Sony Employees Receive Email Threat From Hackers: 'Your Family Will Be In Danger

MojoKid writes: Things are going from bad to worse when it comes to the recent Sony Pictures Entertainment breach. Not only has sensitive financial information been released — including the salaries of high-ranking Sony executives — but more damaging personal information including 47,000 Social Security numbers of employees and actors have been leaked to the internet. We're now learning some even more disturbing details, unfortunately. Guardians of Peace (GOP), the hackers claiming responsibility for infiltrating Sony's computer network, are now threatening to harm the families of Sony employees. GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger."

That Word

Guardians of Peace (GOP) [...] are now threatening to harm the families of Sony employees.

You keep using that word. I don't think it means what you think it means.

Re:That Word

kind of like 'democratizing'

Re:That Word

[pushing-robot]

They keep it from breaking out.

Re:That Word

[myowntrueself]

Guardians of Peace (GOP) [...] are now threatening to harm the families of Sony employees.

You keep using that word. I don't think it means what you think it means.

In the context of Islam, as in 'Islam is a religion of peace', the word 'peace' means 'not struggling against the will of Allah'.

So no, it probably doesn't mean what most people (native speakers of English) think it means.

Re:That Word

[dAzED1]

Um, I don't if you're aware, but Islam didn't invent English. The word you're describing is "submission" or perhaps "conformity." "Peace" means, in English, what it means - Islam doesn't get to define that.

Re:That Word

[bsolar]

But it gets to use an English term in misleading way, which is good to point out. An English speaker familiar with the proper meaning of "peace" would likely misunderstand.

Re:That Word

Um, I don't if you're aware, but Islam didn't invent English. The word you're describing is "submission" or perhaps "conformity." "Peace" means, in English, what it means - Islam doesn't get to define that.

It's similar to what the Communists did. They were advocates of World Peace*

*War until everyone is unified under communism, at which point there will be peace.

Re:That Word

Religion of Peace != Not struggling against the will of Allah. Not by the more obvious interpretations. If they wanted to convey that they need to stick a few more words in (Religion of Peace with Allah etc).

Re:That Word

Well if they really are North Korea they have already gone full Orwell.

Re:That Word

You will note that it is extremely common for English speakers to use a word whilst meaning at best the exact opposite, or at worst a completely different thing. Such as Ironically, Irregardless, Literally, etc. The mistaken meanings are now standard definitions of the word. Muslims are more than capable of redefining a word within their own group.

Re:That Word

[dAzED1]

the English speaker isn't misunderstanding, they're being intentionally misled. That is a very big difference. They are perfectly understanding the intended message.

Re: That Word

That's some badass theory.

Re: That Word

Sarcasm isn't redefinition

Re:That Word

Guardians of Peace (GOP) [...] are now threatening to harm the families of Sony employees.

You keep using that word. I don't think it means what you think it means.

In the context of Islam, as in 'Islam is a religion of peace', the word 'peace' means 'not struggling against the will of Allah'.

So no, it probably doesn't mean what most people (native speakers of English) think it means.

hmmm what is the will of Allah?

Kill all that don't serve Allah
So fight them until there is no more infidels and all submit to the religion of Allah alone. Surah 8:39
O Prophet, urge the faithful to fight. If there are twenty among you with determination they will vanquish two hundred; if there are a hundred then they will slaughter a thousand unbelievers, for the infidels are a people devoid of understanding. Surah 8:65
Fight and kill the disbelievers wherever you find them, take them captive, harass them, lie in wait and ambush them using every stratagem of war. Surah 9:5
Kill All Dogs and Pigs
Angels do not enter a house witch has either a dog or a picture in it. Hadith 4:539
Allah declares that all dogs must die, they are despised in my sight as swine are Hadith 4:540
Sex slaves are allowed
Also women already married, except those whom your right hands possess.[right hand = sex slaves] Thus has Allah ordained for you. All others are lawful, provided you seek them from your property, desiring chastity, not fornication. So with those among them whom you have enjoyed, give them their required due, but if you agree mutually after the requirement (has been determined), there is no sin on you. Surely, Allah is Ever All-Knowing, All-Wise. Surah 4:24 ( http://www.wikiislam.net/wiki/... ) According to Qur'an 23:6, Qur'an 33:50, Qur'an 33:52, and Qur'an 70:30 a Muslim man is considered "chaste" so long as he only has sex with his wives (of whom he may have up to four) and his right-hand possessions (female captives/slaves). An unmarried Muslim man who has sex with his slave girl is still considered to be "chaste" by Islamic standards

Re:That Word

It's just another reason I hat the GOP and Fox News.

Re:That Word

[the_povinator]

Islam does not really mean peace, it means submission (in Arabic). Salam, from the same Arabic root, means peace. The statement that "Islam means peace" is not something that all Muslims would agree with, it's simply something that people say when being politically correct about Islam. It's silly of course, when it's just about the least peaceful religion imaginable.

Re:That Word

[Paradise+Pete]

You will note that it is extremely common for English speakers to use a word whilst meaning at best the exact opposite

True, but just don't ever say "I could care less" or you'll have fifty people "correcting" you, no matter how sarcastic you meant it to be.

Re:That Word

[smallfries]

This is where modern etiquette seems to become so tricky. So when somebody uses that phrase I should correct them and say "Don't you mean Islam is a religion of slaves?".

Re:That Word

I can easily imagine less peaceful religions. Maybe it's your imagination that's lacking.

Re:That Word

Islam does not really mean peace, it means submission (in Arabic). Salam, from the same Arabic root, means peace. The statement that "Islam means peace" is not something that all Muslims would agree with, it's simply something that people say when being politically correct about Islam. It's silly of course, when it's just about the least peaceful religion imaginable.

If you look at history (and for good measure add in US and Israel today), isn't Christianity the least peaceful religion?

Re: That Word

Muslim here. Most of the above "references" are total fabrications, and the few that aren't are taken waaaay out of context.

Re:That Word

[rvw]

Um, I don't if you're aware, but Islam didn't invent English. The word you're describing is "submission" or perhaps "conformity." "Peace" means, in English, what it means - Islam doesn't get to define that.

