“The hackers that compromised Sony Pictures Entertainment’s network leaked extremely sensitive information-technology credentials, including a collection of passwords and hundreds of certificates, one of which was used to sign the same malware used by the attackers to compromise the company. The passwords could be used to access a variety of business accounts used by Sony Pictures and its employees, while the code-signing certificates could be used to camouflage future attacks, making antivirus software more likely to trust signed code. The certificate used to sign the Destover malware sample had been protected by a password that was the name of the file.”
http://www.eweek.com/security/sony-left-passwords-code-signing-keys-virtually-unprotected.html
Tip Freedomwat.ch Staff with Bitcoin