Sony Pictures Computer Sytems Shut Down After Ransomware Hack

MojoKid writes: It appears that Sony Pictures has become the victim of a massive ransomware hack, which has resulted in the company basically shutting down its IT infrastructure. According to an unnamed source, every computer in Sony's New York Office, and every Sony Pictures office across the nation, bears an image from the hacker with the headline "Hacked By #GOP" which is then followed by a warning. The hacker, or group, claims to have obtained corporate secrets and has threatened to reveal those secrets if Sony doesn't meet their demands.

As Though The GOP

[smittyoneeach]

As though the GOP,
Bugbears as they be,
Through that Galifianakis beard
Even shag-all could see.
Burma Shave

Re:As Though The GOP

Its very sad, but Sony has has a gazillion chances to beef up security, and each time they have failed.
We will see if they have backups or not: If they are not up in 24 hours they get a fail mark for recovery.
If they have retained tax free profits in a foreign tax haven bank account - well I guess they have nothing to hide.

Re:As Though The GOP

[Zontar+The+Mindless]

Someday I shall have the privilege of modding up one of these... but not today, alas.

Re:As Though The GOP

ZTM: comments; flesh wounds--I do it all for art.

--s1e

Re:As Though The GOP

They should have used something proprietary. Maybe an ATRAC or MagicGate algorithm? ;)

Re: As Though The GOP

Name one entity that can't be hacked.
My point proven.

Re: As Though The GOP

[ebvwfbw]

Oh come on. That's hardly a proof.

Who is going to get the pink slip

Can you imagine being in the middle of that shit-storm...

Re:Who is going to get the pink slip

[Skylinux]

One can only hope it hits the right people. Those fucking idiots who demand we open the network to the "bring your device from home" crowd.
Remember when your network admin told you that it is a stupid idea - well here you go.

Re:Who is going to get the pink slip

[fuzzyfuzzyfungus]

Not to worry. After working 24x7 for a week or two trying to rebuild the entire spaghetti-heap of an internal IT setup that took years to get as crufty(but familiar and functional-ish) as it was; being fired and thus allowed to go home and drink yourself to sleep will seem like a hell of a perk!

Re:Who is going to get the pink slip

[Thanshin]

A car? Why would anyone get a car because of this?

Re:Who is going to get the pink slip

> A car?

Because the cdr is usually reserved for the investors.

Re: Who is going to get the pink slip

[frikken+lazerz]

Hundreds of workers will get laid off so that Sony can make up for this blunder and stay out of the red. Then the CEO will get a huge bonus for "cutting expenses".

Re:Who is going to get the pink slip

Yes, something went wrong so it must be because of my pet peeve. Clearly all the evidence points to this being an infection caught off a dodgy iPad. *facepalm*

Re:Who is going to get the pink slip

[Thanshin]

all the evidence points to this being an infection caught off a dodgy iPad.

I KNEW IT!

Told you so.

Re:Who is going to get the pink slip

Karma's a bitch. Remember that Sony didn't fire the guy in charge of the rootkit fiasco, they promoted him.

Re:Who is going to get the pink slip

[phayes]

No, you blamed BYOD, which remains to be seen. I take it you've never seen a corporate iPad? I assure you they exist & while they can be infected just like corporate laptops can, it happens a lot less often...

Re:Who is going to get the pink slip

[Proudrooster]

What if I told you this "ransom ware" attack was caused by network admins who were logged in as DOMAIN ADMINISTRATORS? Ransomware is usually the result of poor security practices by admins adding DOMAIN ADMIN to their groups in group policy. So, infect one DOMAIN ADMIN and ransomware is off and running through the entire network, encrypting and trashing as it goes. With ransomware the worst a nonadmin user can do is take out their own files, but infect an account with DOMAIN ADMIN and you can take out a network.

As for your ignorant remarks on BYOD. BYOD is a very low risk, especially if you keep them on a limited wifi then limit devices to iPhones & Windows PC with latest security updates, sorry droids.

And, I based on post with the (sic) advanced literary skills and complex reasoning ability, I bet you are an admin that logs in with DOMAIN ADMINISTRATOR credentials, because you aren't the security problem, you are an all knowing GENIUS!

"Clever is easy, simple is hard." -me

Re:Who is going to get the pink slip

[91degrees]

Pink slip? It's a Japanese company. Failure has more serious consequences.

Re:Who is going to get the pink slip

[PlusFiveTroll]

It's more likely domain admins that didn't apply MS14-068.

Re:Who is going to get the pink slip

[jeffmeden]

One can only hope it hits the right people. Those fucking idiots who demand we open the network to the "bring your device from home" crowd.
Remember when your network admin told you that it is a stupid idea - well here you go.

Remember when your network admin couldn't figure out how to segregate the wifi network, or set up mobile device policies in exchange? Well here you go.

Re:Who is going to get the pink slip

> And, I based on post with the (sic) advanced literary skills and complex reasoning ability, I bet you are an admin that logs in with DOMAIN
> ADMINISTRATOR credentials, because you aren't the security problem, you are an all knowing GENIUS!

> "Clever is easy, simple is hard." -me

Jackass

Re: Who is going to get the pink slip

no ipads & iphones at sony pictures - just xperias and crappy sony android tablets

Re:Who is going to get the pink slip

Umm woosh? Really you're an idiot. The person you replied to wasn't even the person who blamed BYOD, it was someone making a joke.

Re:Who is going to get the pink slip

[Holi]

No he didn't, Skylinux did.

Re:Who is going to get the pink slip

someone's gonna lose a pinky.

Re:Who is going to get the pink slip

[Proudrooster]

Don't you hate it when people disagree with your blind, error filled assertions? I bet you wanted to print this post off and show it to your boss and say, "SEE, LOOK, IT'S THOSE PEOPLE WITH BYOD!" when in reality YOU, Mr. Site Admin are the biggest security threat to your organization.

I was at least expecting you to lie and respond, "I am not logged in as DOMAIN ADMIN."

On a serious note, I would strongly suggest you look at your teams security practices before you end up in the same shape as SONY. Ransom ware is running wild right now. Making sure you have air-gapped backups, your servers are patched with all out of band patches, users and admins are NOT logged in as DOMAIN ADMIN, strong passwords with a password saved in a password manager like KEYPASS.