But it gets to use an English term in misleading way, which is good to point out. An English speaker familiar with the proper meaning of "peace" would likely misunderstand.

the English speaker isn't misunderstanding, they're being intentionally misled. That is a very big difference. They are perfectly understanding the intended message.

Is this an example of Orwellian language or Doublespeak - saying the opposite of what you mean, to confuse your audience? If so, once you know it, you know the weak spot in their reasoning.

Re:That Word

[walterbyrd]

Christians do kill, but not for the cause of Christianity. It is a subtle, but important difference.

Muslims kill people to force submission to Islam. We do not see that with modern Christianity.

Disclosure: I am an atheist, and I have no use for either religion.

Re:That Word

[cyberchondriac]

I believe "submission" is a pretty accurate synonym here to "peace". They submit themselves to Allah, thus achieving "peace".
To me, personally, that's kind of the same sense of peace that slaves have though, via abdicating (or being denied) their free will. And in most of the islamic cultures, becoming an apostate has extremely serious consequences, so "slave" is not, IMO, a particularly inflammatory exaggeration. Way too many rules and restrictions.

Re:That Word

What are you? 12?

Re:That Word

[SpeZek]

Respectfully disagree; see abortion clinic bombings for murder as an expression of Christian faith.

Re:That Word

Disrespectfully disagree; see the rest of the world current events. Then for extra credit actually see what Muhammad did, said, and required others to do. For bonus, find out why so many Muslims name themselves after Muhammad.

Re:That Word

the English speaker isn't misunderstanding, they're being intentionally misled. That is a very big difference. They are perfectly understanding the intended message.

I wouldn't of argued with you from the start. What is wrong with them nay sayers?

Re: Syriuslee

In soviet Russia, Sony threatens you!

Agenda?

What is their motivation against Sony Pictures? Those "hackers" seem like monsters who just want to see Sony burn. What a bunch of soulless dickheads.

Re:Agenda?

[maugle]

Wanting to see Sony burn is a perfectly legitimate goal, but threatening the safety of average employees and their families is several steps over the line.

Re:Agenda?

[aliquis]

Wasn't the idea that Sony would release some Movie about the leadership or whatever in North Korea?

And these "Peace" guardians likely want to preserve the leadership of NK.

Re:Agenda?

Has it been verified that this attack originates from North Korea?

Re:Agenda?

I think they were threatened and told to repent for their sins working for Sony or suffer more data leaks. lol

Re:Agenda?

[future+assassin]

Are those emails legit or fake? Well what better way to reverse this from a super embarrassment for Sony and corporate world to "them hackers are gonna kill us" and make the hackers look even worse and dangerous. Next we'll see the words Anti Corporate Terrorists used.

>GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger."

Yah, those bad grammar homicidal hackers.

Re:Agenda?

[Starport]

If I had modpoints, id mod you up seriously on that one. japanese workers dont have the choice of "following orders". its that or their job/face/life/family. unless you understand japanese culture to some extent, it is likely that this will just go over your head. screwing up as a worker, is intolerable. as a manager, it is your fault if a subordinant screws up, and you take the rap for it, so you make bloody sure that the subordinant s dont screw up, by any means, and if it still happens, you loose face, and that can very well kill your career and any future prospects. no wonder the suicide rate is so high in japan. the last thing the ordinary workers need, is this kind of shit...

Re:Agenda?

So if Sony burned who do you think would get hurt the most? Maybe the average employees and their families?

Re:Agenda?

[Maxo-Texas]

Anyone can send an email. I'm not sure how they know for certain gop sent the email and not some random 13 year old with bad english skills.

It would certainly be a great way to discredit gop too. Just have someone send an over the line email claiming to be gop. The fbi, a private contractor, etc.

Re:Agenda?

"Those "hackers" seem like monsters who just want to see Sony burn"

Just like 90% of the posters on this and other similar websites, n'est-ce pas?

Re:Agenda?

[sumdumass]

Welcome to the world of terrorism where attacking innocent civilians in order to influence the actions of others (usually for political causes) is the key to victory.

Yeah, that's right, I went ahead and said it. I'll also save the idiots the trouble and post one man's terrorist is another's freedom fighter and when you don't have to size and money to play fair, not playing fair becomes the fairest option.

There we go. Got it all out of the way.

Re:Agenda?

[hey!]

True, law enforcement has to take this seriously, but if I received such a threat I wouldn't worry too much about it. It's basic trollish behavior. Hey look at ME! Pay attention to MEEE!

These guys aren't terrorists, or even violent criminals. They aren't even hacktivists. They're script kiddies who want to see their name -- or at least their pseudonym -- in the media.

They're pathetic, but they'll get their fifteen minutes of pseudo-fame because of the almost equally pathetic obsession the media has with the celebrities. Now in my career I have had certain times been privvy to datasets that included confidential information about celebrities. Did I do anything with that information? Did I even *look* at it closely? No, because I'm not miserable little wretch who gets a thrill out of being connected, no matter how, to a celebrity. The barista who pulls my espresso shot is more significant to me than Sylvester Stallone will ever be, and if I ever threaten someone it'll be up close and personal, not be email.

Re:Agenda?

[fhage]

Are those emails legit or fake? Well what better way to reverse this from a super embarrassment for Sony and corporate world to "them hackers are gonna kill us" and make the hackers look even worse and dangerous. Next we'll see the words Anti Corporate Terrorists used.

Those are false flag emails, designed to elicit outrage in the real attackers so they might identify themselves.

Remember, almost everything we hear about the hackers comes via Sony, filtered through the media. It's all theater at this point. Pretty good stuff too. Enjoy.

Re:Agenda?

Someone who thinks breaching private servers and leaking information is 'okay' probably doesn't care much about peoples lives either, to be frank.

Re:Agenda?

[Cederic]

They're script kiddies

No. Not by any definition of that term I've ever seen used.

You don't know who they are, or what they're prepared to do. We don't even know if the emails are from the same group that perpetrated the data breach.

That group though need to be taken seriously. They're not script kiddies, not even close.

