While we continue to wait for an official statement and/or explanation from Sony Pictures Entertainment, the stolen data leaked by the attackers and the analysis of the used malware allow us to patch together bits and pieces of what happened.
The attackers, who dubbed themselves #GOP (Guardians of Peace), have uploaded another batch of data on file-sharing sites and BitTorrent, then linked to them via a Pastebin message.
In the message (since removed), they claim not to have sent threatening emails to Sony staffers. “We have already given our clear demand to the management team of Sony, however, they have refused to accept,” they stated, asking again for their demand to be met.
“And stop immediately showing the movie of terrorism which can break the regional peace and cause the War!” they added, providing for the first time some definite indication that the Seth Rogen movie “The Interview” is among the reasons for the attack.
The data batches released are Microsoft Outlook mail spools from Amy Pascal, co-chairman of Sony Pictures Entertainment and Steve Mosko, president of Sony Pictures Television. In Pascal’s was an email sent by the hackers to five Sony PE executives three days before the company’s network and systems have been so publicly taken down.
Martyn Williams reports that the message, titled “Notice to Sony Pictures Entertainment,” contained a request for monetary compensation for “damage” done by Sony Pictures.
“Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You’d better behave wisely,” it said, and was not signed “GOP,” but “From God’sApstls” – a name found by Symantec inside the malware used in the attack. So it seems that the attackers wanted some money, after all.
According to The Register’s Iain Thomson, some of the leaked information is already being misused to attempt to steal Sony PE employees’ identities.
For anyone interested, Risk Based Security has a very thorough analysis and breakdown of all the stolen files released so far.
Bloomberg also reports that some of Sony’s confidential data was leaked via the high-speed network of the St. Regis, a five-star hotel in Bangkok, Thailand.
It’s impossible to tell whether this was done by a guest, someone simply connecting to the network from the hotel lobby or from a separate location, but it’s interesting to note that an IP address the malware used to communicate with the hackers was located at a university in Thailand.