Criminals are picking through gigabytes of leaked personal information from Sony Pictures' ransacked computer network, triggering identity theft alerts, staff have told The Register.
We're told crooks are, as is inevitable these days, mining files dumped online by hackers, who comprehensively compromised the movie studio's systems late last month to obtain and release the data. Sensitive information – such as home addresses, social security numbers, and salary details – of thousands of Sony Pictures workers is now out in the wild, and being used for fraud, we're told.
For instance, one employee who signed up with a credit protection system after the breach said they have already found two attempts by ID thieves to use their personal details. The credit protection firm also confirmed the staffer's work email and password were being shared on underground networks.
It comes after creepy internet weirdos emailed the studio's workers threatening to harm their families.
Meanwhile, in an internal memo seen by The Register and verified by staff, Sony Pictures CEO Michael Lynton has attempted to shed some light on the hacking attack. The movie studio, best known for its Spider-Man flicks, has hired security biz Mandiant to pick through the wreckage of its network.
The missive to all hands, sent out on Saturday, states the attack was unexpected, huge, and couldn't have been stopped by any company, let alone Sony – so don’t sue, please. A copy was also obtained by Re/Code bloggers.
Over the last week, some of you have asked about the strength of our information security systems and how this attack could have happened. There is much we cannot say about our security protocols for obvious reasons, but we wanted to share with you a note we received today from Kevin Mandia, the founder of the expert cybersecurity firm that is investigating the cyber-attack on us. The investigation is ongoing, but Mr Mandia’s note is helpful in understanding the nature of what we are dealing with. Full text below.
We also want to thank you once again for your resilience and resourcefulness in carrying out our critical day-to-day activities under incredibly stressful circumstances. As a result of your efforts, we have made great progress moving our business forward, and we will continue to do so.
As our team continues to aid Sony Pictures’ response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.
This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.
In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.
We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.
Sincerely, Kevin Mandia
Put plainly, the memo tells us close to nothing. Getting past antivirus software means little: it's not as though a malware writer would finish programming a software nasty – like, say, a Sony rootkit – and then submit it to Symantec to do everyone a favor.
And commercial malware-generation kits use industry antivirus engines to check their output is undetectable; some offer a free rewritten piece of malware if antivirus filters pick up the generated code's signature.
As for the scope of the attack being unprecedented, well that could be stretching things as well. Plenty of firms have had destructive malware showing up and some have released stolen information online.
But if Mandiant is saying malware was behind the curious seeding of stolen information torrents from Sony's own servers however that would be a new development, and a very worrying one at that. Kaspersky has also chimed in with some analysis of the network compromise, here. ®