Professional Documents
Culture Documents
The hackers are widely believed to be backed by the North Korean government,
which is furious at Sony for producing The Interview, a movie that depicts the
assassination of North Korean leader Kim Jong Un. On Wednesday, a terrorism
threat against theaters showing the film caused Sony to cancel its planned
Christmas Day release.
Read on to learn how the hacks happened, who might be responsible, and what
we've learned as a result.
1
1. INTRODUCTION
In 2011, Sony revealed that the names, addresses and other personal data of
about 77 million users on its PlayStation Network (PSN) had been stolen.
Gamers’ accounts were blocked and locked out of the network for a week as the
system was suspended to avoid more data breaches. An “illegal and
unauthorised person” got access to the data, including names, addresses, email
addresses, usernames, passwords, security questions and, in some cases, even
payment details.
This stolen data may have also included information about children.
Sony’s PSN is one of the largest holders of credit card data and the breach could
have been the largest leak of credit card information ever. However, Sony said
at the time that it had not discovered any evidence that any credit card info was
stolen, although it still advised users to be on the lookout.
2
2. LITERATURE REVIEW
Amid the firestorm, industry reactions have been mixed with many developers
expressing frustration at the attack and its possible consequences, rather than
anger at Sony. Ste Curran, creative director at the Brighton-based studio Zoe
Mode, told Develop Magazine: "From my perspective, the bigger issue is not
about PSN, but confidence in digital distribution generally. For every story like
this that breaks in the mainstream press, consumer confidence about their
details being safe is eroded. Confidence [in online transactions] has been
building up, and I think will continue to, but this is a blip. It could be a little
step back."
Lol Scragg, founder of Cohort Studios in Dundee, told us that the situation may
have devastating consequences for his company. "We have our first self-funded,
selfpublished PSN game, Me Monster: Hear Me Roar, coming out next week,
so from our point of view, the fact that the network isn't available is a big
concern.
"They're saying it could be next week before it's fixed – well, that will be
disastrous for us. The other issue is whether the consumers will have lost their
trust in the network. If it comes back up, lots of people will be withdrawing all
their credit card details, so the potential market we were looking at a week ago
– well, this is going to affect it; it's going to cost us in terms of revenue. The PR
department are really going to have to earn their salaries – the next three or four
days are going to determine whether the PSN continues or falls apart."
3
What happened to Sony?
But the greater damage was from all the confidential information that got
leaked to the public. The hackers posted five Sony movies (four
unreleased) to file-sharing networks. And they also leaked thousands of
confidential documents — everything from private correspondence
among Sony executives to salary and performance data about Sony
employees. Those documents were password protected, and whoever is
behind the hack provided said password only to journalists. But it's likely
only a matter of time before they break out into the world at large.
4
And there is some other circumstantial evidence linking the attacks to the North
Koreans. Forensic analysis has found that the methods used against Sony are
similar to those used in a 2013 attack on South Korean companies last year.
Some security experts suspect those attacks were carried out by North Koreans
operating from China.
The reclusive nation was furious at Sony because the studio was about to
release The Interview, a comedy in which Seth Rogen and James Franco play
characters who attempt to assassinate North Korean leader Kim Jong Un.
Yes it did. Theaters became nervous about the possibility that the attackers —
whoever they were — would follow through on the threats. Or, perhaps, that
fears of terrorism would keep moviegoers away from the theaters. Either way,
some theaters asked Sony for permission to drop the film from their lineups.
Sony relented on Tuesday, and several theater chains quickly announced they
would no longer show The Interview on December 25. Then on Wednesday,
Sony announced it was suspending the film's release altogether, citing the
theaters' pullout for their decision. At this point, it appears the film may not get
released at all.
5
What have we learned from the leaked Sony documents?
For the most part, we learned that running a big media company is kind
of boring. Many of the documents focused on routine business activities,
like the company's never-ending efforts to generate revenues from its
vast collection of old movies like the forgettable 2001 film Saving
Silverman.
We've learned that Sony sometimes pays high-profile men more than
women for what appears to be similar work. Of the 17 Sony execs paid
more than a million dollars, only one of them — Sony Pictures co-chair
Amy Pascal — is a woman. Email correspondence also suggests that
Jennifer Lawrence was paid less than her male co-stars for her role in
American Hustle.
The leaks have also provided rare insight into the profitability of Sony's
movies. Ordinarily, the rate of return on Hollywood blockbusters is
treated as a closely guarded secret. But the Hollywood Reporter dug into
6
the Sony documents and discovered details about which 2013 movies
wound up in the black once all revenue sources were taken into account.
The leaks also produced a lot of grist for the gossip mill. One executive
called Angelina Jolie a "minimally talented spoiled brat." Another
described actor Kevin Hart as a "whore." Multiple Sony employees bashed
the "formulaic" Adam Sandler films the company has produced.
7
Is it ethical for journalists to be digging through stolen Sony
documents and reporting on their contents?
The attack on Sony's network was clearly illegal and unethical. Some
people argue concerned that by reporting on the contents of these
documents, they are profiting from — and maybe even aiding in — the
hackers' efforts to embarrass Sony. In a December op-ed in the New
York Times, screenwriter Aaron Sorkin excoriated the media for doing the
hackers' dirty work for them.
Yet others note that once the documents have been posted online, the
genie is out of the bottle. Any single news organization refusing to report
on their contents may only delay the inevitable.
ONCE THE DOCUMENTS HAVE BEEN POSTED ONLINE, THE GENIE IS
OUT OF THE BOTTLE
8
revelations in the Sony leak are fair game for reporters. Is it legal for
media organizations to use stolen documents in their reporting?
But legally, Sony probably can't force media organizations to comply with
its request. In a 2001 decision, the Supreme Court ruled that a radio
station couldn't be held responsible for broadcasting the contents of
newsworthy audio recordings — even if the recordings were originally
made in violation of wiretapping laws. The same principle seems to
apply to the leaked documents. As long as a new organization didn't
participate in the Sony attack itself, it has a First Amendment right to
report on newsworthy information it finds in the documents.
9
Does Sony have a security problem?
Notably, this is not the first time Sony has been targeted by hackers, and it
might not even be the most damaging incident.
Critics have argued that Sony has taken a lax approach to online security. They
pointed out, for example, that the company laid off two security workers just
weeks before the 2011 attacks.
And security expert Chester Wisniewski told Gizmodo that the hackers' efforts
in 2011 were made easier by Sony's flat-footed response. They'd exploit a
vulnerability in one Sony office, then use the same attack days later in another
part of the world. "The crooks were able to attack the same thing because Sony
Pictures wasn't going out and fixing it," Wisniewski said.
10
THE HACKERS' EFFORTS IN 2011 WERE MADE
EASIER BY SONY'S FLAT-FOOTED RESPONSE
Last month's attack makes it clear that Sony still hasn't fully locked down
its network. Yet it's hard to know whether this means that Sony has particularly
lax security practices — or if it just happens to be the favorite target of hackers.
Hardening a corporate network as large as Sony's is really difficult, and even a
company that takes every precaution may still be vulnerable to a sufficiently
determined and talented attacker.
That's the view of Joseph Demarest, an official with the FBI's Cyber Division.
In his view "the level of sophistication" of last month's attack was "extremely
high." He believes that "the malware that was used would have slipped or
probably gotten past 90% of Net defenses that are out there today."
11
What are the lessons of the Sony attack?
12
What happens next?
The FBI is still investigating. In the past, the perpetrators of major attacks have
often been apprehended.
Update: Since this article was published, I've added information about the
incident.
13
REFERENCE
14