Sony Pictures Entertainment Hack, by Wikipedia

Gathered together in one place, for easy access, an agglomeration of writings and images relevant to the Rapeutation phenomenon.

Sony Pictures Entertainment Hack, by Wikipedia

Postby admin » Fri Mar 27, 2015 7:23 am

by Wikipedia
March 26, 2015




The Sony Pictures Entertainment hack was a release of confidential data belonging to Sony Pictures Entertainment on November 24, 2014. The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of (previously) unreleased Sony films, and other information. The hackers called themselves the "Guardians of Peace" or "GOP" and demanded the cancellation of the planned release of the film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un.[1][2][3] United States intelligence officials, evaluating the software, techniques, and network sources used in the hack, allege that the attack was sponsored by North Korea.[4] North Korea has denied all responsibility, and some cybersecurity experts have cast doubt on the evidence, alternatively proposing that current or former Sony Pictures employees may have been involved in the hack.

Hack and perpetrators

The duration of the hack is yet unknown, though evidence suggests that the intrusion had been occurring for more than a year, prior to its discovery in November 2014.[5] The hackers involved claim to have taken over 100 terabytes of data from Sony.[6] Following the breach, the hackers implanted Wiper on Sony's computer infrastructure, a malware software program designed to erase data from the servers.[7]

Sony was made aware of the hack on Monday, November 24, 2014, as the malware previously installed rendered many Sony employees' computers inoperable by the software, with the warning by the Guardians of Peace, along with a portion of the confidential data taken during the hack.[8] Several Sony-related Twitter accounts were also taken over.[5] This followed a message that several Sony Pictures executives had received via email on the previous Friday, November 21; the message, coming from a group called "God'sApstls" [sic], demanded "monetary compensation" or otherwise, "Sony Pictures will be bombarded as a whole".[8] This email message had mostly gone ignored by executives, lost in the volume they had received or treated as spam email.[8] In addition to the activation of the malware on November 24, the message included a warning for Sony to decide on their course of action by 11pm that evening, although no apparent threat was made when that deadline passed.[8] In the days following this hack, the Guardians of Peace began leaking yet-unreleased films and started to release portions of the confidential data to attract the attention of social media sites, although they did not specify what they wanted in return.[8] Sony quickly organized internal teams to try to manage the loss of data to the Internet, and contacted the FBI and the private security firm FireEye, Inc., to help protect Sony employees whose personal data was exposed by the hack, repair the damaged computer infrastructure and trace the source of the leak.[8]

"This is absurd. Yet it is exactly the kind of behavior we have come to expect from a regime that threatened to take ‘merciless countermeasures’ against the U.S. over a Hollywood comedy, and has no qualms about holding tens of thousands of people in harrowing gulags."
—U.S. Ambassador to the U.N. Samantha Power

On December 8, 2014, alongside the eighth large data dump of confidential information, the Guardians of Peace (GOP) threatened Sony with language relating to the September 11 attacks that drew the attention of U.S. security agencies.[8][9] North Korean state-sponsored hackers are suspected by the United States of being involved in part due to specific threats made toward Sony and movie theaters showing The Interview, a comedy film about an assassination attempt against Kim Jong-un.[10] North Korean officials had previously expressed concerns about the film to the United Nations, stating that "to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war."[11]

In its first quarter financials for 2015, Sony Pictures set aside $15 million to deal with ongoing damages from the hack.[12] Sony has bolstered its cyber-security infrastructure as a result, using redundant solutions to prevent similar hacks or data loss in the future.[8] Sony co-chairperson, Amy Pascal, announced in the wake of the hack that she would step down as of May 2015, and instead will become more involved with movie production under Sony.[13]

Information obtained

According to a notice letter dated December 8, 2014, from SPE to its employees, SPE learned on December 1, 2014, that personally identifiable information about employees and their dependents may have been obtained by unauthorized individuals as a result of a "brazen cyber-attack", including names, address, social security numbers and financial information.[1] On December 7, 2014, C-SPAN reported that the hackers stole 47,000 unique Social Security numbers from the SPE computer network.[14]

Although personal data may have been stolen, early news reports focused mainly on celebrity gossip and embarrassing details about Hollywood and film industry business affairs gleaned by the media from electronic files, including private email messages, released by the computer criminals. Among the information revealed in the e-mails was that Sony CEO Kazuo Hirai pressured Sony Pictures co-chairwoman Amy Pascal to "soften" the assassination scene in the upcoming Sony film The Interview.[15] Many details relating to the actions of the Sony Pictures executives, including Pascal and Michael Lynton, were also released, in a manner that appeared to be intended to spur distrust between these executives and other employees of Sony.[8]

Other e-mails released in the hack showed Pascal and Scott Rudin, a film and theatrical producer, discussing Angelina Jolie. In the e-mails, Rudin referred to Jolie as "a minimally talented spoiled brat" and criticized her wanting David Fincher to direct her film Cleopatra, which Rudin felt would interfere with Fincher directing a planned film about Steve Jobs.[16] Pascal and Rudin were also noted to have had an e-mail exchange about Pascal's upcoming encounter with President Barack Obama that included characterizations described as racist.[17][18][19] The two had suggested they should mention films about African-Americans upon meeting the president, such as Django Unchained, 12 Years a Slave, and The Butler, all of which depict slavery in the United States or the pre-civil rights era.[17][18][19] Pascal and Rudin later apologized.[17][19][20] Details of lobbying efforts by politician Mike Moore on behalf of the Digital Citizens Alliance and FairSearch against Google were also revealed.[21]

The leak revealed multiple details of behind-the-scenes politics on Columbia Pictures' current Spider-Man film series, including e-mails between Pascal and others to various heads of Marvel Studios.[22] In addition to the emails, a copy of the script for the upcoming James Bond film Spectre, which is due to be released in 2015, was obtained.[23] Several future Sony Pictures films, including Annie, Mr. Turner, Still Alice and To Write Love on Her Arms, were also leaked.[24][25][26] The hackers intended to release additional information on December 25, 2014,[27] which coincided with the release date of The Interview in the United States.

