Sony Pictures Cyber Attack
Timeline, Cost & Details on the Hack on Sony's "The Interview" Movie
Sony's movie-related cyber threat
The Sony Pictures hack is an example not only of a cybercrime, but also growing cyber-terrorism. Unlike the Anthem or Target hacks, the criminals were not looking for a particular revenue stream—they were looking for leverage to hold over the company so they could demand that Sony not release the movie "The Interview." The movie is the fictional story of two reporters who are recruited to assassinate a North Korean leader. A North Korean group took ownership of the hack when it demanded that Sony hold "The Interview" from theaters.
The hackers immediately released torrented files of several unreleased Sony movies. The hackers continued to release information on various websites, including passwords stored by Sony, marketing information, security certificates, employee data, and emails from Sony Pictures accounts. Information leaked over the following days even included actor aliases and phone numbers as well as emails containing private—and possibly embarrassing information—from numerous Sony employees.
In the immediate aftermath of the hack, Sony dealt with numerous issues. Its brand took an enormous hit, particularly as its proprietary information was made available for any competitor to view. Frightened by the hacker's terror threats, major chains across the country made the decision not to show "The Interview," prompting Sony to delay the release—an action that caused more problems for the brand. Americans saw the delay as bowing to outside threats.
In addition to brand woes, Sony continues to deal with internal issues. Employees, who claim they suffered because of the data released about them, have filed suit against the company. Some of the lawsuits have claimed that Sony did not manage its information security appropriately. Overall, the costs of the breach are expected to reach over $100 million for the movie company.
According to reports, Sony's information security team prior to the attack was made up of less than a dozen people. The company has been accused of taking a lackadaisical approach to security, which is illustrated by the fact that passwords were contained in a file named "Usernames&Passwords," making them easy for hackers to find. Investigations into the hack also determined that some sensitive files were not protected by passwords or internal encryption at all.
Sony Pictures Attack Timeline and Speech by Cybersecurity Expert:
This was a massive attack on Sony Pictures. In December of 2014, Sony Pictures was attacked by overseas, foreign attackers, most likely North Koreans in conjunction with Chinese hackers. During this attack, nearly 37,000 employees of Sony Pictures, their private and personal data was stolen through their emails. This was a breach of massive proportions for Sony. During that time, Sony Pictures which is based out in Los Angeles, Burbank and that area, they increased their security, literally their physical presence. They started to reveal and started to discover once the hackers threatened to release the data, that Amy Pascal, who is the CEO of Sony Pictures, had made a lot of controversial statements in her email to say the least. She got a lot of fire, a lot of heat for her actions. Employees were worried about their own standing. The hackers threatened that if the movie The Interview, as well as four other pictures, were released that something on the order of September 11th would happen again.
A major attack and Sony Pictures' Amy Pascal has recently left the company. It caused tremendous damage. Sony Pictures was attacked through a phishing attack. This attack is when a hacker, cyber-attacker, sends an email to vulnerable employees. Vulnerable in the sense that when we open an email, if it looks legitimate we may or may not click on it, right? One of the employees has clicked on a link within an email and once that Sony Pictures employee clicked that link, malware is installed locally. Then that malware infects all the computers at Sony Pictures. That's what we believe in Cyber Nation and at Angel Kings, what happened during this attack.
I think the motives are interesting and that's in Chapter 2 of our book, Cyber Nation. What are the motives of these cyber attackers? What makes them do what they do? To send emails and to hurt the reputation, the goodwill and the brand of companies like Sony Pictures? In this case, it was related to The Interview, the movie with James Franco. The movie in particular has criticized the head of the North Korean state, Kim Jong-Un, and had made many defamatory statements and made him essentially look like a clown, which he is. It really through that criticism, the North Koreans as well as again the Chinese, came together and they sent emails. It's the easiest entry point, the sort of Trojan Horse into a company. Now Sony Pictures has write off nearly ten billion dollars worth of damage. I think they will recover, Sony Pictures has been around for a long time.
There's a proactive and a reactive way to defend yourself against cyber attacks. Proactively, they're starting to hire private companies and work with private vendors. Reactively, of course they're going to have lawsuits and people whose private data were stolen. Amy Pascal left the company, that was a huge blow for them. Yes, they'll recover but it's going to take two or three, maybe five years for people to forget about such a big attack. This was around the holiday season, this was front and center of the New York Times, Wall Street Journal, on CNN and in many major news outlets.
Learn about how Sony could have Prevented these Attacks
Invest in Top Cybersecurity Companies: