Hacked Sony
Sinikka Curz
On November 24, 2014, a hacker group identifying itself as "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures Entertainment (SPE). The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films, and other information.[1] The perpetrators then employed a variant of the Shamoon wiper malware to erase Sony's computer infrastructure.[2]
During the hack, the group demanded that Sony withdraw its then-upcoming film The Interview, starring James Franco as a reporter and Seth Rogen (who also wrote, produced, and directed the film alongside his creative partner Evan Goldberg) as his producer who are hired by the United States and South Korean governments to set up an interview with North Korean leader Kim Jong-un as part of a plot to assassinate him, and threatened terrorist attacks at cinemas screening the film. After many major U.S. theater chains opted not to screen The Interview in response to these threats, Sony chose to cancel the film's formal premiere and mainstream release, opting to skip directly to a downloadable digital release followed by a limited theatrical release the next day.[3][4][5]
United States intelligence officials, after evaluating the software, techniques, and network sources used in the hack, concluded that the attack was sponsored by the government of North Korea, which has since denied all responsibility.[6] Some independent cybersecurity experts doubt the involvement of North Korea.
The exact duration of the hack is yet unknown. U.S. investigators say the culprits spent at least two months copying critical files.[7] A purported member of the Guardians of Peace (GOP) who has claimed to have performed the hack stated that they had access for at least a year prior to its discovery in November 2014.[8] The hackers involved claim to have taken more than 100 terabytes of data from Sony, but that claim has never been confirmed.[9] The attack was conducted using malware. Although Sony was not specifically mentioned in its advisory, the United States Computer Emergency Readiness Team said that attackers used a Server Message Block (SMB) Worm Tool to conduct attacks against a major entertainment company. Components of the attack included a listening implant, backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning[10] tool. The components clearly suggest an intent to gain repeated entry, extract information, and be destructive, as well as remove evidence of the attack.[11][12]
Sony was made aware of the hack on Monday, November 24, 2014, as the malware previously installed rendered many Sony employees' computers inoperable by the software, with the warning by a group calling themselves the Guardians of Peace, along with a portion of the confidential data taken during the hack.[13] Several Sony-related Twitter accounts were also taken over.[8] This followed a message that several Sony Pictures executives had received via email on the previous Friday, November 21; the message, coming from a group called "God'sApstls" [sic], demanded "monetary compensation" or otherwise, "Sony Pictures will be bombarded as a whole".[13] This email message had been mostly ignored by executives, lost in the volume they had received or treated as spam email.[13] In addition to the activation of the malware on November 24, the message included a warning for Sony to decide on their course of action by 11:00 p.m. UTC that evening, although no apparent threat was made when that deadline passed.[13] In the days following this hack, the Guardians of Peace began leaking yet-unreleased films and started to release portions of the confidential data to attract the attention of social media sites, although they did not specify what they wanted in return.[13] Sony quickly organized internal teams to try to manage the loss of data to the Internet, and contacted the Federal Bureau of Investigation (FBI) and the private security firm FireEye to help protect Sony employees whose personal data was exposed by the hack, repair the damaged computer infrastructure and trace the source of the leak.[13] The first public report concerning a North Korean link to the attack was published by Re/code on November 28 and later confirmed by NBC News.[14]
This is absurd. Yet it is exactly the kind of behavior we have come to expect from a regime that threatened to take 'merciless countermeasures' against the U.S. over a Hollywood comedy, and has no qualms about holding tens of thousands of people in harrowing gulags.
