Sony Struggles to Fight #GOP Hackers Who Claim Stolen Data Includes Stars’ IDs, Budget and Contract Figures

The Guardians of Peace group, which says it is responsible for Monday’s attack, releases list of files it says it has found

The situation at Sony Pictures Entertainment is more dire than the studio has allowed to be known, as the fifth day of hackers taking down the studio’s computer system continues though a threat to release private information has not materialized, TheWrap has learned.

The studio has taken as much of its functions offline as possible, and managed to get payroll out as well as sustain DVD sales for titles like “Spider-Man” on the all-important Black Friday. One insider said company email is expected to be back on Monday.

But as of Friday the studio’s email, phone system and computers remained paralyzed, and in some cases staffers were using whiteboards to get things done. The studio’s Twitter accounts have also been hacked, according to two individuals with knowledge of the situation.

And while the studio has set up a parallel system offline, there is apparently no solution that has been found to undo the attack.

According to one insider who spoke to TheWrap: “Every PC in the company is useless and all of the content files have either been stolen or destroyed or locked away.”

The attack by the self-designated “Guardians of Peace” – or #GOP – has been brutally personal. Some PC computer screens at Sony show a shocking image of the heads of studio CEO Michael Lynton and co-chairman Amy Pascal on a platter with scales of justice, for those who are able to turn on the computers at all, according to the insider.

Some of the hacked Twitter files show similar images of Lynton and Pascal.

But the demands of the hacker or hackers have been entirely unclear, with no specific demand following the threat to “release damaging information” by a certain time, according to one insider. That deadline passed with no information released.

A Reddit thread detailed the data that the Guardians of Peace claims to have obtained in Monday’s attack, which included a message pledging to release sensitive corporate data taken from the network. The list of files, which could not be independently verified, is is a broad range that allegedly includes A-list actors’ passports, financial data, contract documents, password information and executive emails.

“These two files are the lists of secret data we have acquired from SPE,” said the text in a file called readme.txt. “Anyone who needs the data, send an email titled “To the Guardians of Peace” to the following email addresses.” A list of e-mail addresses through anonymous mail services Yopmail and followed.

The devastating attack represents a potential warning shot to other Hollywood studios, not to mention other major corporations. In addition to being locked out of company email, employees have had their passwords and account numbers stolen and in some cases are getting calls from banks and other security systems to alert them to the hack. Update: Earlier in the week, employee computers were spontaneously turning on and off, leading staffers to take the batteries out of their laptops. Sony’s computer system is tied to a massive IBM server.

Sony has been keeping a tight lid on information about the hack which appeared at 6 am on Monday November 24, and have offered only vague statements about dealing with the problem.

The attack is affecting most work aspects of the studio – including digital parking cards. The studio has a separate system for its movie production dailies, and that is unaffected.

Still, one of the insiders said the studio is “100 percent” shutdown, with staff using whiteboards “to try to figure out what they’ve lost and what they need to try to do to bring themselves back online, to be able to function at all.”

Another insider disputed that assessment, saying the studio is “operating fine,” and the main problem is not having email.

According to the Reddit thread this is among the supposedly compromised data:

>> PDF files that apparently contain the passports, visas, and other associated identity documents of cast and crew for various Sony productions, such as actors Jonah Hill, Cameron Diaz, and Angelina Jolie (plus a file called Emmerich, Roland Greencard.pdf).

>> Over 700 documents containing passwords, including spreadsheets and Word files titled “FTP passwords,” “ResearchPasswords,” “ACCOUNTING PASSWORDS,” “Personal passwords,” and other files named for specific creative resource sites.

>> 179 Outlook archival .pst mailboxes, including the mail folder of an executive at Sony Pictures Releasing Canada, an IT Audit Supervisor at Sony, as well as many “archive.pst” and “backup.pst” files.

>> Business documents including film budgets (“JR_Accrued Mktg Cost 0513 – Evil Dead.xls”) and contract documents (“Cameron Diaz – Pre-approved Medical Rider.doc”).

It’s unclear what the hackers are seeking, though they referenced “equality” in a email sent to The Verge web site. They posted to three Twitter feeds, leaving the same message: “You, the criminals including [Sony Pictures CEO] Michael Lynton will surely go to hell. Nobody can help you.”

The security break at Sony Pictures marks the second time that Sony Corporation had been targeted by hackers. In 2011, the online network for Sony’s PlayStation game console was broken into, exposing names and credit card numbers for millions of customers. By the time damages from more than 50 class-action lawsuits had been paid, it’s estimated that Sony spent more than $2 billion as a result of the breach.

Further disturbing is that thus far the studio’s IT experts have been unable to reverse the attack and get the computer system back to normal. “The IT department has absolutely no idea what hit them or if they can recover any of their files or operating systems, or even turn on their computers Monday,” said the insider.

Sony had no official comment on Friday. The studio was all but shut down for the Thanksgiving holiday.

For the record: An earlier version of this story stated that staffers were using chalkboards. In fact they are using whiteboards. TheWrap regrets the error.