Sophos Cloud Optix
It’s a hard enough life indeed for Sony Pictures.
Last week, hackers attacked the movie studio, leaving employees’ screens glowing with a red skeleton labeled “Hacked by #GOP” and a list of instructions and demands.
Since then, at least five new movies have been leaked online.
Four of those movies were previously unreleased. At least one of them, Annie – a remake of the musical play starring Jamie Foxx – was timed to be a holiday blockbuster with a release date of 19 December.
The other four movies that wound up making their debut on piracy hubs were Mr Turner, Still Alice, To Write Love On Her Arms and the World War II drama Fury.
According to Variety, Fury is now the second most-popular pirated film, with more than 1.2 million downloads as of 11am on Sunday.
The pirated movie copies began showing up online just days after last week’s security breach reportedly forced the film and TV arm of Sony to shut down its network.
The group behind the 24 November attack is calling itself “Guardians of Peace”.
The message it left behind after the attack threatened to release the company’s “secrets and top secrets”.
Sony has reportedly been investigating whether the attack might have been launched by North Korea – a hunch that’s bolstered by the nation’s outrage over the imminent release of The Interview, a Sony comedy that depicts a CIA plot to assassinate North Korea’s leader, Kim Jong-Un.
The film stars Seth Rogen and James Franco as two TV journalists who secure an interview with Jong-Un and are later coached by the CIA to assassinate him.
North Korea’s government has, expectedly, not reacted very positively to the notion of making a comedy out of murdering its leader.
In fact, it’s promised “merciless” retaliation against the US if The Interview is released, calling the film an “act of war.”
When asked about its involvement in the attack on Sony Pictures, a spokesperson for the North Korean government said:
The hostile forces are relating everything to the DPRK [North Korea]. I kindly advise you to just wait and see.
The day after last week’s attack began, The Verge reportedly got an email from a related address from somebody who identified themselves as “lena”.
The correspondent was vague about the attack, alluding to insider help from staff “with similar interests”.
The Verge reports that the email was from an open account that allows anyone to send mail from it without entering a password, meaning that the message might have come from somebody who has nothing whatsoever to do with the attack.
At this point, even the link between last week’s attack and the subsequent release of movies onto pirate sites is an assumed one.
In other words, we don’t know how this plot’s going to resolve – just that there are a few million pirates out there who now know how the plots will resolve in movies that aren’t even in the theaters yet.
If you visit torrent sites, you will indeed see DVD rips of those four movies. available for download. You will also notice that they are all listed as DVDSCR.
The “SCR” stands for “screener.” A screener is a free copy, sent to members of the Academy, for Oscar contention. Every 15-20 minutes, text appears, for a few seconds, stating that the DVD is property of the studio.
Were they hacked from Sony, or did someone who received them release them into the wild?
And among other files, appearantly, was copyrighted material that was not owned by Sony Pictures.
Oh the irony.
Does Sophos detect this?
Detect what, exactly?
There is some malware that may or may not be associated with, or involved in, the Sony attack (that still [2014-12-04T00:01Z] isn’t really clear), and we do detect it. (Sorry, I can’t remember the name off the top of my head.)
The name Duck couldn’t remember for the malware that may be related to the Sony attack is “Destover”.
We (Sophos) do protect against it, it is blocked as Troj/Destover-A, Troj/Destover-B and Troj/Destover-C.