back to article Put me through to Buffy's room, please. Sony hackers leak stars' numbers, travel aliases

The group which claimed responsibility for hacking Sony Pictures has leaked the phone numbers and travel aliases of Hollywood stars including Brad Pitt, Daniel Craig and Natalie Portman, according to a recent report. This latest development will likely pile extra pressure on the comprehensively pwned entertainment giant. …

Page:

  1. Anonymous Coward
    Anonymous Coward

    oh no

    Someone might bother them for an Autograph, they might have to touch one of the un-washed masses.

    1. Daggerchild Silver badge
      Thumb Down

      Re: oh no

      Fear of revelation ridiculed by man wearing mask...

  2. frank ly

    Just wondering

    " ... aliases used by Daniel Craig, Natalie Portman, Sarah Michelle Gellar when they are travelling..."

    Can I use an alias when I'm travelling or do the 'authorities' insist that I use the same name as on my passport and other ID documents?

    1. John Riddoch

      Re: Just wondering

      The aliases are probably used more in hotel checkins to be fair.

      1. stucs201

        Re: Just wondering

        Or in many cases the names we know famous people by are the alias. I've got a friend who has done a small amount of TV work - the name she uses for that isn't the same as the real one that's on her passport.

        Taking one of the examples from this article I'd be far from surprised if Natalie Portman's passport still says Neta-Lee Hershlag (the name she was born with according to Wikipedia). I can't actually be bothered to look up the leaked data though.

        1. Cliff

          Re: Just wondering

          Hotel bookings/reservations - it prevents junior hotel staff from telling their friends who tell the press/fans that <big star> is in room <###>

          1. SteveK

            Re: Just wondering

            But surely when Tom Hanks or whoever actually turns up at the reception desk, that's a bit of a giveaway and junior staff member can still say X is in room N, and if they always use the same alias when travelling then it's rather surprising that a list of these names hasn't leaked anyway.

            1. Charles 9

              Re: Just wondering

              I suspect celebrity reservations are planned out well in advance, meaning when the moment comes, the junior staff are off for the day so are blind to what happens. Meanwhile, the senior staff is savvy enough and trustworthy enough to stay mum.

        2. Charles 9

          Re: Just wondering

          "Or in many cases the names we know famous people by are the alias."

          Real names are used infrequently on the big and little screens. More often an actor/actress assumes a screen name.

          1. Tom 13

            Re: Real names are used infrequently

            Real names in Hollywood is a 50/50 thing. Some are, some aren't. In the 1950s yes, they were mostly fake. These days, not as much. Pr0n is a different story, for obvious reasons.

        3. Hans 1
          Thumb Up

          Re: Just wondering

          >Neta-Lee Hershlag

          Christ, she managed pretty well ... especially when you consider her illiterate parents.

    2. Gary Bickford

      Re: Just wondering

      1) From what I've observed, at least 1/2 of the Hollywooders's stage names are not their real names in any case. 2) I wouldn't be surprised if the Feds and the states allowed some form of pseudonymous IDs. 3) Technically it's not illegal to use a false name if you are not doing it for nefarious purposes.

    3. Paul Hovnanian Silver badge

      Re: Just wondering

      It's Sony pictures. Everyone works under one of Georgette Spelvin, Walter Plinge or Alan Smithee.

    4. Anonymous Coward
      Anonymous Coward

      Re: Just wondering

      I do this in reverse, and travel everywhere under the name of "Sarah Michelle Gellar".

      You should see the the looks of disappointment when I turn up.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just wondering

        "You should see the the looks of disappointment when I turn up."

        Imagine the ear to ear grins if SMG starts to turn up places after booking in as "Evil Graham". Yin and Yang, balance of the universe, and all that!

  3. Haku

    Not sure how to feel about this new attack.

    On the one hand it's funny Sony got another taste of their own medicine (see Sony CD rootkit scandal)

    But on the other hand the attackers shouldn't have leaked personal information of employees etc.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not sure how to feel about this new attack.

      Why give "them" favours that they will not return in kind?

