Report: Russians (Not Just North Korea) Behind Sony Data Hack, Are Still Doing It Right Now

sony_pictures_logo
The hack into Sony Pictures was big news late last year, but that was last year. They figured out who did it, fixed the problem, and moved on, right? Wrong, says one analyst firm: not only did Sony finger the wrong bad guys, but the hack is still going on to this day.

The information comes from internet firm Taia Global, which has released a report (PDF) claiming that not only were Russian hackers at least additionally, if not solely responsible for the intrusion into Sony’s networks, but also that they are still there, siphoning data off as we speak.

Taia has been saying since December that they feel an analysis of the language used in the hack points to Russian, not North Korean, involvement. However, their report does not definitively conclude whether North Korea was or was not involved. Instead, they write, it’s incidental to the larger problem, which is that Russians were also (separately or not) involved and still, to this day, have access to the company’s internal networks.

Sony not only “failed to differentiate or even acknowledge that more than one state or non-state actor was involved,” claims Taia, but worse, the companies Sony hired to fix it have not done so.

Far from being a thing of the past, Taia writes, “Sony Pictures Entertainment remains in a state of breach and is actively losing files to Russian mercenary hackers.”

Regardless of which possibility is correct, the attribution made in the Sony case failed to differentiate or even acknowledge that more than one state or non-state actor was involved. Furthermore, the Data Forensics and Incident Response companies hired by Sony to remediate this breach have, to date, failed to do so. Sony Pictures Entertainment remains in a state of breach and is actively losing files to Russian mercenary hackers.

The company now says that a well-known Russian hacker, who has contacts who are other hackers, has spoken with them and provided several documents obtained from inside Sony after the data breach was identified in November:

The evidence … consists of seven Excel spreadsheets five of which are dated from November 30, 2014 through December 10, 2014, and six email messages, two of which are dated Jan 14 and Jan 23, 2015. It also includes the “Employee Update” message of December 8 which discussed the “system disruption”, advised all employees not to use any thumb drives that had been plugged into Sony’s network prior to November 23rd, and provided a list of unlocked Ricoh printers and their locations.

Taia says that all documents appear authentic, and that one has been confirmed as authentic by the Sony employee who created it. None of the documents have been part of any of the prior data dumps of Sony’s information by Guardians of Peace, the name of the group that claimed credit for the hack.

The hack into Sony Pictures’ systems was identified late in November of 2014, and persons acting at the behest of the North Korean government quickly became the favored suspect. Sony said in December that yes, they thought North Korea did it and federal investigators said a short time later that yes, they thought so too.

The hack led to Sony cancelling their theatrical release of the comedyThe Interview, a move that President Obama called “a mistake.” Sony then pivoted and released the movie through online channels, where it actually did pretty well.

Inside Sony Pictures, the fallout from the data breach still continues. The co-chairman just resigned today, and the company is still being sued by employees whose data was stolen.