That Huge Sony Hack May Have Been North Korea Retaliating Against James Franco And Seth Rogen

from the wait...really? dept

Tue, Dec 2nd 2014 2:57pm — Timothy Geigner

You may have heard recently that Sony Pictures experienced what the company called a "system disruption" and what everyone else referred to as "Oh, look, Sony employees are completely locked out of their own computers." In place of a normal, working computer, Sony employees found poetic words and subtle imagery. Just kidding, it looked like an amateurish metal band CD insert artist vomited a splash page all over the screen.

It's fairly likely that the GOP claiming responsibility for the hack wasn't Karl Rove in his mother's basement and there was little early speculation on who they in fact were, beyond the "Guardians of Peace" name the hackers claimed. While it's not yet confirmed, reports are that the internal investigation Sony is conducting is eyeing none other than North Korea.

Sony Pictures Entertainment is exploring the possibility that hackers working on behalf of North Korea, perhaps operating out of China, may be behind a devastating attack that brought the studio’s network to a screeching halt earlier this week, sources familiar with the matter tell Re/code. The timing of the attack coincides with the imminent release of “The Interview,” a Sony film that depicts a CIA plot to assassinate North Korean leader Kim Jong-Un. The nation’s ever-belligerent state propaganda outlets have threatened “merciless retaliation” against the U.S. and other nations if the film is released.

Oh, North Korea. Look, if this was you, I'll certainly agree that forcing anyone to look at that garish screenshot above likely qualifies as "merciless retaliation," but I dare say it's probably not going to be all that effective. And should you be found out to be behind this, having the entire planet laugh at your complete lack of sense of humor probably doesn't take the sting out of the fact that you can't feed your own people, despite having a self-proclaimed necro-deity still technically heading up the government.

And to have this reaction over a Hollywood film and then add your own cliffhanger is downright ironic.

"Hostile forces" are casting blame on North Korea, said a spokesman for the country's mission at the United Nations, according to the Reuters news agency. "I kindly advise you to just wait and see."

In the meantime, this is generating so much free publicity for The Interview, one wonders if Pyongyang is serving as a Sony marketing consultant.

Admittedly, whoever did do the hack seems to have really shaken up Sony Pictures (which appears to have had almost no real security at all), as it is rumored to have resulted in the leak of a few upcoming movies and a treasure trove of HR info, including some embarrassing info. Whether or not it's North Koreans angry about a Rogen/Franco flick, or something else, it's not making anyone look very good right now.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: guardians of peace, hack, james franco, north korea, seth rogen
Companies: sony, sony pictures

38 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

That One Guy (profile), 2 Dec 2014 @ 3:06pm

'Pretty please don't' security?
You know, given how easy it seems to be to hack Sony, I have to wonder if their entire security measures are nothing more than text telling would-be hackers 'Please don't break into our servers'.

Seriously, hacked by North Korea? That's just sad.
[ link to this | view in chronology ]
Anonymous Coward, 2 Dec 2014 @ 3:07pm

You could sadly add American Politicians in place of North Korea and the shoe would fit pretty much the same.
[ link to this | view in chronology ]
Mason Wheeler (profile), 2 Dec 2014 @ 3:09pm

Sony Pictures (which appears to have had almost no real security at all)

This is Sony; what did you expect?
[ link to this | view in chronology ]
Whoever, 2 Dec 2014 @ 3:09pm

North Korea? Really?
Since Internet access is so limited in North Korea, where is North Korea going to find any script kiddies to do this?

My guess is that this is Sony trying to pretend that their security wasn't so bad that it was penetrated by some immature teenage basement dwellers.
"It wasn't our fault, it was that scary country over there. Yes, that will keep the shareholders off our backs for doing such a cr*p job of securing our systems"
[ link to this | view in chronology ]
- Anonymous Coward, 2 Dec 2014 @ 8:30pm
  
  Re: North Korea? Really?
  I think it really is the Grand Old Party- GOP just pretending to be north Koreans.
  [ link to this | view in chronology ]
- Tobias Harms (profile), 3 Dec 2014 @ 12:43am
  
  Re: North Korea? Really?
  Well the article did say that they where probably hired from China.
  [ link to this | view in chronology ]
- Mike, 4 Dec 2014 @ 7:01am
  
