Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Sony Security

Sony Pictures Computer Sytems Shut Down After Ransomware Hack 155

MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.
This discussion has been archived. No new comments can be posted.

Sony Pictures Computer Sytems Shut Down After Ransomware Hack

Comments Filter:
  • #GOP has just become a top-10 target for US Offensive cyber-operations...

    • Maybe the "GMT" hints at an English hacker, which is why the British government is suddenly pushing for "anti-terror" powers with ISP's (again). Seen any SONY lobbyists at Westminster this week anyone?
  • by CaptainOfSpray ( 1229754 ) on Tuesday November 25, 2014 @05:44AM (#48456343)
    Couldn't happen to a "nicer" bunch.

    Would I be right to believe the Sony Pictures, being part of the Sony conglomerate, are infected with the same high-handed corporate arrogance that we have seen at Sony Music? "cough" root kit "cough"

    I shall be wearing the smile today, all day.
    • by RenHoek ( 101570 )

      [haha.jpg]

    • by Xest ( 935314 )

      Maybe not the Sony Music rootkit but they have forced various bits of intrusive DRM on us over the years.

      So yes, there's a certain irony in their systems getting infected when for years they've been infecting the systems of others.

    • Re: (Score:1, Insightful)

      by donaldm ( 919619 )

      Would I be right to believe the Sony Pictures, being part of the Sony conglomerate, are infected with the same high-handed corporate arrogance that we have seen at Sony Music? "cough" root kit "cough"

      Not bad bringing up something that happened in 2005 with the scandal having impact to 2007. Yes Sony BMG was IMHO stupid to put what is called a "root-kit" on a PC running a Microsoft OS. Although that root-kit was benign and Anti-virus firm F-Secure concurred, [wikipedia.org] "Although the software isn't directly malicious, the used rootkit hiding techniques are exactly the same used by malicious software to hide themselves". This is not to say that this absolves Sony BMG however the finger of blame should also point at A

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        It borked CD-drivers, CD burning software and DVD player software.
        Often with BSOD's as a result.

        People replaced CD-drives thinking they were broken.
        Only to find that the new drive was borked from the start too.

        You call that benign ?

        Oh... Before I forget. Sony was a share-holder in F-Secure at the time.
        No wonder F-Secure tried to put it in ass good a light as possible.

      • Not bad bringing up something that happened in 2005 with the scandal having impact to 2007.

        I'd have thought that 10 years would have been quite long enough for Sony to have gotten around to saying sorry. I guess it must have slipped their minds...

        • by AK Marc ( 707885 )
          They are on the Vatican time frame for apologies. I think the Vatican holds the record for the longest time from incident to apology. It's a challenge.
      • "Yes I snuck into your house and hid there for two years quietly observing you, but look, I wasn't malicious!."
    • by gsslay ( 807818 )

      Seriously, are people still on about this?

      The root kit scandal was a case of corporate ham-fisted ignorance dabbling in something they knew too little about. A ransomware attack on a different arm of the company, 9 years later, affecting people who had absolutely nothing to do with the root kit, is a criminal act.

      If you're wearing a smile because of this you have very strange ideas about what's morally right, and really should be finding something more positive in life to make you happy.

      • The root kit scandal was a case of corporate ham-fisted ignorance dabbling in something they knew too little about.

        True.

        However the corporation was culpably stupid in dabbling before they knew what they were getting into. A corporation the size of any of Sony's divisions has enough resources to figure out the consequences of their actions before they make their decisions. There is no excuse for implementing a strategy in ignorance of its impact on customer/clients (or the indirect impact on shareholders, for that matter).

        I am, and you are too, much safer dealing with criminals who know what they are doing than dealing

        • every officer of the company needs to do the honorable thing and leave the company, leave the industry, and get a job more suited to their ethical and strategic skill set. Like flipping burgers, or arranging the sushi on the platter.

          Are you sure these are appropriate jobs for Sonyscum? Personally, I wouldn't want to eat burgers laced with exlax, or sushi caught from the waters next to Fukushima...

