Cyber attack on Sony Pictures: How hackers did it

The Sony Pictures headquarters in Culver City, California. -- PHOTO: AFP
The Sony Pictures headquarters in Culver City, California. -- PHOTO: AFP

A successful cyber-attack on Sony Corporation by hackers who call themselves Guardians of Peace (GOP) has eventually led to the studio cancelling a comedy film on the fictional assassination of North Korean leader Kim Jong Un. Researchers said sophisticated methods were used by hackers who appeared to be savvy in ways of distributing stolen data online.

Here's a look at how, experts' think, GOP may have carried out the attack:

* Hackers may have spent months collecting passwords and mapping the Sony network before setting off the virus. The mountain of stolen data indicated attackers were inside Sony's network undetected for a while, or even had physical access to machines.

* Although it is not clear how exactly they got into the network, 'spearfishing' is suspected. Hackers may have targetted selected workers, sending them bogus emails that appear to come from trustable sources but include links or attachments which, if opened, result in computers being secretly infected with malicious software.

* The malicious software (or malware) that infected Sony Pictures was identified as a customized version of Destover also known as Wipall. It is available on the black market and can be used without a high level of technical sophistication. The virus spreads quickly, sucks up data and then destroys computer hard drives to cover its tracks.

* Hackers, with information on Sony's network, customized the virus for that particular company by embedding within the program account names and passwords and targeting the security software.

* Once past the perimeter of Sony's computer system, data was scantly protected with "egregious" flaws such as unencrypted files and passwords stored in plain text. Hackers could have pillaged financial accounts.

* The malware allows intruders remote access while remaining undetected. Cloned minions disable security software, gain access to hard drives and networked storage on all infected computers, while also trying to log into any connected networks. When time is up, all the data is erased.