  Re: North Korea? Really?
  North Korea has a specialized group of govt trained cyberwarriors that are one of the largest threats in the world to technical infrastructure in the civilized world today. Don't discount their abilities, this wouldn't have been done by NK civilian script kiddies, it would have been done by a well funded, well trained, group of experts that also attack South Korean and US data systems pretty much around the clock in attempts to disrupt our way of life and steal our trade secrets.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 4 Dec 2014 @ 10:32am
    
    Re: Re: North Korea? Really?
    "one of the largest threats in the world to technical infrastructure in the civilized world today"
    
    NK's hacking groups are extremely good, but why do you characterize them as a serious threat to the technical infrastructure? Are they remotely setting bombs at routers or severing trunk lines?
    [ link to this | view in chronology ]
    - tqk (profile), 4 Dec 2014 @ 1:10pm
      
      Re: Re: Re: North Korea? Really?
      I don't know how good NK's hackers are, but that may be irrelevant. Richard Clarke classifies the current state of computing security into two groups: those who've been hacked, and those who don't yet know they've been hacked (NY Times).
      
      Add the scare stories about all the non-airgapped and net accessible micro-controllers on critical infrastructure, and you've got the bar to potential disaster set dangerously low.
      
      A few days ago, I clicked onto a site that's displaying realtime CCTV output from thousands of security cameras whose owners hadn't bothered to secure them. There are plenty of professionals who tell stories about egregiously vulnerably implemented micro-controllers hooked up to potential Bhopal scary disaster situations.
      
      Any number of "bad guys" out there could be biding their time, accumulating access to controller after controller, just waiting for their perfect moment to spring the trap.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 4 Dec 2014 @ 3:13pm
        
        Re: Re: Re: Re: North Korea? Really?
        "Richard Clarke classifies the current state of computing security into two groups: those who've been hacked, and those who don't yet know they've been hacked (NY Times)."
        
        That's a very broad brush, but it's also not as far from wrong as it should be.
        
        Nonetheless, it doesn't address my question at all: how is this a threat to the technical infrastructure? It's certainly a threat to data, but that's a totally different thing.
        [ link to this | view in chronology ]
That One Guy (profile), 2 Dec 2014 @ 3:12pm

"Hostile forces" are casting blame on North Korea, said a spokesman for the country's mission at the United Nations, according to the Reuters news agency. "I kindly advise you to just wait and see."

Sony should have some fun with this actually, and release a public statement along the lines of "After careful consideration, we have determined that the North Korean government is not in fact responsible for the recent attack on our servers, as we have determined that they lack the technological capability to do so."

Then everyone gets to sit back and have a good laugh as NK blusters on about how big and bad and scary they are, and how they could totally hack Sony if they wanted to.
[ link to this | view in chronology ]
Anonymous Coward, 2 Dec 2014 @ 3:35pm

"[...] as it is rumored to have resulted in the leak of a few upcoming movies and a treasure trove of HR info [...]
"

One must ask what the hell creative content and personnel info are doing on the same network. Apparently Sony's IT personnel still think it's 1997.
[ link to this | view in chronology ]
AricTheRed (profile), 2 Dec 2014 @ 3:39pm

Clickbait!!! I want my $0.04!
I had to, just had to check out the "embarrassing info" link.

Just think how pissed Michael Pavlic must be to be paid less than Michael Barker, all because of the alphabetical payroll scheme there @ Sony.
[ link to this | view in chronology ]
Anonymous Coward, 2 Dec 2014 @ 4:27pm

I wonder if it was actually a spoof to raise publicity by faking a hack for the movie. However when it was learned about actual hackers attacked and that is when the content was stolen along with the actual disruption of their network.
[ link to this | view in chronology ]
sorrykb (profile), 2 Dec 2014 @ 4:28pm

It's fairly likely that the GOP claiming responsibility for the hack wasn't Karl Rove in his mother's basement

Thank you for that mental image... at once terrifying and deeply enlightening.
[ link to this | view in chronology ]
Anonymous Coward, 2 Dec 2014 @ 4:32pm

I read the hackers completely formatted all of Sony's hard drives, including the master boot record and partitions. This hack definitely seemed like a giant FU.
[ link to this | view in chronology ]
Blackfiredragon13 (profile), 2 Dec 2014 @ 4:37pm

Didn't kim-something say something about going to see it?
[ link to this | view in chronology ]
tqk (profile), 2 Dec 2014 @ 4:47pm

More info.
See http://krebsonsecurity.com/2014/12/sony-breach-may-have-exposed-employee-healthcare-salary-data/

and

h ttp://torrentfreak.com/sony-movies-leak-online-after-hack-attack-141129/?utm_source=feedburner&u tm_medium=feed&utm_campaign=Feed%3A+Torrentfreak+%28Torrentfreak%29

Eleven TB of data! "Their network admins never noticed this shit being siphoned off?" -- SunnyZ@TF.