In December 2014, former Sony Pictures Entertainment employees filed four lawsuits against the company for not protecting their data that was released in the hack, which included Social Security numbers and medical information.[28]

In January 2015, details were revealed of the MPAA's lobbying of the United States International Trade Commission to mandate US ISPs either at the internet transit level or consumer level internet service provider, to implement IP address blocking pirate websites as well as linking websites.[29]

Threats surrounding The Interview

On December 16, for the first time since the hack, the "Guardians of Peace" mentioned the then-upcoming film The Interview by name, and threatened to take terrorist actions against the film's New York City premiere at Sunshine Cinema on December 18, as well as on its American wide release date, set for December 25.[30] Sony pulled the theatrical release the following day.

“ We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you’d better leave.)

Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. All the world will denounce the SONY.[31]"

Seth Rogen and James Franco, the stars of The Interview, responded by saying they did not know if it was definitely caused by the film,[32] but later cancelled all media appearances tied to the film outside of the planned New York City premiere on December 16, 2014.[33] Following initial threats made towards theaters that would show The Interview, several theatrical chains, including Carmike Cinemas, Bow Tie Cinemas, Regal Entertainment Group, AMC Theatres and Cinemark Theatres, announced that they would not screen The Interview.[34][35][36] The same day, Sony stated that they would allow theaters to opt out of showing The Interview, but later decided to fully pull the national December 25 release of the film, as well as announce that there were "no further release plans" to release the film on any platform, including home video, in the foreseeable future.[37][38][39]

On December 18, two messages (both allegedly from the Guardians of Peace) were released. One, sent in a private message to Sony executives, stated that they would not release any further information if Sony never releases the film and removed its presence from the internet. The other, posted to Pastebin, a web application used for text storage that the Guardians of Peace have used for previous messages, stated that the studio had "suffered enough" and could release The Interview, but only if Kim Jong-un's death scene was not "too happy". The post also stated that the company cannot "test [them] again", and that "if [Sony Pictures] makes anything else, [they] will be here ready to fight".[40]

President Barack Obama, in an end-of-year press speech on December 19, commented on the Sony hacking and stated that he felt Sony made a mistake in pulling the film, and that producers should "not get into a pattern where you are intimidated by these acts".[41] He also said, "We will respond proportionally and we will respond in a place and time and manner that we choose."[42] In response to President Obama's statement, Sony Entertainment's CEO Michael Lynton said on the CNN talk show Anderson Cooper 360 that the public, the press and the President misunderstood the events. Lynton said that the decision to cancel the wide release was in response to a majority of theaters pulling their showings and not to the hackers' threats. Lynton stated that they will seek other options to distribute the film in the future, and noted "We have not given in. And we have not backed down. We have always had every desire to have the American public see this movie."[43][44]

On December 23, Sony opted to authorize approximately 300 mostly-independent theaters to show The Interview on Christmas Day, as the four major theater chains had yet to change their earlier decision not to show the film.[45][46] The FBI worked with these theaters to detail the specifics of the prior threats and how to manage security for the showings, but noted that there was no actionable intelligence on the prior threats.[47] Sony's Lynton stated on the announcement that "we are proud to make it available to the public and to have stood up to those who attempted to suppress free speech".[48] The Interview was also released to Google Play, Xbox Video, and YouTube on December 24.[49] No incidents predicated by the threats occurred with the release, and instead, the unorthodox release of the film led to it being considered a success due to increased interest in the film following the attention it had received.[50]

On December 27, the North Korean National Defence Commission released a statement accusing Obama of being "the chief culprit who forced the Sony Pictures Entertainment to indiscriminately distribute the movie ... Obama always goes reckless in words and deeds like a monkey in a tropical forest."[51]

U.S. accusations against North Korea

U.S. government officials stated on December 17, 2014 their belief that the North Korean government was "centrally involved" in the hacking, although there was initially some debate within the White House whether to publicly accuse North Korea.[4] White House officials treated the situation as a "serious national security matter",[52] and the Federal Bureau of Investigations (FBI) formally stated on December 19 that they connected the North Korean government to the cyber-attacks.[53][54] Including undisclosed evidence, these claims were made based on the use of similar malicious hacking tools and techniques previously employed by North Korean hackers—including the Bureau 121 on South Korean targets.[4][55] According to the FBI:[56]

• "[A] technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korea previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
• "The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack. The FBI later clarified that the source IP addresses were associated with a group of North Korean businesses located in Shenyang in northeastern China.[57]
• "Separately, the tools used in the SPE attack have similarities to a cyber-attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

The FBI later clarified more details of the attacks, attributing them to North Korea by noting that the hackers were "sloppy" with the use of proxy IP addresses that originated from within North Korea. FBI Director James Comey stated that Internet access is tightly controlled within North Korea, and as such, it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government.[58][59] The National Security Agency assisted the FBI in analyzing the attack, specifically in reviewing the malware and tracing its origins; NSA director Admiral Michael Rogers agreed with the FBI that the attack originated from North Korea.[60] A disclosed NSA report published by Der Spiegel stated that the agency had become aware of the origins of the hack due to their own cyber-intrusion on North Korean's network that they had set up in 2010, following concerns of the technology maturation of the country.[57]

N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say

By David E. Sanger and Martin Facklerjan

Jan. 18, 2015

WASHINGTON — The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth.

Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.

Is there "fifth party" collection?
Round Table

Dynamic Page -- Highest Possible Classification is TOP SECRET // SI / TK // REL TO USA, FVEY

(TS//SI//REL) "Fourth party collection" refers to passively or actively obtaining data from some other actor's CNE activity against a target. Has there ever been an instance of NSA obtaining information from Actor One exploiting Actor Two's CNE activity against a target that NSA, Actor One, and Actor Two all care about?

(TS//SI//REL) Edit: Awesome illustration per request:

asked 3 days ago


{TS//SI//REL) Yes. There was a project that I was working last year with regard to the South Korean CNE program. While we aren't super interested in SK (things changed a bit when they started targeting us a bit more), we were interested in North Korea and SK puts a lot of resources against them. At that point, our access to NK was next to nothing but we were able to make some inroads to the SK CNE program. We found a few instances where there were NK officials with SK implants on their boxes, so we got on the exfil points, and sucked back the data. Thats fourth party. (TS//SI//REL) However, some of the individuals that SK was targeting were also part of the NK CNE program. So I guess that would be the fifth party collect you were talking about. But once that started happening, we ramped up efforts to target NK ourselves (as you dont want to rely on an untrusted actor to do your work for you). But some of the work that was done there was able to help us gain access. (TS//SI//REL) I know of another instance (I will be more vague because I believe there are more compartments involved and parts are probably NF) where there was an actor we were going against. We realized there was another actor that was also going against them and having great success because of a 0 day they wrote. We got the 0 day out of passive and were able to re-purpose it. Big win. (TS//SI//REL) But they were all still referred to as fourth party.

answered 2 days ago

C: UK TOP SECRET STRAP1 COMINT AUSCANUKUSNZ (TS//SI//REL//) '4th Party' was, of course, a COMINT (and particularly a cryppie) term long before it was a CNE one (or CNE even existed). In a COMINT context, ISTR meeting a '5th Party' scenario from '70s: GCHQ station collected cipher on nation A's internal security comms. Broken cipher revealed collect (including cipher texts) by A's SIGINT against neighbouring nation B's internal security comms (so that was '4th Party'). Some of B's texts so obtained revealed intel derived from B's domestic intercept targets, so I guess that was '5th Party' ...

answere 1 day ago

Round Table Design: Round Table team, S31315, [DELETE] Content Steward and Page Publisher: Round Table Team, [DELETE]

Derived from: NSA/CSS Manual 1-52, Dated: 8 January 2007

Declassify on: 20320108

A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

Kim Heung-kwang, a defector, said that in the early 1990s, North Korean computer experts had an idea: Use the Internet to attack the nation’s foes. Credit Jean Chung for The New York Times

The evidence gathered by the “early warning radar” of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation.

Mr. Obama’s decision to accuse North Korea of ordering the largest destructive attack against an American target — and to promise retaliation, which has begun in the form of new economic sanctions — was highly unusual: The United States had never explicitly charged another government with mounting a cyberattack on American targets.

Mr. Obama is cautious in drawing stark conclusions from intelligence, aides say. But in this case “he had no doubt,” according to one senior American military official.

“Attributing where attacks come from is incredibly difficult and slow,” said James A. Lewis, a cyberwarfare expert at the Center for Strategic and International Studies in Washington. “The speed and certainty with which the United States made its determinations about North Korea told you that something was different here — that they had some kind of inside view.”

For about a decade, the United States has implanted “beacons,” which can map a computer network, along with surveillance software and occasionally even destructive malware in the computer systems of foreign adversaries. The government spends billions of dollars on the technology, which was crucial to the American and Israeli attacks on Iran’s nuclear program, and documents previously disclosed by Edward J. Snowden, the former security agency contractor, demonstrated how widely they have been deployed against China.

But fearing the exposure of its methods in a country that remains a black hole for intelligence gathering, American officials have declined to talk publicly about the role the technology played in Washington’s assessment that the North Korean government had ordered the attack on Sony.

The extensive American penetration of the North Korean system also raises questions about why the United States was not able to alert Sony as the attacks took shape last fall, even though the North had warned, as early as June, that the release of the movie “The Interview,” a crude comedy about a C.I.A. plot to assassinate the North’s leader, would be “an act of war.”

Dinner in Pyongyang

The N.S.A.’s success in getting into North Korea’s systems in recent years should have allowed the agency to see the first “spear phishing” attacks on Sony — the use of emails that put malicious code into a computer system if an unknowing user clicks on a link — when the attacks began in early September, according to two American officials.

Gen. James R. Clapper Jr. says he had dinner last fall with the man who later oversaw the Sony attack. Credit Mark Lennihan/Associated Press

But those attacks did not look unusual. Only in retrospect did investigators determine that the North had stolen the “credentials” of a Sony systems administrator, which allowed the hackers to roam freely inside Sony’s systems.

In recent weeks, investigators have concluded that the hackers spent more than two months, from mid-September to mid-November, mapping Sony’s computer systems, identifying critical files and planning how to destroy computers and servers.

“They were incredibly careful, and patient,” said one person briefed on the investigation. But he added that even with their view into the North’s activities, American intelligence agencies “couldn’t really understand the severity” of the destruction that was coming when the attacks began Nov. 24.

In fact, when, Gen. James R. Clapper Jr., the director of national intelligence, had an impromptu dinner in early November with his North Korean counterpart during a secret mission to Pyongyang to secure the release of two imprisoned Americans, he made no mention of Sony or the North’s growing hacking campaigns, officials say.

In a recent speech at Fordham University in New York, Mr. Clapper acknowledged that the commander of the Reconnaissance General Bureau, Kim Yong-chol, with whom he traded barbs over the 12-course dinner, was “later responsible for overseeing the attack against Sony.” (General Clapper praised the food; his hosts later presented him with a bill for his share of the meal.)

Asked about General Clapper’s knowledge of the Sony attacks from the North when he attended the dinner, Brian P. Hale, a spokesman for the director of national intelligence, said that the director did not know he would meet his intelligence counterpart and that the purpose of his trip to North Korea “was solely to secure the release of the two detained U.S. citizens.”

“Because of the sensitivities surrounding the effort” to win the Americans’ release, Mr. Hale said, “the D.N.I. was focused on the task and did not want to derail any progress by discussing other matters.” But he said General Clapper was acutely aware of the North’s growing capabilities.

Jang Sae-yul, a former North Korean army programmer who defected in 2007, speaking in an interview in Seoul, said: “They have built up formidable hacking skills. They have spent almost 30 years getting ready, learning how to do this and this alone, how to target specific countries.”

Still, the sophistication of the Sony hack was such that many experts say they are skeptical that North Korea was the culprit, or the lone culprit. They have suggested it was an insider, a disgruntled Sony ex-employee or an outside group cleverly mimicking North Korean hackers. Many remain unconvinced by the efforts of the F.B.I. director, James B. Comey, to answer critics by disclosing some of the American evidence.

The northeastern Chinese city of Shenyang, where there are North Korean-run hotels and restaurants, and an “attack base” to which some I.P. addresses have been traced. Credit Sheng Li/Reuters

Mr. Comey told the same Fordham conference that the North Koreans got “sloppy” in hiding their tracks, and that hackers periodically “connected directly and we could see them.”

“And we could see that the I.P. addresses that were being used to post and to send the emails were coming from I.P.s that were exclusively used by the North Koreans,” he said. Some of those addresses appear to be in China, experts say.

The skeptics say, however, that it would not be that difficult for hackers who wanted to appear to be North Korean to fake their whereabouts. Mr. Comey said there was other evidence he could not discuss. So did Adm. Michael S. Rogers, the N.S.A. director, who told the Fordham conference that after reviewing the classified data he had “high confidence” the North had ordered the action.

A Growing Capability

North Korea built its first computer with vacuum tubes in 1965, with engineers trained in France. For a brief time, it appeared ahead of South Korea and of China, which not only caught up but also came to build major elements of their economic success on their hardware and software.

Defectors say that the Internet was first viewed by North Korea’s leadership as a threat, something that could taint its citizens with outside ideas.

But Kim Heung-kwang, a defector who said in an interview that he helped train many of the North’s first cyberspies, recalled that in the early 1990s a group of North Korean computer experts came back from China with a “very strange new idea”: Use the Internet to steal secrets and attack the government’s enemies. “The Chinese are already doing it,” he quoted one of the experts as saying.

Defectors report that the North Korean military was interested. So was the ruling Workers’ Party, which in 1994 sent 15 North Koreans to a military academy in Beijing to learn about hacking. When they returned, they formed the core of the External Information Intelligence Office, which hacked into websites, penetrated fire walls and stole information abroad. Because the North had so few connections to the outside world, the hackers did much of their work in China and Japan.

According to Mr. Kim, the military began training computer “warriors” in earnest in 1996 and two years later opened Bureau 121, now the primary cyberattack unit. Members were dispatched for two years of training in China and Russia. Mr. Jang said they were envied, in part because of their freedom to travel.

“They used to come back with exotic foreign clothes and expensive electronics like rice cookers and cameras,” he said. His friends told him that Bureau 121 was divided into different groups, each targeting a specific country or region, especially the United States, South Korea and the North’s one ally, China.

“They spend those two years not attacking, but just learning about their target country’s Internet,” said Mr. Jang, 46, who was a first lieutenant in a different army unit that wrote software for war game simulations.

Mr. Jang said that as time went on, the North began diverting high school students with the best math skills into a handful of top universities, including a military school specializing in computer-based warfare called Mirim University, which he attended as a young army officer.

Others were deployed to an “attack base” in the northeastern Chinese city of Shenyang, where there are many North Korean-run hotels and restaurants. Unlike the North’s nuclear and ballistic missile programs, the cyberforces can be used to harass South Korea and the United States without risking a devastating response.

“Cyberwarfare is simply the modern chapter in North Korea’s long history of asymmetrical warfare,” said a security research report in August by Hewlett-Packard.

An Attack in Seoul

When the Americans first gained access to the North Korean networks and computers in 2010, their surveillance focused on the North’s nuclear program and its leadership, as well as efforts to detect attacks aimed at United States military forces in South Korea, said one former American official. (The German magazine Der Spiegel published an N.S.A. document on Saturday that provides some details of South Korea’s help in spying on the North.) Then a highly destructive attack in 2013 on South Korean banks and media companies suggested that North Korea was becoming a greater threat, and the focus shifted.

“The big target was the hackers,” the official said.

That attack knocked out almost 50,000 computers and servers in South Korea for several days at five banks and television broadcasters.