Re:Who is going to get the pink slip

[KermodeBear]

"Clever is easy, simple is hard."

I'm stealing this; I hope you don't mind. (o:

Re:Who is going to get the pink slip

[jon3k]

Try reading a little more carefully next time. No one blamed an iPad.

Re: Who is going to get the pink slip

Not true

Re: Who is going to get the pink slip

Or get fired and get the "golden parachute". Doesnt make much of a difference at the end.

Re:Who is going to get the pink slip

[tepples]

I thought BYOD was an excuse to let HR refuse to hire people who aren't in the socioeconomic group likely to already subscribe to smartphone service without appearing racist.

Re:Who is going to get the pink slip

That's why I advocated for it at my job. Is there some other reason to implement the policy other than keeping out the plebes?

Re:Who is going to get the pink slip

Try reading a little more carefully next time. No one blamed an iPad.

Try reading a little more carefully next time. Given its familiarity, an iPad was merely used as an example of a device that one might use in a BYOD setting. And Skylinux did blame BYOD.

Re:Who is going to get the pink slip

[mythosaz]

What if I said it was much more likely that they weren't domain admins, but merely members of groups that had rights over local workstations -- like, you know, like every person in ever field-service/desktop-support group in every major company is.

The right to install software is granted to field-service level staff in nearly every major company, and that doesn't make you a domain admin.

Re:Who is going to get the pink slip

The last out of band MS patch might have allowed domain admin creds when there shouldn't have been any. Thankfully, such priv escalation gaps are relatively rare.

I do wonder about something. Take users with domain admin rights. Is it better to just have one account for ease of management or have two, one for general user stuff, one dedicated for domain admin items? I've seen some UNIX shops give their users two accounts, username, and usernamesu, so the user that has access to the wheel group and sudo is fairly obvious. This also makes it easier to identify, and lock out those accounts come audit time.

However, is it worth the time/trouble doing two accounts?

Re:Who is going to get the pink slip

[Proudrooster]

We run with two accounts one for normal use and one for software installation (admin/root). In my opinion, it is bad practice to run any machine LINUX, MAC, or WINDOWS logged in as admin/root. Having to type a username/password into sudo or the windows/mac popup is minor compared to software "accidentally" getting installed. :)

Hey I heard from some guy that hates BYOD that SONY was taken down by an infected iPad. It had nothing to do with that last Microsoft patch that Sony didn't apply.

Re:Who is going to get the pink slip

He just replied to the wrong comment, the desperation to defend Apple combined with struggling to navigate the web with his sausage fingers on a touchscreen will lead to that.

Re:Who is going to get the pink slip

[nanoflower]

No, they will get a corner office.

Re:Who is going to get the pink slip

[AK+Marc]

BYOD done right is *more* secure than not. Done wrong is worse. That's the same with almost anything.

Re:Who is going to get the pink slip

Lol!!!!

OH SHIT!!!

In the 90s this really would have meant something. Maybe they ought to hack Commodore Computer next.

Congratulations...

[Etherwalk]

#GOP has just become a top-10 target for US Offensive cyber-operations...

Re:Congratulations...

I'm sure they're terrified of Sheriff Andy Clapper giving Deputy Barney Fife his cyber bullet.

Re:Congratulations...

[ArithonUK]

Maybe the "GMT" hints at an English hacker, which is why the British government is suddenly pushing for "anti-terror" powers with ISP's (again). Seen any SONY lobbyists at Westminster this week anyone?

Re:Congratulations...

It's the Stuxnet revenge to step up the security theater while undermining crypto for the common people. Not enough to fondle just one kind of your privates...

Re:Congratulations...

[just_another_sean]

Maybe, but the writing in the warning seems to come from someone who speaks English as a second language.

It read like person that not know what are articles.

Re:Congratulations...

[GNious]

so, British?

Re:Congratulations...

It read like person that not know what are articles.

A Slashdot Editor?

Inside job

I heard it through the grapevine a few months back.

Dear Sony, I am delighted!

[CaptainOfSpray]

Couldn't happen to a "nicer" bunch.

Would I be right to believe the Sony Pictures, being part of the Sony conglomerate, are infected with the same high-handed corporate arrogance that we have seen at Sony Music? "cough" root kit "cough"

I shall be wearing the smile today, all day.

Re:Dear Sony, I am delighted!

[RenHoek]

[haha.jpg]

Re:Dear Sony, I am delighted!

[Xest]

Maybe not the Sony Music rootkit but they have forced various bits of intrusive DRM on us over the years.

So yes, there's a certain irony in their systems getting infected when for years they've been infecting the systems of others.

Re:Dear Sony, I am delighted!

[donaldm]

Would I be right to believe the Sony Pictures, being part of the Sony conglomerate, are infected with the same high-handed corporate arrogance that we have seen at Sony Music? "cough" root kit "cough"

Not bad bringing up something that happened in 2005 with the scandal having impact to 2007. Yes Sony BMG was IMHO stupid to put what is called a "root-kit" on a PC running a Microsoft OS. Although that root-kit was benign and Anti-virus firm F-Secure concurred, "Although the software isn't directly malicious, the used rootkit hiding techniques are exactly the same used by malicious software to hide themselves". This is not to say that this absolves Sony BMG however the finger of blame should also point at AV protection software and the Microsoft OS as well that allowed the root-kit to be installed in the first place.

I shall be wearing the smile today, all day

You may not like Sony and that is fine, however extortion is a crime and carries a fairly stiff punishment. It is definitely not something to be applauded.

Re:Dear Sony, I am delighted!

If Sony thinks that "Most people, I think, don't even know what a rootkit is, so why should they care about it?", so why do they now complain for getting hacked?

Re:Dear Sony, I am delighted!

It borked CD-drivers, CD burning software and DVD player software.
Often with BSOD's as a result.

People replaced CD-drives thinking they were broken.
Only to find that the new drive was borked from the start too.

You call that benign ?

