandiant, discovered that the exploit was caused by a zero-day malware attack. Although Sony is offering its employees identity protection in response to the hack, they’re learning quickly that the saying “an ounce of prevention is worth a pound of cure” is painfully true in this case. More juicy details of the hack include the fact that a file with workplace complaints got leaked, which provided very sensitive insider information – including that some employees are apparently tired of Adam Sandler and his movies and that management may not get along with each other. Ouch. Details like this are off course picked up and blown up by the media all over the world, making it even more embarrassing for the entertainment giant. And it got worse for Sony….

Hacked again: Sony Playstation

With the vulnerability being exploited at Sony, the hackers thought: “why stop here?”  This past Sunday night, a group called Lizard Squad knocked the Sony Playstation Network offline with a Distributed Denial of Service attack (DDoS), causing millions of Sony customers not being able to play or use the network services. Visitors to the site were shown Page Not Found! It’s not you. It’s the Internet’s fault.” Other then that message Sony has been pretty quiet, claiming that they are “investigating the root cause of the issue”. 

So, how was this possible?

A DDoS is an attack where hackers make an attempt to starve the server of its resources such as memory, processing power, bandwidth or routing information. Here’s an example of what a DDoS attack may look like – The SYN-flood attack.

  1. This attack occurs when a hacker uses TCP/IP to establish a connection.
  2. When the requester initiates a connection request, it sends a TCP/SYN packet with a fake return address (the requester does not want its own address being discovered because they will be caught red-handed).
  3. When the computer receives the TCP/SYN packet from the requester, the computer will respond to the bogus address with a TCP/SYN-ACK packet. This packet is a “hey, I got your request, let’s start talking now”
  4. The computer will now wait for the TCP/ACK packet from the requester. No packet will ever arrive. Why? Because the original TCP/SYN packet was sent with a fake address. So the computer will just sit and wait because the TCP/SYN-ACK packet is now wandering in cyberspace. The attacker will repeat this process over and over until the computer freezes and crashes because of the processing and memory resources being completely exhausted.
  5. The hackers will have many more computers doing this attack, not just one. That is why the hackers are so successful. They will us all their resources and efforts on one server quickly and efficiently, just like a pack of lions that prey on only one zebra.

The Lizard Squad group (or individual) has made it clear that their early Christmas-gift to the world was a mass- DDoS attack on the Microsoft Xbox and Sony Playstation’s Network servers. The group also took things to Twitter and Tweeted that there was a bomb on a Sony executive’s plane which caused the FBI to step in. Lizard Squad claimed the hack was just “a small dose” of what was to come over the Christmas season:

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Looks like Sony has quite some damage-control to do over the holidays.  Otherwise, some children (and adults) may in fact be disappointed when they cannot play their games online on Christmas morning.

Exit mobile version