Re: Agenda?

You missed "for the children", " peace through surveillance ", " too big to fail", and "bend over".

Re:Agenda?

[JeffElkins]

Sony produced a picture "The Interview" http://www.imdb.com/title/tt27... where two tmz-like "journalists" score an interview with fan Kim Jong-un, but the CIA wants them to asassinate him instead. DPRK is supposedly way pissed, asked Sony to dump the picture, sony says hell no, and here we are.

Re:Agenda?

"Wanting to see Sony burn is a perfectly legitimate goal, but threatening the safety of average employees and their families is several steps over the line."

Sounds like how Israel will go destroy the homes of a suicide bomber's family, even after the bomber is dead.

Re:Agenda?

[firex726]

Hyperbole much?

Yes, a lawyer suing a fan project to protect a trademark may be shitty PR; but it hardly compares to the Nazis and Nuremberg.

Re:Agenda?

No, more like how the Jordanians salted the earth to drive the Palestinians out of their land when they genocidally attacked them.

Re:Agenda?

[hey!]

They're not script kiddies, not even close.

So some people *say*, but I haven't seen any information that points to exotic skills. I'm not saying Destover itself doesn't contain some sophisticated techniques, but what it *does* is crude, drama queen stuff.

Re: Agenda?

You must be Jewish, because the tactic of deflecting criticism by throwing in tangential facts is a proud Jewish tradition.

Re:Agenda?

[CanEHdian]

Sony hired FireEye (where In-Q-Tel is a major investor) which since Dec 2013 owns Mandiant. The latter and it's operations features prominently in the HBGary emails from a couple of years ago. I wouldn't put it past any of them to carry out a false flag operation, at the expense of the Sony employees (compare to the "hit me, hit me hard" to lamely cover up letting a prisoner escape) to try and draw out the GOP.

GOP is also doing nobody a favour, if they did, by releasing a couple of pre-release movies. That makes Sony the legitimate victim. Releasing documents, on the other hand, that show dirty backstabbing, expose lies, and otherwise shed some light at the secretive goings-on of a major Copyright MAFIAA member makes Sony the perp.

Don't forget, the keyword of the 2010s is Victimship. The art of making yourself look like the victim. It's not really new, as burglars that were caught in the act and became good acquintances with the homeowner's baseball bat always did this.

Uh, so?

I'm really disappointed that this sensationalist crap is considered news. I would completely ignore these, as with most anonymous clowns who are trying to tie together the feeble threads of corporate responsibility to physical violence. It doesn't happen and there is no credible danger. Quit giving these nutjobs a platform.

I have a radical idea

How about you create some sort of legal framework where security researchers, from large companies or individuals, can get authorised to pen test whatever they feel like and report their findings without fear of prosecution? Maybe then the Internet will be safer, because the targets might have to actually fix their shit instead of yelling "hacker" while still keeping their heads up their asses.

This is asinine

[The+Grim+Reefer]

I realize that Sony has done some extremely dickish things, And they should have learned, as a company, about the importance of security after the PSN debacle. But even so, this is asinine behavior on the part of whoever is making these threats.

Re:This is asinine

Whoever did this is probably very ronery.

Re:This is asinine

Were they not using OpenBSD on their networks?

Re:This is asinine

Well, perhaps GOP really stands for Guardians Of PSN.

Re:This is asinine

It's also not very peaceful, which should come as no surprise from a group called "Guardians of Peace."

Re:This is asinine

I'll say it's asinine.

I'm pissed that they couldn't attack Comcast.

Re: This is asinine

Well you are very racist!

Re:This is asinine

It's also not very peaceful, which should come as no surprise from a group called "Guardians of Peace."

That was a spelling mistake. The meant "Guardians of Piece".

Re:This is asinine

Not really, this is just outright war against the company. Damaging corporate releases including trade secrets and operational information. Attack the employees, drive them away. It'll be interesting to see how much damage they can do to the company as a whole and how Sony intends to continue operating after this. I don't think they have any credibility left.

It sucks to be an employee there right now but let's face it...everyone faces the threat of identity theft every single day. Anyone that has a credit card and shops anywhere is at risk. All companies collect all data they can because there's no penalty for doing it (there's no Data Protection Act here). There are no penalties for losing control of that data. These companies put all of us at risk every day via arrogance, greed, incompetence and negligence.

Re: This is asinine

[Guy+Harris]

Well you are very racist!

Methinks somebody is alluding to a certain movie and a certain other movie about the country currently ruled by the son of the character who sung a certain song in that other movie.

Re: This is asinine

You mean Simon Webbe with a 'e'.

Re: This is asinine

No, it's about Ethics in Internet Trollism...

Re: This is asinine

[AmiMoJo]

The stupid thing about that song is that Koreans can say the "L" sound perfectly well. They confused Korea with Japan. A lot of people seem to think that Chinese people can't say L either.

Re:This is asinine

[Spy+Handler]

Well, North Korea is known to display asinine behavior. Such as abducting Japanese and S. korean citizens and forcing them to work in N. Korea. And blowing up S. Korean airliners with bombs.

Lesson for Sony and anyone else: if a nation- state threatens you personally by name, take it seriously. Even if it's a poor backward nation like N. Korea. It's still a nation state with its own armed forces and intelligence agents.

Re: This is asinine

He laces shoes for a living? How does the "very" apply?

Re: This is asinine

I doubt that was accidental. That seems like exactly the kind of meta-humor Trey Parker would engage in.

Re: This is asinine

I have dialogued in English with Koreans who learned English as their second language. They often confuse L and R. They can make either sound just fine; they just get confused about when to use which.

And yes, Koreans do, in fact, commonly do this. Japanese as well; but it is the same deal. They can make the sound just fine (with a little practice). They just have trouble remembering when.

Re:This is asinine

[kylemonger]

You can't know its asisnine until you know what their objective is. If their objective is to get the FBI to kick in the door of everyone who Bittorrented those files or otherwise overreact, then making those threats wasn't asinine at all.

Re:This is asinine

[rtb61]

Most likely behaviour here from the description is they are scattering information across to internet to script kiddies in order to create a flurry of activity which they can use to obscure the trail back to them for past and future actions.

