Sony Pictures Cyber-Attack Worse Than Originally Thought

Gate to Sony

Image courtesy of Sony Pictures Entertainment

Sony Pictures Cyber-Attack Worse Than Originally Thought
| published December 7, 2014 |

By R. Alan Clanton
Thursday Review editor

Though it denies that it was behind last week’s high-profile, now infamous cyber-attack on Sony Pictures, North Korea announced to the world early Sunday that it regarded the massive data breach as “a righteous deed by supporters and sympathizers” of North Korea.

Last week, a group identifying itself as Guardians of Peace, attacked and disrupted the computer network, file servers and email platforms of Sony Pictures. The cyber-attack included the theft and premature release of several films—including the new Annie, and the movie Mr. Turner—along with the theft of movies now at theaters, including Fury, starring Brad Pitt and Shia LeBouf. Employees were unable to send or receive emails, and according to law enforcement thousands of documents and spreadsheets were stolen, then, posted on the internet—including files which revealed salaries and benefits packages.

Among the other movies released in digital format: The Interview, starring Seth Rogen and James Franco, a comedy-satire in which two amateur web journalists are recruited by the CIA to arrange a face-to-face meeting with North Korean leader Kim Jong-un, at which time the recruits are supposed to assassinate the young Kim. Though clearly a farce, when word of the screenplay reached North Korea earlier this year, officials in Pyongyang declared it an “act of war.”

Coupled with the presence of computer code written in Korean, some law enforcement officials said that they could not rule out the possibility that the cyber-attack was the work directly of North Korea’s elite cyber battalion, known only as Unit 121. The Sony Pictures’ cyber-attack, computer security experts have told reporters, bears a strong resemblance to similar attacks waged by North Korea against banks and financial institutions in South Korea and other countries in 2012 and 2013.

North Korea’s official denial of involvement, however, carries little weight among those investigating and analyzing the data breach. Some investigators have said bluntly that the apparent links to North Korea could just as easily be a ruse to distract attention from the fact that the attack may have been the work of disgruntled insiders or online pranksters.

On the other hand, some cyber-security experts say that North Korea’s denials—exaggerated though they are—bear a striking resemblance to similar denials of past activities.

“We do not know where in America the Sony Pictures is situated,” Pyongyang’s statement reads, “or for what wrongdoings it became the target of the attack, nor do we feel the need to know. But clearly what we know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while also hurting the dignity of the supreme leadership.” The statement also said that North Korea has many supporters around the world.

Pyongyang is highly protective of the image and reputation of its top leaders which, for decades, have been members of the Kim family. The regime regards any form of media parody or satire to be not only an insult to the family’s reputation, but also tantamount to a direct attack on the country. When word of the script and production of The Interview first reached Pyongyang, North Korea’s response was to petition the United Nations for a quick resolution. When the U.N. opted not to act, North Korea began its campaign of bluster and threat.

The FBI has been investigating the Sony Pictures data breach for more than a week, and Sony has also enlisted the forensic assistance of several highly skilled cyber security firms to sort out what happened. Sony Pictures’ entire computer network was down for more than 24 hours, and experts have said that it may be weeks before all computer operations are working normally again. Many of the computers affected by the attack had their hard drives wiped clean by the highly-efficient malware injected into the network by the attackers. As a result, there is no “system-wide” fix for the problems now facing Sony, and each computer must be cleaned and rebooted manually.

Among those contractors hired to clean up the security problems at Sony was Fire Eye’s Mandiant team. Mandiant employs experts versed in both the restoration of computer systems, as well as detection of the source of cyber-attacks. Mandiant is best known for its work in the wake of the massive Target data breach last year, in which the credit card and debit card data of tens of millions of Target customers was stolen by hackers.

The Interview is scheduled for a Christmas Day release in the United States and Canada, but may hit some theaters in some markets early—a marketing adjustment, perhaps, meant to mitigate some of the potential loss from the breach. Annie and Mr. Turner, some analysts believe, may have been downloaded hundreds of thousands of times within the first few days that pre-release copies became available illegally online.

Reuters has reported that some of the experts hired by Sony Pictures have said that the cyber-attacked against the Hollywood studio may be one of the most intrusive and well-organized ever launched against a U.S. company. Employees who first arrived to work the day of the attack found that their computers were locked-up, displaying only a red skull and a message identifying the attack as the work of Guardians of Peace. Sony’s own networking team said that both their firewalls and anti-virus protection programs were insufficient to stop the attack.

Related Thursday Review articles:

North Korea Cyber-Attack: Real, or Smokescreen?; Thursday Review; December 5, 2014.

Movie Heist: Did North Korea Hack Sony Pictures?; Thursday Review; December 2, 2014.