Police In Canada Used BlackBerry’s Key To Read Encrypted BBM Messages

When it comes to mobile phones Blackberry pride themselves on their security, with many companies taking up the device as their go-to model thanks to its support and security features. It now appears that those security features may not have been so secure after all with the Royal Canadian Mounted Police (RCMP) gaining the ability to read encrypted BBM messages.

When it comes to encryption, companies are having to be careful with the likes of Apple going to congress to discuss just how much they can be expected to help and support law enforcement without oversight or detailed rulings on how and when they can access private data. In this case, the RCMP gained access to BlackBerry’s BBM (BlackBerry messenger) services by using the encryption that came with your everyday BlackBerry, meaning the only ones that were safe from this interception are those connected to enterprise servers.

If you weren’t connected to an enterprise server, your BlackBerry would have used a peer-to-peer key that is loaded into your phone when it’s built, something that the RCMP managed to gain access to and in turn granted them access to people’s encrypted BBM messages and conversations.

As part of an operating, titled Project Clemenza, the RCMP intercepted and decrypted roughly one million messages as reported by Vice news in a joint investigation with Motherboard, who in turn revealed that the RCMP actually had a server in Ottawa that acted like a mobile phone by simulating “a mobile device that receives a message intended for [the rightful recipient]”.

With BlackBerry looking to step away from mobile devices and into security consulting, this news couldn’t come at any worse of a time given that if the server is still operational (key and all) then without a large update to its phones, the RCMP could still be reading people’s messages to this day even after the operation ended in 2012.

Microsoft Is Suing The US Government Over Cloud Data Searches

Microsoft is but one of many technology firms that have recently moved their focus from internal hard drives to the cloud, allowing people to access their data from anywhere in the world given the right details. The problem is other people also have access to this information, both legally and illegally and Microsoft is suing the US government over their attempts to force companies to remain quiet on the matter.

Microsoft has now filed a lawsuit against the Justice Department stating that it’s not just wrong but it’s “unconstitutional” that companies should be forced to remain silent when they are asked to hand over any data you might store in the cloud. In their complaint, Microsoft says that section 2705(b) of the Electronics Communications Privacy Act “sweeps too broadly” and effectively gives the government the power to gag companies, regardless of the reasons they are investigating someone. Microsoft even went so far as to name the number of secrecy orders they’d received in the past 18 months, a huge number sitting at almost 2,600.

The best part of almost 2.6 thousand secrecy orders, was that over two-thirds would never run out thanks to them containing “no fixed end date”. The end result is clear, Microsoft wants section 2705(b) ruled as unconstitutional and removed, a judgment that would affect every technology company based on the internet these days thanks to the broad range of uses that the cloud is utilized for.

Recently Reddit removed their Warrant canary, giving users a legal warning that the government had requested access to at least some of their information (possibly). While other companies, such as Apple has been arguing with the FBI over who and where the line should be drawn for gaining access to devices and the steps they can make companies provide to open the door for them.

Anonymous Leak Trumps “Private” Data

Donald Trump is listed as one of the favourites for winning the run for president this year and while some are behind him others are strongly against his actions. With violence erupting at his rally’s and his claims about “closing up the internet“, some are worried about the steps he may take if he gets into the seat of power. Some of those people are leaders of companies like Apple, Alphabet and even Tesla, it would even seem that Anonymous aren’t too keen on the guy as they leak Trumps “private” data online in an act dox the presidential candidate.

Doxxing is the act of releasing someone’s private data online, often reserved for celebrities and those who then go on and SWAT streamers. As part of their ongoing operation against Donald Trumps presidential campaign, OpWhiteRose, Anonymous have leaked personal information about the presidential candidate, including phone numbers, addresses and even his social security number. Included in the release are details of Trumps personal agents and legal representatives, a move that is sure to attract attention (either positive or negative).

This seems to be the start of something bigger with Anonymous declaring “total war” on the presidential candidate while promising future attacks in April. In early March, the group released voicemail messages from back in 2012 which showed several media groups supporting the billionaire.

With a large group like Anonymous asking for support from everyone who is willing in front of a computer, the group seems to be pushing hard against the candidate who has not only had his details revealed but also had Trump Towers website taken down, alongside a petition within the UK to ban Trump’s entry after his continuous use of “hate speech”.

With the operation seeming to only gain momentum and big actions promised in April, the next stage from Anonymous could see even more damaging information revealed and handicaps placed on Trump’s digital platform for the presidency.

