Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Sony Pictures Hack Was Even Worse Than Everyone Thought

Posted by samzenpus on from the not-looking-good dept.

An anonymous reader writes with today's installment of Sony hack news. "It's time to take a moment of silence for Sony Pictures, because more startling revelations about leaked information just came out and employees are starting to panic. BuzzFeed raked through some 40 gigabytes of data and found everything from medical records to unreleased scripts. This is probably the worst corporate hack in history. Meanwhile, Fusion's Kevin Roose is reporting on what exactly happened at Sony Pictures when the hack went down. The hack was evidently so extensive that even the company gym had to shut down. And once the hackers started releasing the data, people started 'freaking out,' one employee said. That saddest part about all of this is that the very worst is probably still to come. Hackers say they stole 100 terabytes of data in total. If only 40 gigabytes contained all of this damning information, just imagine what 100 terabytes contains."

14 of 528 comments (clear)

  1. Over what time interval? by man_ls · · Score: 5, Insightful

    How long was the attack taking place? What kind of Internet connection does Sony Pictures have? To ex-filtrate 100 TB of data is going to take a while, no matter how you cut it. My guess is that number is significantly inflated.

    1. Re:Over what time interval? by durrr · · Score: 4, Insightful

      If you hit a server or many of them you'll get a fair bit better speed than if you hit a private person with american public tire shitternet. And as long as you're no detected it really doesn't matter if it takes 24 hours or 100 days.

    2. Re:Over what time interval? by JMJimmy · · Score: 5, Insightful

      The big question is, how did they not notice that much data going out regardless of time frame.

    3. Re: Over what time interval? by ColdWetDog · · Score: 5, Insightful

      This. And consider that it may well have been taken out on a bunch of physical drives rather than the Internet. Pretty much everyone is saying this has some component of physical access - likely from a disgruntled employee. If the person or persons downloaded a couple of hundred GB every day to some hard drives, likely no one would notice. So it likely didn't happen all at once.

      IF this is true, it makes the timing suspicious for NK involvement. If this had been ongoing for say, 6 months, it was well before the Kim could get his panties in a bunch over the Interview. But what do I know?

      --
      Faster! Faster! Faster would be better!
  2. Sad? Saddest? by rubycodez · · Score: 5, Insightful

    So Sony with its rookits and DRM get owned. Good. How does it feel, Sony? How does it feel?

    Hope this causes massive losses for them and horrors for its employees.

    1. Re:Sad? Saddest? by DigitAl56K · · Score: 4, Insightful

      Bearing a grudge against a company for the decisions of it's higher-ups is one thing, wishing horrors upon the majority of employees who are probably everyday folk earning a living - many probably sharing your view on the matter of the rootkit saga - might be going a little too far...

    2. Re: Sad? Saddest? by Anonymous Coward · · Score: 2, Insightful

      No fuck that. Fuck the higher ups and every step of the ladder that supports them. They are all responsible.

    3. Re: Sad? Saddest? by Anonymous Coward · · Score: 3, Insightful

      No. By that logic we are responsible for the governments actions in all things, because we support them. Fuck the NSA, fuck the pentagon, fuck the whitehouse. I don't care. Lay a hand on Snowden, lay a hand on the soldiers, lay a on the housekeepers; then we have a problem. You and I would come to blows if we met IRL, simply because you are a reprehensible prick who can't figure out that people do what they have to for their families, and that you cannot use the crimes of a few to condemn many.
      Say that to the face of the children of employees, even the janitors and security guards. Say that to the spouses whom now may have to face a nightmare.

    4. Re:Sad? Saddest? by AbRASiON · · Score: 3, Insightful

      Really, a rootkit done once, a decade ago by some idiot in Sony music? Massive losses, more jobs lost, more people out of work, this economy even worse.

      Hopefully they fix their security, behave better as a company and no one loses jobs, Hopefully idiot posts like yours don't come to fruition either.