The hackers were patient, spending nine months probing the South Korean systems. But they also made the mistake seen in the Sony hack, at one point revealing what South Korean analysts believe to have been their true I.P. addresses. Lim Jong-in, dean of the Graduate School of Information Security at Korea University, said those addresses were traced back to Shenyang, and fell within a spectrum of I.P. addresses linked to North Korean companies.

The attack was studied by American intelligence agencies. But after the North issued its warnings about Sony’s movie last June, American officials appear to have made no reference to the risk in their discussions with Sony executives. Even when the spear-phishing attacks began in September — against Sony and other targets — “it didn’t set off alarm bells,” according to one person involved in the investigation.

The result is that American officials began to focus on North Korea only after the destructive attacks began in November, when pictures of skulls and gruesome images of Sony executives appeared on the screens of company employees. (That propaganda move by the hackers may have worked to Sony’s benefit: Some employees unplugged their computers immediately, saving some data from destruction.)

It did not take long for American officials to conclude that the source of the attack was North Korea, officials say. “Figuring out how to respond was a lot harder,” one White House official said.

David E. Sanger reported from Washington, and Martin Fackler from Seoul, South Korea. Nicole Perlroth contributed reporting from San Francisco.

A version of this article appears in print on January 19, 2015, on page A1 of the New York edition with the headline: Tracking the Cyberattack on Sony to North Koreans.

The North Korean news agency KCNA denied the "wild rumours" of North Korean involvement, but said that "The hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal."[9][61][23] North Korea offered to be part of a joint probe with the United States to determine the hackers' identities, threatening consequences if the United States refused to collaborate and continued the allegation.[62][63] The U.S. refused and asked China for investigative assistance instead.[64] Some days after the FBI's announcement, North Korea temporarily suffered a nationwide Internet outage, which the country claimed to be the United States' response to the hacking attempts.[65]

On the day following the FBI's accusation of North Korea's involvement, the FBI received an e-mail purportedly from the hacking group, linking to a YouTube video entitled "you are an idiot!", apparently mocking the organization.[66][67][68]

On December 19, 2014, U.S. Secretary of Homeland Security Jeh Johnson released a statement saying, "The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life." He encouraged businesses and other organizations to use the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) to assess and limit cyber risks and protect against cyber threats.[69] On the same day, U.S. Secretary of State John Kerry published his remarks condemning North Korea for the cyber-attack and threats against movie theatres and moviegoers. "This provocative and unprecedented attack and subsequent threats only strengthen our resolve to continue to work with partners around the world to strengthen cybersecurity, promote norms of acceptable state behavior, uphold freedom of expression, and ensure that the Internet remains open, interoperable, secure and reliable," said he.[70]

On January 2, 2015, the U.S. installed additional economic sanctions on already-sanctioned North Korea for the hack,[71] which North Korean officials called out as "groundlessly stirring up bad blood towards" the country.[72]

Doubts about accusations against North Korea

Members of the press and various cybersecurity experts have expressed doubt about the claims that North Korea was behind the hack. Cyber security experts, independently analyzing the hack separately from the FBI—including Kurt Stammberger from cyber security firm Norse,[73][74] DEFCON organizer and Cloudflare researcher Marc Rogers,[75] Sabu,[76] and Kim Zetter, a security journalist at Wired Magazine[77]—have tended to agree that North Korea was not behind the attack.

Michael Hiltzik, a Los Angeles Times journalist, said that all evidence against North Korea was "circumstantial" and that some cybersecurity experts were "skeptical" about accusations against the government.[78] Cybersecurity expert Lucas Zaichkowsky said, "State-sponsored attackers don't create cool names for themselves like 'Guardians of Peace' and promote their activity to the public."[79] Kim Zetter of Wired magazine called released evidence against the government "flimsy".[80] Former hacker Hector Xavier Monsegur, who once hacked into Sony, explained to CBS News that exfiltrating one or one hundred terabytes of data would have taken months or years, not weeks, "without anyone noticing". Moreover, Monsegur doubted the accusations due to North Korea's possibly insufficient infrastructure to handle much data. He believed that it could have been either Chinese, Russian, or anyone else.[81]

Stammberger provided Norse's findings to the FBI that postulates the hack was an inside job, stating, "Sony was not just hacked; this is a company that was essentially nuked from the inside. We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history."[82] Stammberger believes that the security failure may have originated from six disgruntled former Sony employees, based on their past skillsets and discussions these people made in chat rooms. Norse employees identified these people from a list of workers that were eliminated from Sony during a restructuring in May 2014, and noted that some had made very public and angry responses to their firing, and would be in appropriate positions to identify the means to access secure parts of Sony's servers.[83][84][85] After a private briefing lasting three hours, the FBI formally rejected Norse's alternative assessment.[86]


In December 2014, Sony requested that the media stop covering the hack.[2] Sony also threatened legal action if the media did not comply, but according to law professor Eugene Volokh, Sony's legal threats are "unlikely to prevail".[87] Sony then threatened legal action against Twitter if it did not suspend accounts of people who posted the hacked material.[88] American screenwriter Aaron Sorkin wrote an op-ed for The New York Times opining that the media was helping the hackers by publishing and reporting on the leaked information.[89] On December 18, Reddit took the unusual step of banning a subpage called "SonyGOP" that was being used to distribute the hacked files.[90]

The threats made directly at Sony over The Interview was seen by many as a threat on free speech. The decision to pull the film was criticized by several Hollywood filmmakers and actors, including Ben Stiller, Steve Carell, Rob Lowe, Jimmy Kimmel and Judd Apatow.[91][92] Some commentators contrasted the situation to the non-controversial release of the 2004 Team America: World Police, a film that mocked the leadership of North Korea's prior leader, Kim Jong-il.[93] The Alamo Drafthouse was poised to replace showings of The Interview with Team America until the film's distributor Paramount Pictures ordered the theaters to stop.[94]