Re: This is asinine

As someone that knows Japanese and Korean moderately well I can confirm this to be true.

There are loan words in Japanese for example that showcase this. For a example salad in Japanese may be heard as "sarada" and restaurant may be heard as "lestoran."

The l/r is hard to distinguish when heard if you are a native English speaker simply because of how they pronounce it.

Re: This is asinine

[Pikoro]

I've found that you can safely replace the L or R sound when speaking Japanese, with a D sound and you'll be close enough.

Re: This is asinine

My wife, a Korean, had been speaking English for 5 years before we met and back then she often confused her L and R. And in the 10 years we've been married she has steadily improved. These days she only makes an L/R switcheroo if she's tired :-)

Yes slashdotters, you too can have a hot Korean wife :-)

Re:This is asinine

[cyberchondriac]

Kind of like any country whose name begins with "Democratic Republic of .." is not remotely either democratic or a republic.

I heard that this was about...

ethics in game journalism.

Re:I heard that this was about...

[techno-vampire]

Ethics and journalism do not belong in the same sentence without negation, e.g., "There is no ethics in journalism."

Re:I heard that this was about...

I was about to make a joke along the lines of "I wonder how we can pin this on GamerGate too! LOLZ", but I see your stupidity has already caught up.

Re:I heard that this was about...

Ethics in Game Journalism is so 2 weeks ago... this is about Ethics in Film Criticism. Complete with death threats and everything.

Re:I heard that this was about...

[ubrgeek]

Oh bullshit. So long as you don't preface the word with "yellow" there is plenty of ethics in journalism. The issue is that there's very little in the news business - or more accurately, "the business of news." In the vast majority of cases, reporters receive their assignments from editors who receive "guidance" from their editors who, in turn, receive their marching orders from company/corporate owners (who in turn receive them from stockholders). Now I think it can be argued that there's a difference between "journalists" and "reporters" but that argument goes both ways: In effect all journalists should be "reporters" in that they report whatever has/is occurred/occurring. On the flip side both journalists and reporters want one thing: The big story, either for lofty ideals or to get promoted to a higher-ranking position.

How good are the cops?

[RichMan]

So now we get to see how powerful the FBI and Japanese equivalent are at actually tracking down cyber criminals.

Re:How good are the cops?

[93+Escort+Wagon]

It may take a while - that's a lot of basement-dwellers to sift through...

Re:How good are the cops?

[ArcadeMan]

If Anime is any indication, the Japanese equivalent of the FBI should be at least three or four decades ahead in terms of technology... and have much sexier female agents as well as powerful mechas that almost act like household pets but with cute voices.

Re:How good are the cops?

[Charliemopps]

So now we get to see how powerful the FBI and Japanese equivalent are at actually tracking down cyber criminals.

The group pretty much already identified itself. There's no real investigation needed to figure it out.

Re:How good are the cops?

The group pretty much already identified itself. There's no real investigation needed to figure it out.

Also I, known on Slashdot as Charliemopps, was Jack the Ripper. Cops,come and get me.

Re:How good are the cops?

Wait. So now Slashdotters WANT the cops to catch hackers? Aren't hackers guardians of the Universe and Everything, the Force, and all things Good and Right in the world?

I like totally have a headache, dudebros...

Re:How good are the cops?

SONY Corp are criminally asymptotic.

Re:How good are the cops?

[steelfood]

In a plot twist, they are both one and the same.

Re:How good are the cops?

[sumdumass]

I don't think that was a statement about wanting to see hackers caught. It was a statement that now that something big and powerful who finally has the influence that everybody else seems to lack is hurt, we might see the real abilities of some agencies.

Its as if sarcasm was being deployed to suggest that they have not been trying when the rest of us peons suffer the fate of hackers.

Re:How good are the cops?

[CanEHdian]

Heh, nobody can stand against the mighty #GOP... except #TJR The Justice Riders! (Where "a pro-Union posse of diverse multinationals" is particulary apt.)

Re:How good are the cops?

Heh, also it's asymptomatic, as in not showing symptoms.

Re:How good are the cops?

[Charliemopps]

How do fucking morons get mod-points?
http://variety.com/2014/film/n...

Is there any question who did this at all?

If I were SONY...

[Etherwalk]

I would be seriously tempted to both lobby for and bankroll offensive cyber-operations against North Korea. (Lobby for ones on the public dime from every country where SONY has a sizeable presence; bankroll one from some country where it's legal.)

Whether through cyberoperations or plain old believable threats, SONY has to come up with a way to show North Korea (or perhaps independent actors in North Korea) that there's a penalty for this kind of behavior. So does the developed world generally--attacks like this cost a fortune in productivity and potentially lost jobs, and reputation. SONY is in a better position to recover than many businesses (notably in the financial or legal sectors, where the loss of trust could be fatal), but even so.

Re:If I were SONY...

Is it actually being attacked by north korea? If i were to do this, i'd compromise somebody else's computer and attack from there. Jumping to conclusions is much more fun though.

Re:If I were SONY...

[vomitology]

Yes, because corporate-funded (cyber-)terrorism against a soveriegn nation has *no* potential down sides, right? ( :

Re:If I were SONY...

[Etherwalk]

Yes, because corporate-funded (cyber-)terrorism against a soveriegn nation has *no* potential down sides, right? ( :

It absolutely has downsides; the problem is a game-theory one, not a turn-the-other-cheek one. Mutual phased reduction in hostilities is the goal. The net benefit of escalation for the aggressor at any time must be outweighed by the net cost, so a threat is necessary.

Re:If I were SONY...

[Etherwalk]

Is it actually being attacked by north korea? If i were to do this, i'd compromise somebody else's computer and attack from there. Jumping to conclusions is much more fun though.

True; all signs point to North Korea but it could be a false flag operation, or just someone they trained, for example. However, motive, opportunity, and skill fingerprint are pointing to them. While we are engineers trained to think in counterexamples and recognize the possibility that it was someone else, it seems highly unlikely.