      I think that if one is going for rubbing $BIGCORP's or (a government's face) in "it", then one have to get as much "rubbing" done as possible and be away well before the legal machinery has time to spin up properly (especially before the TLA-classifiers have been re-scoped and re-configured to look for "SONY-Files").

      The government agencies, including law-enforcement, do not care one little bit about murdering someone based solely on the suspicion that they might be a threat to "The Officer" or even droning someone just on "signature data", so it is best to get the deed done quickly and not drag it out over niceties that they would never, ever, show anyone.

    2. Anonymous Coward
      Anonymous Coward

      Sony rootkit was ten years ago.

      Yes, Sony was evil at that time and what they did tainted the brand in a way that for some of us is from difficult from impossible to remove.

      We don't have any indications, however, of the Sony of today being like the Sony of then years ago.

      Reminds me of how the Microsoft of Nadella today is trying to be different from the Microsoft of Ballmer of the past and how long it will take for everyone to forget the past.

      1. Pascal Monett Silver badge

        Re: how long it will take for everyone to forget the past

        Most people have already forgotten the past. Only the nerds remember it.

        And they should never forget it.

        As far as corporations are concerned, my attitude is "Never Forget, Never Trust".

        Sony is no different today than it was with the rootkit, if it could pull off another go, it would. Besides, what do you think HDMI is for, better data bandwidth ? An Ethernet cable can do that, but Sony does not control the Ethernet spec. Sony is still about control, and always will be.

    3. Anonymous Coward
      Anonymous Coward

      Re: Not sure how to feel about this new attack.

      CD rootkit was Sony BMG, this hack was Sony Pictures. Same family, sure, but different staff, management, etc...

    4. Hans 1
      Facepalm

      Re: Not sure how to feel about this new attack.

      >But on the other hand the attackers shouldn't have leaked personal information of employees etc.

      How else is your HR department gonna blacklist cretins ?

  4. Anonymous Coward
    Anonymous Coward

    FAO Sony, were laughing at you, not with you.

  5. Steven Raith
    Joke

    Punishment for.....

    The recent Spiderman franchise reboot?

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Punishment for.....

      A spiderman franchise guru mediation instead?

  6. Greg 24
    Mushroom

    Recent domain elevation flaw?

    Just wondering if this had anything to do with the recent domain elevation flaw patched by Microsoft. It looks like the attackers had plenty of time to gather information before revealing themselves. Question now of course is how do they recover from this - looks like the only choice is to nuke it from orbit and stand up a completely new infrastructure and migrate over time

  7. Khaptain Silver badge

    What got hacked exactly.

    What actually got hacked, was it a Salesforce account, a local lan, someones email account or what ? The reason I ask is to try and understand where or on what that kind of information would be held.

    I can't imagine that they all of these "stars" private details are made globally available on their networks. I also presume that Sony network encompasses a little bit more than 2 PCs, our company network is large and finding precise information, without being in the know, is difficult simply due to the amount of information that is stored there.

    1. Anonymous Coward
      Anonymous Coward

      Re: What got hacked exactly.

      You start with one thing and that leads you to another. You don't release anything until you are done discovering the things you want to discover.

      Er, or so I've been told.

      The stuff they're releasing now will have come from multiple data sources, the films came from bitlockers, the personal details came from HR/Payroll, etc. Personally I would go directly for access to email and to monitoring services, given the number of additional systems it would likely unlock.

    2. James 132

      Re: What got hacked exactly.

      According to a Gizmodo piece they left plenty of plain text files with passwords for all sorts of systems, so it's possible the intruders kept building up deeper and deeper access.

      What's weird is that this took place before and after the big PSN hack, and I'm surprised they didn't thoroughly audit everything. It's the first thing you do, surely?

      1. Anonymous Coward
        Anonymous Coward

        Re: What got hacked exactly.

        There exists a certain kind of management who are publicly proud of "knowing absolutely nothing about IT" and at the same time keep their IT-departments hungry and under-staffed; Disgruntled, mediocre, passive-aggressive, staff seems to accumulate under this kind of "leadership". Once critical mass - or perhaps - critical outsourcing is reached, consequences "happen".

