From:

Sent:
To:
Subject:

Reitinger, Philip
Wednesday, January 11, 2012 12:01 PM
Robinson, Sonja; Weil, Leah; Spaltro, Jason; Ciesla, John; Bernard, Stevan; Podorowsky,
Gary; Seligman, Nicole
FW: PRIVILEGED AND CONFIDENTIAL SONY SPOTREP 01102012

Privileged and Confidential

Phil

From: James Emerson [mailto:jje@icginc.com]

Sent: Wednesday, January 11, 2012 11:50 AM
To: Reitinger, Philip
Subject: Fwd: PRIVILEGED AND CONFIDENTIAL SONY SPOTREP 01102012

Phil,

In response to your request:

THERE IS ALLEGED EVIDENCE of Sony hacks which include video footage and admission from the
person that actually did the exploits which has been made public.

The other hackers we are communicating with are NOT going to divulge exactly what has been done
unless we actually hack the sites with them to see which we are not legally capable of doing
presently. They are paranoid and untrusting and one main reason I raised the Honeypot option this
week.

Our analysts have been working undercover within Anonymous and monitoring all open and closed
source venues we could locate. We have seen claims of compromise on several Sony assets other
than SonyPictures.com and SonyATV.com from within many of our sources which have been
unsubstantiated. We have seen videos of live hacks into SonyPictures.com and Sonys Facebook
page which we reported over the past few days which were also unsubstantiated and unvalidated.

The claims of compromise into the two domains, SonyPIctures.com and SonyATV.com are being
reported because the degree of confidence is high from the analysts that those two were actually
compromised. Our undercover analysts have engaged the person actually responsible for those
attacks (NICKNAME: Black-risker) and that person admitted to having compromised them. In
addition, other sources independent from the one source verified the two domains were attacked,
exploited, and backdoors inserted into them.

We are dealing with what seems like 3 very skilled hackers in the Anonymous collective and within
#opsony. They are extremely paranoid, untrusting of EVERYONE, and not likely to divulge much
more than they have already done. It was only with a great amount of coaxing (which amounted to
peer pressure) and some skilful manipulation by our undercover analyst that they divulged what they
have. The exact vulnerability or root shell installed after they had been compromised is unknown at
this time. The skilled hackers are not likely to divulge exactly what they have done to exploit the
domains or what payload was left behind after compromise. This is because of the culture of mistrust
within Anonymous given the amount of enforcement which had occurred.

Our analysts have singled these two domains out because A) We have seen repeated assertions of
compromise against them and B) Had enough independent validation from other Anonymous
members to have a high confidence on their compromise. As always we will continue to press for
more information and obtain actual compromise tools and methods.

Best,
Jim

From: Reitinger, Philip [mailto:Philip.Reitinger@us.sony.com]

Sent: Wednesday, January 11, 2012 9:06 AM
2

To: James Emerson; Seligman, Nicole

Cc: Todd Hillis; Traymore, Anthony (Legal)
Subject: RE: PRIVILEGED AND CONFIDENTIAL SONY SPOTREP 01102012

Privileged and Confidential

Jim

I have reviewed the report and your email below and see nothing other than claims regarding
SonyPictures.com and SonyATV.com. Is there any evidence, such as a description of the
vulnerability or Trojan installed, or evidence of compromise, that would validate the claim or
help us identify what may have been done?

phil

From: James Emerson [mailto:jje@icginc.com]

Sent: Wednesday, January 11, 2012 8:50 AM
To: Reitinger, Philip
Cc: Todd Hillis; Traymore, Anthony (Legal); Seligman, Nicole
Subject:<FO