That being said, I do think the "wait and see" from the UN Mission Rep from North Korea, despite seeming to implicate them, was more of an "I have no clue whether we did it or not."

Re:If I were SONY...

I would be seriously tempted to both lobby for and bankroll offensive cyber-operations against North Korea. (Lobby for ones on the public dime from every country where SONY has a sizeable presence; bankroll one from some country where it's legal.)

Whether through cyberoperations or plain old believable threats, SONY has to come up with a way to show North Korea (or perhaps independent actors in North Korea) that there's a penalty for this kind of behavior. So does the developed world generally--attacks like this cost a fortune in productivity and potentially lost jobs, and reputation. SONY is in a better position to recover than many businesses (notably in the financial or legal sectors, where the loss of trust could be fatal), but even so.

There are no independent actors in North Korea with access to the internet. Either you have internet in North Korea as part of your official duties, or you are so high (and it would have to be very high) in the government that you can get it anyhow. Although I haven't seen a lot of evidence to prove it was North Korea behind of all of this anyway.

If you had a grudge against Sony (and lots of computer-savvy people do), the imminent release of an anti-North Korea movie is a very convenient scapegoat.

Another clue is the grammatical style used. I have to think that any official DPRK hacking group would have close ties to the government, and any press releases or emails would be written by someone with the official news/media services there. The writing style of official North Korean agents tends to ramble and include a lot of words that aren't necessary. Official North Korean writing usually includes colorful analogies which make sense in Korean but seem "funny" in English. Words are generally the "right" words and spelled correctly. This has none of those characteristics.

My personal opinion is that this was done by some other international group, or perhaps North Korean sympathizers not connected to the government working out of China or Russia. It just doesn't seem to be integrated well into other North Korean agencies, which it likely would be if they were actually working out of that country.

Re:If I were SONY...

[lgw]

Yes, because corporate-funded (cyber-)terrorism against a soveriegn nation has *no* potential down sides, right? ( :

Being a "sovereign nation" doesn't make you more powerful. Only power makes you powerful: manpower, materials, and moral strength. North Korea (if they're the aggressors here) has no meaningful way to project military power, and in a purely "cyber" war, a corporation with a larger budget than N Korea has an advantage. OTOH, Sony hasn't had it's shit together since the founder left, and likely can't act effectively in its own defense.

N Korea could be completely shut down here by simply isolating them from the internet, which really isn't that hard unless China decides to defend them.

Re:If I were SONY...

[pigoon]

You already are bankrolling cyber ops against NK. It's called taxes.

Re:If I were SONY...

N Korea could be completely shut down here by simply isolating them from the internet, which really isn't that hard unless China decides to defend them.

Because using 3rd party servers for connections, or mobile internet is unthinkable? You'd have to shut down significant parts of south-eastern China and South Korea to be able to effectively cut off internet to North Korea.

There are proper ways of cutting off North Korea, or other hackers from your network. It has to do with properly designing said networks. But this means, no facebook or twitter or even random googling for employees using corporate network.

Re:If I were SONY...

[dlingman]

Just make sure to leave Sinanju alone. Don't want to piss off Chiun.

Re:If I were SONY...

[Spy+Handler]

Another clue is the grammatical style used. I have to think that any official DPRK hacking group would have close ties to the government, and any press releases or emails would be written by someone with the official news/media services there.

Not necessarily. This isn't an official communique from the N. Korean government. Remember, they denied involvement. My gut feeling is that it was written by the head of cyber warfare unit.

I do think they're capable of it. Their cyber warfare unit has plenty of experience hacking S. Korean targets. They are not noob at all. They employ thousands and the competition to join is fierce. Cyber warfare unit members get top-notch treatment such as getting enough food to eat and your own apartment, which are rare luxuries there. Even though we tend to think of N.Korea as a dirt-poor stone age nation, they have their own nukes and missiles. They managed to put a satellite in orbit. They send their best and brightest to Russia and China for training.

About the threats to Sony: seems to me like it was written by a Korean with a poor book learning of English. Also seems like a dictionary translation. I've seen English written by such people, and this has the same flavor.

"It's your false if you think this crisis will be over after some time." - this definitely sounds like something a Korean would write while looking up words in a Korean-English dictionary. He's probably thinking of "shil-soo" which means a mistake, but if you look it up in a 1960's paperbound dictionary, "false" is one of the entries! "Some time" is also commonly used by dictionary Koreans because there's a specific noun in Korean that means "Short interval of time", but English has no such noun. A fluent English speaker would use an adjective or an adverb to express himself, but a dictionary Korean would look for an equivalent noun and use whatever he found in the dictionary.

Thus "It's your mistake if you think this crisis will be over shortly" becomes "It's your false if you think this crisis will be over after some time."

Re:If I were SONY...

[aaaaaaargh!]

It would be kind of pointless because there is nothing to "cyber-attack" in North Korea.

Re:If I were SONY...

[ShaunC]

Well there's one camp very actively pushing the speculation that North Koreans did this because they're butthurt about "The Interview." At the same time, several articles report there's evidence that the breach may have been ongoing for more than a year. These two things don't line up; "The Interview" hadn't been promoted or even publicly announced a year ago, so there would have been nothing for the North Koreans to be upset about.

I'm still waiting for the official announcement from Sony and Mandiant (wasn't that supposed to have happened already?) but in any event I'm not sold on the whole Nork idea.

Re:If I were SONY...

[lgw]

You'd have to shut down significant parts of south-eastern China and South Korea to be able to effectively cut off internet to North Korea.

China could give or deny N Korea access through China - but if China isn't backing them, then it's easy enough to cut off the rest.

From the non-China direction, you do realize the most heavily militarized border in the world, 4km across, separates N and S Korea right? This is one DMZ that's not a metaphor! A cantenna can only do so much, and N Korea just doesn't have much going for it, connection wise, that doesn't depend on China. The might have some loyal followers out-country, but it seems unlikely they'd have more than a handful.

Re:If I were SONY...

[DNS-and-BIND]

Have you READ the official North Korean press releases? They threaten to drown their enemies in a sea of fire. A SEA OF FIRE, my friend.

Re:If I were SONY...

