dChan
Anonymous ID: 7a662f April 29, 2020, 6:35 a.m. No.8960571   🗄️.is đź”—kun   >>0576

Sony Pictures hack

https://en.wikipedia.org/wiki/Sony_Pictures_hack

 

On November 24, 2014, a hacker group which identified itself by the name "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures. The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films and other information.[1] The perpetrators then employed a variant of the Shamoon wiper malware to erase Sony's computer infrastructure.[2]

 

During the hack, the group demanded that Sony withdraw its then-upcoming film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks at cinemas screening the film. After many major U.S. cinema chains opted not to screen The Interview in response to these threats, Sony elected to cancel the film's formal premiere and mainstream release, opting to skip directly to a downloadable digital release followed by a limited theatrical release the next day.[3][4][5]

 

United States intelligence officials, after evaluating the software, techniques, and network sources used in the hack, alleged that the attack was sponsored by the government of North Korea, who has since denied all responsibility.[6]

 

U.S. accusations and formal charges against North Korea

 

U.S. government officials stated on December 17, 2014 their belief that the North Korean government was "centrally involved" in the hacking, although there was initially some debate within the White House whether or not to make this finding public.[6] White House officials treated the situation as a "serious national security matter",[67] and the Federal Bureau of Investigation (FBI) formally stated on December 19 that they connected the North Korean government to the cyber-attacks.[68][69] Including undisclosed evidence, these claims were made based on the use of similar malicious hacking tools and techniques previously employed by North Korean hackers—including North Korea's cyberwarfare agency Bureau 121 on South Korean targets.[6][70] According to the FBI:[71]

 

"[A] technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korea previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

"The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack. The FBI later clarified that the source IP addresses were associated with a group of North Korean businesses located in Shenyang in northeastern China.[72]

"Separately, the tools used in the SPE attack have similarities to a cyber-attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea."

Anonymous ID: 7a662f April 29, 2020, 6:36 a.m. No.8960576   🗄️.is đź”—kun

>>8960571

 

The FBI later clarified more details of the attacks, attributing them to North Korea by noting that the hackers were "sloppy" with the use of proxy IP addresses that originated from within North Korea. At one point the hackers logged into the Guardians of Peace Facebook account and Sony's servers without effective concealment.[73] FBI Director James Comey stated that Internet access is tightly controlled within North Korea, and as such, it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government.[74][75] The National Security Agency assisted the FBI in analyzing the attack, specifically in reviewing the malware and tracing its origins; NSA director Admiral Michael Rogers agreed with the FBI that the attack originated from North Korea.[76] A disclosed NSA report published by Der Spiegel stated that the agency had become aware of the origins of the hack due to their own cyber-intrusion on North Korea's network that they had set up in 2010, following concerns of the technology maturation of the country.[72]

 

The North Korean news agency KCNA denied the "wild rumours" of North Korean involvement, but said that "The hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal."[14][30][77] North Korea offered to be part of a joint probe with the United States to determine the hackers' identities, threatening consequences if the United States refused to collaborate and continued the allegation.[78][79] The U.S. refused and asked China for investigative assistance instead.[80] Some days after the FBI's announcement, North Korea temporarily suffered a nationwide Internet outage, which the country claimed to be the United States' response to the hacking attempts.[81]

 

On the day following the FBI's accusation of North Korea's involvement, the FBI received an e-mail purportedly from the hacking group, linking to a YouTube video entitled "you are an idiot!", apparently mocking the organization.[82][83][84]

 

On December 19, 2014, U.S. Secretary of Homeland Security Jeh Johnson released a statement saying, "The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life." He encouraged businesses and other organizations to use the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) to assess and limit cyber risks and protect against cyber threats.[85] On the same day, U.S. Secretary of State John Kerry published his remarks condemning North Korea for the cyber-attack and threats against movie theatres and moviegoers. "This provocative and unprecedented attack and subsequent threats only strengthen our resolve to continue to work with partners around the world to strengthen cybersecurity, promote norms of acceptable state behavior, uphold freedom of expression, and ensure that the Internet remains open, interoperable, secure and reliable," he said.[86]

 

On January 2, 2015, the U.S., under an Executive Order issued by President Obama, installed additional economic sanctions on already-sanctioned North Korea for the hack,[87] which North Korean officials called out as "groundlessly stirring up bad blood towards" the country.[88]