F.B.I., Mandiant, Investigating Sony Pictures Breach

Officials from the Federal Bureau of Investigation (F.B.I.) and Mandiant have begun to investigate the Sony Pictures breach.

Sony Pictures Entertainment (SPE) is continuing to investigate a potentially massive breach that last week compromised most of the company’s systems and leaked several films online, some which haven’t even been released in theaters yet.

Officials from the FBI and experts with Mandiant, FireEye’s incident response firm, are looking into the case, according to reports this morning.

News of the hack first broke last Monday but it wasn’t until Tuesday that that scope of the attack became clearer.

SPE’s systems were apparently left paralyzed when messages popped up on its machines last week that claimed it had been “Hacked By #GOP,” a hacker group named Guardians of Peace. The notice, alongside a red skull, went on to warn the company that it had “obtained all your internal data including your secrets and top secrets” and that it would release it unless the company obeyed the group.

Flash forward to this past weekend, when it was discovered that several Sony Pictures films – presumably in the form of screeners – had begun to make the rounds on file sharing sites.

Flash forward to this past weekend, when it was discovered that several Sony Pictures films – presumably in the form of screeners – had begun to make the rounds on file sharing sites. According to Excipio, a piracy research firm, those titles include the forthcoming “Annie” remake, due out on Dec. 19, and two other films slated for release later this month, “Mr. Turner” and “Still Alice.” “To Write Love on Her Arms,” a film that’s not scheduled for release until 2015 and “Fury,” a Brad Pitt WWII drama that was released in October but not yet been released on DVD, are also being distributed and downloaded, according to the firm.

SPE hasn’t directly acknowledged the breach but has gone on record, telling Variety that “the theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it.”

While some experts theorized last week that the attack might be a ransom demand from a former employee, other reports, including one at Re/Code, a technology news website, are speculating that the attack may have emanated from North Korea as the form of a response to the forthcoming Sony Pictures film, “The Interview.”

The plot of the film, scheduled to be released on Dec. 25, revolves around a fictional attempt by the CIA to assassinate North Korea’s leader Kim Jong Un. When details regarding “The Interview” were first announced, back in June, a spokesman for the North Korean Foreign Ministry condemned the film, calling it a “blatant act of terrorism and war.”

“If the U.S. administration allows and defends the showing of the film, a merciless counter-measure will be taken,” the statement, via the republic’s Korean Central News Agency, read.

While it’s unclear exactly what else – in addition to the films – may have been leaked by the hack, a Reddit thread that’s dissected the hack claims corporate files including passwords, actors’ passports and a slew of other sensitive text, may have been implicated. Some in the thread estimate that up to 11TB of data may have been leaked by the hack.

Emails to SPE’s media contact were not immediately returned Monday but last week, before Thanksgiving, email requests for comment were kicked back, claiming that the company’s “email system is currently experiencing a disruption.”

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.