Sony confirmed that its Pictures site had been hit at the end of last week and has taken action to protect against further intrusion.
In a statement, chairman and chief executive officer Michael Lynton and co-chairman of Sony Pictures Entertainment Amy Pascal, confirmed that a breach had taken place and said that ‘a respected team of outside experts is conducting a forensic analysis of the attack'.
It also acknowledged the claims of the hacker group ‘LulzSec', who said that it had been responsible for the breach of Sony Pictures. It said: “The cyber crime wave that has affected Sony companies and a number of government agencies, businesses and individuals in recent months has hit Sony Pictures as well.
“We deeply regret and apologise for any inconvenience caused to consumers by this cyber crime.”
The LulzSec group also claimed to have hacked the website of ‘data leakage intelligence and metrics' firm Infragard recently, specifically targeting the Atlanta chapter and it published the user names, encrypted and cracked passwords of around 180 users.
It claimed that it ‘hacked an FBI affiliated website', leaked its user base and took complete control over the site and defaced it. It claimed that all of the logins are affiliated with the FBI in some way.
“One of them, Karim Hijazi, used his Infragard password for his personal Gmail and the Gmail of the company he owns: ‘Unveillance', a whitehat company that specialises in data breaches and botnets. [This] was compromised because of Karim's incompetence. We stole all of his personal emails and his company emails. We also briefly took over, among other things, their servers and their botnet control panel,” it said.
“After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim was willing to give us money and inside info in order to destroy his opponents in the white hat world. We even discussed plans for him to give us insider botnet information.”
LulzSec claimed that it was ‘just stringing him along to further expose the corruption of white hats'.
In response, Unveillance CEO Karim Hijazi confirmed that his company had been targeted by LulzSec for two weeks, in which time he was ‘personally contacted by several members of this group who made threats against me and my company to try to obtain money'. He also said that it tried to force him into revealing sensitive data about his botnet intelligence ‘that would have put many other businesses, government agencies and individuals at risk of massive distributed denial-of-service (DDoS) attacks.'
He said: “Plain and simple, I refused to comply with their demands. Because of this, they followed through in their threats and attacked me, my business and my personal reputation. I believe this incident shows the true nature of LulzSec.”
He went on to say that he had been able to protect the sensitive data which LulzSec was ultimately after and all they had stolen and revealed were his personal and work emails, and he was now in full cooperation with the FBI and US-CERT (computer emergency readiness team).
“I am not surprised by this attack; or the information dump on me; or their slanderous statements against me and my company. This is precisely what they threatened me with, in addition to other things, including allusions to physical harm to me and my family, if I did not cooperate with their demands,” he said.
“I do not regret refusing to cooperate with LulzSec. My data is of national security importance. I could not and cannot, in good conscience, agree to release my botnet intelligence to an organisation of hackers.”