How Sony Pictures’ Systems Got Hacked
Sony Pictures Entertainment security breach is one the biggest of this year. The breach was carried out at a massive scale — from Sony’s servers located in US to the servers in Japan.
The question is how hackers managed to carry out this malicious activity?
Security experts have told press some of the details of the attack and this is what we know so far:
This was a targeted attack.
Hackers targeted Sony and carried out all the activities with a sole purpose to break into Sony Pictures’ servers. In computer security domain, a targeted attack is believed to be almost unstoppable.
“Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable,” wrote renowned security expert Bruce Schneier about the Sony attack.
The hackers literally broke into Sony.
Guardians Of Peace (GOP) – the group that claimed the responsibility of this attack – said that Sony didn’t have any “physical” security. “Sony left their doors unlocked, and it bit them,” said a hacker known as “Lena” from GOP. “They don’t do physical security anymore.”
In hacking terms, physical security refers to doors, windows and security cameras.
Sony employees unknowingly let Hackers inside.
Hackers revealed that they worked with staff “with similar interests” who let them in. It is unclear whether the staff coordinated with them despite of knowing their true intentions or not.
The Hackers stole credentials of an employee from IT department.
US investigators claimed that hackers got their hands on passwords of a system administrator. This gave them broad access to whole of the company’s network.
In our opinion, this was the biggest blow for Sony as it not only let hackers into the company’s US networks but also allowed them to communicate with international servers.
The hackers planted “Wiper” malware.
It is reported that hackers used a special type of malware known as “wiper.” This malware is used to destroy data, however, hackers also collected the data from Sony’s computers.
Once on the network, this malware used Microsoft Windows management and network file-sharing features to perform activities such as shutting down the network, rebooting computers, and replicating the malware to other computers.
Malware sent the information to other computers.
The main purpose of a malware is to communicate data between computers. This malware transmitted data to computers located elsewhere, including in Japan. Ars Technica reported that malware was written in Korean.
Sony has been quiet about the technical details of the attack, but the company is now busy working out a solution for one of the biggest security breaches of the year.