Party Panic [hack]l !!BETTER!!
On November 24, 2014, a hacker group identifying itself as "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures Entertainment (SPE). The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films, and other information. The perpetrators then employed a variant of the Shamoon wiper malware to erase Sony's computer infrastructure.
Party Panic [hack]l
During the hack, the group demanded that Sony withdraw its then-upcoming film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks at cinemas screening the film. After many major U.S. theater chains opted not to screen The Interview in response to these threats, Sony chose to cancel the film's formal premiere and mainstream release, opting to skip directly to a downloadable digital release followed by a limited theatrical release the next day.
United States intelligence officials, after evaluating the software, techniques, and network sources used in the hack, concluded that the attack was sponsored by the government of North Korea, which has since denied all responsibility.
The exact duration of the hack is yet unknown. U.S. investigators say the culprits spent at least two months copying critical files. A purported member of the Guardians of Peace (GOP) who has claimed to have performed the hack stated that they had access for at least a year prior to its discovery in November 2014, according to Wired. The hackers involved claim to have taken more than 100 terabytes of data from Sony, but that claim has never been confirmed. The attack was conducted using malware. Although Sony was not specifically mentioned in its advisory, US-CERT said that attackers used a Server Message Block (SMB) Worm Tool to conduct attacks against a major entertainment company. Components of the attack included a listening implant, backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning[clarification needed] tool. The components clearly suggest an intent to gain repeated entry, extract information, and be destructive, as well as remove evidence of the attack.
Sony was made aware of the hack on Monday, November 24, 2014, as the malware previously installed rendered many Sony employees' computers inoperable by the software, with the warning by a group calling themselves the Guardians of Peace, along with a portion of the confidential data taken during the hack. Several Sony-related Twitter accounts were also taken over. This followed a message that several Sony Pictures executives had received via email on the previous Friday, November 21; the message, coming from a group called "God'sApstls" [sic], demanded "monetary compensation" or otherwise, "Sony Pictures will be bombarded as a whole". This email message had been mostly ignored by executives, lost in the volume they had received or treated as spam email. In addition to the activation of the malware on November 24, the message included a warning for Sony to decide on their course of action by 11:00 p.m. that evening, although no apparent threat was made when that deadline passed. In the days following this hack, the Guardians of Peace began leaking yet-unreleased films and started to release portions of the confidential data to attract the attention of social media sites, although they did not specify what they wanted in return. Sony quickly organized internal teams to try to manage the loss of data to the Internet, and contacted the FBI and the private security firm FireEye to help protect Sony employees whose personal data was exposed by the hack, repair the damaged computer infrastructure and trace the source of the leak. The first public report concerning a North Korean link to the attack was published by Re/code on November 28 and later confirmed by NBC News.
On December 8, 2014, alongside the eighth large data dump of confidential information, the Guardians of Peace threatened Sony with language relating to the September 11 attacks that drew the attention of U.S. security agencies. North Korean state-sponsored hackers are suspected by the United States of being involved in part due to specific threats made toward Sony and movie theaters showing The Interview, a comedy film about an assassination attempt against Kim Jong-un. North Korean officials had previously expressed concerns about the film to the United Nations, stating that "to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war."
In its first quarter financials for 2015, Sony Pictures set aside $15 million to deal with ongoing damages from the hack. Sony has bolstered its cyber-security infrastructure as a result, using solutions to prevent similar hacks or data loss in the future. Sony co-chairperson Amy Pascal announced in the wake of the hack that she would step down as of May 2015, and instead will become more involved with film production under Sony.
According to a notice letter dated December 8, 2014, from SPE to its employees, SPE learned on December 1, 2014, that personally identifiable information about employees and their dependents may have been obtained by unauthorized individuals as a result of a "brazen cyber-attack", including names, addresses, Social Security numbers and financial information. On December 7, 2014, C-SPAN reported that the hackers stole 47,000 unique Social Security numbers from the SPE computer network.
Other emails released in the hack showed Pascal and Scott Rudin, a film and theatrical producer, discussing Angelina Jolie. In the emails, Rudin referred to Jolie as "a minimally talented spoiled brat" because Jolie wanted David Fincher to direct her film Cleopatra, which Rudin felt would interfere with Fincher directing a planned film about Steve Jobs. Pascal and Rudin were also noted to have had an email exchange about Pascal's upcoming encounter with Barack Obama that included characterizations described as racist, which led to Pascal's resignation from Sony. The two had suggested they should mention films about African-Americans upon meeting the president, such as Django Unchained, 12 Years a Slave and The Butler, all of which depict slavery in the United States or the pre-civil rights era. Pascal and Rudin later apologized. Details of lobbying efforts by politician Mike Moore on behalf of the Digital Citizens Alliance and FairSearch against Google were also revealed.
The leak revealed multiple details of behind-the-scenes politics on Columbia Pictures' current Spider-Man film series, including emails between Pascal and others to various heads of Marvel Studios. Due to the outcry from fans, the Spider-Man license was eventually negotiated to be shared between both studios. In addition to the emails, a copy of the screenplay for the James Bond film Spectre, released in 2015, was obtained. Several future Sony Pictures films, including Annie, Mr. Turner, Still Alice and To Write Love on Her Arms, were also leaked. The hackers intended to release additional information on December 25, 2014, which coincided with the release date of The Interview in the United States.
In December 2014, former Sony Pictures Entertainment employees filed four lawsuits against the company for not protecting their data that was released in the hack, which included Social Security numbers and medical information. As part of the emails, it was revealed that Sony was in talks with Nintendo to make an animated film based on the Super Mario Bros. series (which came to fruition 4 years later, albeit under Universal and Illumination instead of Sony, and is currently slated for a 2023 release).
In January 2015, details were revealed of the MPAA's lobbying of the United States International Trade Commission to mandate U.S. ISPs either at the internet transit level or consumer level internet service provider, to implement IP address blocking pirate websites as well as linking websites. WikiLeaks published over 30,000 documents that were obtained via the hack in April 2015, with founder Julian Assange stating that the document archive "shows the inner workings of an influential multinational corporation" that should be made public.
In November 2015, after Charlie Sheen revealed he was HIV positive in a television interview to Matt Lauer, it was revealed that information about his diagnosis was leaked in an email between senior Sony bosses dated March 10, 2014. In December, Snap Inc., due to the hack, was revealed to have acquired Vergence Labs for $15 million in cash and stock, the developers of Epiphany Eyewear, and mobile app Scan for $150 million.
On December 16, for the first time since the hack, the "Guardians of Peace" mentioned the then-upcoming film The Interview by name, and threatened to take terrorist actions against the film's New York City premiere at Sunshine Cinema on December 18, as well as on its American wide release date, set for December 25. Sony pulled the theatrical release the following day.
President Barack Obama, in an end-of-year press speech on December 19, commented on the Sony hacking and stated that he felt Sony made a mistake in pulling the film, and that producers should "not get into a pattern where you are intimidated by these acts". He also said, "We will respond proportionally and we will respond in a place and time and manner that we choose." In response to President Obama's statement, Sony Entertainment's CEO Michael Lynton said on the CNN program Anderson Cooper 360 that the public, the press and the President misunderstood the events. Lynton said the decision to cancel the wide release was in response to a majority of theaters pulling their showings and not to the hackers' threats. Lynton stated that they would seek other options to distribute the film in the future, and noted "We have not given in. And we have not backed down. We have always had every desire to have the American public see this movie."