In November last year, Sony Pictures Entertainment was attacked by a number of very serious hacks, resulting in the leaking of thousands of confidential emails, and personal details such as Social Security Numbers and Passports. The suspected cause of the hack was by North Korea over the film The Interview.
It all began on November 24th, when computers nationwide at Sony Pictures Entertainment started to display an ominous graphic toting “Hacked by #GOP”, “This is just a beginning”, and how they have “your secrets … [that will be] shown below to the world”, with links to a number of zip files which contained only a list of files that the hackers had stolen.
Originally reported on the social networking and news site, reddit, reports spread, including the fact that a number of Sony’s systems had been completely taken down, making their internal networks all but unusable.
However, this was only the beginning for Sony’s coming ordeal.
On November 26th, torrent links were added to torrent trackers, containing four unreleased Sony movies, which had been reported to have been downloaded more than 100,000 times within a couple of days.
It was on December 1st that NBC News reported the FBI were currently investigating the hacking, and that there was a possibility that North Korea was behind the attack.
This was due to the fact that Sony was releasing a movie called The Interview, where James Franco and Seth Rogan travel to assassinate Kim Jong Un, under the guise of interviewing him for their TV show. Due to North Korea making a statement in June where they explicitly state that releasing the film would be an “act of war that we would never tolerate”, not investigating North Korea for involvement would indeed be irresponsible on the part of the FBI.
On the same day, The Guardians of Peace, the hacker group who claimed to be behind the attack, started to release the first wave of data they had stolen from the Sony servers, in the form of 25GB of almost 50,000 Social Security Numbers, as well as 3000 email addresses, salary details, contact details, and even copies of passport information.
A few days later, Sony confirmed that the leaks were authentic.
As the media were trying to comprehend ramifications and attempting to sift through the data, GOP had another gift for them. They released nearly 500 credentials for social media accounts, external-facing file servers, major news and media sites, as well as technical details about internal and external sites. The following day analysis began, both for journalists and Sony, mining the files to work on damage control.
On December 5th, the LA Times reported that a few hours before the latest leak was released, a number of Sony employees were sent emails in “broken English”, which threatened employees with the fact that “not only you but your family will be in danger” if they did not sign a statement to disassociate themselves with Sony.
On December 8th, GOP released emails from a number of senior staff at Sony, for the first time linking the attack to that of the launch of The Interview.
Emails from the Sony Pictures Television President, Sony Pictures Entertainment Co-Chairman, and Sony Pictures Entertainment Motion Picture Group were released, indicating a number of internal operations, talk and deals on upcoming movie and business deals, and personal emails. Coincidentally, Sony PlayStation Network started to undergo a large Distributed Denial of Service attack by a group called the Lizard Squad, although Sony did not publicly state this was the issue. Attacks continued sporadically over the holiday period until ending on Christmas day.
On the 10th December, more emails were disclosed, this time focussing on previous Sony hacks, including, ironically, a great deal of depth into their protocols and processes to attempt to track down members of Anonymous during their raid in #opsony in 2011/2012. Other emails of interest included 10,000 emails, names, payment details and phone numbers of customers, and discussions of uploading fake torrents. The next day, a new batch of emails was released, this time resulting in a large amount of celebrity drama, involving “I’m not saying [Kevin Hart’s] a whore, but he’s a whore”, for wanting more money to promote a movie on social media, but much more embarrassing was a number of racist remarks the Co-Chairman of Sony Pictures Entertainment, Amy Pascal, and producer Scott Rudin made about Barack Obama’s race. Among this all, there was also a collection of celebrity phone numbers, email addresses, copies of passports and aliases used while travelling.
In the lead up to Christmas, Sony announced that it would not be showing The Interview in cinemas.
Sony streamed it online instead on services such as Youtube, which grossed $15 million online in the first four days alone.
Although the major cinemas would not show the movie, 331 smaller cinemas showed it around the United States, which was heralded as a move for freedom of expression and speech. However, many believed that it was a PR stunt for the film, due to the fact that it built up a lot of hype for the movie, and that the amount of sensitive data that was leaked was purely for the gain of one movie is very questionable.
So who’s actually to blame? Originally the main suspect was North Korea, but the FBI redacted that statement, stating “There is no attribution to North Korea at this point”. There are a number of factors that have since come to light that suggest it may have been North Korea all along. One such piece of evidence references that an attack launched on South Korea in 2013 holds a number of similarities, from the actual defacement message, to the operations of the malware that was used in the attack on Sony. However, the malware that was used in 2013 has since been used in a number of other incidents by various groups. After multiple investigations by different cybersecurity firms, no real evidence has been found, raising the worrying fact that we don’t actually know who staged the attacks. If we believe that North Koreans were behind the attack, we don’t even know whether they were doing it on their own, as an act of patriotism to try and have their country unbesmirched, or if they were state-funded as many believe.
Jamie Tanna
Image courtesy of Erwin Vindl via Flickr