ABSTRACT

Last month, hackers infiltrated the computer network of Sony Pictures

Entertainment, a major Hollywood movie studio. The attackers stole a huge
number of confidential documents, which are now being downloaded
(primarily by journalists) from file-sharing networks. Since then, journalists
have been poring through the files looking for interesting revelations.

The hackers are widely believed to be backed by the North Korean government,
which is furious at Sony for producing The Interview, a movie that depicts the
assassination of North Korean leader Kim Jong Un. On Wednesday, a terrorism
threat against theaters showing the film caused Sony to cancel its planned
Christmas Day release.

Read on to learn how the hacks happened, who might be responsible, and what
we've learned as a result.

1
 1. INTRODUCTION

In 2011, Sony revealed that the names, addresses and other personal data of
about 77 million users on its PlayStation Network (PSN) had been stolen.

Gamers’ accounts were blocked and locked out of the network for a week as the
system was suspended to avoid more data breaches. An “illegal and
unauthorised person” got access to the data, including names, addresses, email
addresses, usernames, passwords, security questions and, in some cases, even
payment details.

This stolen data may have also included information about children.

Sony’s PSN is one of the largest holders of credit card data and the breach could
have been the largest leak of credit card information ever. However, Sony said
at the time that it had not discovered any evidence that any credit card info was
stolen, although it still advised users to be on the lookout.

2
 2. LITERATURE REVIEW

Amid the firestorm, industry reactions have been mixed with many developers
expressing frustration at the attack and its possible consequences, rather than
anger at Sony. Ste Curran, creative director at the Brighton-based studio Zoe
Mode, told Develop Magazine: "From my perspective, the bigger issue is not
about PSN, but confidence in digital distribution generally. For every story like
this that breaks in the mainstream press, consumer confidence about their
details being safe is eroded. Confidence [in online transactions] has been
building up, and I think will continue to, but this is a blip. It could be a little
step back."

Lol Scragg, founder of Cohort Studios in Dundee, told us that the situation may
have devastating consequences for his company. "We have our first self-funded,
selfpublished PSN game, Me Monster: Hear Me Roar, coming out next week,
so from our point of view, the fact that the network isn't available is a big
concern.

"They're saying it could be next week before it's fixed – well, that will be
disastrous for us. The other issue is whether the consumers will have lost their
trust in the network. If it comes back up, lots of people will be withdrawing all
their credit card details, so the potential market we were looking at a week ago
– well, this is going to affect it; it's going to cost us in terms of revenue. The PR
department are really going to have to earn their salaries – the next three or four
days are going to determine whether the PSN continues or falls apart."

3
What happened to Sony?

When Sony Pictures employees got into the office on Monday,

November 24, they discovered that their corporate network had been
hacked. The attackers took terabytes of private data, deleted the original
copies from Sony computers, and left messages threatening to release
the information if Sony didn't comply with the attackers' demands.
Someone claiming to be a former Sony employee posted this
screenshot, which (allegedly) shows the message that appeared on
Sony employees' computer screens:

Sony's network was down for days as administrators struggled to repair

the damage. Staff were reportedly forced to work on whiteboards to do
their jobs.

But the greater damage was from all the confidential information that got
leaked to the public. The hackers posted five Sony movies (four
unreleased) to file-sharing networks. And they also leaked thousands of
confidential documents — everything from private correspondence
among Sony executives to salary and performance data about Sony
employees. Those documents were password protected, and whoever is
behind the hack provided said password only to journalists. But it's likely
only a matter of time before they break out into the world at large.

As reporters have pored over the huge cache of documents, we've

gotten a steady stream of minor scoops about potential movie projects
(like a Spider-Man movie crossover), conflicts between Sony executive.

4
And there is some other circumstantial evidence linking the attacks to the North
Koreans. Forensic analysis has found that the methods used against Sony are
similar to those used in a 2013 attack on South Korean companies last year.
Some security experts suspect those attacks were carried out by North Koreans
operating from China.

The reclusive nation was furious at Sony because the studio was about to
release The Interview, a comedy in which Seth Rogen and James Franco play
characters who attempt to assassinate North Korean leader Kim Jong Un.

A message claiming to be from the hackers demanded that Sony "stop

immediately showing the movie of terrorism which can break the regional peace
and cause the War." The hackers threatened to launch 9/11-style attacks against
American movie theaters that showed the film.

And the terrorism threat got Sony to drop the film?

Yes it did. Theaters became nervous about the possibility that the attackers —
whoever they were — would follow through on the threats. Or, perhaps, that
fears of terrorism would keep moviegoers away from the theaters. Either way,
some theaters asked Sony for permission to drop the film from their lineups.

Sony relented on Tuesday, and several theater chains quickly announced they
would no longer show The Interview on December 25. Then on Wednesday,
Sony announced it was suspending the film's release altogether, citing the
theaters' pullout for their decision. At this point, it appears the film may not get
released at all.

5
What have we learned from the leaked Sony documents?

For the most part, we learned that running a big media company is kind
of boring. Many of the documents focused on routine business activities,
like the company's never-ending efforts to generate revenues from its
vast collection of old movies like the forgettable 2001 film Saving
Silverman.

We've learned that Sony sometimes pays high-profile men more than
women for what appears to be similar work. Of the 17 Sony execs paid
more than a million dollars, only one of them — Sony Pictures co-chair
Amy Pascal — is a woman. Email correspondence also suggests that
Jennifer Lawrence was paid less than her male co-stars for her role in
American Hustle.

The Verge (a Vox Media sister site) uncovered documents revealing an

effort by Hollywood movie studios to counter the lobbying agenda of
Google, a company the movie industry refers to as "Goliath." Sony and
its competitors are upset that Google hasn't done enough to crack down
on infringing content in its search results, and that the company has
lobbied against proposals like the 2012 Stop Online Piracy Act to beef
up copyright protections.

The leaks have also provided rare insight into the profitability of Sony's
movies. Ordinarily, the rate of return on Hollywood blockbusters is
treated as a closely guarded secret. But the Hollywood Reporter dug into

6
the Sony documents and discovered details about which 2013 movies
wound up in the black once all revenue sources were taken into account.

The leaks also produced a lot of grist for the gossip mill. One executive
called Angelina Jolie a "minimally talented spoiled brat." Another
described actor Kevin Hart as a "whore." Multiple Sony employees bashed
the "formulaic" Adam Sandler films the company has produced.

Some of these revelations are obviously embarrassing to the individuals

involved. But they don't seem to prove very much about the company as
a whole. Presumably, a document dump from another studio would
reveal the same kind of executive trash-talk and low-level dissatisfaction.

7
 Is it ethical for journalists to be digging through stolen Sony
documents and reporting on their contents?

People disagree about this.

The attack on Sony's network was clearly illegal and unethical. Some
people argue concerned that by reporting on the contents of these
documents, they are profiting from — and maybe even aiding in — the
hackers' efforts to embarrass Sony. In a December op-ed in the New
York Times, screenwriter Aaron Sorkin excoriated the media for doing the
hackers' dirty work for them.

Yet others note that once the documents have been posted online, the
genie is out of the bottle. Any single news organization refusing to report
on their contents may only delay the inevitable.
ONCE THE DOCUMENTS HAVE BEEN POSTED ONLINE, THE GENIE IS
OUT OF THE BOTTLE

Moreover, much of journalism involves revealing secrets that powerful

people or institutions tried to keep secret. Often that involves getting
sources to share information they aren't authorized to share. And some
of the Sony revelations — like those related to Sony's gender-
unbalanced executive compensation and Hollywood's war on Google —
have genuine news value.

Ultimately, then, the question is less about whether to report on the

documents than how much to report. Some information — like, say the
Social Security numbers of Sony employees — is clearly out of bounds.
But most news organizations have concluded at least some of the

8
revelations in the Sony leak are fair game for reporters. Is it legal for
media organizations to use stolen documents in their reporting?

