Posted on 12/04/2014 1:41:06 AM PST by Swordmaker
It's the hack heard round Hollywood and the world.
Fallout from an unprecedented cyberattack that first hit Sony Pictures Entertainment on Nov. 24 continues to grow. The Culver City-based studio, now working with the FBI, was beginning to recover its computer systems when a trove of alleged studio and personnel secrets were spilled online. First, SPE was forced to shut down its companywide email; then five of its new and upcoming movies, including the Brad Pitt World War II film Fury and the musical remake Annie, were pirated and widely disseminated on file-sharing sites. Then the confidential information, allegedly from the studio's files, began appearing online, including what are claimed to be multimillion-dollar salaries of the studio's top executives and the Social Security numbers of more than 3,800 employees.
Although the studio at first only would admit publicly to "a system disruption," on the evening of Dec. 2, SPE CEO Michael Lynton and co-chairman Amy Pascal issued a companywide memo calling the hack "a brazen attack on our company, our employees and our business partners," and in an apparent admission that much of the leaked information is accurate, acknowledging, "a large amount of confidential Sony Pictures Entertainment data has been stolen by cyber attackers, including personnel information and business documents."
Adding that "the privacy and security of our employees are of real concern to us," the two heads of the studio said that all employees have been offered identity protection services from a third-party provider, AllClear ID. While thanking employees for "the resilience you have shown in the face of this attack," they also said the theft of employee and other information were "malicious acts, and we are working closely with law enforcement."
While Sony reels from an attack that is proving costly and embarrassing (one source describes morale on the lot as "lower than low"), other studios are re-evaluating their own security systems. At Fox, for example, employees were advised to change their passwords. A Disney source says the company is re-evaluating its security protocols.
For Lynton and Pascal, the nightmare could be just beginning. An anonymous group calling itself the #GOP, short for Guardians of Peace, took credit for the attack, displaying a message on Sony's computers threatening, "If you don't obey us, we'll release data shown below to the world." As the studio shut down its email and other systems, employees were forced back to the pre-Internet age, with business done for days by pen, paper and blackboards.
Then, on Dec. 1, as the studio was resuming normal operations with the help of Mandiant, an online security firm, Sony brass was rocked by the dissemination of an alleged internal spreadsheet that included the annual base salaries (excluding stock and bonuses) of its 17 highest-paid execs. Among them are Lynton ($3 million), Pascal ($3 million), Sony TV head Steve Mosko ($2.8 million) and Columbia Pictures president Doug Belgrad ($2.35 million). The website Fusion.net, part of the youth-focused Fusion network started by ABC and Univision, unearthed a second download of purported internal Sony files Dec. 2. They contained, it said, a spreadsheet listing the payrolls of various Sony divisions the company's total salaries as of May were listed at $454,224,070 as well as formulas and estimates for laying off individual employees and a comparison of Sony's pay to that of studio rivals.
Now the question of who is behind the attack has become a chilling Hollywood whodunit. While the hackers have identified themselves only as Guardians of Peace, emails pointing journalists to allegedly stolen files posted on a site called Pastebin came from a sender named "Nicole Basile." A woman by that name is credited on IMDb as an accountant on the studio's 2012 hit film The Amazing Spider-Man, and her LinkedIn page says she worked at Sony for one year in 2011. Basile couldn't be reached for comment and the studio declined to confirm if she works or has worked there.
Initial speculation swirled around a state-sponsored attack perpetrated by the North Korean government or its allies in retaliation for Sony's upcoming comedy The Interview, in which James Franco and Seth Rogen play journalists drafted by the CIA to assassinate North Korea leader Kim Jong Un. North Korean officials have condemned the movie, calling it "an act of war." But as the story of the cyberattack has grown, North Korea has been coy about its possible involvement. Asked by the BBC whether the government was involved in the attack, a spokesman said only, "Wait and see."
Inside the studio, though, sources say there is little evidence that North Korea is behind the attack. Cybersecurity expert Hemanshu Nigam also finds it hard to believe that North Korea is the perpetrator. Instead, he theorizes an employee or ex-employee with administrative access privileges is a more likely suspect. For the studio which has laid off hundreds of employees over the past year in an effort to contain costs the possibility of a disgruntled employee wreaking havoc is very real.
"If terabytes of data left the Sony networks, their network detection systems would have noticed easily," explains Nigam. "It would also take months for a hacker to figure out the topography of the Sony networks to know where critical assets are stored and to have access to the decryption keys needed to open up the screeners that have been leaked." In addition, he says, "Hackers don't use such things as Hushmail, Dropbox and Facebook when they want to engage in what amounts to criminal activity. Real hackers know that these sites collect access logs, IP addresses and work with law enforcement. It is possible that North Korean-sponsored hackers were working with someone on the inside. But it is more likely a ruse to shift blame, knowing the distaste the North Korean regime has for Sony Pictures."
Adam K. Levin, a security expert for three decades, says the Sony hack could be part of a larger scheme. With media now linking to these fraudulent websites, millions of people could click on bad links and hackers can collect their email addresses and turn their computers into transmitters of private data. "It could be the equivalent of cyberwallpaper," says Levin.
On Dec. 1, the FBI confirmed that it is "working with our interagency partners to investigate the recently reported cyberintrusion at Sony Pictures Entertainment," and it issued a private bulletin to U.S. businesses warning of malicious software that can wipe data from computers.
It was not immediately clear whether the movie piracy is related to the initial attack or a separate action, though most suspect the two are related. On some file-sharing sites where they popped up, the films, which also include the Oscar hopeful Still Alice, starring Julianne Moore, were identified as having been ripped from DVDs, suggesting they were copied from awards-season screeners. "The theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it," said a Sony rep in one of the few public statements the company released in the early days of the attack.
The five movies were downloaded illegally about 2 million times in five days on peer-to-peer sites, with Fury, which has grossed $172 million worldwide, proving most popular. The bottom-line impact could be felt most on Annie, Sony's big holiday movie. The collective breach eventually could rival 20th Century Fox's losses when its superhero tentpole X-Men Origins: Wolverine leaked in March 2009, a little more than a month before its release. At the time, the studio estimated that 15 million people downloaded the movie for free topping $50 million in lost revenue.
The cost of the system shut-down, startup and added security measures going forward also will be significant. But the attack could have an even larger effect on the industry in general even if it only leads to heightened security precautions. "It's changing our business," says one producer of its impact on Hollywood. "From now on, money and time will be allocated by studios to deal with this full-time. Everyone is reeling."
If you want on or off the Mac Ping List, Freepmail me.
I would first check all the homosexuals in Hollywood. Sound like the action of a jilted queer.
Blaming the Norks was childish and feint, like special effects.
The info was lopsided = released only womens photos.
The info was to far and specific = Salaries of Execs, Actors and some low levels? Uhmmm, sure. The Norks released a hodge podge of salaries, missing quite a few other details.
Released full features, including a retarded and lame azz film about idiots who can’t tell you what time it is, even if a digital clock got stuck on some numbers.
This upset Norks? Sheah, right.
The fact is, around 80% of these jobs are inside hacks or human engineered from the outside.
I found it interesting that Sony Pictures laid off hundreds of employees in the last year. . . and i would bet a lot of those might have been in their IT department. How many backdoors do you think there might have been installed into their servers and other computers these systems engineers may have left for their own use to look at upcoming new releases and other goodies? Lots I would bet. Then they get fired from a lucrative Hollywood job? With the releasing of salary and compensation data. . . and movies that would hurt the company's bottom line, this smacks more of PAYBACK than anything else to me!
Sounds like they’re desperate to get people to watch their movies.
Nobody wants to see the new Annie anyway.
The hackers pirated movies directly from Sony to put out as torrents...Hilarious in my book.
Payback is right! From fired employees.
I guess they got the "go ahead" for this project back when the MSM how popular Obama was...and before Ferguson.
Ever since Sony’s root kit was exposed, I left them.
I didn’t care about any of the original Annie and I don’t care about this one either.
I will say that Vegas editor is far more stable and feature packed than Pinnacle. The rest is a tossup as for me and Sony.
ya mean this ?...
https://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
dang, I never heard that story. those are some way out people.
it’s like the NSA and the mafia merged into a movie company.
In this ‘digital age’ one would have thought Sony would have added digital ID to each copy to facilitate leaked content. A little steganography goes a long ways...provided one thinks to use it.
Intellectual Theft certainly need not be limited to Hacking...nope.
Some were not hacked. Some were copied from special DVD/BluRay disks sent to members of the Academy of motion Picture Arts and Sciences as promos for their votes for the upcoming Oscar season. Mundanely ripped and uploaded. . . not hacked from a server.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.