On December 8, 2014, alongside the eighth large data dump of confidential information, the Guardians of Peace threatened Sony with language relating to the September 11 attacks that drew the attention of U.S. security agencies.[13][16] North Korean state-sponsored hackers are suspected by the United States of being involved in part due to specific threats made toward Sony and movie theaters showing The Interview, a comedy film about an assassination attempt against Kim Jong-un.[17] North Korean officials had previously expressed concerns about the film to the United Nations, stating that "to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war."[18]
In its first quarter financials for 2015, Sony Pictures set aside $15 million to deal with ongoing damages from the hack.[19] Sony bolstered its cyber-security infrastructure as a result, using solutions to prevent similar hacks or data loss in the future.[13] Sony co-chairperson Amy Pascal announced in the wake of the hack that she would step down effective May 2015, and instead will become more involved with film production under Sony.[20]
According to a notice letter dated December 8, 2014, from SPE to its employees, SPE learned on December 1, 2014 that personally identifiable information about employees and their dependents may have been obtained by unauthorized individuals as a result of a "brazen cyber-attack", including names, addresses, Social Security numbers and financial information.[21] On December 7, 2014, C-SPAN reported that the hackers stole 47,000 unique Social Security numbers from the SPE computer network.[22]
Although personal data may have been stolen, early news reports focused mainly on celebrity gossip and embarrassing details about Hollywood and film industry business affairs gleaned by the media from electronic files, including private email messages. Among the information revealed in the emails was that Sony CEO Kazuo Hirai pressured Sony Pictures co-chairwoman Amy Pascal to "soften" the assassination scene in The Interview.[23] Many details relating to the actions of the Sony Pictures executives, including Pascal and Michael Lynton, were also released, in a manner that appeared to be intended to spur distrust between these executives and other employees of Sony.[13]
Other emails released in the hack showed Pascal and Scott Rudin, a film and theatrical producer, discussing Angelina Jolie. In the emails, Rudin referred to Jolie as "a minimally talented spoiled brat" because Jolie wanted David Fincher to direct her film Cleopatra, which Rudin felt would interfere with Fincher directing a planned film about Steve Jobs.[24] Pascal and Rudin were also noted to have had an email exchange about Pascal's upcoming encounter with Barack Obama that included characterizations described as racist, which led to Pascal's resignation from Sony.[25][26][27][28] The two had suggested they should mention films about African-Americans upon meeting the president, such as Django Unchained, 12 Years a Slave and The Butler, all of which depict slavery in the United States or the pre-civil rights era.[25][26][27] Pascal and Rudin later apologized.[25][27] Details of lobbying efforts by politician Mike Moore on behalf of the Digital Citizens Alliance and FairSearch against Google were also revealed.[29]
The leak revealed multiple details of behind-the-scenes politics on Columbia Pictures' current Spider-Man film series, including emails between Pascal and others to various heads of Marvel Studios.[30] Due to the outcry from fans, the Spider-Man license was eventually negotiated to be shared between both studios. In addition to the emails, a copy of the screenplay for the James Bond film Spectre, released in 2015, was obtained.[31] Several future Sony Pictures films, including Annie, Mr. Turner, Still Alice and To Write Love on Her Arms, were also leaked.[32][33][34] The hackers intended to release additional information on December 25, 2014,[35] which coincided with the release date of The Interview in the United States.
According to The Daily Dot, based on the email leaks, while he was at Sony, executive Charles Sipkins was responsible for following senior executives' orders to edit Wikipedia articles about them.[36]
In December 2014, former Sony Pictures Entertainment employees filed four lawsuits against the company for not protecting their data that was released in the hack, which included Social Security numbers and medical information.[37] As part of the emails, it was revealed that Sony was in talks with Nintendo to make an animated film based on the Super Mario Bros. franchise.[38][39]
In January 2015, details were revealed of the MPAA's lobbying of the United States International Trade Commission to mandate U.S. ISPs either at the internet transit level or consumer level internet service provider, to implement IP address blocking pirate websites as well as linking websites.[40] WikiLeaks republished over 30,000 documents that were obtained via the hack in April 2015, with founder Julian Assange stating that the document archive "shows the inner workings of an influential multinational corporation" that should be made public.[41] Sony condemned the WikiLeaks publication and their attorneys responded by saying it "indiscriminately" disseminated stolen data, and that this "conduct rewards a totalitarian regime seeking to silence dissident speech". The lawyers also said that "WikiLeaks is incorrect that this Stolen Information belongs in the public domain".[42][43][44][45]
4a15465005