Oh... Before I forget. Sony was a share-holder in F-Secure at the time.
No wonder F-Secure tried to put it in ass good a light as possible.

Re:Dear Sony, I am delighted!

> You may not like Sony and that is fine,

neither do I

> however extortion is a crime

correct (legal category, not moral category!)

> and carries a fairly stiff punishment.

correct (again, a legal/executive category)

> It is definitely not something to be applauded.

Wrong. *I* choose what I applaud

Re:Dear Sony, I am delighted!

Good. Fuck 'em.

Re:Dear Sony, I am delighted!

Would I be right to believe the Sony Pictures, being part of the Sony conglomerate, are infected with the same high-handed corporate arrogance that we have seen at Sony Music? "cough" root kit "cough"

Considering that they later got caught distributing the same malware on their USB-sticks it is pretty safe to say that Sony Musics arrogance has a major influence on the rest of Sony.
As a result they have, together with Apple, been added to my list of companies that creates products I wouldn't let into my home. (With the exception of details that are hard to check. I don't care much if an IC in hardware I buy happend to be made by Sony. I doubt it will give them enough control to screw me over.)

Re:Dear Sony, I am delighted!

"Not directly malicious" is a far cry from "benign".

I shall be wearing the smile today, all day

You may not like Sony and that is fine, however extortion is a crime and carries a fairly stiff punishment. It is definitely not something to be applauded.

I don't know about you, but I have no problem with the extortionist being punished if caught. That doesn't have any bearing on whether one may feel satisfied over Sony having been the victim.

Re:Dear Sony, I am delighted!

Get some perspective on _reality_ buddy, it's not like they ruined anyone life, killed people, or did anything other than make a bunch of tech people rage.

GOP is going to quite clearly cause a bunch of jobs to go at sony, directly and indirectly.

But oh no, please, continue the rage, 7 years on. It feels good to rage against something everyone else rages to right - it makes you _right_, and your words are so _just_, leaving you feeling so _satisfied_, just wanting someone to argue with you more.

Re:Dear Sony, I am delighted!

[gsslay]

Seriously, are people still on about this?

The root kit scandal was a case of corporate ham-fisted ignorance dabbling in something they knew too little about. A ransomware attack on a different arm of the company, 9 years later, affecting people who had absolutely nothing to do with the root kit, is a criminal act.

If you're wearing a smile because of this you have very strange ideas about what's morally right, and really should be finding something more positive in life to make you happy.

Re:Dear Sony, I am delighted!

[Bob_Who]

Its Karma.

Not instant, like their rice....its slow cooked Karma....

With a side of Sony baloney.

Re:Dear Sony, I am delighted!

They have a long legacy of corporate ham-fisted ignorance though. Numerous hacks against their PlayStation user base that leaked millions of unhashed passwords. Very questionable ethical decisions around their enforcement of DRM and copyright, and shutting down 3rd party resellers such as Lik Sang.

But yes, it was certainly the root kit debacle that initiated my personal boycott of Sony products (to the best of my ability at least. I realise the Sony brand has long tentacles). The fact that it was so long ago and yet Sony *still* regularly make fuck ups on a grand scale changes nothing.

Re:Dear Sony, I am delighted!

[Zontar_Thing_From_Ve]

Would I be right to believe the Sony Pictures, being part of the Sony conglomerate, are infected with the same high-handed corporate arrogance that we have seen at Sony Music? "cough" root kit "cough"

You would indeed and I submit their use of Cinavia copy protection on BluRays and DVDs as proof of this. You may be asking "What is Cinavia?" Well, it is a copy protection technology that uses an audio watermark. The watermark appears within the range of human hearing (so you can't just filter away the high frequencies above human hearing to remove it) and doesn't appear to be anything that humans can hear, but all current BluRay players are required by the licensing agreement to support it. How it works is that if a BluRay disc plays and Cinavia is in the audio, the player determines if it is playing an original pressed disc or a copy. If it finds a copy, it shuts down play within 10 minutes of starting and produces a warning message that Cinavia has been detected on a copy and you're not allowed to play the copy.

There is currently quite a bit of hysteria from some consumers in the BluRay field over it because apparently 100% of the people upset about it have kids who ruin their discs and now they "can't make copies". I say that with sarcasm. Well, you can make copies, you just can't make BluRay copies. Non-BluRay players are not required to detect or honor Cinavia, so ripping your BluRays and making MKVs out of them without conversion works fine. Even most BluRay players will happily play such files without checking for Cinavia.

I'd like to point out that Cinavia is not free. Companies that use it pay a fee for using it. I don't know what the price is, but I can tell you that Sony puts it on every BluRay they put out, even those foreign films they release that have limited audiences. For all I know, it may actually cost more to use Cinavia on some of those films than Sony can even make back in sales of the discs. Sony even puts it on a few DVDs and no DVD player is required to detect or support Cinavia, and they still sometimes use it there. The only other studio I know of that has ever used Cinavia more than once is Warner Brothers and they rarely use it. Even Disney has only used it once and they're one of the Hollywood studios most paranoid about people copying their stuff. The lack of use leads me to conclude that the price for using Cinavia is probably quite high and only Sony is crazy enough and consumer hostile enough to pay to use it all the time.

Re:Dear Sony, I am delighted!

> Seriously, are people still on about this?

Yes, seriously. As the other AC stated, Sony is since then in my "no-buy" list (and in my "recommend not to buy" list, fwiw). They have since then actively missed every chance to get out of said lists.

> If you're wearing a smile because of this you have very strange ideas about what's morally right, and really should be finding something more positive in life to make you happy.

Seems I don't share your morals. And yes, I'm wearing a smile too.

Re:Dear Sony, I am delighted!

What silliness. No one makes blu-ray copies other than pirates. Furthermore, you are incorrect. Cinavia in rips still result in the media player stopping. Try it for yourself. Create an mp4 of an infected title and play it on a device like the PS3.

Re:Dear Sony, I am delighted!

[jabuzz]

Clearly you don't have young children or have ever seen them handling DVD's and/or Blu-ray disks. It is a lot cheaper to give them a copy of random Disney/Pixar film which can be cheaply replaced than the original which cannot.

