Sales contracts and other data published by Sony's attackers

Published records include sales contracts, phone lists, financial details, and passwords

On Saturday, GOP published sales and contract data from Sony Pictures Television, taken after the group compromised the entertainment giant's network last week. The 894MB archive contains thousands of items, covering a period between 2008 and 2012.

Sony's problems started last week. A group calling itself GOP compromised the Sony Pictures network, forcing the technology group to terminate network access across the company. Statements from those claiming to be associated with the group have suggested they had insider access to the network, which helped them carry out the attack.

The network downtime impacted operations in New York, California, and other parts of the country. VPN access, email, and network shares were all disabled Monday morning, and remain limited if not offline entirely. Many offices were left with little options, so most employees switched to pen and paper in order to get their work done.

(10 mistakes companies make after a data breach)

At the time the attack was made public, GOP released two lists detailing the types of data that was compromised.

The lists referenced several documents, including private key files; source code files (CPP); password files (including passwords for Oracle and SQL databases); inventory lists for hardware and other assets; network maps and outlines; production outlines, schedules, and notes; financial documents and information; and PII.

Later in the week, GOP released preview copies of Sony movies, including Annie, Fury, and Still Alice. At the time, the group warned that they would be releasing more information.

On Saturday, they made good on that threat.

Most of the documents released this weekend are contracts between Sony Pictures Television and various TV stations across the country.

In the documents viewed by Salted Hash, the sales items were for airing rights to various shows such as Dr. Oz, Judge Hatchett, Outer Limits, and Stargate, SG-1. The documents also disclose details related to syndication rights for sitcoms such as King of Queens, Seinfeld, and Rules of Engagement.

While internal sales data is bad enough, the data dump has the ability to make Sony's situation worse.

It includes an internal phone list and organizational chart, complete with names, titles, departments, phone extensions (with outside line dialing information) and cellular phone numbers. The phone list was created in 2009, but it covers the company sales teams in Los Angeles, Atlanta, Chicago, and New York.

There is metadata in some of the files, which when combined with the document templates and phone list, could help initiate social engineering attacks on various parts of the company, such as the helpdesk.

In addition, one outdated document disclosed network usernames, passwords, and American Express account information (card data and Internet account details), something else that could be used in a targeted attack.

On Saturday afternoon, a person claiming to represent GOP hinted that the sales data was only beginning, stating that the group "will release all of the data..." which they claimed was under 100 TB or "tens of [Terabytes]."

However, that claim is open to debate. Under 100TB could mean "about 100TB" or it could mean they plan to post a few thousand files from a backup, averaging a few dozen gigabytes. The author of the message referenced "tens of TBs" but again, that doesn't say much as most of the files in the sales leak are bulky TIFF images.

This isn't the most disastrous data leak in the world. However, it isn't something to dismiss either. The contract records are sensitive internal documents, and while the information within is dated, they serve as proof of the GOP's claims to have accessed internal information.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata breachsony

More about American ExpressOracleSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts