2014 Sony Pictures Hack
Part of a series on North Korea. [View Related Entries]
Overview
2014 Sony Pictures Hack refers to a cyberattack which compromised the Sony Pictures entertainment company's computer network in late November 2014, resulting in the leak of several unreleased films and confidential information regarding Sony staff.
Background
The Interview
On June 11th, 2014, Sony Pictures Entertainment’s official YouTube channel uploaded the first teaser trailer for the upcoming American political action-comedy film The Interview. The film follows the story of a talk show host and his producer, portrayed by James Franco and Seth Rogen respectively, who are tasked by the CIA to assassinate Kim Jong-un under the pretext of conducting an interview with North Korean dictator. Within six months, the trailer gained over 7.4 million views.
On June 25th, a representative for the North Korean Ministry of Foreign Affairs released a statement[2] about the film, saying:
“If the United States administration tacitly approves or supports the release of this film, we will take a decisive and merciless countermeasure.”
The same day, Seth Rogen[1] tweeted a joking response to the threat. In less than 48 hours, the tweet received over 8,000 favorites and over 5,000 retweets.
Sony Pictures Entertainment Hack
In late November 2014, weeks before the box office premiere of The Interview, Sony Pictures Entertainment’s online database was hit by critical cyberattacks from a group of hackers who identified themselves as the Guardians of Peace (GOP), leading to the leak of private corporate data at an unprecedented volume in the tens of terabytes in early December. Among other things, the leaked data included many scripts and screeners of recently released or upcoming films to be distributed by the studio, including Fury, Annie, Still Alice, Mr. Turner and To Write Love On Her Arms, as well as the personally identifiable information and corporate profiles of over 6,000 employees.
Notable Developments
North Korea's Denial of Involvement
On December 4th, North Korean officials released a statement denying any involvement in the cyberattack, though one of them implied that the hack “might [have been] a righteous deed” of its supporters or sympathizers. Also on December 4th, researchers at the computer security firm AlienVault revealed that the computer that compiled the malware responsible for compromising the Sony network was written using Korean characters.[5]
E-mail Threats Against Sony Employees
On December 5th, Variety reported that Sony employees were receiving mass threatening emails, purportedly from the hackers who carried out the cyberattacks.
"Please sign your name to object the false (sic) of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger."
The Interview Actors' SNL Sketch
On December 6th, The Interview actors James Franco and Seth Rogen appeared on Saturday Night Live, where they joked that hackers had leaked humorous and embarrassing photos of each other in compromised positions (shown below).
Guardians of Peace Official Demand
On December 8th, the GOP created a Github[6] page, which demanded that Sony stop showing the "movie of terrorism which can break the regional peace and cause the war," in reference to The Interview. In addition, 2.7 gigabytes of files were released by the group.
Leaked Internal E-Mails
Included in the 2.7 gigabytes of files were internal e-mails between Sony Pictures Television president Stephen Mosko and Sony Pictures Entertainment co-chairman Amy Pascal, in which they divulge their personal opinions on several actors and actresses who have worked with the studio. On December 9th, Gawker[4] reported on leaked emails between Pascal and film producer Scott Rudin, in which the two argue about an upcoming Steve Jobs biopic and the ego of actress Angelina Jolie, whom Rubin referred to as a “minimally talented spoiled brat.” Additionally, The Wall Street Journal reported that several of Pascal’s leaked emails revealed that Sony planned on making a crossover film between the comedy film series Jump Street and Men in Black.
Cancellation of The Interview
On December 16th, 2014, the GOP released a threatening message to theaters showing the film, which made reference to the September 11th, 2001 attacks:
"Warning
We will clearly show it to you at the very time and places "The Interview" be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.
Soon all the world will see what an awful movie Sony Pictures Entertainment has made.
The world will be full of fear.
Remember the 11th of September 2001.
We recommend you to keep yourself distant from the places at that time.
(If your house is nearby, you’d better leave.)
Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.
All the world will denounce the SONY."
That day, the entertainment news site Variety[7] reported that the Sunshine Cinema was canceling the New York premiere of The Interview and that Carmike Cinemas would not be playing the film at any of their locations. On December 17th, Variety[8] reported that Rogen and Franco had canceled all promotional media appearances for the film. Additional theaters subsequently announced they would not be showing The Interview upon release, including AMC, Cinemark, Cineplex, Regal and Southern Theatres. That day, Sony Pictures announced they were pulling the theatrical release of The Interview:
"We respect and understand our partners’ decision and, of course, completely share their paramount interest in the safety of employees and theatergoers. We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees, and the American public. We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome."[10]
On December 19th, United States President Barack Obama said he felt Sony "made a mistake" in pulling the film (shown below).
FBI Investigation
On December 19th, 2014, the United States Federal Bureau of Investigation (FBI) released a statement[9] officially naming the North Korean government as being “responsible for these actions,” citing their technical analysis of the malware used in the hack and various comparisons to other previous North Korean cyber attacks (shown below).
Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.
Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.
Internet Blackout
On December 22nd, the technology news site North Korea Tech[12] reported that Internet connections in the country were repeatedly losing connectivity over the past 24 hours. That day, the Internet performance analytics company Dyn Research[11] posted a tweet revealing that North Korea's national Internet was offline following an entire day of "increasing instability" (shown below).
Also on December 22nd, the Associated Press[13] published a quote from United States State Department spokeswoman Marie Harf, who did not confirm or deny U.S. involvement in the Internet blackout.
"We aren't going to discuss, you know, publicly operational details about the possible response options or comment on those kind of reports in anyway except to say that as we implement our responses, some will be seen, some may not be seen."
On the following day, Dyn Research tweeted[14] an update that North Korean Internet had been restored but "connectivity problems" continued.
Charges
Park Jin-hyok
On September 6th, 2018, The United States Department of the Treasury announced that they had charged North Korean man Park Jin-hyok (shown below), an alleged North Korean operative, with involvement in the Sony Hack and the WannaCry ransomware attack. [15] In a statement, First Assistant United States Attorney Tracy Wilkison said:[16]
“The complaint charges members of this North Korean-based conspiracy with being responsible for cyberattacks that caused unprecedented economic damage and disruption to businesses in the United States and around the globe. The scope of this scheme was exposed through the diligent efforts of FBI agents and federal prosecutors who were able to unmask these sophisticated crimes through sophisticated means. They traced the attacks back to the source and mapped their commonalities, including similarities among the various programs used to infect networks across the globe.”
According to FastCompany,[16] Park worked with the hacking group "sometimes referred to as the Lazerous Group," who would allegedly wage phising campaigns against victims by "impersonating potential job applicants, and posted links to malware on Facebook and Twitter."
Search Interest
External References
[1] Twitter – @SethRogen
[2] NY Times – North Korea Warns US Over Parody Film
[3] The Guardian – FBI doubts North Korea link to Sony Pictures hack
[4] Gawker – Leaked – the Nightmare Email Drama Behind Sonys Steve Jobs Biopic
[5] The Verge – The malware that took down Sony was written in Korean
[6] Github – Gift of GOP for 4th day Their Privacy
[7] Variety- The Interview New York Premiere Canceled
[8] Variety – Seth Rogen and James Franco Cancel All Media Appearances
[9] FBI.gov – Update on Sony Investigation
[10] Variety – Sony Cancels Theatrical Release
[11] Twitter – @DynResearch
[12] North Korea Tech – North Koreas Internet link is flaky today
[13] Associated Press – NORTH KOREA INTERNET OUTAGE IN WAKE OF SONY ATTACK OVER
[14] Twitter – Dyn Research
[15] The Verge – US charges North Korean man in Sony hack and WannaCry ransomware attack
[16] Fast Company – Park Jin Hyok is the North Korean man charged with hacking Sony and Wa