        Maybe the employees didn't do a very thorough audit: Like "If the boss doesn't give a shit while making 6 digits, then why should I care more than "he" does while being paid 4 (... and no overtime either)!" or maybe they couldn't?

      2. Tom 13
        Trollface

        Re: It's the first thing you do, surely?

        And that assumption is exactly why you are not the PHB with the 7 figure salary.

        The correct first thing to do is contact the PR department to get the spin ahead of the inevitable leak. The second thing you do is find the appropriate scapegoat. Actually fixing the problem is way down the to do list, and might not actually happen if you get enough of the top half done quickly enough.

    3. Anonymous Coward
      Anonymous Coward

      Re: What got hacked exactly.

      details are sketchy but some claim that a sony executive laptop was pwned in a BKK Thai hotel, (perhaps Sony network access credentials were obtained), then the hacking group/nation-state-pretending-to-be-a-hacking-group spent a few days exfiltrating basically terabytes of EVERYTHING from the Sony servers.

      ODDS just-in from Paddy-Power

      25:1 Norks

      20:1 Yanks

      15:1 Chinks

      5:1 Cheltenham & Gloucestershire gentlemen's association

      3:1 Apple

      EVENS: Philips, Sanyo, & Putin

      1. A Non e-mouse Silver badge
        Joke

        @ A/C Re: What got hacked exactly.

        ODDS just-in from Paddy-Power

        Shouldn't that be: "Odds just-in from Paddy-Pwnd?"

      2. JCitizen
        Big Brother

        Re: What got hacked exactly.

        It has been my experience in the past that nation state bad actors do not change their colors much, as they are so arrogant they don't feel the need to act as smart as you and I, as geeks, would assume they would. It would not be unusual to assume they have learned their lessons in the past 5 years or so - but I wonder; because when you look at the notes left in a compromised network by the attackers, it is very difficult to write a comprehensive shit list to total fantasy. I'm saying reality bites, and the bad actors have no imagination to make it look like anyone else is truly at fault.

  8. DJV Silver badge

    Hopefully...

    ...SMG will dig out a couple of pointy bits of wood and stake someone in retribution - whether that's a Sony someone or a Grauniad of Piss someone, I don't particularly care!

    1. sabroni Silver badge
      Thumb Up

      Re: Hopefully...

      It would be good to see Mr. Pointy back in action!

  9. Anonymous Coward
    Anonymous Coward

    Is this affecting all of Sony or just North America?

    Something I've not seen discussed is the scope of the breach. By the scope of the breach, this smells like a domain admin account being owned.

    Big multinationals tend to try to manage everything as centrally as possible, but then big markets and especially US of A tend to fence themselves from globalization, which usually translates in that they have their own forest managed by their own admins. In that case, the breach could have been limited to that domain only.

  10. Sean Kennedy

    You know, I can't help but imagine that somewhere in Sony, there's "that" IT guy who's been screaming, probably for years, that they need to take security seriously. He's probably been reprimanded for it, because he won't let it drop.

    Putting aside all the evil bullshit Sony has pulled in the past, I'd say they probably deserve this because they didn't take security seriously. There should have been no way a single hack, or even a series of hacks, have gotten this much data. Compromised them this much.

  11. disgruntled yank

    Question

    Does this count as learning in the school of hard Norks?

    1. Gary Bickford

      Re: Question

      Upvoted because it's so baaaad! :)

  12. Anonymous Coward
    Anonymous Coward

    Excellent... Roll on the Privacy Apocalypse...

    The only thing that will make corporations (especially US corporations) sit up and listen is a few sueballs flung their way from elite Celebs. I don't know what the best solution is ultimately... Is it cold storage like offline BitCoins or air-gapping data for the Elite? But either way I hope that some of that spills over onto the rest of the world in the longer term.

    Either way, sloppy data handling and greedy automatic hoovering-up of data needs to stop. But only high-profile sueballs and fiscal abandonment of the Cloud will concentrate executive minds, because the existing penalties are totally inadequate.. I hope Target lose their case to the banks big-style too... That might get the ball rolling...

    Otherwise there's a Privacy Apocalypse coming soon...