The last time somebody hacked Sony, it was learned they were running servers which hadn't been updated in years, and their tiny tech support staff had no chance to keep up with what would be expected of them.

Sony cheaps out on tech support, screws over users and customers, loses shareholders' IP, and exposes their employees (including Angelina Jolie's) personal information to crackers.

Fairly stunning faceplant for a corp the size of Sony.
[ link to this | view in chronology ]
Anonymous Anonymous Coward, 2 Dec 2014 @ 5:29pm

Money for Security? Ha!
Sony cheeped out on security by running their root-kit on every machine in their organization. The IT security department then sat back and gleaned the fruits of the keyloggers, voice recognition, and supervisor rights on all computers and laughed at the NSA (bet those guys wish they had this). Meanwhile, our intrepid hackers reverse engineered the root-kit that Sony distributed with their PlayStations and rightly guessed that the 'kit' had not been updated. They then proceeded to create their own root-kit that rooted the Sony root-kit. And as Stan said to Laurel, "What a fine mess we are in"!
[ link to this | view in chronology ]
- Anonymous Anonymous Coward, 2 Dec 2014 @ 5:30pm
  
  Re: Money for Security? Ha!
  Dang-it, that should be as Stan said to Oliver, otherwise he would be talking to himself...well not so out of character.
  [ link to this | view in chronology ]
Wiilain, 2 Dec 2014 @ 6:37pm

Chamber Of Commerce pushing Cybersecurity bill because of SONY today:
Please read: From the Hill

http://thehill.com/policy/cybersecurity/225758-industry-still-pushing-for-lame-duck-cyber-bill as many of you know CISA legalizes NSA Spying http://www.theguardian.com/commentisfree/2014/jul/12/senate-nsa-secret-cybersecurity-information-sha ring-act and gets rid of Net Neutrality online without FCC approval http://www.usnews.com/news/articles/2014/07/07/nsa-net-neutrality-fears-overshadow-senate-cybersecur ity-vote I know I am conspiratorial, but I find it very strange all these hacker attacks are happening and I remember last October when Congressman Mike Rodgers promised he would do everything in his power to get CISA on the Senate floor http://thehill.com/policy/technology/219429-house-chairman-fears-political-tantrums-could-sink-cyber -bill With a case being decided about controlling and arresting people for there Free Speech when making comments on the web http://www.latimes.com/nation/la-na-supreme-court-facebook-threats-free-speech-20141201-story.html (I wonder after this decision would it be legal to want death for Usama Bin Laden especially if people were so angry about the towers falling and this case was ruled before 9/11 happened would then the BIG BAD FBI come over your house and put you in jail?) Insane. Techdirt please let your readers know the Chamber Of Commerce has not given up in putting CISA to a vote this month before the Senate Christmas recess. Do not let the Senate take over the internet. Help stop CISA S.2588 and for all you readers call the Senate www.senate.gov 2022243121 and after you give the operator your Zip Code, tell your 2 Senators NO TO CISA S.2588
[ link to this | view in chronology ]
Anonymous Coward, 2 Dec 2014 @ 7:08pm

So what's in the SPEData.zip?
[ link to this | view in chronology ]
- DaveK (profile), 2 Dec 2014 @ 10:37pm
  
  Re: So what's in the SPEData.zip?
  There's no actual data in that zip file. It's just got a couple of *enormous* text files with listings of the filenames of all the data they're claiming to have stolen, and a readme.txt that says:
  
  These two files are the lists of secret data we have acquired from SPE.
  