Teen Hacker is Back and Hit the Director of National Intelligence

This is pretty much what I’d normally call a burn, and it is a big one. Back in October last year, a group of teenage hackers broke into the CIA director’s email account and now one of them is back. His latest victim is the Director of National Intelligence, James Clapper, a man that should know a thing or two about keeping your privacy private. Okay, I’ll be honest right here as we always got the comment haters due to the terminology ‘hacking’. This wasn’t technically a hack, but more social engineering skills. But then again, almost every large-scale hack that happens, started with social engineering. So technically it isn’t wrong either.

Back to the story at hand, where the teenage hacker who calls himself Cracka, and who claims he’s a member of the group Crackas with Attitude, targeted none less than the Director of National Intelligence James Clapper. This should theoretically be one of the toughest targets with that position, but that wasn’t the case at all. Crackas didn’t just gain access to an email inbox this time, he went a little further and also had some fun with it.

With access to Clapper’s email, he could easily break into a series of accounts connected to Clapper, including his home telephone and internet connection, his personal email, and his wife’s email. Just dumping or stealing information is boring, so while Cracka was in control, he went into Clapper’s Verizon FiOS account and changed the settings to make every call to his house get forwarded to the Free Palestine Movement instead.

Cracka originally contacted Motherboard with the story, probably to brag a bit. After all, it is a pretty nice accomplishment. “I’m pretty sure they don’t even know they’ve been hacked,” he told. Later a spokesperson for the Director confirmed the hack.

Michael Adams, a former information security expert in the US Special Operations Command, said that it was insane that Clapper didn’t do more to hide his personal details, making it as easy as it was. “If I’m the Director of National Intelligence of the United States of America nobody is going to know where the fuck I live, nobody is going to have my goddamn phone number or address,” Adams told Motherboard.

Image Credit: Business Insider

Employers In The EU Can Read Your Private Messages At Work

It’s a slow day. Really slow and you’re bored, so you decide to fire up Facebook and check to see who’s messaged you. Twitter, Facebook, even your personal emails, we all have a way of communicating online. Might not be the best time to open up your personal messages at work though with the ECHR deciding that companies can read your private messages at work.

The European Court of Human Rights (ECHR) declared that as a worker while checking his yahoo messenger at work, it was perfectly in its right as a company to read those messages. The Judges ruled that in the end he had breached the company’s rules and it had a right to check his activity while at work.

This ruling now means that all countries that are part of the European Convention on Human Rights, including Britain, must now follow this decision.

While at work the employee checked his Yahoo Messenger, something he used for both personal and professional contacts. As it believed the account in question was for work, the judges ruled that the company had not been in error on checking the contents of the messages.

While a scary president it lies on several factors, firstly a company would have to have a computer policy in place that means they can read your messages (this policy is something anyone who works with a computer on a daily basis should read, especially if you message on it). As a second step, how would you prove if an account is being used for “work”? Ultimately it’s something that Judges will have to step carefully with, with the ECHR even saying that policies must also protect workers against unfettered snooping.

Image courtesy of Wikipedia.

Phantom 3 Creators DJI Announce New Agricultural Drone

DJI is a company known for their drones, the recognisable phantom 3 is one of their models after all. While the public seek to use these drones more and more, with everything from wedding videos to football games recorded, it is no surprise that DJI just announced their latest model, Agras.

The Agras-1 is designed to help with crop spraying, with an impressive resume of being able to cover anywhere between seven and ten acres with a tank holding around ten litres of liquid. While impressive stats the more impressive features such as a microwave radar which scans the ground, this lets it automatically adjust and moderate the amount it sprays. Flying at eight metres per second, the drone is not only fast but also durable with both anti-corrosive and waterproofing measures designed to keep the drone in flight during even some little rain.

With the ability to fly manually or automatically, the drone is set to help out farmers by not only automatically crop spraying but with the eventual attachment of sensors feeding back information on the crops and farmland. Costing roughly $15,000 (approximately £9937.20) according to DJI’s comments to the wall street journal it comes in a little higher than the average consumer drone.

Migaloo Your Way To a Mobile Private Island

The opportunities for the super wealthy to indulge their exotic tastes seems pretty endless, from purchasing a premier league club to the finest penthouse architecture; anything is possible for your average Mr B Gates. A private mobile island, on the other hand, must be in the mind of an ideological dreamer, or is it?