Re:Dear Sony, I am delighted!

[clickety6]

Not bad bringing up something that happened in 2005 with the scandal having impact to 2007.

I'd have thought that 10 years would have been quite long enough for Sony to have gotten around to saying sorry. I guess it must have slipped their minds...

Re:Dear Sony, I am delighted!

Create an mp4 of an infected title and play it on a device other than the PS3 and it will work fine.

Fixed that for you.

Re:Dear Sony, I am delighted!

[ArcadeMan]

Companies are being hypocrites about exactly what we pay when buying music or a movie. In court, they've sided with the argument that we're paying for a license for said media.

So if someone pays 25$ for a movie on Blu-ray, that means that at least a portion has gone for the license. Since I've already paid for the license, and I'm not allowed to make copies for my own private use, why can't I buy a second disc for the media fee alone? Why can't we buy replacement discs if our first one gets destroyed? The license was already paid with the first copy we bought.

Re:Dear Sony, I am delighted!

[Forgefather]

Because the people who were suffering from the use of Sony's nasty DRM were the legitimate customers? The pirates were the ones laughing their heads off in 2007.

Re:Dear Sony, I am delighted!

[Paradise+Pete]

"Yes I snuck into your house and hid there for two years quietly observing you, but look, I wasn't malicious!."

Re:Dear Sony, I am delighted!

If I secretly installed malware to spy on someone's computer, I would rightfully go to prison. The fact that no one went to prison over the rootkit fiasco is nothing but corruption.

Re:Dear Sony, I am delighted!

[Will.Woodhull]

The root kit scandal was a case of corporate ham-fisted ignorance dabbling in something they knew too little about.

True.

However the corporation was culpably stupid in dabbling before they knew what they were getting into. A corporation the size of any of Sony's divisions has enough resources to figure out the consequences of their actions before they make their decisions. There is no excuse for implementing a strategy in ignorance of its impact on customer/clients (or the indirect impact on shareholders, for that matter).

I am, and you are too, much safer dealing with criminals who know what they are doing than dealing with corporations like Sony who will screw you over without any intention of doing so. Sony's vulnerability in this matter shows that its management still doesn't get it, and that every officer of the company needs to do the honorable thing and leave the company, leave the industry, and get a job more suited to their ethical and strategic skill set. Like flipping burgers, or arranging the sushi on the platter.

Re:Dear Sony, I am delighted!

[operagost]

I loathe government interference in intellectual property, but since we're stuck with these oppressive copyright laws the least that should be done is to prohibit copy protection measures without requiring a media-cost-only replacement policy be in place. After all, the enduring *IAA argument is that buying the media just buys a license to watch it, so they should be replacing damaged media for just the cost of the media. "Digital copy" helps, but it's no use in this scenario with the kiddies because you'd have to turn over a tablet or rather expensive smart TV with an internet connection to them.

Re:Dear Sony, I am delighted!

"And yes, I did sneak into your garage at night, pick the locks to your car and changed the sensor and ignition so that your car could be unlocked using any remote and started with any keys without you knowing until it was too late, but that was just a precaution - I wasn't actually planning to steal it - so you shouldn't blame me if someone else found out and drove away with it."

Re:Dear Sony, I am delighted!

[gsslay]

Keep up. We're discussing Bluray and Cinavia.

Re:Dear Sony, I am delighted!

[DocSavage64109]

It would be especially funny if the attack vector turns out to be their rootkit.

Re:Dear Sony, I am delighted!

[gsslay]

Your license to play the movie is on the disk. Sony wants to verify this license. If you break the disk, you have destroyed your license. If you copy the disk without the license on it, you cannot prove you have a license.

Unless you're expecting Sony to keep a record of all those who have purchased a licence, by whatever means through millions of retail channels, you need to be the one who retains the licence. If you destroy the license, or keep it elsewhere, what proof do you have that you are licensed?

I'm not saying it isn't a pain, but it's perfectly logical and reasonable.

Re:Dear Sony, I am delighted!

[MachineShedFred]

let me get this straight: you are saying he is wrong because:
- Sony abuses a rights-stripping piece of shit on everything they produce
- Sony mandated it into the technology license for the disc format to 3rd party player manufacturers
- the GP postulates that once you format-shift the content away from the licensed Blu-Ray spec, third party players no longer adhere to enforcement of the rights-stripping piece of shit
- you post the Slashdot equivalent of "NUH UHH!" because the company that abuses the rights-stripping piece of shit still enforces when it's found in other formats on their hardware, which is a surprise to NOBODY.

If you didn't know, the PS3 is made by SONY, and is going to play the game that SONY wants played. Why would you expect different?

Re:Dear Sony, I am delighted!

[tepples]

Since I've already paid for the license, and I'm not allowed to make copies for my own private use, why can't I buy a second disc for the media fee alone?

I don't know about Sony, but Disney lets you.

Re:Dear Sony, I am delighted!

[ArcadeMan]

A license is not a physical object. Even if I break the disk, the license was paid for. I should at least be able to return to a store with a broken/scratched disc and pay for a replacement disc minus the license fee that was paid with the first copy.

Re:Dear Sony, I am delighted!

[ArsenneLupin]

every officer of the company needs to do the honorable thing and leave the company, leave the industry, and get a job more suited to their ethical and strategic skill set. Like flipping burgers, or arranging the sushi on the platter.

Are you sure these are appropriate jobs for Sonyscum? Personally, I wouldn't want to eat burgers laced with exlax, or sushi caught from the waters next to Fukushima...

Re:Dear Sony, I am delighted!

[tlhIngan]

There is currently quite a bit of hysteria from some consumers in the BluRay field over it because apparently 100% of the people upset about it have kids who ruin their discs and now they "can't make copies". I say that with sarcasm. Well, you can make copies, you just can't make BluRay copies. Non-BluRay players are not required to detect or honor Cinavia, so ripping your BluRays and making MKVs out of them without conversion works fine. Even most BluRay players will happily play such files without checking for Cinavia.

Actually, a lot of Blu-Ray players and media players in North America DO check for Cinevia, even if the source is no longer Blu-Ray. A lot of players outside do not, however, including many cheap Chinese ones.