  3. Re:... Everything? by FatLittleMonkey · · Score: 4, Insightful

    If they got the accounts system, (which seems likely, given that Sony seems to have put every subsystem on the same network, employee medical records on the same network as raw film files) then any electronic receipt for purchase of items for office lunch rooms could include the model numbers for the sinks.

    --
    Science is all about firing a drunk pig out of a cannon just to see what happens.
  4. Re:Lawsuits and Patents by arth1 · · Score: 3, Insightful

    Plus Patents. Sony files THOUSANDS of patents a year. If that patent information (or research that could be patented) is published to the wild before SONY patents it, you have a LOT of new prior art and a fortune in IP at risk... SONY would have to patent everything within a year in the US; I am not sure that you even have that grace period everywhere else.

    I think you confuse Sony Pictures with Sony Corporation.

    The former is unlikely to have a lot of patents, except for things like camera gimbals or ways to strip and reattach continuity reports to digital footage.

  5. Re:Lawsuits and Patents by sjames · · Score: 5, Insightful

    The real risk to Sony Pictures is having the real books behind the Hollywood accounting revealed.

  6. Can't avoid medical records by Green+Salad · · Score: 5, Insightful

    I employ people in the USA in small IT and EE/IC specialty design shops. Most expert-level employees seem to come with white or grey hair. One of my IT geeks is a "MT Dew Diabetic." Avoiding the maintenance of medical records is simply not an option in the USA, given our laws and court rulings. We have to comply with ADA (Americans with Disabilities Act), keep records of workman's comp medical restrictions, including very specific information, on what an employee may and may not do as well as provide emergency information to first responders. While often inconvenient, these are requirements I cannot avoid. Some of my employees have medical conditions (heart conditions, organ replacement, severe allergies, diabetes, unusual prescriptions of controlled sumstances, etc.) that they want known and available to first responders showing up at the office if they collapse clutching their heart or go into a sugar coma. Complicating this, if one of your customers is a Federal agency or Defense, you must, by law, have a "zero tolerance policy" for controlled substances. All this requires records to prove or excuse. For government accusations, corporations are "effectively guilty" until they prove themselves innocent with appropriate record keeping. Making this even more difficult, USA court rulings say we're also not allowed to store this information in their personal files, but must keep it in a separate, access controlled file, otherwise we could get sued if that person missed a pay raise or promotion because it was available to anyone reviewing their service and discipline records. The separate files seem silly when the teams are small enough that everyone knows each other very well anyway. Also, what if the employee who first greets the medics from the ambulance don't have easy access the secured medical files? Isn't that an even worse problem? Sued if you do. Sued if you don't. Sued if you didn't do it the nuanced way a team of $300/hr attorneys thinks you should have half-way done it. Nuisance suits are common in the USA.

    As a practical matter, a lot of valuable talent is not healthy. Many experts are experts because they have been at a speciality for 30-60yrs. If you have an employee that has an epileptic seizure, you don't want the rest of the team to stand there confused and gawking. You want them to recognize it and intervening to protect that individual's head and spine from injury. I had an employee with mental health issues under the care of a psychiatrist. While she was physically 100% capable (she was young and athletic) yet she was restricted from certain emotionally triggering situations. You want their supervisor trained know what those are and how to avoid it. You want a written record, periodically refreshed, that her supervisor knows and understands. You could say "I don't want to deal with that" but then you lose out on some great talent. Imagine a physics institute that didn't want to deal with maintaining medical records for Stephan Hawking.

  7. Re: ... Everything? by Bert64 · · Score: 4, Insightful

    Chances are they do have high bandwidth links for copying high resolution video files around, and that pipe will not be fully utilised all the time, there would be plenty of downtime when there was a lot of bandwidth available for exfiltrating data, and because high bandwidth usage is not uncommon it could easily go unnoticed. It doesn't matter if it takes a long time, so long as it hasn't been noticed you can sit on there for weeks or months gradually copying stuff.

    Also in one of the other stories about this hack i read that they had access for over a year.

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!