A company by the name of Migaloo, not to be confused with Magaluf, is offering what is described as a “Private floating habitat based on semi-submersible platforms” The business touts its piece de resistance in the form of a floating habitat by the name of “Kokomo Island” Which sounds quite like a track from the Beach Boys, this concept man-made construction has a length of 117 meters which is approximately 383 feet long, which is spacious.

Below are illustrations in the form of a video, as you can see, it’s pretty luxurious and the amenities include the following.

  • Private owners penthouse 80 M above sea level
  • jungle deck (whatever this is) with palm trees and vertical gardens
  • Garden deck with al-fresco outdoor dining,
  • spa deck with spa and beauty saloons,
  • 2 beach clubs including beach gym,
  • underwater dining saloon
  • (shark-feeding station (Unless your attached to your arms)
  • heli deck & massive storage for tender & toys (would not need to worry if you have attempted to cuddle a shark)

The company also boasts a chance to purchase a “Private Submersible Yacht” and a video is below to convey this.

So far the company has not managed to sell any man-made islands which leads to a suspicion concerning the legitimacy of the Austrian based company with an idea so expansive as this one.  The idealism of inhabiting your own pop up base would certainly appeal to large corporations who would like to register their ventures in far-flung corners of the globe which benefit from favourable tax legislation, just imagine if say Amazon’s new address was somewhere in the north Atlantic.

Whether we will see pop up islands in the future remains to be seen, as the old saying goes, I will believe it when I see it, and by this I mean in real life, not a computer simulation.

Thank you migaloo for providing us with this information.

Homeland Security Stopped This Library From Making Tor Available to Public

Browsing online became a service that people watched more carefully after Edward Snowden revealed the extent at which our online activity was being monitored, from every web address to the very content of our private and confidential emails, we were being watched. A library in Lebanon, New Hampshire, decided that in order to support the public and their online activity it would allow its users to use the Tor Service. Tor operates by bouncing your internet traffic around the world, sending it from one place to another essentially masking their online activity and making it very difficult to track down the source of online activity. After they received an email, though, the library have since decided to take another look at this policy.

The email in question comes from the DHS, the department of Homeland Security, who got in contact with the local police who then contacted the library. The initial worries that were raised and have caused the service to be halted was in the end its ability to be used for illegal means.

While the first library for the scheme, many others have apparently expressed interest in supporting the freedom that anonymous browsing would provide its patrons. Would you as a library goer like knowing that your being tracked? What about when you’re at home? Do the risks outweigh the benefits or is there a bigger problem we need to address before we block public use of systems like Tor?

Thank you Ars Technica for the information. 

Image courtesy of Wikipedia.

Slight Chaos Within Reddit Inner Circles Following Staff Departure

Reddit is an immensely popular social media site that one has to handle with care, it is very easy to get addicted and spend hours on end on the site. There is however some trouble steering from within after the sudden departure of a significant staff member.

Victoria Taylor was Reddit’s director of talent, and she has now been dismissed from the company. In response to this, moderators are setting subreddits to private, including /r/Books, /r/Science, /r/Music and /r/Tech. These are all currently blocked from access.

Victoria Taylor was the coordinator of Reddit’s popular Ask Me Anything (AMA) where many celebrities already took part and hosted question and answer sessions. The reasons behind the departure are currently unknown as both Reddit and Taylor are keeping a tight lit on the situation and aren’t commenting on the matter.

“We have not gone private because our team has chosen to keep the subreddit open for our readers, but instead stating our disapproval of how events have been handled currently as well as the past,” a statement said on the Science subreddit.

There were several AMAs scheduled that all have been put on hold or cancelled now due to the subreddits all being private. Co-founder and executive chairman Alexis Ohanian told Reddit that he would be dealing with AMA requests for now and that the AMAs would continue to thrive even after Victoria Taylor’s departure.

Thank You TechRadar for providing us with this information

Credentials May Become Compromised via Old Windows Vulnerability from the ’90s

Nobody wants their private information shared on the internet, but we live in an era where everything that’s connected to the internet may eventually become public. This is the case of an old Windows vulnerability from the ’90s, which still poses a security threat according to security specialists.

Brian Wallace, a security researcher from Cylance, has been reported to have found a new way to exploit a vulnerability that was previously found in 1997. He stated that the flaw can be used on any Windows OS-powered device, may it be a tablet, PC, server or laptop, and can be used to potentially exploit and compromise around 31 programs.