In a strongly-worded December 14 letter, Sony demanded that media

organizations stop reporting on the leaked documents and delete any
copies in their possession.

But legally, Sony probably can't force media organizations to comply with
its request. In a 2001 decision, the Supreme Court ruled that a radio
station couldn't be held responsible for broadcasting the contents of
newsworthy audio recordings — even if the recordings were originally
made in violation of wiretapping laws. The same principle seems to
apply to the leaked documents. As long as a new organization didn't
participate in the Sony attack itself, it has a First Amendment right to
report on newsworthy information it finds in the documents.

9
Does Sony have a security problem?
Notably, this is not the first time Sony has been targeted by hackers, and it
might not even be the most damaging incident.

In 2011, Sony's PlayStation network was attacked by hackers who stole

personal information about millions of PlayStation gamers and took the network
down for weeks. This attack was motivated by anger about Sony's lawsuit
against an American hacker who attempted to reverse-engineer the PlayStation
3 to allow users to play third-party games not authorized by Sony.

Critics have argued that Sony has taken a lax approach to online security. They
pointed out, for example, that the company laid off two security workers just
weeks before the 2011 attacks.

And security expert Chester Wisniewski told Gizmodo that the hackers' efforts
in 2011 were made easier by Sony's flat-footed response. They'd exploit a
vulnerability in one Sony office, then use the same attack days later in another
part of the world. "The crooks were able to attack the same thing because Sony
Pictures wasn't going out and fixing it," Wisniewski said.

10
THE HACKERS' EFFORTS IN 2011 WERE MADE
EASIER BY SONY'S FLAT-FOOTED RESPONSE
Last month's attack makes it clear that Sony still hasn't fully locked down
its network. Yet it's hard to know whether this means that Sony has particularly
lax security practices — or if it just happens to be the favorite target of hackers.
Hardening a corporate network as large as Sony's is really difficult, and even a
company that takes every precaution may still be vulnerable to a sufficiently
determined and talented attacker.

That's the view of Joseph Demarest, an official with the FBI's Cyber Division.
In his view "the level of sophistication" of last month's attack was "extremely
high." He believes that "the malware that was used would have slipped or
probably gotten past 90% of Net defenses that are out there today."

11
What are the lessons of the Sony attack?

First and foremost, lots of companies should be investing more in network

security. Companies like Sony tend to under-invest in locking down their
networks because it seems like a needless expense until disaster strikes.
Cleaning up the mess from this latest attack will cost Sony millions; hopefully
that will inspire other large companies to hire additional security experts.

Second, companies should make sure they're well-prepared to respond to

attacks. For example, making regular backups can allow a company to recover
in the event that hackers delete important data.
Finally, corporate executives should bear in mind that their decisions might be
unexpectedly exposed to the light of day. If you're a senior executive at a big
company, it's a good idea to avoid sending overly embarrassing emails or
having embarrassingly lopsided pay scales.

12
What happens next?

The FBI is still investigating. In the past, the perpetrators of major attacks have
often been apprehended.

Meanwhile, journalists will continue to pore through the leaked documents. A

huge amount of data has been released already, and much of it hasn't been
carefully analyzed. There might be more data coming out in the future. We don't
know if any major scoops are still hidden in that vast haystack.

Update: Since this article was published, I've added information about the
incident.

13
 REFERENCE

1) K. Faraoun and A. Boukelif in , a genetic programming approach for

multi-category pattern classification applied to network intrusion.

2) J. Xiao and H. Song in , an intrusion detection system called

Unsupervised Neural Net based Intrusion Detector (UNNID).

3) E. Skoudis in , to mention a few of the attacks Smurf attacks.

4) K. Ioannis, T. Dimitriou and F. C. Freiling in , a light weight

intrusion detection scheme was proposed to identify or detect the
effect of attack.

5) M. Tavallaee, E. Bagheri, W. Lu and A. Ghorbani in , to overcome

the short coming of KDD CUP 99 dataset, a new dataset called
NSL-KDD.

14