We’re starting to get more details on how the massive hack against Sony Pictures’ computer network may have taken place.
Bloomberg interviewed a security analyst at Trend Micro, a security software company that claims to have copies of the malware used to infect Sony’s computers.
Trend Micro says that the particular type of software used to hack into Sony’s network wasn’t a specialist virus, instead it was widely available on the black market and was modified to specifically target Sony.
The hackers have probably been working inside Sony’s systems for months, Bloomberg says.
It’s tempting to claim that because the software used against Sony was crude and old in terms of its complexity, and available online instead of custom-built, that the hack was the work of a gang of “hacktivists” (activist hackers) instead of a state-sponsored attack. But that’s a tricky assumption to make.
Business Insider spoke with a security expert who told us that most hackers use an escalating series of attacks that gradually increase in size, complexity and cost. It could be that hackers had much bigger pieces of software they could have used, but Sony’s security was so poor that they didn’t have to.
Masayoshi Someya, a security “evangelist” at Trend Micro, claims that hackers took the computer virus and changed it to include account names, passwords and security software found within Sony’s network. That would suggest that the hackers had detailed knowledge of Sony’s corporate computer network.
How they got that knowledge is an open question. Perhaps a disgruntled employee leaked access data. But hackers also often gain access through “phishing,” the act of duping unwitting employees to hand over crucial access data by accident (by spoofing a password update request, for instance).
Nimrod Kozlovski, a partner at JVP Labs, an Israeli VC firm that focuses on cybersecurity, told BuzzFeed that the hackers “knew more about the company, Sony, and its vulnerabilities than they knew, or needed to know, about hacking.”
Hackers used their knowledge of Sony’s computer system to plan an elaborate “time bomb” that would reveal the hack to Sony employees. Someya says that hackers triggered the malware, which started a 10-minute countdown. As the minutes counted down, the virus disabled security software, and accessed hard drives, servers and connected computer networks. And when the time was up, a sinister message appeared on company screens.
Hackers also used Sony’s email system to send a series of warnings that asked Sony Pictures employees to post their email addresses on Twitter and Facebook, along with the phrase “Thanks a lot to God’sApstls contributing your great effort to peace of the world.”
Here’s another email sent from the group to Sony Pictures employees:
The warnings haven’t stopped there. Multiple messages have flashed up on Sony Pictures computers in recent weeks, meaning that employees are left using fax machines and handwritten notes to communicate because the hackers still have access to their computer system.
That’s perhaps the scariest part, for Sony: As of a few days ago the hackers were still inside Sony’s network, according to The New York Times.