Advertisement

Sony Pictures hacking: a whodunnit gripping Hollywood

The Sony Pictures hacking became an international incident when the US government accused North Korea of involvement. Simon Wilson reports.

The cyberattack on Sony Pictures became an international incident when theUS government accused North Korea of involvement. Simon Wilson reports.

What happened?

Beginning on 24 November, a groupof hackers calling themselves Guardiansof Peace (GOP) launched a massive hacking attack against Sony Pictures. They initially leaked the social security numbers of 47,000 current and former employees, published sensitive financial information, distributed copies of yet-to-be released films, and published a massive trove of highly embarrassing emails. Then, on 8 December, after a week of media stories linking North Korea to the Sony hack, the GOP hackers made their first reference to The Interview, a film about two US journalists tasked by the CIA with assassinating Kim Jong-un. Amid threats of September 11th-style attacks on cinemas showing the film, cinema chains told Sony they couldn't take the risk, and Sony took the decision to pull its release.

What was the reaction?

The reaction from investors was that Sony had done the sensible thing: its share price jumped. The reaction from Hollywood and many politicians was that it had given in to cyber blackmail. Actor Rob Lowe captured the mood, tweeting that Sony had "done Neville Chamberlain proud today". Former House speaker Newt Gingrich wrote that "with the Sony collapse, America has lost its first cyberwar. This is a very, very dangerous precedent." President Obama criticised Sony for giving in to cyber blackmail, and advised Americans to "go to the movies". The US categorised the incident as "cyber vandalism" rather than terrorism, but accused North Korea of being "centrally involved" in the hacking campaign.

What does North Korea have to say?

That it is not responsible, but whoever was should be congratulated. An official statement said Pyongyang "estimates highly" the hackers' "righteous action", although it's "not aware of where they are", and accused President Obama of "making the rumour" that North Korea was responsible. As a result of this slander, "the army and people of the DPRK are fully ready to stand in confrontation with the US in all war spaces including cyber warfare space Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole US mainland, the cesspool of terrorism, by far surpassing the symmetric counteraction' declared by Obama."

Is this business as usual?

Yes and no. The North often uses violent rhetoric against the South and the US. Yet it rarely bothers to deny hacking claims in such forthright terms. Moreover, this statement comes from the most powerful body in North Korea, the National Defence Commission, chaired by Kim Jong-un himself. In addition, the statement includes some detailed rebuttal of the FBI's claims that there were signs in the computer code that North Korea was behind the Sony attack.

How strong is the FBI's evidence?

North Korea obviously has a motive, as well as a track record of hacking, but the technical evidence is far from conclusive. The FBI says that there are similarities between the type of malware used in the Sony hack and code used in an attack on South Korea last year. But when any malware is discovered, it is shared around many experts for analysis; any attacker could simply "re-version" the code for their own use. The FBI also says that "several Internet Protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hard coded into the data deletion malware used in this attack", although it's not clear from the statement whether these IP addresses were located in North Korea or refer to servers outside the country that are believed to be controlled by North Korean hackers.

What evidence points away from North Korea?

As Kim Zetter points out in Wired, nation-state attacks don't generally announced themselves with taunting messages and images of blazing skeletons posted to infected computers, as happened in this case. They don't normally give themselves catchy noms-de-hacks like "Guardians of Peace", or mock their victims for having poor security. Nor do they typically involve massive dumps of data onto Pastebin (the "unofficial cloud repository of hackers", as Zetter puts it). On the other hand, all these are the hallmarks of hacktivist groups such as Anonymous or LulzSec. So was it an insider bent on revenge (see box)? Is it the work of just one group, or did other groups with North Korean links jump on the bandwagon once it was rolling? And what evidence does the US have that it has so far not made public? The Interview saga is ending 2014 on a cliffhanger; 2015 look certain to bring more plot twists.

Was the Sony hack an insider job?

It is especially significant, argues Marc Rogers, a blogger and security analyst for Cloudflare, that the hackers only latched onto The Interview after the media did. "I think the attackers both saw this as an opportunity for lulz' [mischievious fun] and as a way to misdirect everyone into thinking it was a nation state. After all, if everyone believes it's a nation state, then the criminal investigation will likely die." In addition, it is "clear from the hard-coded paths and passwords in the malware that whoever wrote it had extensive knowledge of Sony's internal architecture and access to key passwords. While it's plausible that an attacker could have built up this knowledge over time and then used it to make the malware", it looks much more like an insider bent on revenge.

Advertisement
Advertisement

Recommended

Visit/517688/the-british-equity-market-is-shrinking
Stockmarkets

The British equity market is shrinking

British startups are abandoning public stockmarkets and turning to deep-pocketed Silicon Valley venture capitalists for their investment needs.
8 Nov 2019
Visit/516944/why-wall-street-has-got-it-wrong-again
Economy

Why Wall Street has got the US economy wrong again

The hiring slowdown does not signal recession for the US economy. Growth is just moving down a gear, says Brian Pellegrini.
25 Oct 2019
Visit/511212/reasons-for-investors-to-be-bearish-but-stick-with-the-stockmarket-bulls
Stockmarkets

There are lots of reasons to be bearish – but you should stick with the bulls

There are plenty of reasons to be gloomy about the stockmarkets. But the trend remains up, says Dominic Frisby. And you don’t want to bet against the …
17 Jul 2019
Visit/510684/good-news-on-jobs-scares-stockmarkets
Economy

Good news on jobs scares US stockmarkets

June brought the best monthly US jobs growth of the year, but stockmarkets were not best pleased.
11 Jul 2019

Most Popular

Visit/investments/commodities/gold/601444/these-seven-charts-show-exactly-why-you-must-own-gold-today
Gold

These seven charts show exactly why you must own gold today

Covid-19 is accelerating many trends that were already in existence. The rising gold price is one such trend. These seven charts, says Dominic Frisby,…
3 Jun 2020
Visit/investments/stockmarkets/601460/disease-rioting-and-mass-unemployment-so-why-are-markets-soaring
Stockmarkets

Disease, rioting and mass unemployment – so why are markets soaring?

Despite some pretty strong headwinds in the last year, America’s S&P 500 stock index is close to all-time highs. John Stepek explains why markets seem…
4 Jun 2020
Visit/economy/eu-economy/601463/why-a-stronger-euro-is-good-news-for-investors
EU Economy

Why a stronger euro is good news for investors

The fragile state of the eurozone has for a long time brought the threat of deflation. But the ECB’s latest moves have dampened those fears. John Step…
5 Jun 2020