[24-bit+Voxel]

Plot twist... what if it was Microsoft or another one of their tech competitors?

Re:If I were SONY...

[Xest]

Should just cut North Korea off the internet anyway, not like ordinary people there can access it so it would only harm the ruling elite. Preventing Fat Kim from watching lolcatz videos on YouTube would probably be a far more effective sanction than anything else anyway.

GOP (disambiguation)

[tepples]

Apparently the GOP can't even keep its own web site from getting hacked. I go to GOP.com and I get a U.S. right-wingnut political party. So will this hoodie become an anti-Sony statement the way plush Snowden the Snowman toys became an anti-NSA statement?

Guardians of Piracy, perhaps

Given the melodrama and adolescent posturing I'd be more inclined to believe it's a bunch of teenage bootleggers looking to coerce Sony into dropping a legal action against them than a group with any real political agenda.

Re:Guardians of Piracy, perhaps

[mark-t]

Yeah... and actually threatening people's lives is really such an effective way to accomplish that.

Or are you suggesting that computer piracy has much more in common with conventional piracy than most might think?

Itr should not be an issue

[houghi]

The issue is that the SSN is used for identification. In Belgium we also have a national number. Pretty easy. in Dutch yet this only links to you and does not identify you as such.

Everybody above 12 needs to have an ID. Checking vadility is free and the chip on it is opensource

Oh and if you are a financial company, you can do verification at the national bank where you can check if you are allowed to give people a credit or not and add that you gave people a credit.

With just the number, you can do nothing. You would at least have the (valid) ID card as well.

Re:Itr should not be an issue

Unfortunately for the most part here in the US, they ask for your name, then ask for your SSN as proof.

Re:Itr should not be an issue

When they do that I teach them a zero-knowledge protocol and then I ask to use it to prove that I know my SSN without divulging it for my safety. Sadly it turns out that they would rather compromise my safety.

Re:Itr should not be an issue

[Ken_g6]

The problem is that the SSN wasn't designed to be an identification number. Some cards even say "Not for identification." Example

Re:Itr should not be an issue

[thegarbz]

Why have the number at all? What's wrong with when you need to be identified to provide identification documents of value?

In Australia you have a points system. You need to generate a certain number of points to be identified like when you apply for a bank loan or something similar. Government issued photo IDs like drivers license or passport are worth the highest number of points, and two of these documents are usually sufficient. Lesser things like bank statements with mailing address, IDs without a photo etc are worth points too, you just need to accumulate more of them.

The idea of a single number being used is kind of scary.

Re:Itr should not be an issue

[Chris+Mattern]

Why have the number at all? What's wrong with when you need to be identified to provide identification documents of value?

Without the number, who, exactly, are you being identified as? You can't uniquely ID by name--which of the 42 "John Smith"s in your city are you? In order to be identified, you need some representation of identity that is uniquely yours, and no one else's. The easiest way to do that is to give you a unique ID number.

Re:Itr should not be an issue

[thegarbz]

My point is that you're trying to simply the complete identity into one document that can ultimately be easily forged.

What do you want to know about me?

My name and age? My passport and drivers licence show that.
My residential address? My drivers licence and council statements show that.
That I'm a valid owner of a property in that council? Any photo ID such as University ID card + council statement shows that.
My medicare status? That's a separate card and then any photo ID will verify that further.

Why distill everything down to one number when there's no need to?

What's the threat for?

Was there a demand? The abstract doesn't say.

Re:What's the threat for?

[mark-t]

I'm wondering this as well... there's reference to requests or demands, but absolutely no indication of what they are.

I cannot for the life of me imagine what on earth an apparent terrorist organization would want from an entertainment company.

Re:What's the threat for?

[Charliemopps]

Was there a demand? The abstract doesn't say.

Seriously, you don't know what this is about?

Sony made a movie called "The interview" who's plot is that Seth Rogan gets the chance to interview Kim Jung un (Dictator of North Korea) and the CIA enlists them to kill him.
North Korea took offence to that and demanded that Sony stop making the movie.
Sony refused.
The hacker group is suspect of being part of the North Korean military.

Re:What's the threat for?

Now if only we could convince North Korea to force Sony to stop making Seth Rogan movies AT ALL we might be getting somewhere.

Re:What's the threat for?

[jd2112]

I'm wondering this as well... there's reference to requests or demands, but absolutely no indication of what they are.

I cannot for the life of me imagine what on earth an apparent terrorist organization would want from an entertainment company.

Apparently there is an unreleased M. Night Shyamalan movie in Sony's archive and the terrorists plan to publish it.

Re:What's the threat for?

Where's the evidence, then? Besides someone's say-so.

Re:What's the threat for?

[eli+pabst]

Where's the evidence, then? Besides someone's say-so.

The analysis of the malware suggested that it was compiled on a computer configured to use Korean language and the code itself contacted command & control servers and recycled previous methodology used in attacks attributed to North Korea. Could it be a false flag? Sure, but you'd think there would be better targets you could go after than hacking Sony and distributing unreleased movies and employees 401k contribution records. Sounds more like someone pissed off at Sony, maybe like someone who previously threatened “stern” and “merciless” retaliation...

Re:What's the threat for?

[freeze128]

I would be thrilled if any Seth Rogan movie even *HAD* a plot....

Re: What's the threat for?

That's bullshit.

Most analysts indicate that the hack had been ongoing for over a year. I.e., before that fetid corpse of a movie had even been announced.

Blaming it on the Norks is just more of the same old "hate the axis of evil" shite we've been getting a steady diet of for about a decade and a half now.

Re: What's the threat for?

[eli+pabst]

That's bullshit.

Most analysts indicate that the hack had been ongoing for over a year. I.e., before that fetid corpse of a movie had even been announced.

Blaming it on the Norks is just more of the same old "hate the axis of evil" shite we've been getting a steady diet of for about a decade and a half now.

Which part is bullshit? I'd be interested to read your reverse engineering analysis of the malware that contradicts that written by other security professionals.

Re: What's the threat for?

While this analysis continues not to be publicly available, it'll continue to amount only to hearsay. Demanding such evidence to counter hearsay is obviously unreasonable: such evidence cannot publicly exist, and therefore its nonexistence implies nothing about the truth in this matter.

Re:What's the threat for?

[Charliemopps]

Oh, I don't know... the whole Take down the movie that threatens our beloved leader or we release all your data! threat kind of gave it away for me...

http://variety.com/2014/film/n...

mod parent down

The truth about Islam is too painful to be public knowledge.

Re:mod parent down

The truth about Islam is too painful to be public knowledge.

Yeah, I'm tired of this mythological make believe BS. Imagine if Christianity had crazy stuff life zombie coming back from the dead, or blood drinking cults or any of that nuttiness...

Re:mod parent down

The truth about Islam is too painful to be public knowledge.

Yeah, I'm tired of this mythological make believe BS. Imagine if Christianity had crazy stuff life zombie coming back from the dead, or blood drinking cults or any of that nuttiness...

Yeah, exactly. Imagine if Christianity called itself the Religion of Tolerance. Or imagine if SJW's called themselves "The Group That Doesn't Use Logical Fallacies".

Re:mod parent down

or if America called itself "the land of the free and the home of the brave"....

Re:mod parent down

[ArmoredDragon]

Until recently Christians didn't identify themselves as such. They identified themselves as Catholic, Protestant, Baptist, Lutheran, Calvinist, Episcopal, Armenian, etc.

It's probably safe to throw the tolerant label on a few of them.

Disclaimer: I don't identify to a religious belief and am probably best described as atheist.

Re:mod parent down

Fair enough. Imagine if the Southern Baptists called themselves the "Religion of Acceptance of Your Chosen Lifestyle". That would be equivalent to the deceit these "Religion of Peace"'ers are trying to promulgate.

Re: Syriuslee

No, in the US of A, Sony threatens you...

An EMP over NK should put a stop to that.

What a shame project starfish turned out to be harder to control than expected because NK really deserve to have the pug permanently pulled on them for that sort of terrorism.

Re:An EMP over NK should put a stop to that.

[oobayly]

What effect would that really have? http://www.northkoreatech.org/...
It would screw up the rulers, and possibly the military. However, seeing as most of the aircraft they "fly" are still using vacuum tubes, they're fairly well EMP hardened. It's probably safe to say that a lot of their military equipment is EMP hardened by virtue of using obsolete* technologies.

* I'm sure somebody will say that vacuum tubes aren't obsolete.

Stock

Who cares, certainly not Sony nor investors, their stock is at a 2 years high and keeps going up.

Re:Stock

Who cares, certainly not Sony nor investors, their stock is at a 2 years high and keeps going up.

Their stock has more than doubled since 2013; those bastards are richer than god.

This is a misdirect attempt - GOP are home-grown

11 PM? How many use PM?

It's? - How many non-natives use that?

Your? - How many get that right?

It's your false if you think this crisis will be over after some time. - This is perfect except for the "false" bit. How many get that right (and false wrong)?

The rest reads more like a purposeful mash of language, but not bad in the right places, and all too much right. These are not NORKs. These are very likely home-grown baddies. That's U.S. of A. for those from the outer reaches.

Just get over it

C'mon, man, grow a pair and get over it! This is the Internet. Everybody gets death threats! Big deal. If you can't handle the heat, go play with your Barbie dolls.

Isn't that pretty much what everyone on Slashdot was saying about this sort of thing a few weeks ago?

Laugh

[koan]

Hackers using Google translate?

It's Sony's fault, they chose to store things the way they did in this day and age, fuck em.

Something is dodgy here.

[SuricouRaven]

GoP are good. They have to be. The level of pwnage achieved is simply far beyond anything script kiddies could pull of. Not just the scale of the breach in total data, but in variety. Email, employee records, media from production - data from several divisions, and they even leaked it out through computers that host Playstation infrastructure, a completly different part of the organisation. Whoever GoP are, they have a very high level of skill.

This group then sends some idiotic threats, badly written at that, to low-level employees? I believe I detect the faint smell of fish. It just seems out of character.

I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation. This would achieve two things they must be much desiring of right now. First, it casts GoP in a bad light - makes sure they are seen by the rest of the world as violent thugs and criminals, rather than being venerated as grassroots hackers who defeated a loathed mega-corporation. Secondly, a threat of physical harm brings a lot more attention from law enforcement - the FBI will devote more resources to aiding in the investigation, as will the corresponding law enforcement agencies in other countries.

Re:Something is dodgy here.

> The level of pwnage achieved is simply far beyond anything script kiddies could pull of[f]

Not really.

Re:Something is dodgy here.

[BUL2294]

I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation.

False-flag operation or not, that's a crime. If someone within Sony (or hired by Sony--e.g. their cybersecurity contractor) sent such an e-mail, that person is doing the equivalent of "screaming 'fire' in a crowded theater, when there is no fire". Not protected by free-speech and that person should be criminally charged with a felony.

Re:Something is dodgy here.

[SuricouRaven]

Then either they don't expect to get caught, or someone has been assigned as 'designated scapegoat.' It might be just one person, acting alone and in desperation - and even if it isn't, it can be made to look that way.

Re:Something is dodgy here.

[SuricouRaven]

Script kiddies with a little luck can compromise a server here and there. But compromising many servers throughout an organization, in different divisions and under different administrators? Not so easy.

Re:Something is dodgy here.

Unless of course there's a real threat. In which case, it's perfectly OK. And of course it's fine to threaten people anonymously over the Internet. Wasn't that the consensus on Slashdot just a few weeks ago?

Re:Something is dodgy here.

Are you suggesting someone at Sony would even consider breaking the law? I find that very hard to believe.....

Re:Something is dodgy here.

I haven't paid much attention to this, but broadcasting a message saying 'THAT WASN'T US', and building any sort of unique signature methodology isn't nearly as tough as hacking Sony. And that signature could be via asymmetric keys, some evidence or proof, via a trusted third party, or whatever.

So, if it's a false flag, GoP should discredit it. And all that takes is publishing a denial. Seems like either Anon or Lulzsec did a few disclaimers/denials, didn't they?

