• United States



Senior Staff Writer

Sales contracts and other data published by Sony’s attackers

Nov 29, 20144 mins
CybercrimeData BreachNetwork Security

Published records include sales contracts, phone lists, financial details, and passwords

Update: A recent FBI memo on destructive malware might offer some clues into the Sony attack. Further details are here.

On Saturday, GOP published sales and contract data from Sony Pictures Television, taken after the group compromised the entertainment giant’s network last week. The 894MB archive contains thousands of items, covering a period between 2008 and 2012.

Sony’s problems started last week. A group calling itself GOP compromised the Sony Pictures network, forcing the technology group to terminate network access across the company. Statements from those claiming to be associated with the group have suggested they had insider access to the network, which helped them carryout the attack.

The network downtime impacted operations in New York, California, and other parts of the country. VPN access, email, and network shares were all disabled Monday morning, and remain limited if not offline entirely. Many offices were left with little options, so most employees switched to pen and paper in order to get their work done.

At the time the attack was made public, GOP released two lists detailing the types of data that was compromised.

The lists referenced several documents, including private key files; source code files (CPP); password files (including passwords for Oracle and SQL databases); inventory lists for hardware and other assets; network maps and outlines; production outlines, schedules, and notes; financial documents and information; and PII.

Later in the week, GOP released preview copies of Sony movies, including Annie, Fury, and Still Alice. At the time, the group warned that they would be releasing more information.

On Saturday, they made good on that threat.

Most of the documents released this weekend are contracts between Sony Pictures Television and various TV stations across the country.

In the documents viewed by Salted Hash, the sales items were for airing rights to various shows such as Dr. Oz, Judge Hatchett, Outer Limits, and Stargate, SG-1. The documents also disclose details related to syndication rights for sitcoms such as King of Queens, Seinfeld, and Rules of Engagement.

While internal sales data is bad enough, the data dump has the ability to make Sony’s situation worse.

It includes an internal phone list and organizational chart, complete with names, titles, departments, phone extensions (with outside line dialing information) and cellular phone numbers. The phone list was created in 2009, but it covers the company sales teams in Los Angeles, Atlanta, Chicago, and New York.

There is metadata in some of the files, which when combined with the document templates and phone list, could help initiate social engineering attacks on various parts of the company, such as the helpdesk.

In addition, one outdated document disclosed network usernames, passwords, and American Express account information (card data and Internet account details), something else that could be used in a targeted attack.

On Saturday afternoon, a person claiming to represent GOP hinted that the sales data was only beginning, stating that the group “will release all of the data…” which they claimed was under 100 TB or “tens of [Terabytes].”

However, that claim is open to debate. Under 100TB could mean “about 100TB” or it could mean they plan to post a few thousand files from a backup, averaging a few dozen gigabytes. The author of the message referenced “tens of TBs” but again, that doesn’t say much as most of the tiles in the sales leak are bulky TIFF images.

This isn’t the most disastrous data leak in the world. However, it isn’t something to dismiss either. The contract records are sensitive internal documents, and while the information within is dated, they serve as proof of the GOP’s claims to have accessed internal information.