The vulnerability that goes by the name of Redirect to SMB is said to be exploited by intercepting communication with a Web server using the man-in-the-middle approach. This in turn redirects all traffic to the malicious SMB server, which supposedly collects sensitive information such as usernames, passwords, credit card information or other things users type in.

There are some limitations to the technique though, as Wallace pointed out. The attacker needs to be on the same network as his victims and the attack can easily be prevented by blocking outbound traffic to the 139 and 445 TCP ports. But let’s be honest, who is going to do that? I mean most people don’t even change their default router credentials, let alone go into its settings and block traffic to specific ports.

Microsoft is said to have not made an official statement regarding the matter, but Wallace’s findings have been revealed at the Computer Emergency Readiness Team at Carnegie Melon University. With all this snooping around that’s been going on lately, how secure do you feel? Or is that even a matter of concern at this point?

Thank you PCWorld for providing us with this information

Image courtesy of High Performance Laptops

Jeb Bush Purposely Publishes Private E-Mails On His Website

Potential Republican Presidential Candidate Jeb Bush, brother of George W. Bush, has done something really quite damaging. In the spirit of “transparency”, Bush thought it would be a good idea to essentially leak the social security numbers and other private details of thousands of people online. Obviously he didn’t think of it like that – the intention was to publish all of his e-mail communications for the sake of openness. But of course, that was a very bad idea.

Before Bush pulled the e-mails, some managed to download them, search through them, and they found some rather interesting things. Things that could be potentially damaging for quite a few people. Those details included Social Security numbers, but those are probably the least concerning details leaked. As The Verge points out, many e-mails were those from individuals asking Bush for help with personal issues, such as those concerning finances, legal trouble and the health of themselves and even their children.

So what initially seemed like quite a substantial gesture towards political transparency, has certainly backfired, and become a political nightmare.

Source: The Verge

The Interview Made $1 Million on its First Day

Sony has announced that ‘The Interview’ made $1 Million on its first day. The film was released on Christmas Eve online and in a handful of cinemas on Christmas Day.

“Considering the incredibly challenging circumstances, we are extremely grateful to the people all over the country who came out to experience The Interview on the first day of its unconventional release,” – Rory Bruer, Sony’s President of Global Distribution in a statement to The Wrap.

$1 million for a major motion picture isn’t all that much, especially for one that cost $44 million. Estimates for the movie originally said it would earn over $20 million, that’s for a standard release to all cinemas.

Sony will certainly be interested in these figures. Analysts have suggested that the company could lose billions of dollars due to the hack – something an already struggling Sony doesn’t need. It’s questionable as to how much money the movie will make online and in such a limited number of cinemas.

About those cinemas, why haven’t they decided to show the film now those “9/11 style terrorist attacks” never occurred? It was cowardly of them to do what they did in the first place, but where are they now?

Source: The Verge

Sony Hack Highlights Cyber Security Concerns

The devastating hack on Sony Pictures has meant at least one good thing – greater awareness of cyber security. A number of businesses, governments and indeed individuals have started to wonder whether they’re susceptible to hacking.

The press has been calling the Sony hack “the biggest cyber attack in history”, but a number of experts have pointed our how it probably isn’t. For years (sometimes secretly and sometimes publicly) government contracted defence companies like Lockheed have been pelted with a number of attacks from the Chinese. In one instance the hackers took top secret plans for a US fighter plane with which the Chinese developed their latest fighter – a complete rip off of the US plans.

So what is signifiant about this hack? Because it involved mass culture – movies and more specifically Seth Rogan. The hacks leaked private details about famous celebrities – things that grab people’s attention. The highly public nature of this breach means that quite possibly for the first time, people have seen the potential of hacking to cause absolute destruction.

The public has become more interested in securing their devices while businesses and government officials are more motivated to protect our infrastructure. That can only be a good thing.

Source: Financial Post

Sony Made the Rental of ‘The Interview’ Too Easy to Keep

As you will all know by now, Sony released ‘The Interview’ online on Christmas Eve following the massive hack. They released the movie as a rental and as a download for which you can keep. However, it turns out, some people have found it very easy to download and keep the rental copy.

According to some of those who have rented the movie, a right click and “download video as…” is all it takes to keep the rental version for good, saving people a couple of dollars. This is undoubtedly an embarrassing hiccup for Sony, a company trying to prove its technological competence after the largest cyber attack in history.