    1. Robert Helpmann??
      Black Helicopters

      Re: Excellent... Roll on the Privacy Apocalypse...

      A man stands on a city street corner holding a sign warning us of the impending Privacy Apocalypse. "No identity is safe! No account is sacred! THE END IS NEAR!" There is someone on every other street corner just like him. Same sign. Same name. Same SSN. Same e-mail address. Same password.

  13. montyburns56

    Those psuedonyms...

    I've seen a list of those celebrity pseudonyms and can exclusively reveal that they are as follows...

    Natalie Portman - Gertie Fengstein

    Brad Pitt - Johnny Suede

    Daniel Craig - Quentin McArthur-Park

    Sarah Michelle Gellar - Amber Pointy

    1. kellerr13

      Re: Those psuedonyms...

      Amber Pointy. Do you think this was a mixture of Amber Benson and Mr. Pointy?

  14. Florida1920

    One man's hack is another man's desire

    "The group which claimed responsibility for hacking Sony Pictures has leaked the phone numbers and travel aliases of Hollywood stars including Brad Pitt, Daniel Craig and Natalie Portman, according to a recent report."

    Facebook must be green with envy.

  15. Anonymous Coward
    Anonymous Coward

    Almost enough to make you wonder if other similar but unaffected companies have already taken out the appropriate insurance policy.

  16. Anonymous Coward
    Anonymous Coward

    Did the hackers make any changes to star's travel aliases??

    "Yes, Mr. Pitt, welcome to the Ritz. We received the email with your travel riders from a Ms. Kim Jungun in Sony Pictures' travel department, detailing your usual room arrangements. Accordingly we have put you in a smoking suite facing the parking lot and freeway, because Kim's email said you're a car enthusiast. Per Kim, we've also booked you under the name Hugh Jass and placed signage and a basket of turnips with that name in your suite. Also, Kim was very specific about your aversion to air conditioning and love of humidity, so we have turned off the A/C and had a space heater and humidifier going in there since last night."

  17. Anonymous Coward
    Anonymous Coward

    "Time to take down the Gibson"

    -- Quote from "Hackers"

  18. Amorous Cowherder
    Facepalm

    As someone else said, I'm sure there were a few IT people saying security was shit. They kept putting in requests to tighten it properly and they were told that Mr XYZ director and his dept need instant access ( read: no annoying passwords ) to information on all shared drives in the network. The IT managers are too shit scared to ask the IT honcho to let me enforce the techie recommendations for fear of the IT head honcho. So they simply slide the recommendations into a drawer and forget about it, telling the techies that it's "being discussed at the next meeting".

    Tick, tick, tick...BOOM! All hell breaks lose the second this GOP lot get into the network.

    The interesting thing is that nobody noticed TBs of movie data going out the door because SONY being a media company they probably bother to monitor data transfers over a certain size....or was it that IT bods said "You know we should monitor the network transfers for odd amounts of data transfer to remote sites that have not been put on a whitelist.".

    To which the reply would have been, "Get back under your stone your annoying IT types with your crap about security, no one cares and if you try to put any in and Mr XYZ director has to type anything into a password box you lot will be for the high jump! Do you understand?!"

    So I guess that right now there are a lot of IT bods in SONY racking up shit loads of overtime with a smug smile on their faces!

    1. Rainer

      Or not.

      Said IT-bods are now probably back at using paper and (blunt) pencil while Mandiant/FireEye staff together with a veritable train-load full of consulting-overspill from every "name" in the phonebook is running the show there.

      The only reason they still have their jobs is probably because you need to have someone to blame at the end.

      I would certainly *never* want to work in an outfit that gets hacked, doxxed and shutdown like this.

      Even worse if I had "predicted" such an outcome.

      Nobody likes to hear "But I told you so".

  19. JCitizen
    Trollface

    Funny how SONY..

    an organization, that might as well be a card carrying member of the Yakuza mob, and found enough chutzpah to use computer science to spy on all of us - thanks to the MPAA in their back pockets - but were too stupid to realize that similar outside influence could not possibly finger them for attack as well! Pure languor on a large scale, I'd say!

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like