Back so Sony, one could wonder if it's a bit much just for a single movie, since Sony Pictures dropped the Steve Jobs movie recently.

On a more serious note, one wonders if it's the result of poor security practices. After all, just a few years ago Sony suffered a major breach of their Playstation Network servers, and now their entire Sony Pictures group is out of commission. Could just be a case of corporate poor security practices.

Or maybe someone's just wanting the PS4 master key.

Re:Dear Sony, I am delighted!

Get some perspective on _reality_ buddy, it's not like they ruined anyone life, killed people, or did anything other than make a bunch of tech people rage.

The same can be said for the Pirate Bay guys, yet they ended up in jail.

Re:Dear Sony, I am delighted!

The root kit scandal was a case of corporate ham-fisted ignorance dabbling in something they knew too little about.

The they repeated the same thing again with their USB sticks after they had been told in court that it was illegal.
It's clearly malice, not ignorance.

Re: Dear Sony, I am delighted!

[iluvcapra]

I work for Sony Picture on projects as a sound designer from time to time, I wasn't there yesterday.

Sony Pictures is an almost completely distinct operation from "Sony." The studio itself is just the old Columbia Pictures, that Sony bought in 1990. The lot itself was the old MGM/Lorimar lot-- all the long-time staff at Sony are either Columbia people or MGM people. You can go years there without meeting a Sony corporate exec, they leave the place alone and just a let it do its thing.

Re:Dear Sony, I am delighted!

[Bert64]

Many pieces of malware are far more benign than that, and yet people have gone to jail for writing them...

Re:Dear Sony, I am delighted!

Get some perspective on _reality_ buddy, it's not like they ruined anyone life, killed people, or did anything other than make a bunch of tech people rage.

GOP is going to cost jobs at Sony and cause Sony to loose money just like Sony cost millions of people across the world to loose money (the jury is still out on the loss of jobs).

  It feels good to rage against something everyone else rages to right - it makes you _right_, and your words are so _just_, leaving you feeling so _satisfied_, just wanting someone to argue with you more.

Re:Dear Sony, I am delighted!

Fuck you, and fuck Sony. I can't think of a company more deserving, except Comcast, AT&T, Verizon, Microsoft, Google, Samsung, Walmart, Target, any member of Current C really, and your mom.

Re:Dear Sony, I am delighted!

[Phusion]

Yes! Thank you, I won't shed a single tear, but instead hope that they're shut down for a lot longer than they expect. Fuck Sony in their stupid asses. Yes, Rootkit, prosecution of George Hotz and countless other fuckups remind me that Sony is just getting what they deserve.

Re:Dear Sony, I am delighted!

[Forgefather]

It doesn't change the core of the argument that DRM is punishing the paying customers as in the example from Zontar and has done nothing to punish the pirates. There is a high quality copy of every piece of protected music available on the pirate bay and the people who download that copy don't have to mess around with restrictions of any kind.

I would certainly think that a company should be worried when a bootlegger is offering a better product, better service, and a better price than their own company. The first step to combating piracy is to view pirates not as thieves, but as potential customers and treat them as such. Valve tried this in Russia, a market with so much piracy is was thought to be lost, and to date it is their fastest growing market.

When you look at pirates as potential customers and people who post the torrents as competitors you can see just how shortsighted it is to try and lock in people to your distribution when an alternative product exists. That's just asking for loss of business.

Like it or not piracy is here to stay, and it will continue to act as a competitor in the market. If you want to beat pirates compete on service and physical products. Just like the Russians if you make people want to buy a product from your company, not just buy your product despite your company, you will see a dramatic decline in piracy.

Re:Dear Sony, I am delighted!

Are you:
A: Sony lackey
B: Fed Scum
C: Internet Troll
D: All of the above

Re:Dear Sony, I am delighted!

Cinavia supposedly has been cracked

https://torrentfreak.com/dvd-ranger-cracks-unbeatable-cinavia-anti-piracy-system-140524/

Re:Dear Sony, I am delighted!

[AK+Marc]

They are on the Vatican time frame for apologies. I think the Vatican holds the record for the longest time from incident to apology. It's a challenge.

Re:Dear Sony, I am delighted!

[gsslay]

Well that seems like a reasonable request, but companies are not obliged to help you fix the situation you've got yourself into. You in a situation where you am 100% to blame, but somehow you get to demand that the company assist you?

If I bought a Blueray and lost the case, so I no longer knew who appears in it, are the company obliged to run a service where I can buy an empty case to replace it? After all, I already have the disk, and my licence, they have no right to force me to buy them again!

Or if I bought a pack of cards, do I get to demand that the manufacturer of the cards also sells single cards, for when I lose one? What use is a pack missing one card? I demand the manufacturer provides this service because I am a customer who has already purchased 51 cards!

There comes a point when there is no profit to be made in helping out customers who are in a position of their own doing. Companies have no obligation to provide additional services that don't benefit them.

Re:Dear Sony, I am delighted!

[stealth_finger]

I'd like to point out that Cinavia is not free. Companies that use it pay a fee for using it. I don't know what the price is, but I can tell you that Sony puts it on every BluRay they put out, even those foreign films they release that have limited audiences. For all I know, it may actually cost more to use Cinavia on some of those films than Sony can even make back in sales of the discs. Sony even puts it on a few DVDs and no DVD player is required to detect or support Cinavia, and they still sometimes use it there.

It costs a fair bit by the looks of it, and the also seem to take a dip from everyone on the chain

From wiki

Licensing[edit] For Cinavia the owners Verance make their money through licensing agreements with several sections of the entertainment and media industry. As of March 2012 these licence costs due to Verance were $10,000–$300,000 per manufacturer of Blu-ray Disc players—for the rights to embed the Cinavia detection system—plus additional software costs for the implementation itself.[8] Production facilities need to pay $50 for each audio track that is watermarked with Cinavia.[8] Distribution houses must finally pay $0.04 per disc with Cinavia watermarked content included.[8]

Re:Dear Sony, I am delighted!

[ArcadeMan]

The case of a movie isn't part of the media, it can be viewed as packaging. Packs of cards do not having any license fee.

