“At the top it’s just –” wait, what?

Workers for Sony Pictures Entertainment were able to truly understand and appreciate Thanksgiving after they were the victims of an apparent computer breach — seemingly shattering their house of cards. On Monday (11/24) as Sony employees attempted to log in to the company’s computer system, they were presented with the image below:

Hacked-By-#GOP

“Hacked By #GOP” is displayed in red over what seems to be a graveyard with “Sony Pictures Entertainment” etched across the face of a cracked tombstone. While GOP can easily be interpreted as the acronym for The Republican Party (Grand Old Party), in this instance it is likely that it, instead, stands for “Guardians of Peace.”

In the midst of the slew of information revealed by the hackers was the disclosure of Sony’s employees’ salary details. Unsurprisingly, the details reveal that of just 17 employees that make over $1 million or more annually, the diversity is almost as low as the number of platinum-selling albums in 2014. To be more clear: only two are non-white and there’s only one woman.

According to ArsTechnica, the hack is believed to have compromised:

  • PDF files that apparently contain the passports, visas, and other associated identity documents of cast and crew for various Sony productions, such as actors Jonah Hill, Cameron Diaz, and Angelina Jolie (plus a file called Emmerich, Roland Greencard.pdf).
  • Over 700 documents containing passwords, including spreadsheets and Word files titled “FTP passwords,” “ResearchPasswords,” “ACCOUNTING PASSWORDS,” “Personal passwords,” and other files named for specific creative resource sites. There is also a file called “CA Breach Notification for User Names and Passwords (MoFo).pdf,” which someone at Sony will likely be referring to shortly.
  • 179 Outlook archival .pst mailboxes, including the mail folder of an executive at Sony Pictures Releasing Canada, an IT Audit Supervisor at Sony, as well as many “archive.pst” and “backup.pst” files.
  • Password protected documents—with their passwords in their names. (PASSWORD PALABRA SECRETA NISSAN.xlsx, PwC 2007 Report_PASSWORD_pwcemc60.pdf).
  • IT audit documents (PASSWORD EQUAL TO USER NAME.xls, ACCOUNTS WITHOUT PASSWORDS.xls).
  • Sensitive business documents including film budgets (“JR_Accrued Mktg Cost 0513 – Evil Dead.xls”) and contract documents (“Cameron Diaz – Pre-approved Medical Rider.doc”).
  • Personal credentials including private key files and 1Password database backups.
  • Media files for television shows that aren’t Sony Pictures products and may have been pirated copies on an employee’s desktop.

The extent of the files suggests that the attackers gained access to backups of individual computers as well as SharePoint servers, file servers, and other significant pieces of Sony Pictures’ infrastructure. Considering how broad and deep the exposure appears to be, Sony Pictures’ IT team may especially want to get to two files listed in the file-name dump: “INSURANCE for security breaches.doc” and “Security Breach Course of Action.v1.txt”.

Stay tuned for more info as this hack unravels.

Jamaal Fisher (@jamaalfisher)

December 2, 2014