In light of the threats made to Sony over The Interview, New Regency cancelled its March 2015 production plans for a film adaption of the graphic novel, Pyongyang: A Journey in North Korea, which was set to star Steve Carell.[95] Hustler announced its intentions to make a pornographic parody film of The Interview. Hustler founder Larry Flynt said, "If Kim Jong-un and his henchmen were upset before, wait till they see the movie we're going to make".[96]

In China, the media coverage of the hackings has been limited, including in search engines except Google, which has given out 36 million results. Hua Chunying, a spokeswoman of foreign affairs, "shied away from directly addressing" the Sony hacking situation.[97] On December 25, 2014, Russia offered sympathy to North Korea, saying it was "quite understandable" that North Korea would be upset over the film. Russia said American threats of retaliation were "counterproductive and dangerous", and that the US did not provide any proof of who hacked Sony.[98]

In the wake of the hack, President Obama issued a legislative proposal to Congress to update current laws such as the Racketeer Influenced and Corrupt Organizations Act and introduce new ones to allow federal and national law enforcement officials to better respond to cybercrimes like the Sony hack, and to be able to prosecute such crimes compatibly to similar off-line crimes, while protecting the privacy of Americans.[99]


1. "Sony Pictures Entertainment Notice Letter" (PDF). State of California Department of Justice Office of the Attorney General. December 8, 2014. Retrieved December 20, 2014.
2. "Sony Asks Media to Stop Covering Hacked Emails". Time. December 16, 2014. Retrieved December 17, 2014.
3. Weise, Elizabeth (December 17, 2014). "Experts: Sony hackers 'have crossed the line'". USA Today. Retrieved December 17, 2014.
4. Sanger, David E.; Perlroth, Nicole (December 17, 2014). "U.S. Links North Korea to Sony Hacking". The New York Times. Retrieved December 17, 2014.
5. Zetter, Kim (December 3, 2014). "Sony Got Hacked Hard: What We Know and Don’t Know So Far". Wired. Retrieved January 4, 2015.
6. James Cook (December 16, 2014). "Sony Hackers Have Over 100 Terabytes Of Documents. Only Released 200 Gigabytes So Far". Business Insider. Retrieved December 18, 2014.
7. Palilery, Jose (December 24, 2014). "What caused Sony hack: What we know now". CNN Money. Retrieved January 4, 2015.
8. Seal, Mark (February 4, 2015). "An Exclusive Look at Sony’s Hacking Saga". Vanity Fair. Retrieved February 4, 2015.
9. "Sony hack: White House views attack as security issue". BBC. December 18, 2014. Retrieved December 18, 2014.
10. Ben Child. Hackers demand Sony cancel release of Kim Jong-un-baiting comedy, The Guardian. 9 December 2014.
11. Beaumont-Thomas, Ben (July 10, 2014). "North Korea complains to UN about Seth Rogen comedy The Interview". The Guardian. Retrieved December 18, 2014.
12. Frizell, Sam (February 4, 2015). "Sony Is Spending $15 Million to Deal With the Big Hack". Time. Retrieved February 4, 2015.
13. Cieply, Michael; Barnes, Brooks (February 5, 2015). "Amy Pascal Leaving as Sony Studio Chief". New York Times. Retrieved February 5, 2015.
14. "Washington Journal – Hacking and Cybersecurity Threats". C-SPAN. December 7, 2014. Retrieved December 22, 2014.
15. Fackler, Martin (December 15, 2014). "Sony's International Incident: Making Kim Jong-un's Head Explode". The New York Times. Retrieved December 15, 2014.
16. Stedman, Alex (December 9, 2014). "Leaked Sony Emails Reveal Nasty Exchanges and Insults". Variety. Retrieved March 3, 2015.
17. Mike Fleming, Jr., Scott Rudin Apologizes After Leak Of Sony’s Hacked Racially Insensitive E-Mails On Barack Obama,, December 11, 2014
18. Variety Staff, Sony’s Amy Pascal Apologizes for Obama Emails, Variety, December 11, 2014
19. Christopher Rosen, Scott Rudin & Amy Pascal Apologize After Racially Insensitive Emails About Obama Leak, The Huffington Post, December 11, 2014
20. ... -leak.html
21. WINGFIELD, NICK (December 16, 2014). "Google’s Detractors Take Their Fight to the States". Retrieved 1 January 2015.
22. Fritz, Ben (December 9, 2014). "Sony, Marvel Discussed Spider-Man Movie Crossover". The Wall Street Journal. Retrieved December 18, 2014.
23. Stedman, Alex (December 14, 2014). "Sony Hack: Bond Producers Say 'Spectre' Screenplay Among Stolen Material". Variety. Retrieved December 15, 2014.
24. Justin McCurry. "North Korea denies hacking Sony Pictures". the Guardian. Retrieved December 17, 2014.
25. "Hackers who targeted Sony invoke 9/11 attacks in warning to moviegoers". The Guardian. Retrieved December 17, 2014.
26. "Sony's New Movies Leak Online Following Hack Attack". NBC News. Retrieved December 1, 2014.
27. Weise, Elizabeth (December 15, 2014). "Sony fights hack damage as new threats emerge". USA Today. Retrieved December 15, 2014.