Media companies and resellers wouldn't have anything special to do this. You bring a broken/defective disc and pay for the media only. There's no customers to keep track of, no special inventory to keep.

GOP

[Thanshin]

He'll probably become a soon to be deported retroactive rapist.

You mean

[ruir]

Sony is being on the receiving end of malware for a change? The irony...

Re:You mean

Probably another SQL injection attack. They still haven't fixed their code from 2008, 2011 and 2014.

The bogeyman did it

Because what unnamed unknowns claim about themselves is inevitably true as gospel.

DMCA takedown action for abuse of GOP Hashtag

[rvw]

Can't they fight this with the DMCA or something for abusing the GOP hasthag? I bet those hackers will have shit running through their pants when they hear this!

Young man, Are you listening to me
I said, young man, what do you want to be
I said, young man, you can make real your dreams,
but you've got to know this one thing.
No man, does it all by himself
I said, young man, put your pride on the shelf
And just learn to play with the D.M.C.A.
I'm sure they can help you today

It's fun to play with the D.M.C.A.
It's fun to play with the D.M.C.A.
They have everything for young men to enjoy.
You can hang out with all the boys.
It's fun to play with the D.M.C.A.
It's fun to play with the D.M.C.A.
You can get yourself clean
You can have a good meal
You can do whatever you feel.

would prefer EA, Comcast, or Haliburton myself

good old fashioned cracker extortion. I would have prefered it happen to EA, Comcast, or Haliburton.

Seriously, what important, secret information does a film studio have, besides salary, and royalty numbers?

Re:would prefer EA, Comcast, or Haliburton myself

good old fashioned cracker extortion. I would have prefered it happen to EA, Comcast, or Haliburton.

Seriously, what important, secret information does a film studio have, besides salary, and royalty numbers?

Creative accounting. Maybe even fraudulently creative.

Re:would prefer EA, Comcast, or Haliburton myself

[v1]

Seriously, what important, secret information does a film studio have, besides salary, and royalty numbers?

Embarassing "creative accounting", heavier than expected use of offshore tax shelters and chip-shuffling, two sets of books, other illegal accounting, illegal campaign contributions, those are a lot more likely than the sort of "secrets" you're thinking of. They probably stand a lot more to lose there than from theft of R&D files.

Nowadays your accounting department needs to be the most heavily defended portion of your network, and not due to direct theft. (unless you're in the business of mining bitcoins anyway)

Re:would prefer EA, Comcast, or Haliburton myself

Seriously, what important, secret information does a film studio have, besides salary, and royalty numbers?

Embarassing "creative accounting", heavier than expected use of offshore tax shelters and chip-shuffling, two sets of books, other illegal accounting, illegal campaign contributions, those are a lot more likely than the sort of "secrets" you're thinking of. They probably stand a lot more to lose there than from theft of R&D files.

It's pretty fucked up that this above is likely the most accurate description of the very company that attacks people who perform illegal acts while using protocols like bittorrent.

We can only hope and pray that enough dirt comes out on them to make questionable P2P activity look like a lemonade stand by comparison. Fuckers.

Re:would prefer EA, Comcast, or Haliburton myself

what important, secret information does a film studio have, besides salary, and royalty numbers?

The real gross and net numbers would be my guess, having been an associate producer/performer with points in the past.

Re:would prefer EA, Comcast, or Haliburton myself

Probably future projects for the next 10 years.

Re:would prefer EA, Comcast, or Haliburton myself

[OrugTor]

Companies typically run two sets of books, one for the IRS, one for stockholders. It's legal.

Re:would prefer EA, Comcast, or Haliburton myself

[v1]

Companies typically run two sets of books, one for the IRS, one for stockholders. It's legal.

While I don't know if it's legal or not to show your shareholders fraudulent books, I do know it's illegal to try to pull on the tax man. Federal charge of "keeping books" refers to keeping two separate sets of accounting, one for tax purposes and the other being an accurate reflection of your earnings. Basically it's ironclad proof of "premeditated tax evasion".

In many ways, the EPA and IRS have more destructive authority than any other government agencies. So exposing a company's wrongdoings to either of them typically leads to catastrophic results. And you almost never get to cut a deal with them, they'll take you to the cleaners because they know they can.

Re: would prefer EA, Comcast, or Haliburton myself

It's called financial and managerial accounting. It has nothing to do with premeditated tax evasion. Everyone who has taken two semesters of accounting classes knows this.

Re:would prefer EA, Comcast, or Haliburton myself

[OrugTor]

http://blogs.cfainstitute.org/... Just read the first two paragraphs.

Business as usual

Some would say.

Already After the Deadline

It's already after the ransom deadline. Was anything released?

Re:Already After the Deadline

It's already after the ransom deadline. Was anything released?

Yes.
https://thepiratebay.se/torrent/11561038

Looking at the zip file, looks like

[mtbrandao]

Someone clicked on "photos.zip".

Re:Looking at the zip file, looks like

[mtbrandao]

Working link BTW:
https://thepiratebay.se/torrent/11561038

Re:Looking at the zip file, looks like

[KermodeBear]

What are the contents of the file, by the way? I'm not interested in grabbing it myself (I'm mildly paranoid about doing so) but I'm interested in a brief description.

Re:Looking at the zip file, looks like

[mtbrandao]

Looks like a bunch of filenames (37937165 filenames to be exact) from someone's computer(s) that work at somewhere related to games (cannot guarantee it's sony)

There are dlls, pdf reports, xls reports, docs, videos, cookie files, thumbs.db, browser cache, photos with default camera name and everything you would find on a work computer.

Re:Looking at the zip file, looks like

[ArcadeMan]

No wallet.dat file, by any chance? :p

Heart attack stuff

Hopefully the IT department have strong hearts. Employee fitness programs probably should be made part of the disaster readiness planning.

Wow ...

[gstoddart]

So, Sony isn't just incompetent and unsafe with our data, they're apparently unqualified to run an internal network?

Unbelievable.

I can't think of many instances where a company as big as Sony had to shut down all of their IT stuff on this scale.

Bummer, dudes. But, it's Sony, so I'm not feeling overly bad about it.

