Information about the Sony Hack

The incident:
Sony Pictures Entertainment hack refers to the release of Sony’s confidential data by November last year. Sony Pictures Entertainment’s staff details, their personal information, day to day emails, executive salaries and a few copies of Sony’s unreleased movies were amongst the released data. This has been the most controversial cyber hack for the kind of allegations that surrounds this incident.

The allegations:
The hackers of this incident proclaimed themselves with the name, ‘Guardians of Peace’. Their sole demand was to stop screening the comedy movie ‘The Interview’. The movie’s plot runs along the lines of assassination of a North Korean leader. U.S Intelligence agencies have pointed fingers at North Korea to have sponsored the cyber-attack this time. The allegations have been made after analyzing the software, networks and techniques involved in the hack.

Information acquired:
Personal information from employee names, address, SSN’s and other financial information were obtained by hackers before December 2014. However the thing to capture media spotlight was celebrity gossips and related email releases. It has been evident from these emails that the CEO of Sony, Kazuo Hirai pressurized Sony Pictures to “Soften” the controversial assassination scenes in ‘The Interview’. Another famous email was the one where Scott Rudin of Sony referred to Angelina Jolie as “minimally talented spoiled brat”.

Trend Micro’s conclusions:
Trend Micro has identified the culprit malware as BKDR_WIPALL. The malware starts through BKDR_WIPALL.A during the initial stage of attack. BKDR_WIPALL.A is the prime installer which gets masked as executable file. The executable file goes by name diskpartmg16.exe. The malware uses XOR0x67 encryption to save a large set of login credentials. It is thereby used to break into a company’s shared network.

Malware analysis doubtful of North Korea’s involvement:
Already alleged, North Korea suffers more allegations following the malware analysis. The malwares which were found to the culprits of this cyber-attack mimics the previous Korean hacks. The malware’s primary feature has been the wiping of information on hard drives in the network. Previous North Korea’s hack against South Korea’s TV networks involved wiping software. The creator of the malware has used the Microsoft Windows Korean language pack.