28. Ellis, Ralph (December 20, 2014). "Lawsuits say Sony Pictures should have expected security breach". Retrieved December 21, 2014.
29. Brandom, Russell (2 January 2015). "The MPAA has a new plan to stop copyright violations at the border". The Verge. Retrieved 4 January 2015.
30. Rushe, Dominic (December 17, 2014). "Hackers who targeted Sony invoke 9/11 attacks in warning to moviegoers". The Guardian. Retrieved December 18, 2014.
31. Boot, William (December 17, 2014). "Exclusive: Sony Emails Say State Department Blessed Kim Jong-Un Assassination in ‘The Interview’". The Daily Beast. Retrieved December 19, 2014.
32. "Seth Rogen and James Franco Address the Sony Hack". ABC News. December 15, 2014. Retrieved December 15, 2014.
33. Stedman, Alex (December 16, 2014). "Seth Rogen and James Franco Cancel All Media Appearances for 'The Interview'". Variety. Retrieved December 16, 2014.
34. Kilday, Gregg (December 16, 2014). "Sony Hack: Carmike Cinemas Drops 'The Interview'". The Hollywood Reporter. Retrieved December 17, 2014.
35. Weise, Elizabeth (December 17, 2014). "Second theater chain pulls "The Interview" after hacker threats". USA Today. Retrieved December 17, 2014.
36. Kilday, Gregg (December 17, 2014). "Top Five Theater Circuits Drop 'The Interview' After Sony Hack". The Hollywood Reporter. Retrieved December 17, 2014.
37. Grow, Kory (December 17, 2014). "Sony Cancels 'Interview' New York Premiere Amid Terror Threats". Rolling Stone. Retrieved December 17, 2014.
38. Lang, Brent (December 17, 2014). "Sony Cancels Theatrical Release for 'The Interview' on Christmas". Variety. Retrieved December 17, 2014.
39. McNary, Dave (December 17, 2014). "Sony Has 'No Further Release Plans' for 'The Interview'". Variety. Retrieved December 17, 2014.
40. Weise, Elizabeth; Johnson, Kevin (December 19, 2014). "FBI confirms North Korea behind Sony hack". USA Today. Retrieved December 19, 2014.
41. "US President Barack Obama holds last news briefing of 2014". BBC. December 19, 2014. Retrieved December 19, 2014.
42. "Obama Pledges Proportional Response to Sony Hack". ABCNews. Dec 19, 2014.
43. Pallotta, Frank (December 19, 2014). "Sony exec fires back at President Obama". CNN Money. Retrieved December 19, 2014.
44. "Sony 'will not drop' North Korea film The Interview". BBC. December 19, 2014. Retrieved December 19, 2014.
45. Shaw, Lucas (December 23, 2014). "Sony to Release The Interview in More Than 300 Theaters on Christmas Day". Bloomberg. Retrieved December 26, 2014.
46. "The Interview: Obama hails move to screen North Korea film." BBC. Retrieved December 24, 2014.
47. Brown, Pamela (December 24, 2014). "FBI reaching out to theaters screening 'The Interview'". CNN. Retrieved December 29, 2014.
48. Coyle, Jake (December 23, 2014). "Sony announces limited release of ‘The Interview’". Boston Globe. Retrieved December 29, 2014.
49. Kelsey, Eric (24 December 2014). "Sony releases 'The Interview' on Youtube, other Internet channels". Reuters. Retrieved 24 December 2014.
50. Hamedy, Saba (December 28, 2014). "'The Interview' finds its audience at indie theaters, online". Los Angeles Times. Retrieved December 29, 2014.
51. "North Korea berates Obama over The Interview release". BBC News. December 27, 2014. Retrieved December 30, 2014.
52. Bacle, Ariana (December 18, 2014). "White House is treating Sony hack as 'serious national security matter'". Entertainment Weekly. Retrieved December 18, 2014.
53. "FBI — Update on Sony Investigation". FBI. December 19, 2014. Retrieved December 22, 2014.
54. Weise, Elizabeth; Johnson, Kevin (December 19, 2014). "FBI confirms North Korea behind Sony hack". USA Today. Retrieved December 19, 2014.
55. "Sony cyber attack linked to North Korean government hackers, FBI says". The Guardian. 19 December 2014. Retrieved 19 December 2014.
56. "Update on Sony Investigation" (Press release). Federal Bureau of Investigation. December 19, 2014. Retrieved December 19, 2014.
57. Sanger, David E.; Fackler, Martin (January 18, 2015). "N.S.A. Tapped Into North Korean Networks Before Sony Attack, Officials Say". New York Times. Retrieved January 19, 2015.
58. Brandom, Russell (January 7, 2015). "FBI Director Comey reveals new details on the Sony hack". The Verge. Retrieved January 7, 2015.
59. "FBI details North Korean attack on Sony", CNBC, Jan. 8, 2014
60. Frizeel, Sam (January 8, 2015). "NSA Director on Sony Hack: ‘The Entire World is Watching’". Time. Retrieved January 9, 2015.
61. ... -12ee.html
62. "North Korea seeks joint probe with US on Sony hack". BBC. December 20, 2014. Retrieved December 20, 2014.
63. "North Korea demands joint inquiry with US into Sony Pictures hack". The Guardian. December 20, 2014. Retrieved December 20, 2014.
64. Makinen, Julie (December 20, 2014). "North Korea decries U.S. allegations on Sony hack; U.S. turns to China." Los Angeles Times. Retrieved December 21, 2014.
