From: Reitinger, Philip

Sent:
Wednesday, January 11, 2012 12:01:13 PM
To:
Robinson, Sonja; Weil, Leah; Spaltro, Jason; Ciesla, John; Bernard, Stevan; Podorowsky, Gary; Seligman, Nicole
Cc:
Subject: FW: PRIVILEGED AND CONFIDENTIAL SONY SPOTREP 01102012

Privileged and Confidential

Phil

From: James Emerson [mailto:jje@icginc.com]

Sent: Wednesday, January 11, 2012 11:50 AM
To: Reitinger, Philip
Subject: Fwd: PRIVILEGED AND CONFIDENTIAL SONY SPOTREP 01102012

Phil,

In response to your request:

THERE IS ALLEGED EVIDENCE of Sony hacks which include video footage and admission from the person that
actually did the exploits which has been made public.

The other hackers we are communicating with are NOT going to divulge exactly what has been done unless we actually
hack the sites with them to see which we are not legally capable of doing presently. They are paranoid and untrusting
and one main reason I raised the Honeypot option this week.

Our analysts have been working undercover within Anonymous and monitoring all open and closed source venues we
could locate. We have seen claims of compromise on several Sony assets other than SonyPictures.com and
SonyATV.com from within many of our sources which have been unsubstantiated. We have seen videos of live hacks
into SonyPictures.com and Sonys Facebook page which we reported over the past few days which were also
unsubstantiated and unvalidated.

The claims of compromise into the two domains, SonyPIctures.com and SonyATV.com are being reported because the
degree of confidence is high from the analysts that those two were actually compromised. Our undercover analysts
have engaged the person actually responsible for those attacks (NICKNAME: Black-risker) and that person admitted to
having compromised them. In addition, other sources independent from the one source verified the two domains were
attacked, exploited, and backdoors inserted into them.

We are dealing with what seems like 3 very skilled hackers in the Anonymous collective and within #opsony. They are
extremely paranoid, untrusting of EVERYONE, and not likely to divulge much more than they have already done. It was
only with a great amount of coaxing (which amounted to peer pressure) and some skilful manipulation by our undercover
analyst that they divulged what they have. The exact vulnerability or root shell installed after they had been
compromised is unknown at this time. The skilled hackers are not likely to divulge exactly what they have done to
exploit the domains or what payload was left behind after compromise. This is because of the culture of mistrust within
Anonymous given the amount of enforcement which had occurred.

Our analysts have singled these two domains out because A) We have seen repeated assertions of compromise against
them and B) Had enough independent validation from other Anonymous members to have a high confidence on their
compromise. As always we will continue to press for more information and obtain actual compromise tools and
methods.

Best,
Jim

From: Reitinger, Philip [mailto:Philip.Reitinger@us.sony.com]

Sent: Wednesday, January 11, 2012 9:06 AM
To: James Emerson; Seligman, Nicole
Cc: Todd Hillis; Traymore, Anthony (Legal)
Subject: RE: PRIVILEGED AND CONFIDENTIAL SONY SPOTREP 01102012

Privileged and Confidential

Jim

I have reviewed the report and your email below and see nothing other than claims regarding SonyPictures.com
and SonyATV.com. Is there any evidence, such as a description of the vulnerability or Trojan installed, or
evidence of compromise, that would validate the claim or help us identify what may have been done?

phil

From: James Emerson [mailto:jje@icginc.com]

Sent: Wednesday, January 11, 2012 8:50 AM
To: Reitinger, Philip
Cc: Todd Hillis; Traymore, Anthony (Legal); Seligman, Nicole
Subject: