oh no
Someone might bother them for an Autograph, they might have to touch one of the un-washed masses.
The group which claimed responsibility for hacking Sony Pictures has leaked the phone numbers and travel aliases of Hollywood stars including Brad Pitt, Daniel Craig and Natalie Portman, according to a recent report. This latest development will likely pile extra pressure on the comprehensively pwned entertainment giant. …
Or in many cases the names we know famous people by are the alias. I've got a friend who has done a small amount of TV work - the name she uses for that isn't the same as the real one that's on her passport.
Taking one of the examples from this article I'd be far from surprised if Natalie Portman's passport still says Neta-Lee Hershlag (the name she was born with according to Wikipedia). I can't actually be bothered to look up the leaked data though.
But surely when Tom Hanks or whoever actually turns up at the reception desk, that's a bit of a giveaway and junior staff member can still say X is in room N, and if they always use the same alias when travelling then it's rather surprising that a list of these names hasn't leaked anyway.
1) From what I've observed, at least 1/2 of the Hollywooders's stage names are not their real names in any case. 2) I wouldn't be surprised if the Feds and the states allowed some form of pseudonymous IDs. 3) Technically it's not illegal to use a false name if you are not doing it for nefarious purposes.
On the one hand it's funny Sony got another taste of their own medicine (see Sony CD rootkit scandal)
But on the other hand the attackers shouldn't have leaked personal information of employees etc.
Why give "them" favours that they will not return in kind?
I think that if one is going for rubbing $BIGCORP's or (a government's face) in "it", then one have to get as much "rubbing" done as possible and be away well before the legal machinery has time to spin up properly (especially before the TLA-classifiers have been re-scoped and re-configured to look for "SONY-Files").
The government agencies, including law-enforcement, do not care one little bit about murdering someone based solely on the suspicion that they might be a threat to "The Officer" or even droning someone just on "signature data", so it is best to get the deed done quickly and not drag it out over niceties that they would never, ever, show anyone.
Yes, Sony was evil at that time and what they did tainted the brand in a way that for some of us is from difficult from impossible to remove.
We don't have any indications, however, of the Sony of today being like the Sony of then years ago.
Reminds me of how the Microsoft of Nadella today is trying to be different from the Microsoft of Ballmer of the past and how long it will take for everyone to forget the past.
Most people have already forgotten the past. Only the nerds remember it.
And they should never forget it.
As far as corporations are concerned, my attitude is "Never Forget, Never Trust".
Sony is no different today than it was with the rootkit, if it could pull off another go, it would. Besides, what do you think HDMI is for, better data bandwidth ? An Ethernet cable can do that, but Sony does not control the Ethernet spec. Sony is still about control, and always will be.
Just wondering if this had anything to do with the recent domain elevation flaw patched by Microsoft. It looks like the attackers had plenty of time to gather information before revealing themselves. Question now of course is how do they recover from this - looks like the only choice is to nuke it from orbit and stand up a completely new infrastructure and migrate over time
What actually got hacked, was it a Salesforce account, a local lan, someones email account or what ? The reason I ask is to try and understand where or on what that kind of information would be held.
I can't imagine that they all of these "stars" private details are made globally available on their networks. I also presume that Sony network encompasses a little bit more than 2 PCs, our company network is large and finding precise information, without being in the know, is difficult simply due to the amount of information that is stored there.
You start with one thing and that leads you to another. You don't release anything until you are done discovering the things you want to discover.
Er, or so I've been told.
The stuff they're releasing now will have come from multiple data sources, the films came from bitlockers, the personal details came from HR/Payroll, etc. Personally I would go directly for access to email and to monitoring services, given the number of additional systems it would likely unlock.
According to a Gizmodo piece they left plenty of plain text files with passwords for all sorts of systems, so it's possible the intruders kept building up deeper and deeper access.
What's weird is that this took place before and after the big PSN hack, and I'm surprised they didn't thoroughly audit everything. It's the first thing you do, surely?
There exists a certain kind of management who are publicly proud of "knowing absolutely nothing about IT" and at the same time keep their IT-departments hungry and under-staffed; Disgruntled, mediocre, passive-aggressive, staff seems to accumulate under this kind of "leadership". Once critical mass - or perhaps - critical outsourcing is reached, consequences "happen".
Maybe the employees didn't do a very thorough audit: Like "If the boss doesn't give a shit while making 6 digits, then why should I care more than "he" does while being paid 4 (... and no overtime either)!" or maybe they couldn't?
And that assumption is exactly why you are not the PHB with the 7 figure salary.
The correct first thing to do is contact the PR department to get the spin ahead of the inevitable leak. The second thing you do is find the appropriate scapegoat. Actually fixing the problem is way down the to do list, and might not actually happen if you get enough of the top half done quickly enough.
details are sketchy but some claim that a sony executive laptop was pwned in a BKK Thai hotel, (perhaps Sony network access credentials were obtained), then the hacking group/nation-state-pretending-to-be-a-hacking-group spent a few days exfiltrating basically terabytes of EVERYTHING from the Sony servers.