Re:Something is dodgy here.

fuck you and you anti-free speech insanity.

Re:Something is dodgy here.

Yes. Let's terrorize our employees during our peak (or any) season.

Re:Something is dodgy here.

[bloodhawk]

GoP are good. They have to be. The level of pwnage achieved is simply far beyond anything script kiddies could pull of. Not just the scale of the breach in total data, but in variety. Email, employee records, media from production - data from several divisions, and they even leaked it out through computers that host Playstation infrastructure, a completly different part of the organisation. Whoever GoP are, they have a very high level of skill.

This group then sends some idiotic threats, badly written at that, to low-level employees? I believe I detect the faint smell of fish. It just seems out of character.

I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation. This would achieve two things they must be much desiring of right now. First, it casts GoP in a bad light - makes sure they are seen by the rest of the world as violent thugs and criminals, rather than being venerated as grassroots hackers who defeated a loathed mega-corporation. Secondly, a threat of physical harm brings a lot more attention from law enforcement - the FBI will devote more resources to aiding in the investigation, as will the corresponding law enforcement agencies in other countries.

I don't know whether GoP are good or bad, but the level of pwnage here is nothing special, Sony was a very very soft target it seems and it could easily be anyone from script kiddies to an organized group with how bad the security (or complete lack of it) was.

Re:Something is dodgy here.

once they scored the password list wasn't it a pretty straight shot to get to those servers?

Re:Something is dodgy here.

Sure it's fine, you fucking piece of shit!

Re:Something is dodgy here.

[sudon't]

Whoever wrote it, it a pretty convincing imitation of bad English. I'm not sure an English speaker could come up with that. People, when using a foreign language, tend to use certain words and phrases in imitation of their own native syntax and idioms. I think we all know that hacking or coding skills do not automatically equal grammar skills, let alone foreign language skills. But is it Russians, Koreans, Chinese...?

Re:Something is dodgy here.

[metaforest]

Anyone with slightly more than passing experience using a translation tool could bounce between English and Korean to get appropriately flavored Engrish.

I'm leaning towards false flag on the emails. However if this is a Korean attack on Sony, then the goal is to utterly destroy their business. Flinging their data to the four winds as has clearly been done is going to cause a lot of knock-on effects that will result in Sony suffering a huge amount of pain over the coming months and possibly years.

Re:Something is dodgy here.

[SuricouRaven]

The SPE_01 dump has some interesting things. Contact details for lots of network executives, both within Sony Pictures and in those companies they had contact with. It also shows that, like every business, people were in the habbit of keeping a handy list of passwords for every service someone might need to log in to. There are a few interesting revlations (One of the vice presidents is working in the US on a green card, Family Feud is doing dismally in the ratings, the studio practically gave away The Dr Oz Show in syndication to build distribution before it got popular, even executives have to fill in those stupid performance goal forms). But it doesn't have any company-destroying releases or relevations of criminal activity.

SPE_01 is only a small part of what the hackers got - the part they chose to release straight away. It's also apparent that they got more data from elsewhere, because they have leaked yet-to-be-released movies that couldn't have come from any of the three hacked divisions that comprise SPE_01. I'm already seeing rumors of SPE_02, but havn't gotten that one for myself yet, so it would appear the hackers are putting it out in stages limited by their ability to figure out exactly what they've got and how best to use it.

Re:Something is dodgy here.

[SuricouRaven]

I was going to ask what sort of idiot keeps all their passwords listed in one place.

Then I saw SPE_02... which is exactly that. Files containing tons of passwords, clearly produced by Sony. Idiots.

A small point in their defense: Some of these lists are in the form of encrypted Excel files. So at least the put a password on them. I've no idea if MS Office encryption is any good or not. I'll take that point away for considering 'interview1' an acceptable password.

Re:Something is dodgy here.

You genuinely believe that people should be free to pretend to be you and make death threats?

NB: GOP != Tea Party

[ashshy]

Am I alone in seeing the headline about threats from GOP, and thinking that the Tea Party is getting damn aggressive these days?

Maybe another RAMBO movie, live & on location?

They messed with Sly's SS#, fools.

You assume too much

You assume too much. It's entirely possible it wasn't done via the Internet, right?

2015 Sony Blockbuster

They'll be caught and scalped in a new blockbuster already in the works.

No, you're not alone.

Believe me, and yes, with them in charge all of our families' are in danger.

So sometime in the future

'Guardians of Peace' (sic) will be sharing the same prison cell as 'Lizard Squad' while having to adjust to two major lifestyle changes; prison food, and the danger from behind whenever they drop the soap in those showers.

N. Korea

I keep hearing that this group is in North Korea. If they are, then this is basically state action, not a bunch of "hackers" as used normally.

i wish the threats themselves were full of errors

like "you're family will being in danger"

Of Sony staff's family are at risk

[RockDoctor]

Sony staff - or at least the ones I've met - are required to use Sony equipment left, right and centre. So their family members have been at risk of harm from the use of Sony equipment for years in the past, and will remain at risk for years in the future. Until several years after the final demise of Sony Corporation.

Re: This is a misdirect attempt - GOP are home-gro

[dkre]

Yeah I agree. Everything which has been reported about this hack seems to keep pointing to a concerted effort in misinformation. I really dont understand why the comment above about this being the work of North Korea as if it is fact? What. Changing the compiling workstations language is pretty easy way to create easy media headlines. Why do terrorist organisations and governments get the finger pointed at them first? Corporations have the most to gain.

All your family belong us?

"All your family belong us" grammatical errors?

Readers might also want to check, IF any of your Sony accounts like PSN (yet again) have been hacked from data stolen in the 100TB of data said (on slashdot) to have been lost.

It could be fake...

[mgcarley]

Could we put it past Sony to fake such a letter so as to, say, prompt some additional action on the part of law enforcement or even to try and preempt war on someone or something?

(Not saying this is the case, merely speculating at the possibility of the injured party disseminating, for lack of a better word - "propaganda" - to try and garner sympathy from regular people because OH NO H4CK3R5 R BAAAAAAAAAD).