It’s not yet clear whether this has been fixed, but for those in the US and Canada who have access to the movie, I think it’s safe to say you should go for the rental if you want to see the movie North Korea didn’t want you to see.

Source: The Verge

‘The Interview’ to Be Released on YouTube and Google Play

After a number of hasty negotiations and discussions, Google has agreed to stream ‘The Interview’ on Google Play and YouTube. It will be available from 10am PST/6pm GMT for $6. It’ll also be streamed by Sony and on Xbox Video.

Google’s Statement:

Last Wednesday Sony began contacting a number of companies, including Google, to ask if we’d be able to make their movie, “The Interview,” available online. We’d had a similar thought and were eager to help—though given everything that’s happened, the security implications were very much at the front of our minds.

Of course it was tempting to hope that something else would happen to ensure this movie saw the light of day. But after discussing all the issues, Sony and Google agreed that we could not sit on the sidelines and allow a handful of people to determine the limits of free speech in another country (however silly the content might be).

So starting at 10 a.m. PST in the U.S., you can rent or buy “The Interview” on Google Play and YouTube Movies. It will also be available to Xbox Video customers and viahttp://www.seetheinterview.com.

Source: TechCrunch

George R. R. Martin Offers His Private Cinema To Show ‘The Interview’

The creator of ‘The Game of Thrones’, George R. R. Martin has offered Seth Rogan the opportunity to show ‘The Interview’ in his private cinema.

He days that it was “corporate cowardice” that led to the film’s cancellation and that he’d gladly invite them to his Jean Cocteau Cinema in Santa Fe. He doesn’t care how good or bad the film is, saying that “there are thousands of small independent theatres across the country, like my own, that would gladly screen THE INTERVIEW”.

“The level of corporate cowardice here astonishes me.  It’s a good thing these guys weren’t around when Charlie Chaplin made THE GREAT DICTATOR.  If Kim Jong-Un scares them, Adolf Hitler would have had them shitting in their smallclothes.”

You can read the full message to Sony on his LiveJournal page here.

Source: Esquire

Sony Pictures Being Sued Over Massive Hack

Sony Pictures is being sued by former employees over the failure to keep their private details secure. The former employees are being led by Michael Corona, who worked for Sony between 2004 and 2007.

“An epic nightmare, much better suited to a cinematic thriller than to real life, is unfolding in slow motion for Sony’s current and former employees.”

You’d think that sentence above is from one of Sony Pictures’ screenplays, but is actually the opening line of the complaint submitted to the California District Court. The former staff are particularly angry about the leak of 47,000 Social Security numbers, something for which Michael Corona is taking out $700 a year identity theft protection – given for free only to current Sony Pictures employees.

“Their most sensitive data, including over 47,000 Social Security numbers, employment files including salaries, medical information, and anything else that their employer Sony touched, has been leaked to the public, and may even be in the hands of criminals.”

They allege that Sony avoided attempts to ensure the security of its computer systems even after a number of signs, including an earlier breach that wasn’t made public, that suggested they were vulnerable.

Source: The Verge

Sony Demands News Outlets Destroy Leaked Data

Sony has sent letters to a number of news outlets requesting that they do not disseminate, distribute or publish leaked data, as well as asking for them to destroy any copies of the “stolen” information they may possess.

In a letter published by Re/code and sent by Sony’s legal representative for the hacking case, David Boies, the company asks that outlets “arrange for and supervise the destruction of all copies of stolen information in your possession” and that “If you don’t comply with this request,” the company “will have no choice but to hold you responsible for any damage or loss arising from such use or dissemination by you.”

The letter has been distrubuted to Re/code, The New York Times and Gawker among others. It highlights an important facet of the leaking of this data – the ethics and legalities of publishing e-mails stolen by the hackers.

Sony Letter to Re/code

Source: Re/code Via: The Next Web

Sony Hackers Offer to Withhold Employee Data

Re/code reports that the attackers behind the massive Sony hack have offered employees the chance to have their e-mail data withheld from release. The hackers have asked employees to write in with their name and title to prevent their e-mails being leaked.

“Message to SPE Staffers,” reads the posting written in halting English. “We have a plan to release emails and privacy of the Sony Pictures employees. If you don’t want your privacy to be released, tell us your name and business title to take off your data.” 