  Anyone who needs the data, send an email titled ¡¶To the Guardians of Peace¡· to the following email addresses.
  
  marc.parker-8t52ebo@yopmail.com
  emma.murphy-0ohbp3m1@yopmail.com
  lisa.harris-cxkjch3@yopmail .com
  john.murphy-7o2h3uh3@yopmail.com
  axel.turner-ffqbv9c@yopmail.com
  lisa.harris-ezd6e1j@yopmail.com
  mi ke.morris-f2iyqki@yopmail.com
  abc@spambog.com
  lena@spambog.com
  john@spambog.com
  
  Here's the head and tail of the two listing files, just to give you an idea what they claim to have:
  
  C:\Users\MYNAME\Downloads\SPEData>head list1.txt list2.txt
  ==> list1.txt <==
  Credit Templets Aug 2011.xlsx
  DataRestorationSheet.docx
  DataRestorationSheet.pdf
  J Belknip Inventory box pickup.doc
  Blank Inventory Sheet.xlsx
  Mixing Log.xlsx
  ADR & Foley Crew Costs.xlsx
  PRORECAP.DOC
  PRORECA2.DOC
  PROPPROP.DOC
  
  ==> list2.txt <==
  voldata.tdf
  Shortcut to apps on 'usccipwv05' (I).lnk
  dev_rfc.trc
  wiped00
  Thumbs.db
  DATA_Inventory.html
  CIFS_testfile
  .DS_Store
  QA.CFG
  THESTUDI.LNK
  
  C:\User s\MYNAME\Downloads\SPEData>tail list1.txt list2.txt
  ==> list1.txt <==
  10s DSR 10.25.10, 10-11-SP.xls
  10s DSR 10.25.10, 09-10 and 10-11-KO.xls
  Sloane's DSR w-o 10-25.pdf
  Sloane's DSR w-o 11-8.pdf
  10s DSR 10.18.10, 10-11-SP.xls
  Kirk's DSR w-o 10-25.pdf
  Kirk's DSR w-o 10-18.pdf
  Kirk's DSR w-o 11-8.pdf
  Dr. Oz Fall11 Terre Haute.docx
  Fargo.Dr. Oz Renewal Pitch.pdf
  
  ==> list2.txt <==
  n38500311_31917115_5966.jpg
  boards.weddingbee.com.htm
  Thumbs.db
  n12128422_32339518_8425.jpg
  n38500 311_31917100_1902.jpg
  n12128422_32339516_6355.jpg
  n38500311_31917280_6102.jpg
  Desktop.ini
  SPE_DT.log
  SPE_ DT.sdb
  
  C:\Users\DKAdmin\Downloads\tablet\SPEData>
  [ link to this | view in chronology ]
Anonymous Coward, 2 Dec 2014 @ 7:12pm

Oh, talk about the richest karma in this hack. Sony put out a rootkit getting in to all sorts of places as people played their music off purchased CDs. The irony is indeed delicious.

NK is well known to use such vocabulary as "merciless retaliation" so that part would not surprise me. I sort of felt like I got a merit badge or something on Reddit as NK has a bot hunting for anyone saying bad about it. Bans you before you even know it was there. Can't say I missed a dang thing; rather proud of being banned from it without showing up or even knowing of it's existence.

Little chubby from NK gets butt hurt over the slightest things so I wouldn't be surprised.
[ link to this | view in chronology ]
- ltlw0lf (profile), 2 Dec 2014 @ 8:24pm
  
  Re:
  Oh, talk about the richest karma in this hack. Sony put out a rootkit getting in to all sorts of places as people played their music off purchased CDs. The irony is indeed delicious.
  
  I was soaking in the karma schadenfreude when Sony Entertainment of America laid off their network and security staff six months before PSN got hacked because they were too expensive. A friend of mine laid off six months before was asked by Sony to come back and help them fix PSN after it got hacked, and he told them to take a long walk off a short pier.
  
  This is just icing on the cake I am already choking on.
  [ link to this | view in chronology ]
  - Anonymous Coward, 2 Dec 2014 @ 11:10pm
    
    Re: Re:
    Ultimate lesson: if you think computer security is expensive you should look at the costs of not having it.
    [ link to this | view in chronology ]
    - ltlw0lf (profile), 3 Dec 2014 @ 7:15am
      
      Re: Re: Re:
      if you think computer security is expensive you should look at the costs of not having it.
      
      I'm not of that opinion, though it is certainly valid.
      
      There is a lot of security that is stupidly expensive and absolutely worthless (i.e. TSA) and those should be removed or replaced with better security that is also cheaper. There is a lot of security that is cheap and absolutely necessary, like installing security patches on a regular basis. If you think computer security is expensive, you should look at what you have, determine if it is necessary and worth the risk of not having it, and go from there.
      
