Wikileaks Posts Hacked Sony Files in Searchable Database
In a corporate nightmare turned reality, Wikileaks on Thursday posted a searchable database of all the Sony information hackers stole from the movie studio last year.
"The Wikileaks Sony database is a perfect example of what can happen once this information is in the wild. It seems hard to believe that a country would form an alliance with this group; however, there were likely hundreds of copies of this data out there. The goal by the perpetrators is to further damage Sony's reputation and increase the financial damages ten-fold," Erik Knight, CEO of SimpleWan, told Enterprise Technology. "Even if the Wikileaks database is taken down, there will still be a number of sources to get access to this data. Once this data is out there it's impossible to unring that bell. This is why we need to stress prevention over any other kind of action. Hopefully, this will be the start of all corporations taking data security much more seriously."
Hackers had posted raw data through torrent files when they stole it from Sony last fall. But the torrents were sent out only sporadically and have disappeared from the web, the Verge reported. In addition, files were sent as server-side Outlook files, which needed a lot of unpacking and were not readily legible to the idly curious. That changed with Wikileaks' move.
"The attackers used the dissemination of stolen information to try to harm SPE and its employees, and now WikiLeaks regrettably is assisting them in that effort," said Sony Pictures, in a statement obtained by the LA Times. "We vehemently disagree with WikiLeaks' assertion that this material belongs in the public domain and will continue to fight for the safety, security, and privacy of our company and its more than 6,000 employees."
The hack, which the United States government blamed on North Korea, disclosed internal company memos, embarrassing emails between corporate executives, and personal information about employees. In its third-quarter earnings report, released at the end of 2014, Sony said it had spent about $15 million to investigate and recover from the attack.
That cost could, perhaps now increase following Wikileaks' database which brings the Sony hack back into the public eye and makes it easier for individuals to search. The "analysis and search system" includes 30,287 documents from Sony Pictures Entertainment (SPE) and 173,132 emails to and from more than 2,200 SPE email addresses, Wikileaks wrote on its blog. SPE, a US subsidiary of Sony, manages its film and TV production and distribution operations.
"Now published in a fully searchable format The Sony Archives offer a rare insight into the inner workings of a large, secretive multinational corporation. The work publicly known from Sony is to produce entertainment; however, The Sony Archives show that behind the scenes this is an influential corporation, with ties to the White House (there are almost 100 US government email addresses in the archive), with an ability to impact laws and policies, and with connections to the US military-industrial complex," according to the blog.
Published emails show communications between Sony and the Democratic Party, RAND Corporation, and references to the federal government's anti-piracy initiatives.
"This archive shows the inner workings of an influential multinational corporation. It is newsworthy and at the center of a geo-political conflict. It belongs in the public domain. WikiLeaks will ensure it stays there," said WikiLeaks editor-in-chief Julian Assange in the blog.
All enterprises can learn invaluable lessons from this latest chapter in Sony's ongoing cybersecurity saga. Just as the company continues to face potential fallout in legal circles, activist groups like Wikileaks may play a role in furthering the damage an organization undergoes following a data breach.
Wikileaks' publication of this database occurred in the same week Verizon published its 2015 Data Investigation Breach report, which determined the average cost of a data breach is 58 cents per record.