65. Helsel, Phil (December 26, 2014). "North Korea Insults Obama, Blames U.S. For Internet Outages". NBC News. Retrieved December 29, 2014.
66. "Hackers 'mock' FBI investigation into Sony cyber attack." ITV News. December 20, 2014. Retrieved December 21, 2014.
67. Boot, William (December 20, 2014). "Sony Hackers Guardians of Peace Troll FBI, Anonymous Convinced Hack Didn't Come From North Korea." The Daily Beast. Retrieved December 21, 2014.
68. Gajewski, Ryan; Siegel, Tatiana (December 20, 2014). "Sony Hackers Appear to Mock FBI in Latest Message." The Hollywood Reporter. Retrieved December 21, 2014.
69. "Statement By Secretary Johnson On Cyber Attack On Sony Pictures Entertainment". United States Department of Homeland Security. December 19, 2014. Retrieved December 24, 2014.
70. "Condemning Cyber-Attack by North Korea". United States Department of State. December 19, 2014. Retrieved December 24, 2014.
71. Lederman, Josh (January 2, 2015). "US slaps sanctions on North Korea after Sony hack". Associated Press. San Francisco Chronicle. Retrieved January 5, 2015.
72. Siddique, Haroon (January 4, 2015). "North Korea responds with fury to US sanctions over Sony hack". The Guardian. Retrieved January 5, 2015.
73. Kopan, Tal (29 December 2014). "U.S.: No alternate leads in Sony hack". Retrieved 4 January 2015.
74. "New evidence Sony hack was "inside job", not North Korea". Retrieved 4 January 2015.
75. Rogers, Marc. "Why the Sony hack is unlikely to be the work of North Korea.". Retrieved January 4, 2015.
76. "Ex-Anonymous hacker questions North Korea's role in Sony hack". December 18, 2014. Retrieved January 4, 2015.
77. Zetter, Kim. "Evidence of North Korea hack is thin". Wired. Retrieved January 4, 2015.
78. Hiltzik, Michael (December 19, 2014). "The Sony hack: What if it isn't North Korea?" Los Angeles Times. Retrieved December 21, 2014.
79. Mendoza, Martha (December 3, 2014). "Security experts doubt North Korea hacked into Sony; regime is angry over new Seth Rogen movie." Associated Press ( Retrieved December 21, 2014.
80. Zetter, Kim (December 17, 2014). "The Evidence That North Korea Hacked Sony Is Flimsy." Wired. Retrieved December 21, 2014.
81. Monsegur, Hector (December 18, 2014). Former Anonymous hacker doubts North Korea behind Sony attack. CBS News. Interview with Elaine Quijano. Retrieved December 21, 2014.
82. "Did the FBI get it wrong on North Korea?" CBS News. December 23, 2014. Retrieved December 24, 2014.
83. Kiss, Jemina (December 30, 2014). "Sony hack: sacked employees could be to blame, researchers claim". The Guardian. Retrieved December 30, 2014.
84. Kopan, Tal (December 29, 2014). "FBI briefed on alternate Sony hack theory". Politico. Retrieved December 30, 2014.
85. Nussbaum, Daniel (December 29, 2014). "Private Intelligence Firm Briefs FBI: SONY Hack Could Have Been An Inside Job". Breitbart News Network. Retrieved December 30, 2014.
86. Tal Kopan. FBI rejects alternate Sony hack theory,, December 30, 2014.
87. Volokh, Eugene (December 15, 2014). "Can Sony sue media outlets who publish the stolen Sony documents?". The Washington Post. Retrieved December 15, 2014.
88. Isidore, Chris. "Sony threatens Twitter with lawsuit over hack tweets". December 23, 2014. Retrieved December 27, 2014.
89. Sorkin, Aaron (December 15, 2014)."The Sony Hack and the Yellow Press". The New York Times. Retrieved December 16, 2014.
90. Goldman, David (December 29, 2014). "Reddit takes down Sony hack forum". Retrieved 4 January 2015.
91. Sinha-Roy, Piya (Dec 17, 2014). "Hollywood slams Sony, movie theaters for canceling 'The Interview'". Reuters. Retrieved December 18, 2014.
92. Marcus, Stephanie (December 7, 2014). "Celebrities React To Sony Canceling 'The Interview' Release". The Huffington Post. Retrieved December 18, 2014.
93. Rife, Katie (December 18, 2014). "Alamo Drafthouse replaces The Interview with Team America: World Police—or not". A.V. Club. Retrieved December 18, 2014.
94. Farnham, Donovan (December 18, 2014). "Paramount tells theaters no 'Team America: World Police'". San Jose Mercury News. Retrieved December 18, 2014.
95. Ford, Rebecca (December 17, 2014). "Steve Carell's North Korea Thriller Dropped After Sony Hack". The Hollywood Reporter. Retrieved December 17, 2014.
96. "Take That, Jong-un! Hustler Plans 'The Interview' Porn Parody". AVN. December 19, 2014. Retrieved December 20, 2014.
97. Ripley, Will. China censors news on Sony hack. CNN. Retrieved December 24, 2014.
98. "Russia offers support to North Korea amid Sony hack". Yahoo! News. AP. December 25, 2014. Retrieved December 25, 2014.
99. Daunt, Tina; Szalai, Georg (January 13, 2015). "White House Unveils Proposal for Cybersecurity Legislation in Wake of Sony Hack". Hollywood Reporter. Retrieved January 13, 2015.
Site Admin
Posts: 36188
Joined: Thu Aug 01, 2013 5:21 am

Return to A Growing Corpus of Analytical Materials

Who is online

Users browsing this forum: No registered users and 7 guests