View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 5, 2014

How and why Sony was hacked

Malware and revenge are responsible for perhaps the worst corporate hack in history.

By Jimmy Nicholls

The morning of Monday, November 25 would have seemed like a normal day to the staff of Sony Pictures, at least until they turned on their computers.

What faced the sony workers on that morning was a picture of a red skeleton leering at them from their monitors.

That image was the handiwork of a group known as the Guardians of Peace (GOP), a previously unheard of hacking group. Its attack had rendered Sony ‘s computers systems useless, with only a cryptic message by way of explanation.

"We’ve already warned you, and this is just [the] beginning," the message read. "We [will] continue [until] our request [is] met. If you don’t obey us, we’ll release data shown below to the world." At this point it was not clear what that data include, other than internal information and "top secrets".

Why would someone hack Sony?

Even more mysterious was the motive behind the attack. Just after the hit on the infrastructure, a hacked Twitter account for the film Starship Troopers: Invasion was defaced with another message: "You, the criminals including Michael Lynton [chief executive of Sony Entertainment], will surely go to hell. Nobody can help you."

Below that was a picture of a gravestone with the Sony logo on it, prompting rumours the hackers were out to get Sony for their behaviour in the entertainment industry. On the tech website Re/code a stranger story emerged, with the site claiming that "sources familiar with the matter" had told it Sony was investigating a potential link with North Korea.

Arik Hesseldahl, senior editor and author of the piece, noted that The Interview, a Sony film due to be released on Christmas Day, had caused offence in Pyongyang, with a spokesman for the North Korean government telling the Daily Telegraph that it showed "the desperation of the US government and American society".

Content from our partners
Infosecurity Europe 2024: Rethink the power of infosecurity
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond

Much of the press ran with the story, though the evidence behind it was flimsy, and Sony has since neither denied nor confirmed the rumour. "My first reaction is that it’s probably a false flag, that it’s probably not North Korea," said Andrew Conway, research analyst at security company Cloudmark. "I guess it’s possible, but it seems a strange target."

His view was corroborated by a source claiming to be from GOP that spoke to CSO, a tech website. "We are an international organisation including famous figures in the politics and society from several nations such as United States, United Kingdom and France," they said. "We are not under direction of any state."

According to the source, The Interview was not what had prompted the group, but the fact the media had picked up on it showed how dangerous such a film was it was. They said: "Sony Pictures produced the film harming the regional peace and security and violating human rights for money."

Other sources also indicated personal grudges were involved. Speaking to the Verge, a GOP member called "lena" saying they "worked with other staff with similar interests to get in". A Reddit user claiming to be from Sony who had leaked the skeleton picture also said: "Everyone has been on edge there, morale is terrible, and good people were getting fired left and right."

What’s the damage?

With the story rumbling on until the weekend, GOP decided to make good on its threat. "Screeners", or advanced film screenings, for five of Sony’s recent films were leaked to the internet, with only the war film Fury starring Brad Pitt having already been released to cinemas.

Consumer response was, disappointingly for Sony, rather positive. Fury alone clocked up 1.2 million downloads before the weekend was out, while the other titles Annie, Still Alice, Mr Turner and To Write Love In Her Arms managed 400,000 between them.

This was embarrassing enough for the company, but worse was to come. On Tuesday, December 2, a memo from Lynton and Amy Pascal, co-chair of Sony Pictures Entertainment, went round the firm, saying that "a large amount of confidential Sony Pictures Entertainment data" had been taken, "including personnel information and business documents".

At this point GOP upped the ante, dumping a load of company data on Pastebin and then emailing it to journalists, who quickly spread the news that a huge amount of employee information was now available online, including 3,803 social security numbers, executive salaries and movie budgets. For their part Sony offered to remediate their employees, offering them all identity protection.

Around the same time the FBI issued a warning to American businesses, telling them that malware had been used in a "destructive" attack on US soil. Trend Micro, a security firm, obtained a sample of the virus in question, and found a variant of it contained the skeletal wallpaper used against Sony, confirming in its employees minds the FBI’s warning was about the attack.

Kurt Baumgartner, principal security researcher at Kaspersky Lab, also noted that there were similarities between the malware, identified as Destover, and previous viruses used to attack corporations, Shamoon and DarkSeoul. "It is extraordinary that such unusual and focused acts of large scale cyber-destruction are being carried out with clearly recognizable similarities," he added.

After a few days of trawling through the data, journalist had come up with some exciting scoops. Fusion, a news site, criticised Sony Pictures’ gender balance at the executive level, while many other sites leaked details of actor salaries, scripts for unreleased films and TV shows, and more social security numbers, this time totalling 47,000, according to the Wall Street Journal.

What is clear is that Sony has suffered what is the worst hack in its history, having previously made headlines for a £250,000 fine after an attack on the PlayStation network. While the damage on the company this time is uncertain, many believe it could be the worse corporate hack ever, including the breaches on Target and Home Depot.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.