Sony Pictures Entertainment is the latest victim of Internet hackers, targeted in an unprecedented cyber attack. The media giant remains focused in the public eye, as the hackers continue to release new stolen information almost daily. The investigation is evolving along with the ongoing data dump of hacked information. Here are 15 things you need to know about the Sony Cyber Attack.
Sources: Deadline.com, FoxNews.com, TechCrunch.com, SonyHack.Gawker.com, BBC.com, CNET.com, Telegraph.co.uk, Gawker.com
A previously unknown group calling themselves the “Guardians of Peace” (GOP) claimed responsibility for the attack. On Monday, Nov. 24, Sony employees arrived at work to find their computers displaying an image of a skeleton skull with this message: “Hacked by #GOP. Warning: We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your internal data including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.”
Reports suggest similarities between the code used in the Sony hack and that of a cyber attack on South Korean companies and government agencies in 2013 that was traced to North Korean hackers. Both the FBI and Sony were slow to confirm North Korea’s role.
Ever since its plot was made public, the Sony comedy, “The Interview,” has angered the leader of the secretive state. The satire stars stars Seth Rogen and James Franco as journalists hired by the CIA to assassinate North Korea’s dictator, Kim Jong-un. A North Korean website described the film “an evil act of provocation,” and the country’s Ministry of Foreign Affairs said the movie was an act of “terrorism,” referring to the filmmakers as “gangster-like scoundrels.”
Source: Deadline.com, CNET.com
A spokesman for North Korea’s National Defense Commission said, “We do not know where in America the Sony Pictures is situated and for what wrongdoings it became the target of the attack.” He went on to reference “The Interview,” describing it as a “film abetting a terrorist act while hurting the dignity of the supreme leadership,” and said the hacking “might be a righteous deed of the supporters and sympathizers” of North Korea’s Supreme Leader.
The hackers accessed Sony’s servers, stealing more than 100 terabytes of information. Just 10 terabytes can hold the entire printed collection of the U.S. Library of Congress.
Much of the stolen information such as social security numbers and salaries, was stored in Excel spreadsheets on Sony’s servers without password protection. Email was especially vulnerable, demonstrating once again that nothing posted on the Internet is entirely private. Some Sony employees have launched a class action lawsuit against their employer, claiming it did not take necessary precautions to protect their personal information.
Websites such as Pastebin, GitHub, and FriendPaste allow for users to anonymously post information in large quantities. GOP has been releasing dozens of gigabytes of data at a time on these sites, allowing anybody with an Internet connection to access them. While Pastebin has removed some of GOP’s posts, Friendpaste left them up on the site much longer, and the data has been disseminated across the world.
Included in the stolen information is hundreds of thousands of employee social security numbers, birth dates, salaries, medical documents, family information, and more. Email exchanges between Sony executives were made public, with studio co-chairman and producer Scott Rudin coming under fire for comments about several celebrities, as well as racially charged discussions about President Barack Obama’s favorite films.
An early version of the next James Bond film, “Spectre,” was released as part of the hacked data. Not only was the script itself revealed, but hackers also dumped information relating to the film’s budget, revealing that it was $50 million over budget. GOP also released four films online, three of which had not yet reached theaters – “Annie,” “Mr. Turner,” and “To Write Love On Her Arms.”
In an email to reporters, GOP threatened to attack theaters that showed the film, “We will clearly show it to you at the very time and places ‘The Interview’ be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.” Though the FBI issued a statement saying they found no credible intelligence regarding potential attacks on theaters, Sony told theater owners they could pull the film due to the threats. Many theaters cancelled premiers and planned showings of the film, and Sony has since cancelled its release.
Sony’s decision to pull “The Interview” from theaters elicited criticism from celebrities ranging from director Judd Lowe, to actors such as Steve Carell and Ben Stiller, all the way to Obama. Many are disappointed with Sony’s decision to pull the film, claiming that is a victory for the hackers, and shows the U.S. giving into terrorism.
When media outlets reported on some of the stolen material or some aspects of its content, Sony hired litigator David Boies. Bois sent a letter to news organizations saying Sony “does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use” of the information. Bois and Sony asked media outlets to delete the stolen information, and made this threat: “Sony Pictures Entertainment will have no choice but to hold you responsible for any damage or loss arising from such use or dissemination by you.”
FBI spokeswoman Laura Eimiller said, “The FBI is working with our intra-agency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment. The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.” On Dec. 1, 2014, Sony hired SealMandiant, a cyber-security firm, to conduct an investigation into the hacking.
The GOP attack on Sony has been deemed the most severe cyberattack on a company in the U.S. Despite Sony’s admittedly weak protection, the depth and skill of the attack was unprecedented, and it is unlikely other companies with greater security could have withstood the breach either. Joseph Demarest, the FBI’s assistant director of its cyber division, said in a U.S. Senate hearing that the methods used would have breached the defenses of nine out of 10 companies.
In February 2014, Sony’s servers were compromised, but the incident wasn’t made public to its employees. In a leaked email from the vice president of legal compliance, Courtney Schaberg said, “Sony Pictures Entertainment’s system may have been obtained by an unauthorized party, who then may have uploaded malware.” It was thought that hackers had accessed files via “SpiritWORLD,” a corporate network used to transfer information around the world.