Saturday, June 4, 2011
Hacked Again: User Data Stolen from Sony Pictures
Just as Sony's PlayStation Network recovers from a long hacking outage, more than a million users' personal information has been stolen from its Sony Pictures web site. The hacker group LulzSec claimed responsibility and said "every bit of data" on the Sony Pictures site was not encrypted. An analyst said the hackers are using a backdoor.
Sony has yet to fully recover from the public beating it took after its Sony PlayStation Network hack. Now the company's movie division has been breached.
The same hackers who recently broke into the PBS web site and led many to believe that murdered rapper Tupac Shakur is still alive are taking responsibility for the attack on Sony Pictures' web site. The now-infamous hacker group is called LulzSec.
"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data Relevant Products/Services associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons,'" the group said in a post at Pastebin.
"From a single injection, we accessed everything," the group said. "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it's just a matter of taking it."
Finding the Threats
Sony needs to find the advanced persistent threat or threats that likely are sitting deep in its network Relevant Products/Services, according to Stephen Gates, director of field engineering for Top Layer. That, he said, is because the hacker community isn't coming in through the front door -- they aren't knocking holes in the firewall.
"It has to be some sort of backdoor into these networks, and companies like Sony need to put some sort of protection mechanisms in place to identify these advanced persistent threats and shut them down," Gates said.
As Gates sees it, Sony needs to identify the compromised machines by tapping technology like intrusion-prevention systems that can thoroughly analyze the protocols coming in and out of its network, clearly identifying the protocol anomalies, and most likely identifying these compromises and shutting them down.
"Companies should take this as a warning and proactively inspect all traffic leaving their network," Gates said. "Most companies are concerned with what is coming and never look at what is leaving. If they were to look more closely at what was leaving their network, they would find these advanced persistent threats."
Simple SQL Injection
Fred Touchette, a senior security Relevant Products/Services analyst at AppRiver, said Thursday's attack against Sony Pictures and its network demonstrates the need for more emphasis to be placed upon cybersecurity. Less than two months after the initial attacks began against Sony's PlayStation Network, the parent company is finding itself breached once again in yet another branch of the company.
"The real kicker here is that, according to the group that pulled off yesterday's attacks, they used a simple SQL injection attack against their databases in order to pull from them all of this private information, which was once again stored unencrypted in plain text," Touchette said.
"I believe Sony should have moved a little faster and used the information from their debacle in April to harden their network company wide," he added. "Hopefully that message is truly clear to them now, as well as to everyone else out there who handles personal private information."