More evidence has emerged that makes the Sony Pictures hack look similar to a suspected attack on South Korean companies over a year ago. And a spokesperson for the North Korean government, rather than denying his country’s involvement, is playing coy as the damage to Sony appears to be growing daily.
When contacted by the BBC, a spokesperson for North Korea’s mission to the United Nations said, “The hostile forces are relating everything to [North Korea]. I kindly advise you to just wait and see.”
Sony Pictures’ computers were reportedly the victim of wiper malware which erased all the data on infected PCs and the servers they were connected to. As Ars reported yesterday, this is similar to the attack on two South Korean broadcasters and a bank that was launched in 2013. As security reporter Brian Krebs reports, the FBI sent out a “Flash Alert” to law enforcement warning of a cyber attacker using “wiper” malware this week—malicious software that erases the entire contents of the infected machine’s hard drives as well as the contents of the master boot record of the computer. The FBI shared a Snort intrusion detection signature for the malware file, and as Krebs noted, “the language pack referenced by the malicious files is Korean.”
The attackers also posted archive files online containing at least 25 gigabytes of data from Sony’s network. [Update: in an e-mail to Ars that included a link to an archive of some of the stolen Sony Pictures data, an individual claiming to be “the boss” of the attackers known as GOP claimed that “tens of TB” of files had been exfiltrated and would be shared as soon as possible.] Some of those files included Excel spreadsheets and screen grabs from mainframe terminal sessions including employee payroll and medical data.
A link to the Pastebin page has been removed by Google after a Digital Millenium Copyright Act complaint by Sony, and other Pastebin pages related to the data have been removed. Sites hosting the data that were listed in the original Pastebin page were apparently subjected to a denial of service attack by someone attempting to stop the spread of the data. However, the files have now been shared through torrents.
Among the files released through links posted to Pastebin and now circulating on filesharing networks, according to a report by Kevin Roose of Fusion, are:
A spreadsheet including the names, birthdates, and social security numbers of 3,803 employees of Sony Pictures.
Payroll breakdowns for the entire company in a spreadsheet.
A spreadsheet detailing all the Sony Pictures employees terminated in 2014, including cause for termination; many were laid off as part of a corporate reorganization. The spreadsheet also included the termination costs for each employee, including severance and COBRA benefits.
Employee performance reviews.
Salaries for top executives—including a spreadsheet that shows that Sony Pictures’ Columbia Pictures subsidiary co-president Michael De Luca gets paid almost $1 million more than Columbia’s other co-president, Hannah Minghella.