Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Hacker attack on Sony sheds light on total system invasion

Posted: 08 Dec 2014 ?? ?Print Version ?Bookmark and Share

Keywords:Sony? IT infrastructure? wiper malware? Destover? WIPALL?

One would wonder how a company as established as Sony would fall victim to a hacking incident. And it's not even a simple attack that could be remedied just as quickly as it had started. Truth is, the company is still suffering from a wiper malware that destroyed Sony's systems, and are slowly divulging stacks of stolen Sony confidential data and intellectual property. What's worse is that, apparently, the attackers know exactly what there was to know about Sony's IT infrastructure.

Security researchers have discovered that the wiper malware, called Destover by some, WIPALL by others, contained hard-coded names of servers inside Sony's network and the credentials to access them. Further, the attackers themselves released an additional set of 11,000 files that include, as one reporter explained it, "everything needed to manage the day-to-day [IT] operations at Sony."

Sony has been trying to recover from the wiper attacks since they began Nov. 24. Employees' client machines all froze up and locked behind a wallpaper, emblazoned with a red skull, claiming that the company had been pawned by the Guardians of Peace (GOP) because it had not complied with GOP's demands, and warning that the company's secrets were about to be spilled.

Wallpaper on Sony machines after hacking attack

The wallpaper showed on Sony machines

True to their word, the attackers began uploading sensitive Sony data to Pastebin. The leaked files contained both corporate data and intellectual property. The files also included full copies of Sony movies that have not yet been released and a script for a new TV pilot by the creator of Breaking Bad. Employee salaries, performance reviews and criminal background checks were exposed. Plus, according to Identity Finder, over 47,000 unique Social Security numbers were exposed including those of current and former Sony employees and celebrities such as Sylvester Stallone, Judd Apatow and Rebel Wilson. Many of those SSNs appeared in multiple documents, some showed it up in more than 400 places, so altogether, there were over 1.1 million copies of SSNs.

Meanwhile, the wiper software began destroying all Sony's internal systems. The FBI released a flash alert this week, which did not explicitly mention Sony, but warned of a wiper malware that "has the capability to overwrite a victim host's master boot record (MBR) and all data files. The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods."

Recovering from a data breach and a large-scale system destruction at the same time is exceptionally complex. Complicating matters further is that the treasure trove of data leaked yesterday includes everything attackers would need to compromise Sony all over again, in the manner of their choosing. The data includes RSA SecurID tokens, global network maps detailing databases and enterprise servers and access credentials/files for QA servers, staging servers, production servers, routers, switches, load balancers, FTP servers, email accounts and third-party applications including UPS, FedEx, McAfee, Google Analytics, iTunes, Sprint and Verizon.

So, how does a company recover? Burn whatever's left and build something entirely new and different?

"Shut it all down," said Jody Brazil of FireMon. He stated that throwing away the entire company isn't a solution. But for now, he recommends shutting down all external communications and all Web access entirely (and bringing it back slowly and carefully), resetting all passwords, instituting change control, doing a massive assessment of all systems, and aiming to get business running appropriately again in weeks, not days. "It's a very drastic approach," he said, "but the right one."

1???2?Next Page?Last Page

Article Comments - Hacker attack on Sony sheds light on...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top