    • Would I be right to believe the Sony Pictures, being part of the Sony conglomerate, are infected with the same high-handed corporate arrogance that we have seen at Sony Music? "cough" root kit "cough"

      You would indeed and I submit their use of Cinavia copy protection on BluRays and DVDs as proof of this. You may be asking "What is Cinavia?" Well, it is a copy protection technology that uses an audio watermark. The watermark appears within the range of human hearing (so you can't just filter away the high frequencies above human hearing to remove it) and doesn't appear to be anything that humans can hear, but all current BluRay players are required by the licensing agreement to support it. How it wor

      • by tlhIngan ( 30335 )

        There is currently quite a bit of hysteria from some consumers in the BluRay field over it because apparently 100% of the people upset about it have kids who ruin their discs and now they "can't make copies". I say that with sarcasm. Well, you can make copies, you just can't make BluRay copies. Non-BluRay players are not required to detect or honor Cinavia, so ripping your BluRays and making MKVs out of them without conversion works fine. Even most BluRay players will happily play such files without checki

      • I'd like to point out that Cinavia is not free. Companies that use it pay a fee for using it. I don't know what the price is, but I can tell you that Sony puts it on every BluRay they put out, even those foreign films they release that have limited audiences. For all I know, it may actually cost more to use Cinavia on some of those films than Sony can even make back in sales of the discs. Sony even puts it on a few DVDs and no DVD player is required to detect or support Cinavia, and they still sometimes use it there.

        It costs a fair bit by the looks of it, and the also seem to take a dip from everyone on the chain

        From wiki

        Licensing[edit] For Cinavia the owners Verance make their money through licensing agreements with several sections of the entertainment and media industry. As of March 2012 these licence costs due to Verance were $10,000–$300,000 per manufacturer of Blu-ray Disc players—for the rights to embed the Cinavia detection system—plus additional software costs for the implementation itself.[8] Production facilities need to pay $50 for each audio track that is watermarked with Cinavia.[8] Distribution houses must finally pay $0.04 per disc with Cinavia watermarked content included.[8]

    • Even though I had no computer vulnerable, and I did not buy one of Sony's malware-laden Music CDs, I remember the event so clearly and strongly I still refuse to consider buying any Sony product whatsoever, including their cameras. Is there some malware hidden within those proprietary, compressed RAW image files?

      So I am of two minds. I don't like the use of ransomware. And I don't like Sony. This reminds me of the old joke where the guy sees his mother-in-law drive off a cliff in his new Bentley.

    • Ransomware sometimes uses TOR to avoid detection and serious encryption that no techie can undo. I am starting to get really worried that ransomware will become as common as IE-hijacking browser toolbars. It is easy money. This will be a huge problem. I'm even went through the trouble of logging in to ask how we can fight to nullify ransomware.

      1 employee inside our company saw some form of ransomware a year ago. I'm sure he lost all the business data. We are not the NSA and therefore can't decrypt it after

      • Using rdiff-backup, rsnapshot or rsync across the LAN via SSH in a "pull" configuration is the safest. The server pulls the files from the client PC. Alternately, you could do the above in a push configuration and limit where the origin PC can write to on the backup server. Even in a "push" configuration, I don't know of any malware currently capable of figuring out that there is an rdiff-backup script which stores data on a different server.

        The server then sends files to tape / disk / offsite.

        Basical
      • by AK Marc ( 707885 )

        Does anyone know of an OSS backup where you can "hide" the target USB drive or partition from the user (so the ransomware won't just up and pave it over along with the My Documents, Desktop, D:, Local network drive targets)

        Not OSS, but every major commercial package will allow remotely-triggered backups. Your server (no shares, the user can't get there) kicks off the backup, and pulls the data to it. Secure, and not shared on the network. I'm sure OSS would have something to do that, as that's the standard architecture for all commercial backups. Only the home backups are simple copy backups triggered from the end user.

    • by Phusion ( 58405 )

      Yes! Thank you, I won't shed a single tear, but instead hope that they're shut down for a lot longer than they expect. Fuck Sony in their stupid asses. Yes, Rootkit, prosecution of George Hotz and countless other fuckups remind me that Sony is just getting what they deserve.

  • He'll probably become a soon to be deported retroactive rapist.

  • Sony is being on the receiving end of malware for a change? The irony...
  • Can't they fight this with the DMCA or something for abusing the GOP hasthag? I bet those hackers will have shit running through their pants when they hear this!

    Young man, Are you listening to me
    I said, young man, what do you want to be
    I said, young man, you can make real your dreams,
    but you've got to know this one thing.
    No man, does it all by himself
    I said, young man, put your pride on the shelf
    And just learn to play with the D.M.C.A.
    I'm sure they can help you today

    It's fun to play with the D.M.C.A.
    It's fu

  • Someone clicked on "photos.zip".
    • Working link BTW:
      https://thepiratebay.se/torrent/11561038
    • What are the contents of the file, by the way? I'm not interested in grabbing it myself (I'm mildly paranoid about doing so) but I'm interested in a brief description.

