Sony’s Cyber-Whodunit Is a Page-Turner

Who breached Sony Pictures’ network and why continues to be a puzzle a week after news of the hack first emerged.

Some speculate it was an inside job. A few have pointed fingers at North Korea, which returned its own one-finger salute in response. Others discount that possibility.

In the meantime, the FBI has issued a warning stating destructive malware is on the loose.

Details of Sony’s executive reimbursement and business dealings have been published on the Web, and the company might be in for a thrashing. In addition to being put at a disadvantage in business dealings, it could face lawsuits and government action.

However, the market seems sanguine — shares of Sony’s shares closed at US$22.12, up 17 cents, or 0.77 percent, on Thursday.

That might change if reports that Sony neglected staff warnings about security and didn’t pay much attention to cybersecurity can be borne out.

“At the minimum, they will take a significant productivity hit,” Michele Borovac, VP at HyTrust, told the E-Commerce Times. “It may take … years for the company to assess the financial impact of [the breach], as it may spur employee turnover, loss of partners and potential legal costs.”

The Impact on Sony

The latest hack may be a major setback, because “if consumers and employees lose faith, it will also affect investors,” Jerome Segura, senior security researcher at Malwarebytes Labs, told the E-Commerce Times.

“This is one of the most devastating breaches for one company in history,” declared Aviv Raff, CTO and cofounder of Seculert.

“Over 38 million corporate files from its sales, marketing and HR departments are now public,” he told the E-Commerce Times. “I believe that now this is a board-level issue for Sony and other corporations.”

Sony could lose negotiating power when dealing with competitive bids, and possibly lose leverage when using differential pricing of a product across different customers and markets, suggested Ian Amit, vice president of ZeroFox.

Longer-term strategic planning also could be impacted “as details of certain products’ lifespan and pricing are exposed and can be leveraged to undercut Sony,” he told the E-Commerce Times.

Politics as Usual…

However, the attack “does not significantly affect the political calculus,” opined Mike Lloyd, CTO at RedSeal.

Even if it could be proved that North Korea was the attacker, which is doubtful, the situation “would be similar to learning [it] was behind an arson attack on a U.S.-owned warehouse in South Korea,” Lloyd told the E-Commerce Times.

The attack “is serious but has not destroyed [Sony’s] ability to make money or caused anyone’s death,” he pointed out.

Who’s to Blame?

“From the samples [of malware] we’ve obtained, we can say the attackers knew the Sony internal network, since they contain hardcoded names of servers inside Sony’s network and even credentials, usernames and passwords that the malware used to talk to IP addresses in Italy, Singapore, Poland, the United States, Thailand, Bolivia and Cyprus,” noted Jaime Blasco, lab director at AlienVault.

These were “probably hacked systems or VPNs or proxies that the attackers used to hide their origin,” he told the E-Commerce Times.

Some of the malware was compiled in systems using the Korean language, and’s Patrick McGuire has detailed correspondence between himself and people claiming to be the hackers, who said they were North Korean.

“That North Korea is involved seems implausible,” Sean Sullivan, a security adviser at F-Secure, told the E-Commerce Times, “but we now live in interesting times, so that theory can no longer be dismissed out of hand.”

North Korea could have been the attacker, ZeroFox’s Amit said. “So could Ireland, Latvia or New Zealand.” However, the duration of the attack — over a year — as well as the amount of data stolen and the kind of access obtained “all indicate that some physical access to the Sony facilities was likely part of the attack.”

Meanwhile, Kaspersky has pointed to similarities between Shamoon and DarkSeoul — malware used in attacks targeting South Korea — and Destover, the Trojan used in the attack on Sony.

In short, nobody knows for sure who hit Sony or why.

Richard Adhikari

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by Richard Adhikari
More in Cybercrime

E-Commerce Times Channels