The hackers have already released a cavalcade of private e-mails between executives at Sony Pictures, including that now infamous exchange between Sony’s Amy Pascal and producer Scott Rudin, where Rudin referred to Angelina Jolie as a “minimally talented spoiled brat”.

Apparently the most recent haul of data is 6GB worth of e-mails to and from Steve O’Dell, the President of Sony Pictures Releasing, the links to which have been posted on Pastebin and Friendpaste. However, that’s not the end of it – the hackers apparently are promising a “Christmas gift” with “more interesting” data to come our way in the next dump.

Source: Re/code

Sony Hack: Leaked E-Mails Reveal Spat Over ‘Jobs’ and ‘The Interview’

An incredibly revealing treasure trove of e-mails have been leaked from the massive Sony Pictures hack. We’ve already seen the leaking of movies and even celebrity aliases, but today’s leaks are probably some of the most damaging.

The messages sent between Sony executives and staff have revealed some interesting detail regarding the production of the Steve Jobs movie. The whole thing has been fraught with difficulties from the very beginning, with actors agreeing to join the production, then dropping out, then coming back, then leaving the whole thing altogether.

Now these e-mails reveal what really went on behind the scenes, through the medium of a massive spat between Sony Pictures co-chairman Amy Pascal and producer Scott Rudin. Apparently Rudin wanted acclaimed director David Fincher to direct the Jobs movie, but a certain Angelina Jolie got in the way of that. Jolie wanted Fincher to direct her movie ‘Cleopatra’ instead and Rudin demanded Sony’s Amy Pascal to not let this happen.

Another interesting set of e-mails revealed today, concern ‘The Interview’ – the movie about the assassination of Kim Jong Un, supposedly the reason why this whole thing happened. The e-mails show that Sony CEO Kaz Hirai personally intervened in toning down the movie following North Korea’s threat of “merciless retaliation” if it is released. Specifically, Kaz wanted a particular scene in which Kim’s head “explodes” to be toned down, with Seth Rogan agreeing to reduce the “number of head chunks”.

This whole thing is unprecedented in nature and is clearly bringing the whole of Sony Pictures into disrepute. With the hackers promising there is “terabytes” of data still to be released, I don’t think this will be the last of our stories on this hack.

Sony Hackers Release Celebrity Alias Names

The latest haul of Sony Pictures data has revealed a number of interesting celebrity aliases. The aliases are fake names used by celebrities to stay discreet whenever they book hotel rooms or make big purchases for example.

The names leaked include those of Tom Hanks, Jude Law and Daniel Craig. The source link bellow carries all of the names, including those of a number of other high profile celebrities.

Sony and perhaps more so those celebrities, aren’t going to be very happy that all of this revealing information is being published. This hack has caused incredible harm to the company and certain individuals already.

Sony Hackers Demand ‘The Interview’ is Pulled

The hackers that brought down Sony Pictures’ computer systems, have said that they want the release of ‘The Interview’ halted. The request to have the movie about the assassination of the North Korean leader pulled from release almost definitely proves there’s at least a link to North Korea.

The statement was released on Github, with further data from the hack. New files released include personal and private information concerning Amy Pascal, the Co-Chairman of Sony Pictures and Stephen Mosko, President of Sony Pictures. The Next Web notes that the hackers previously used Pastebin to post links to the data, but have since moved to Github after Pastebin began removing their posts as well as issuing copyright notices blocking Google search results linking to them.

The news comes a day after North Korea itself released a statement suggesting that they did not conduct the hack, but that they support it. KCNA, the North Korean state news agency, said that the hack was possibly from its “supporters”, saying that “SONY Pictures is the very one which was going to produce a film abetting a terrorist act”.

See the full message from the hackers bellow:

“We have already given our clear demand to the management team of SONY, however, they have refused to accept. It seems that you think everything will be well, if you find out the attacker, while no reacting to our demand. We are sending you our warning again. Do carry out our demand if you want to escape us. And, Stop immediately showing the movie of terrorism which can break the regional peace and cause the War! You, SONY & FBI, cannot find us. We are perfect as much. The destiny of SONY is totally up to the wise reaction & measure of SONY.”

Source: The Verge, The Next Web

Sony Makes First Detailed Comments on Hack

Sony Pictures has finally commented on that massive hack, offering further details about the situation.

CEO Michael Lynton sent a memo to all Sony Pictures employees apologising for the hack and reassuring them about the company’s security measures. In the memo, he included a note from Kevin Mandia, the founder of Mandiant, the security company which has been drafted in by the company to investigate the attack.

