Cyberattack

Sony’s Response to North Korea’s Cyberattack On November 24, 2014, employees of Sony Pictures Entertainment booted up their computers to find an image of a skull along with a message from a group calling itself the Guardians of Peace. The message read: “We’ve already warned you and this is just the beginning. We’ve obtained all your internal data including your secrets and top secrets [which will be released] if you don’t obey us.” As Sony would eventually discover, the hackers had stolen reams of sensitive data, including the Social Security numbers of 47,000 current and former employees, system passwords, salary lists, contracts, and even copies of some Sony employees’ passports. The hackers accessed hundreds of Outlook mailboxes as well as Sony IT audit documents. They also stole media files and placed pirated copies of fiveof Sony’s movies on illegal file-sharing servers. Sony was forced to completely shut down its information systems in an attempt to stem the data breach. Ultimately, Sony would determine that the damage done by the hackers was far more extensive than it first believed. Not only had data been stolen, but 75 percent of the company’s servers had been destroyed and several internal data centers had been wiped clean. Contacted within hours of the event, the FBI soon identified the culprit. In June, several months before the hack, North Korea’s Ministry of Foreign Affairs had declared that it would take “a decisive and merciless countermeasure” if the U.S. government did not prevent the planned release of Sony’s motion picture The Interview, which features two reporters who venture to North Korea to interview and assassinate the country’s dictator, Kim Jong-un. In the film, the main character, initially won over by the dictator’s apparent kindness, discovers that the tyrant is lying about the country’s prosperity and freedoms. The plot, along with the movie’s unflattering portrayal of the dictator as ruthless and childish, had caught the attention of the North Korean government.

The U.S. government disclosed that it had proof that the North Koreans had made good on their threat. The U.S. National Security Agency (NSA) had reportedly penetrated the North Korean cyberwarfare unit four years prior to the attack and had been monitoring its capabilities since then. After Sony alerted the FBI of the attack, the NSA was able to trace the attack back to North Korea, using a digital fingerprint the hackers had left in the malware. Several weeks after the attack, FBI Director James Comey, revealed in a speech that the Sony hackers had been sloppy. “We could see that the IP [Internet protocol] addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans.” The hackers warned Sony not to release The Interview, and then on December 16, the group issued a message threatening large terrorist attacks on theaters that showed the film. The National Organization of Theatre Owners contacted the Department of Homeland Security for information and advice. The FBI and NSA released a bulletin explaining that they had no credible information about a plan to attack theaters, but they could neither confirm nor deny whether the hackers had the ability to launch such an attack. Shortly after the bulletin was released, the four largest U.S. theater chains withdrew their requests to show the movie—Carmike Cinemas first, followed by Regal Entertainment, AMC Entertainment, and Cinemark. Within hours, Sony announced that it had canceled the film’s release. White House officials, Hollywood personalities, and the media were aghast. Comedian Jimmy Kimmel tweeted that the decision by the major theater chains to refuse to screen The Interview was “an un-American act of cowardice that validates terrorist actions and sets a terrifying precedent.” On December 19, President Obama addressed the issue publicly: “Sony is a corporation. It suffered significant damage. There were threats against its employees. I’m sympathetic to the concerns that they faced. Having said all that, yes, I think they made a mistake.” Obama explained, “We cannot have a society in which some dictator in some place can start imposing censorship in the United States.” The president’s remarks highlighted the seriousness of theincident to the American public, many of whom came to view the incident as an attack on the freedom of expression. In response to Obama’s comments, Sony officials released a statement later the same day: “Let us be clear—the only decision that we have made with respect to release of the film was not to release it on Christmas Day in theaters, after the theater owners declined to show it…. After that decision, we immediately began actively surveying alternatives to enable us to release the movie on a different platform. It is still our hope that anyone who wants to see this movie will get the opportunity to do so.” In fact, on Christmas Day, the planned release day in the theater, The Interview became available through videoon-demand outlets such as Amazon.com, and within less than a month, the movie had brought in over $40 million in revenue. Approximately 6 million viewers had rented or purchased the movie in this way. Several hundred movie theaters that opted to screen the movie generated another $6 million. Over the next two months, Sony also released the movie on Netflix, on DVD and Blu-Ray, and in theaters in other countries.

Meanwhile, Sony has worked to recover from the damage done to the company itself by the hack. Sony Pictures’ parent company, which is based in Japan, asked regulators there for an extension to file its third-quarter financial results. It also fired executive Amy Pascal whose leaked emails contained derogatory remarks about Hollywood producers and the U.S. president’s movie preferences. The company also provided one year of free credit protection services to current and former employees. In February 2015, President Obama held the first-ever White House summit on cybersecurity issues in Silicon Valley. The summit was billed as an attempt to deal with the increasing vulnerability of U.S. companies to cyberattacks— including those backed by foreign governments. However, the chief executives of Microsoft, Google, Facebook, and Yahoo all refused to attend the summit. Those companies have long advocated for the government to stop its practice of collecting and using private data to track terrorist and criminal activities and have worked to find better ways to encrypt the data of their customers. However, U.S. security agencies have continually pressured the IT giants to keep the data as unencrypted as possible to facilitate the government’s law enforcement work. Ultimately, both the government and private businesses will need to find a way to work together to meet two contradictory needs—the country’s need to make itself less vulnerable to cyberattacks while at the same time protecting itself from potential real-world violence.

Critical Thinking Questions

1. Do you think that Sony’s response to the attack was appropriate? Why or why not?

2. What might Sony and the U.S. government done differently to discourage future such attacks on other U.S. organizations?

3. Are there measures that organizations and the U.S. government can take together to prevent both real-world terrorist violence and cyberattacks?