      You should never make any decision on anything, security or otherwise, solely based on the cost alone. After all, Sony did replace their security/networking staff with cheaper ones, that brought with them the lack of experience and understanding of basic security/administration principles. Many of the machines compromised did not have the latest security patches...pretty basic system administration 101 type stuff.
      [ link to this | view in chronology ]
      - John Fenderson (profile), 3 Dec 2014 @ 9:43am
        
        Re: Re: Re: Re:
        "There is a lot of security that is stupidly expensive and absolutely worthless (i.e. TSA)"
        
        In terms of the old adage about the cost of security, things like what the TSA is doing doesn't count -- because what they're doing isn't really security. The adage is talking about actual security.
        [ link to this | view in chronology ]
orbitalinsertion (profile), 2 Dec 2014 @ 9:12pm

"Hostile forces" are casting blame on North Korea

Well, Sony is rather a hostile force, on average, as laughable as this NK comment is. But with very low defenses, apparently.
[ link to this | view in chronology ]
Roman Prokopchuk, 2 Dec 2014 @ 10:25pm

North Korea the Most Petty Communist Country
It's funny that a country is so brain washed that it threatened war over an assassination attempt of their leader in a movie. Technology, social media, and media are all state run brainwashing which is sad to see.
[ link to this | view in chronology ]
Kronomex, 3 Dec 2014 @ 1:20am

What a crock of crap! Sony got caught with their security down so let's blame...oh, I don't know...how about North Korea? Good idea...snort...snigger...chortle.
[ link to this | view in chronology ]
Violynne (profile), 3 Dec 2014 @ 3:27am

Well, this may be a childish stance on Sony's situation, but...

AHAHAHAHAHAHAHAHAHAHA!

This has been wonderful news. The only way it gets topped off: "Sony declares bankruptcy."
[ link to this | view in chronology ]
sigalrm (profile), 3 Dec 2014 @ 7:34am

This is a unique opportunity....
To allow the movie industry to validate some of their theories.

As part of this hack, it looks like DVD images of the following movies have been released: “Fury”, “Annie”, “Mr. Turner”, “Still Alice” and “To Write Love on Her Arms”

This seems like an excellent opportunity to determine if Piracy really will destroy the earnings for those films. By the film industries own logic, it should at this point be impossible for any of these movies to bring in any money, now that they're available for free...
[ link to this | view in chronology ]
- John85851 (profile), 3 Dec 2014 @ 9:52am
  
  Re: This is a unique opportunity....
  I assume you're being sarcastic.
  Of course Sony will blame the low performace of these movies on this hack... whether the movies make money or not.
  
  For example, "Annie" could go on to make a billion dollars, but Sony will still complain that it could have made more if not for the North Korean hackers.
  Of course, this doesn't address the question of why they decided the world needed an "Annie" remake, but whatever.
  [ link to this | view in chronology ]
Anonymous Coward, 3 Dec 2014 @ 7:47am

"self-proclaimed necro-deity"
I don't believe he ever proclaimed himself to be a necro-deity, and nothing in the linked article says that... but I'd love to be proven wrong.
[ link to this | view in chronology ]
- John Fenderson (profile), 3 Dec 2014 @ 10:19am
  
  Re: "self-proclaimed necro-deity"
  This is a reasonable overview: http://en.wikipedia.org/wiki/North_Korea%27s_cult_of_personality
  
  The summary is this:
  
  North Korean authorities have co-opted portions of Christianity and Buddhism, and adopted them to their own uses, while greatly restricting all religions in general as they are seen as a threat to the regime. An example of this can be seen in the description of Kim Il-sung as a god, and Kim Jong-il as the son of a god or "Sun of the Nation", evoking the father-son imagery of Christianity. According to author Victor Cha, during the first part of Kim Il-sung's rule, the state destroyed over 2,000 Buddhist temples and Christian churches which might detract from fidelity to Kim. There is even widespread belief that Kim-il Sung "created the world" and that Kim Jong-il controlled the weather.
  [ link to this | view in chronology ]
- alan turing, 3 Dec 2014 @ 1:57pm
  
  Re: "self-proclaimed necro-deity"
  Kim Il-sung is still technically the incumbent in North Korea, so there's that...
  [ link to this | view in chronology ]
Rekrul, 3 Dec 2014 @ 8:36pm

You know what would be really funny? If Sony found out that the reason their network got hacked was because some of their employees played older Sony music CDs on their work computers, and it installed Sony's rootkit.
[ link to this | view in chronology ]