Re:Wow ...

It's Sony post Columbia TriStar acquisition that I couldn't give a shit about.
They deserve all the bad in the world for being such a hostile anticonsumer company. Burn in hell Sony.
Kudos to whoever did this hack.

Could not have happened to nicer folks

I guess we get to see how Sony likes root kits now.

Cognitive Dissonance

[jenningsthecat]

On the one hand, I despise extortionists, and the perpetrators ought to be hung out to dry. On the other hand, the folks at Sony arguably have engaged in extortion and fraud on a few occasions in the past, so part of me feels this is simply their just desserts. If it wasn't for the inevitable collateral damage I'd be tempted to say "let 'em all kill each other and God will sort them out".

It does seem kind of unfair that nobody at Sony was ever imprisoned for the Rootkit scandal or the OtherOS clusterfuck, whereas people behind #GOP will likely serve time in jail if they are ever caught. I guess "Corporate Immunity" is just as real in law as "Diplomatic Immunity" - 'the law' just won't openly admit it.

Re:Cognitive Dissonance

Just like i don't care when gang members kill each other, I don't care when one criminal extorts another.

Re:Cognitive Dissonance

[drinkypoo]

If it wasn't for the inevitable collateral damage I'd be tempted to say "let 'em all kill each other and God will sort them out".

Let's see, some people at Sony lose their jobs, that should happen anyway. Some Sony customers get boned, that will happen anyway. No great loss. Fuck 'em. I hope they burn. The world would be better off without today's Sony.

comcast save up for a big hack that gives people

[Joe_Dragon]

comcast save up for a big hack that gives people free tv. Starting with HBO, NHL CI, NBA LP, MLB EI, and more.

Sony Pictures?

[debrain]

Maybe they should make a movie about this.

oh goody

[slashmydots]

I really hope they don't pay!

Re:oh goody

[ArsenneLupin]

I really hope they don't pay!

I hope so too. That way, the hackers will release the files (the contents, not just the filenames), which contain enough juice to sink Sony Pictures (and possibly other parts of Sony too) for good.

And the Movie Poster Is ...

https://twitter.com/ikanowdata/status/537257039076921346

Sony can get quick cash

Sony can get quick cash (and good nerd PR) by selling Spider-Man movie rights back to Marvel. Just a thought.

Bad PR

[Anna+Merikin]

Even though I had no computer vulnerable, and I did not buy one of Sony's malware-laden Music CDs, I remember the event so clearly and strongly I still refuse to consider buying any Sony product whatsoever, including their cameras. Is there some malware hidden within those proprietary, compressed RAW image files?

So I am of two minds. I don't like the use of ransomware. And I don't like Sony. This reminds me of the old joke where the guy sees his mother-in-law drive off a cliff in his new Bentley.

Re:Bad PR

[CaptainOfSpray]

Me too. I have taken care to avoid buying any Sony product since then. And I have told plenty of people why not.

Looks like we have something to be thankful for

Happy Thanksgiving, Sony!

Disney Disc Replacement Program

[tepples]

First see if Disney offers a discount on a new copy with the exchange of a broken authentic disc. If not, a workaround is to find a decent adaptation of the same story not distributed by Disney. I can think of a half dozen versions of The Adventures of Pinocchio, and there are probably plenty of "Rapunzel" and "The Snow Queen" adaptations that aren't Tangled or Frozen. Yes, mockbusters exist; read reviews to avoid the worst. And when they get old enough, show them the other Tangled with Rachael Leigh Cook.

Re:Disney Disc Replacement Program

[kesuki]

"First see if Disney offers a discount on a new copy with the exchange of a broken authentic disc."

and disney is so going to have an amazon sized warehouse just to replace broken discs for no or low prices.

streaming is an alternative but the companies doing this need rights to content to stream it, and this means loads of cash and complex hardware to store exobytes of data and superfast internet...

compared to making a HTPC that plays video containers made from dvds is better. they only need a usb wireless keyboard/mouse which is cheap to replace when they break it, and for under $300 you can build a multi terrabyte htpc that will use all open source (handbrake to rip, vlc or mplayer or insert software package here to play) and since you are using open source there is no worry about it being defective by design like a ps3 etc. i don't know if the interface to a linux htpc is child friendly haven't had a chance to build one yet, but worst case they ask you for a movie and you play it for them til they are old enough to do it themselves. this is why you have a legal right to make backups. even if the same software can be used to pirate movies. they don't ban gun ownership everywhere and even when they do the criminals still get the guns so legal movie ripping is better than dystopian efforts to regulate backups into non existence for the corporate profit machine...

You don't know what Troll means, kid

[drinkypoo]

When I say something like this, I mean it. Yes, there would be a temporary disturbance (in the force?) if Sony went under tomorrow. But the world would eventually be a better place for it. Same with most corporations, honestly.

Flamebait means what you think I was doing, which also isn't what I was doing. Trolling is making shit up to make people angry. I was expressing heartfelt beliefs. I know many here agree with me. But I guess you're still humping your PS4

How do WE fight this?

[vlueboy]

Ransomware sometimes uses TOR to avoid detection and serious encryption that no techie can undo. I am starting to get really worried that ransomware will become as common as IE-hijacking browser toolbars. It is easy money. This will be a huge problem. I'm even went through the trouble of logging in to ask how we can fight to nullify ransomware.

1 employee inside our company saw some form of ransomware a year ago. I'm sure he lost all the business data. We are not the NSA and therefore can't decrypt it after purging the "virus" exe without the private key on their servers... period. Most random people online do not realize this, from the desperate forum posts I find.

When ransomware has all your local documents for work encrypted, you will have enough motive to pay the 500 Euros to Cryptolocker and Cryptowall 2.0. Backups are rarely if ever applied on homes and laptops. Laptops are a huge business driver, and the above employee was using one. I hear from forums that sometimes ransomware snags your *shared* network drives, so you lose gigs of crucial data.

