Not too long ago, back in 2011, a hack of Sony’s PlayStation Network led to a leak of over 77 million user accounts, many of which had financial information attached.
After an attack like that, you’d think that Sony would batten down the hatches, examine every nook and cranny of its network, and come up with an airtight security policy.
But if the reports coming from sources inside Sony Pictures late last night are accurate, there’s still a lot of work to be done. Another attack threatens to release a whole slew of internal corporate data into the ether — unless certain, unspecified demands are met. In the meantime, the hack has reportedly brought down the film studio’s computers in offices from California to New York as well as overseas.
According to a post on Reddit by a user with alleged connections to Sony Pictures, and verified by TheNextWeb, every computer in the Sony Pictures offices was taken over with the image below:
The hack was perpetrated by a yet-unknown group who call themselves the Guardians of Peace, or #GOP (hopefully, no relation to Boehner et al.). While the pixelated skeleton and the grandiose threats seem more reminiscent of a bad ‘90s hacker movie, the hack at least seems legitimate, as the group also tweeted out similar messages from Twitter accounts associated with Sony movies, like Stomp the Yard and Starship Troopers. The ransom-styled note also contains a list of URLs which point to .zip archives, each allegedly containing a list of the purloined files in text format.
In statements to the media, Sony claimed to be investigating the attack, which it referred to as “an IT matter.”
Some bloggers, however, remain skeptical of the so-called hack. The undeniably cheesy nature of the “ransom note,” as well as the group responsible being completely unknown up to this point, has led some to speculate that this might be an elaborate viral marketing scheme, perhaps for a Sony-produced hacker movie. However, given Sony’s history in terms of security, such a gambit would seem like an unwise move.
If it is real, though, this is another long-term PR hit for Sony, a company that still battles the stigma of a lackadaisical approach to customers’ security. Sony faced the Rootkit copy-protection scandal in the mid-2000s, in which Sony BMG music CDs illegally installed software on user’s computers. Though this software was intended to prevent piracy, it also happened to make the computer vulnerable to a host of viruses. Then, in 2011, there was the aforementioned hack that had even the most diehard Sony fanboys swearing off the company for life (at least temporarily). In August, Sony’s PlayStation Network was brought down by hackers. Now, if early analysis of the leaked file lists proves to be accurate, the company may be facing another public embarrassment, even if this isn’t quite as wide a threat as Sony’s previous episodes.
This would also be particularly poor timing for Sony, which just announced plans to reduce costs by focusing more on its PlayStation 4 business and less on production of mobile phones, televisions, and other hardware devices. In the digital space, a deeper reliance on its entertainment business could also require more stored user data. And if this hack is confirmed, Sony might have a difficult time convincing anyone to use their credit card on its servers.
Top Reads From The Fiscal Times: