Hacker Group Reportedly Threatens Sony Employees

As a hotel in Thailand is fingered as a potential jumping-off point in the massive breach of Sony Pictures, an email threat warns that employees and their families could "suffer damage."

Sony hack

A group claiming to be the hackers that breached Sony Pictures Entertainment's network and leaked massive volumes of sensitive employee and business data reportedly threatened the company's employees and their families in an email message.

On Dec. 5, a message from a group calling itself the "Guardians of Peace" to Sony Pictures' workers announced that the hackers planned to cause the company to "collapse" and demanded that employees sign their name in a response to the email or "suffer damage," according to a report in Variety.

"If you don't, not only you but your family will be in danger," the email reportedly stated.

The late November attack on Sony has become an object lesson on the dangers of cyber-attacks and inadequate security. The hackers stole, among other data, employee information, salary data, business plans and prerelease movies. Following the attack, the criminals then erased key systems in a destructive tactic used in only a handful of previous attacks, most notably the Wiper attack against South Korean companies and the Shamoon attack on oil-and-gas giant Saudi Aramco.

Over the weekend, additional details of the investigation into the breach surfaced. The hackers reportedly used the network of a swank Bangkok, Thailand, hotel, the St. Regis Bangkok, as a jumping-off point from which to leak stolen data, according investigation details leaked to Bloomberg.

While some circumstantial evidence continues to strengthen the link between the massive breach of Sony and North Korea, other actions by the hackers seem out of character for nation-state groups. The use of a hotel network is common among nation-state actors—the Darkhotel group hacked hotel networks to compromise high-profile targets—but the subsequent threats against employees is not a typical tactic.

The connection to North Korea remains to be substantiated. Attribution of cyber-attackers is not a hard science. North Korea has already denied involvement in a statement carried by the country's state-run media, but acknowledged that the attack "might be a righteous deed of the supporters and sympathizers."

Yet, the Guardians of the Peace is likely the group responsible for the attack and the subsequent leak of information. The malware used to delete files—the subject of a warning in late November by the FBI—contains a wallpaper image that states "Hacked by #GOP," according to an analysis posted on Dec. 3 by security firm Trend Micro. The Guardians of Peace used the same moniker "#GOP" to refer to its group in postings to the Internet.

The group aims to cause enough business and reputation damage to Sony Pictures to cause the company to fail, according to the letter to employees, as quoted in Variety.

"Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization," the group stated. "And what we have done so far is only a small part of our further plan. It's your false if you think this crisis will be over after some time. All hope will leave you and Sony Pictures will collapse."

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...