Mysteries are the most popular genre in books, movies and films. Everyone loves to solve a mystery and we now have a doozy of one in real life!
The data breach of Sony Pictures, revealed last week, is the most spectacular security breach in a year that has been a banner one for hackers. Not only did the hackers obtain a massive amount of customer, employee and management data, but at least 5 recent and upcoming Sony films are now playing illegally on your nearest bit torrent file sharing site.
The hack is believed to have been initiated on November 24th and only Windows computers were directly hacked.
An enormous amount of this data has been posted to public web sites, including a spreadsheet with the top 17 employee salaries, employee disciplinary reports, criteria for use in downsizing (firing staff), screen prints from mainframe terminals showing employee payroll and medical data, and a script by Breaking Bad’s creator Vince Gilligan for an unproduced pilot.
This massive dump supports the theory that the breach was not by criminal hackers seeking financial gain, but to damage Sony for other reasons.
The question of who is responsible has become a virtual game of Clue for security investigators. The first guess was the “Dear Leader” in the Korean Peninsula.
Earlier this year, the North Korean regime revealed its displeasure with Sony’s plans to release a comedy about an assassination attempt against their young leader Kim Jung Un. While most governments would take issue if the premise was about their head of state, the North Koreans have a particular attention getting way with words. In response to this news, their Foreign Minister said that they intend “to mercilessly destroy anyone who dares hurt or attack the supreme leadership of the country, even a bit.”
No one can accuse them of being subtle!
North Korea also makes sense as a suspect because they have been connected to other cyber-attacks, most prominently attacks against South Korean banks and television stations in 2013. Some reports say there are similarities to those attacks and the Sony breach.
In addition, Hewlett-Packard issued an investigative report earlier this year about a North Korean agency known as Unit 121. The agency is believed to be one of the world’s largest state sponsored cyber-war and cyber-espionage organizations in the world, with highly advanced capabilities.
No good mystery has only one suspect. The breach was actually revealed when Sony employees turned on their computers and were met with a taunting message from the GOP. No not the Republican party, aka the Grand Old Party! The attackers have dubbed themselves GOP, Guardians of Peace. Cool name!
Speculation is that this is a previously unknown “hacktivist” group, possibly affiliated with the notorious Anonymous. Such groups attack business and government organizations for political reasons, and often target prominent corporations who they feel are examples of “capitalist greed”. The massive dump and braggadocio fits their pattern of behavior.
But wait! There’s more clues to consider!
Hollywood Reporter magazine has reported that emails sent to reporters pointing them to a web site with stolen Sony documents came from a “Nicole Basile”. Who is Nicole Basile?
A linkedin page for a Nicole Basile says she worked for Sony for one year. The web site IMDB.com credits her as an accountant working on the Sony 2012 file The Amazing Spider-Man. Could this have been an inside job? Could Ms. Basile be a disgruntled employee, perhaps upset at some of the recent studio layoffs?
Where in the world is Carmen Sandiego, err… Nicole Basile?
At this point, there is only one thing we know for sure. Once stolen data is out “in the wild” there is no way to put the genie back in the bottle. It is a position that no business or other organization ever wants to be in.
To prevent such a breach, you should rely on Comodo software such as Endpoint Security Manager and SecureBox, designed for Windows, and engineered with the most advanced containerization technology that allows computers to operate safely in the most hostile threat environment.