Now, most of us still haven't been affected, thankfully. Let's speak from a point of view of "how do I keep this from ever becoming a reality?" What's best?
- Backups? We will get hit. Same as spyware hits the most conscientious of users. Does anyone know of an OSS backup where you can "hide" the target USB drive or partition from the user (so the ransomware won't just up and pave it over along with the My Documents, Desktop, D:, Local network drive targets)
- Prevention: Do we double up on freeware options despite the performance penalty? (malwarebytes, Windows defender or whatever it's called today)
- "Shadow files" apparently get saved automatically on Windows 7 (don't know if you need to have paid for Ultimate like I did). This is great because you can revert an encrypted document, but Windows' GUI isn't equipped to fix files en-masse and utilities are required. The one I saw still gave you some cumbersome folder GUI that wasn't as easy as "revert all in this folder". Are there any savvy things out there to make this easier? I haven't explored Time Machine for MacOS. And this is windows

This is my Scientific Linux box. Much ransoming won't be happening here, but one of my neighbors got hit a few weeks ago on Windows, despite running some form of protection. I heard of one other person who apparently lost files, but I haven't personally confirmed what hit them.

-vlueboy

Re:How do WE fight this?

[WuphonsReach]

Using rdiff-backup, rsnapshot or rsync across the LAN via SSH in a "pull" configuration is the safest. The server pulls the files from the client PC. Alternately, you could do the above in a push configuration and limit where the origin PC can write to on the backup server. Even in a "push" configuration, I don't know of any malware currently capable of figuring out that there is an rdiff-backup script which stores data on a different server.

The server then sends files to tape / disk / offsite.

Basically - you need to have a centralized backup solution with multi-generation removable media.

For immediate restores, you pull the files back off the backup server. The next level after that is pulling files off of removable media which has been kept offsite or disconnected.

Re:How do WE fight this?

[AK+Marc]

Does anyone know of an OSS backup where you can "hide" the target USB drive or partition from the user (so the ransomware won't just up and pave it over along with the My Documents, Desktop, D:, Local network drive targets)

Not OSS, but every major commercial package will allow remotely-triggered backups. Your server (no shares, the user can't get there) kicks off the backup, and pulls the data to it. Secure, and not shared on the network. I'm sure OSS would have something to do that, as that's the standard architecture for all commercial backups. Only the home backups are simple copy backups triggered from the end user.

Will Sony pony ...

[CaptainDork]

... up for some security?

Actually, I think this is an inside job where admin access was given to an outsider.

What kind of IT department does Sony run?

[Rinikusu]

No offense to the actual IT workers at Sony, as I'm sure their hands are as tied as management allows, but it does make me wonder how this kind of shit gets through IT and not only infects one office, but nationwide, without garnering any attention from the IT pros getting paid to stop things like this?

Re:What kind of IT department does Sony run?

[Areyoukiddingme]

No offense to the actual IT workers at Sony, as I'm sure their hands are as tied as management allows, but it does make me wonder how this kind of shit gets through IT and not only infects one office, but nationwide, without garnering any attention from the IT pros getting paid to stop things like this?

Easy. By being targeted, Stuxnet style. They knew what IP blocks Sony Pictures uses, and it's quite easy to find machines on a local LAN and stay within it, and Sony is no doubt like most large corporations and links their offices via VPN, so machines at every location also look like the local LAN, so the worm can spread itself to everything it sees. And it can do so quietly. It doesn't have to make a lot of noise to do it. No excessive CPU usage, no excessive network traffic, no nonfunctioning services. It can grow and grow and grow, just as long as it doesn't disturb anything. Most Windows users never look at their process list, and even those who do could miss something with an innocuous sounding name.

And when it determines that it has infected everything it can reach, it contacts its command & control servers, again with innocuous traffic to innocuous looking IP addresses/domain names, and informs its creator that it's ready. The creator picks the time and hits the button, and it triggers its payload. And Sony is shut down for days. Now the worm is in aggressive mode, since it's out from under cover, so it will use all resources at its disposal (Sony's entire network) to keep itself intact and maintain control of the systems. It will aggressively scan for new systems coming online and aggressively try to take them over as quickly as possible. Hence the total shutdown. They're trying to scrape it out of their systems, so they have to disable its ability to reinfect. If they miss even one live instance, odds are good it will promptly reinvade all the freshly installed machines. It's a war. Sony should eventually win it, since it's their home ground and they therefore have physical control of the machines, but that's the only reason. Depending on which cloud services they're using and how, it could come right back in again. It could be a long war.

This screws over a bunch of film workers

This impacts everyone who has worked at Sony Pictures in the last decade since a lot of HR data is listed in that file.

Form what I could find [I work in VFX so I was looking for particulars to see how I was impacted]

If you worked for Imageworks or the SP Animation division at any point in the past 10 years, all of your personal data is at risk including:

-Pay stubs
-Job offer letters
-Contracts
-Work visa data
-Performance review
-etc

Files are listed by first name/last name usually with an extension related to the above data.

My stuff was listed there as well as many of my co-workers who now don't even work at Sony anymore.

Sucks.

I'm glad I don't work at Sony

[sentiblue]

Couple years ago I interviewed at SOE (Sony Online Entertainment) in San Diego... I chose not to work for them simply because they were being hammered by Anonymous about the fact that Sony was taking legal actions against a 17 year old for jailbreaking their PS....

Now this... Boy I'm glad I'm not a Sony employee... looks like they've been making lots of enemies with the general public and now it's the time that everything pays back... I want them to be able to recover and keep offering employment ... but at the same time, I want them to stop being such mean and hateful to people who are able to crack the PS devices... or whatever other devices they make... Jailbreaking is legal remember?

couldn't happen to a bigger bunch of assholes

SEE I told you Skylinux, we actually needed those telephone sanitizers.
Well, a few of them...

for the simpsons fans...

Ha ha

SONY deserves whatever bad happens to it.

I'll never forget or forgive SONY for the root kit fiasco they
perpetrated.

I'll never forget or forgive SONY for abruptly leaving the PDA
market without giving any warning to customers.

Fuck SONY with a rusty meathook.

Re:SONY deserves whatever bad happens to it.

And let us not forget their high-end DVD and Blue-Ray players which wouldn't read DVD-R, DVD+R or any other form of burned media, because.... piracy.