As you can see in the full memo bellow, Mandia says that hack was “unprecedented in nature” and “undetectable by industry standard antivirus software”.

Over the last week, some of you have asked about the strength of our information security systems and how this attack could have happened. There is much we cannot say about our security protocols for obvious reasons, but we wanted to share with you a note we received today from Kevin Mandia, the founder of the expert cybersecurity firm that is investigating the cyber-attack on us. The investigation is ongoing, but Mr. Mandia’s note is helpful in understanding the nature of what we are dealing with. Full text below.

We also want to thank you once again for your resilience and resourcefulness in carrying out our critical day-to-day activities under incredibly stressful circumstances. As a result of your efforts, we have made great progress moving our business forward, and we will continue to do so.

— — —

Dear Michael,

As our team continues to aid Sony Pictures’ response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.

This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.

In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.

We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.


Kevin Mandia

Source: Re/code Via: Gizmodo

Seth Rogen and James Franco See Funny Side of Sony Hack


There’s not much to say about this one – I guess the image says it all.

Seth Rogen and James Franco decided to find the funny side of the catastrophic Sony Pictures hack by sharing their ‘private’ photos before they’re eventually ‘leaked’ by the hackers.

Rogen and Franco are to take centre stage in ‘The Interview’, a movie all about an assassination plot upon the leader of North Korea – supposedly the motive behind the attack.

You can see all of their pictures in the video bellow from Saturday Night Live, that’s if you’re in the US.

Source: The Verge

Sony Hack: Employee Families Threatened

The Sony Pictures hack keeps getting worse – yesterday an email was sent to employees that was supposedly from the hackers telling employees that “your family will be in danger” if they do not give in to their demands.

The chilling email says that their “worldwide organisation” wants to “removing Sony Pictures on earth”, asking employees to “please sign your name to object the false of the company at the email address below if you don’t want to suffer damage”.

Read the full email bellow:

“I am the head of GOP who made you worry.

Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan. It’s your false if you if you think this crisis will be over after some time. All hope will leave you and Sony Pictures will collapse. This situation is only due to Sony Pictures. Sony Pictures is responsible for whatever the result is. Sony Pictues clings to what is good to nobody from the beginning. It’s silly to expect in Sony Pictures to take off us. Sony Pictures makes only useless efforts. One beside you can be our member.

Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger.

Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely.”

It’s not yet clear whether this email was actually sent from GOP, or “Guardians of Peace”, but none the less, I wouldn’t like to work for Sony Pictures right now.

Source: Variety

Sylvester Stallone’s Social Security Number Leaked

The Sony Pictures hack is revealing some important lessons to be learned regarding corporate computer security.

The Wall Street Journal says that the files now leaked onto the web contain over 47,000 social security numbers of Sony Pictures employees dating back to the year 2000. Most concerning for those employees, including celebrities such as Stallone, Rebel Wilson, and director Judd Apatow, is that the files containing those numbers were completely unencrypted.

Included in this unencrypted hoard of information is a cavalcade of private details like addresses, contracts, salary and payroll information, credit cards, and passwords for social media, YouTube and FedEx and Amazon accounts.

This only adds to what is already without a doubt one of the most disruptive corporate hacks in history. This data could cause some serious damage to the studio and its employees.

Sony have offered all past and present employees a year of free credit monitoring and fraud protection, but as The Verge points out, this will provide little help to those who now have some of their most valuable information publicly available on the web.

Source: WSJ Via: The Verge

Sony Hack: Executives Payroll Information Leaked

Time for today’s Sony Pictures hack story. Now the hackers appear to have released a portion of their “tens of terabytes” of internal documents.

They’ve released a number of spreadsheets that include things like payroll information for high ranking executives, private details of employees and internal passwords for servers, all on to popular file sharing sites.

The documents, which also include confidential financial information, could be potentially damaging to Sony Pictures, only adding to the previous problems caused by this hack. Reports indicated that employees found themselves resorting to working on pen and paper and using landline phones as late as Friday, days after the hack occurred. We’ve also seen the leak of those movies, something that is now apparently threatening Sony Pictures holiday earnings.

There’s also the possibility that North Korea could be involved. Today the BBC spoke to a North Korean official who didn’t deny their involvement, saying only “wait and see”. I wonder if we’ll be back tomorrow with another Sony Pictures story? Probably.

Source: TheNextWeb