      • Looks like a bunch of filenames (37937165 filenames to be exact) from someone's computer(s) that work at somewhere related to games (cannot guarantee it's sony)

        There are dlls, pdf reports, xls reports, docs, videos, cookie files, thumbs.db, browser cache, photos with default camera name and everything you would find on a work computer.
  • by Anonymous Coward

    Hopefully the IT department have strong hearts. Employee fitness programs probably should be made part of the disaster readiness planning.

  • So, Sony isn't just incompetent and unsafe with our data, they're apparently unqualified to run an internal network?

    Unbelievable.

    I can't think of many instances where a company as big as Sony had to shut down all of their IT stuff on this scale.

    Bummer, dudes. But, it's Sony, so I'm not feeling overly bad about it.

  • by jenningsthecat ( 1525947 ) on Tuesday November 25, 2014 @08:31AM (#48457089)

    On the one hand, I despise extortionists, and the perpetrators ought to be hung out to dry. On the other hand, the folks at Sony arguably have engaged in extortion and fraud on a few occasions in the past, so part of me feels this is simply their just desserts. If it wasn't for the inevitable collateral damage I'd be tempted to say "let 'em all kill each other and God will sort them out".

    It does seem kind of unfair that nobody at Sony was ever imprisoned for the Rootkit scandal or the OtherOS clusterfuck, whereas people behind #GOP will likely serve time in jail if they are ever caught. I guess "Corporate Immunity" is just as real in law as "Diplomatic Immunity" - 'the law' just won't openly admit it.

    • If it wasn't for the inevitable collateral damage I'd be tempted to say "let 'em all kill each other and God will sort them out".

      Let's see, some people at Sony lose their jobs, that should happen anyway. Some Sony customers get boned, that will happen anyway. No great loss. Fuck 'em. I hope they burn. The world would be better off without today's Sony.

      • When I say something like this, I mean it. Yes, there would be a temporary disturbance (in the force?) if Sony went under tomorrow. But the world would eventually be a better place for it. Same with most corporations, honestly.

        Flamebait means what you think I was doing, which also isn't what I was doing. Trolling is making shit up to make people angry. I was expressing heartfelt beliefs. I know many here agree with me. But I guess you're still humping your PS4

  • by debrain ( 29228 ) on Tuesday November 25, 2014 @09:13AM (#48457373) Journal

    Maybe they should make a movie about this.

  • I really hope they don't pay!
    • I really hope they don't pay!

      I hope so too. That way, the hackers will release the files (the contents, not just the filenames), which contain enough juice to sink Sony Pictures (and possibly other parts of Sony too) for good.

  • ... up for some security?

    Actually, I think this is an inside job where admin access was given to an outsider.

  • No offense to the actual IT workers at Sony, as I'm sure their hands are as tied as management allows, but it does make me wonder how this kind of shit gets through IT and not only infects one office, but nationwide, without garnering any attention from the IT pros getting paid to stop things like this?

    • No offense to the actual IT workers at Sony, as I'm sure their hands are as tied as management allows, but it does make me wonder how this kind of shit gets through IT and not only infects one office, but nationwide, without garnering any attention from the IT pros getting paid to stop things like this?

      Easy. By being targeted, Stuxnet style. They knew what IP blocks Sony Pictures uses, and it's quite easy to find machines on a local LAN and stay within it, and Sony is no doubt like most large corporations and links their offices via VPN, so machines at every location also look like the local LAN, so the worm can spread itself to everything it sees. And it can do so quietly. It doesn't have to make a lot of noise to do it. No excessive CPU usage, no excessive network traffic, no nonfunctioning service

  • Couple years ago I interviewed at SOE (Sony Online Entertainment) in San Diego... I chose not to work for them simply because they were being hammered by Anonymous about the fact that Sony was taking legal actions against a 17 year old for jailbreaking their PS....

    Now this... Boy I'm glad I'm not a Sony employee... looks like they've been making lots of enemies with the general public and now it's the time that everything pays back... I want them to be able to recover and keep offering employment ... but

Work expands to fill the time available. -- Cyril Northcote Parkinson, "The Economist", 1955

Working...