ODDS just-in from Paddy-Power
25:1 Norks
20:1 Yanks
15:1 Chinks
5:1 Cheltenham & Gloucestershire gentlemen's association
3:1 Apple
EVENS: Philips, Sanyo, & Putin
It has been my experience in the past that nation state bad actors do not change their colors much, as they are so arrogant they don't feel the need to act as smart as you and I, as geeks, would assume they would. It would not be unusual to assume they have learned their lessons in the past 5 years or so - but I wonder; because when you look at the notes left in a compromised network by the attackers, it is very difficult to write a comprehensive shit list to total fantasy. I'm saying reality bites, and the bad actors have no imagination to make it look like anyone else is truly at fault.
Something I've not seen discussed is the scope of the breach. By the scope of the breach, this smells like a domain admin account being owned.
Big multinationals tend to try to manage everything as centrally as possible, but then big markets and especially US of A tend to fence themselves from globalization, which usually translates in that they have their own forest managed by their own admins. In that case, the breach could have been limited to that domain only.
You know, I can't help but imagine that somewhere in Sony, there's "that" IT guy who's been screaming, probably for years, that they need to take security seriously. He's probably been reprimanded for it, because he won't let it drop.
Putting aside all the evil bullshit Sony has pulled in the past, I'd say they probably deserve this because they didn't take security seriously. There should have been no way a single hack, or even a series of hacks, have gotten this much data. Compromised them this much.
The only thing that will make corporations (especially US corporations) sit up and listen is a few sueballs flung their way from elite Celebs. I don't know what the best solution is ultimately... Is it cold storage like offline BitCoins or air-gapping data for the Elite? But either way I hope that some of that spills over onto the rest of the world in the longer term.
Either way, sloppy data handling and greedy automatic hoovering-up of data needs to stop. But only high-profile sueballs and fiscal abandonment of the Cloud will concentrate executive minds, because the existing penalties are totally inadequate.. I hope Target lose their case to the banks big-style too... That might get the ball rolling...
Otherwise there's a Privacy Apocalypse coming soon...
A man stands on a city street corner holding a sign warning us of the impending Privacy Apocalypse. "No identity is safe! No account is sacred! THE END IS NEAR!" There is someone on every other street corner just like him. Same sign. Same name. Same SSN. Same e-mail address. Same password.
"The group which claimed responsibility for hacking Sony Pictures has leaked the phone numbers and travel aliases of Hollywood stars including Brad Pitt, Daniel Craig and Natalie Portman, according to a recent report."
Facebook must be green with envy.
"Yes, Mr. Pitt, welcome to the Ritz. We received the email with your travel riders from a Ms. Kim Jungun in Sony Pictures' travel department, detailing your usual room arrangements. Accordingly we have put you in a smoking suite facing the parking lot and freeway, because Kim's email said you're a car enthusiast. Per Kim, we've also booked you under the name Hugh Jass and placed signage and a basket of turnips with that name in your suite. Also, Kim was very specific about your aversion to air conditioning and love of humidity, so we have turned off the A/C and had a space heater and humidifier going in there since last night."
As someone else said, I'm sure there were a few IT people saying security was shit. They kept putting in requests to tighten it properly and they were told that Mr XYZ director and his dept need instant access ( read: no annoying passwords ) to information on all shared drives in the network. The IT managers are too shit scared to ask the IT honcho to let me enforce the techie recommendations for fear of the IT head honcho. So they simply slide the recommendations into a drawer and forget about it, telling the techies that it's "being discussed at the next meeting".
Tick, tick, tick...BOOM! All hell breaks lose the second this GOP lot get into the network.
The interesting thing is that nobody noticed TBs of movie data going out the door because SONY being a media company they probably bother to monitor data transfers over a certain size....or was it that IT bods said "You know we should monitor the network transfers for odd amounts of data transfer to remote sites that have not been put on a whitelist.".
To which the reply would have been, "Get back under your stone your annoying IT types with your crap about security, no one cares and if you try to put any in and Mr XYZ director has to type anything into a password box you lot will be for the high jump! Do you understand?!"
So I guess that right now there are a lot of IT bods in SONY racking up shit loads of overtime with a smug smile on their faces!
Or not.
Said IT-bods are now probably back at using paper and (blunt) pencil while Mandiant/FireEye staff together with a veritable train-load full of consulting-overspill from every "name" in the phonebook is running the show there.
The only reason they still have their jobs is probably because you need to have someone to blame at the end.
I would certainly *never* want to work in an outfit that gets hacked, doxxed and shutdown like this.
Even worse if I had "predicted" such an outcome.
Nobody likes to hear "But I told you so".
an organization, that might as well be a card carrying member of the Yakuza mob, and found enough chutzpah to use computer science to spy on all of us - thanks to the MPAA in their back pockets - but were too stupid to realize that similar outside influence could not possibly finger them for attack as well! Pure languor on a large scale, I'd say!