How Sony Was Hacked

March 15, 2016

Remember when Sony was gearing up to release the controversial flick The Interview starring James Franco and Seth Rogen and how the CIA recruited them to kill Kim Jong-un, when suddenly their system was hacked?  The people who hacked Sony called themselves “God’sApstls” and demanded the production company pay them an undisclosed amount of money or else they would “be bombarded as a whole.”  Sony Pictures ignored the threat and the studio was taken offline for weeks, resulting in $35 million IT damages.

Motherboard investigated the current status of the Sony attack, it took place in 2014, which the company is still reeling from, “These Are The Cyberweapons Used To Hack Sony.”  The FBI officially stated that the hackers were on the North Korean pay roll and still going about their business.  A security researcher coalition thinks they can expose the hackers’ extensive malware arsenal.

“Andre Ludwig, the senior technical director at Novetta Research and Interdiction Group, said that the investigation started from four hashes (values that uniquely identify a file) that the Department of Homeland security published after the attack. With those few identifying strings, and after months of sleuthing, the researchers found 2,000 malware samples, both from online malware portal VirusTotal, as well as from antivirus companies. Of those, they manually reviewed and catalogued 1,000, and were able to identify 45 unique malware strains, revealing that the Sony hackers had an arsenal more sophisticated and varied than previously thought.”

The goal is to disrupt the hacker group often enough that they have to use their time, resources, and energy to rebuild their defenses and even lose some of their capabilities.  They also might lose access to their past victims.  There is good suspicion, however, to believe the hackers were not North Koreans:

“As it turns out, the hackers’ arsenal contains not only malware capable of wiping and destroying files on a hard disk like the Sony hack, but also Distributed Denial of Service (DDoS) tools, tools that allow for remotely eavesdropping on a victim’s computer, and more, according to the report. The researchers tracked some of this tools in cyberattacks and espionage operations that go as far as back as 2009, perhaps even 2007, showing the hackers that hit Sony have a long history.”

What the data reveals is that the hackers have been around for a long, long time (perhaps the North Korean government simply hired them?) and have had years to build up their arsenal.  The counteroffensive, however, has built up its own and learned from the Sony hack job, pitting the hackers’ tools against them in hopes they will not be as effective in the future.

Warriors…er…coders, hackers, developers, etc. learn from each other to build stronger and better tools.  The old adage, “the enemy of my enemy is my friend,” so who is the hackers’ enemy-other than the obvious USA?


Whitney Grace, March 15, 2016
Sponsored by, publisher of the CyberOSINT monograph


Comments are closed.

  • Archives

  • Recent Posts

  • Meta