That Huge Sony Hack May Have Been North Korea Retaliating Against James Franco And Seth Rogen
from the wait...really? dept
You may have heard recently that Sony Pictures experienced what the company called a "system disruption" and what everyone else referred to as "Oh, look, Sony employees are completely locked out of their own computers." In place of a normal, working computer, Sony employees found poetic words and subtle imagery. Just kidding, it looked like an amateurish metal band CD insert artist vomited a splash page all over the screen.It's fairly likely that the GOP claiming responsibility for the hack wasn't Karl Rove in his mother's basement and there was little early speculation on who they in fact were, beyond the "Guardians of Peace" name the hackers claimed. While it's not yet confirmed, reports are that the internal investigation Sony is conducting is eyeing none other than North Korea.
Sony Pictures Entertainment is exploring the possibility that hackers working on behalf of North Korea, perhaps operating out of China, may be behind a devastating attack that brought the studio’s network to a screeching halt earlier this week, sources familiar with the matter tell Re/code. The timing of the attack coincides with the imminent release of “The Interview,” a Sony film that depicts a CIA plot to assassinate North Korean leader Kim Jong-Un. The nation’s ever-belligerent state propaganda outlets have threatened “merciless retaliation” against the U.S. and other nations if the film is released.Oh, North Korea. Look, if this was you, I'll certainly agree that forcing anyone to look at that garish screenshot above likely qualifies as "merciless retaliation," but I dare say it's probably not going to be all that effective. And should you be found out to be behind this, having the entire planet laugh at your complete lack of sense of humor probably doesn't take the sting out of the fact that you can't feed your own people, despite having a self-proclaimed necro-deity still technically heading up the government.
And to have this reaction over a Hollywood film and then add your own cliffhanger is downright ironic.
"Hostile forces" are casting blame on North Korea, said a spokesman for the country's mission at the United Nations, according to the Reuters news agency. "I kindly advise you to just wait and see."In the meantime, this is generating so much free publicity for The Interview, one wonders if Pyongyang is serving as a Sony marketing consultant.
Admittedly, whoever did do the hack seems to have really shaken up Sony Pictures (which appears to have had almost no real security at all), as it is rumored to have resulted in the leak of a few upcoming movies and a treasure trove of HR info, including some embarrassing info. Whether or not it's North Koreans angry about a Rogen/Franco flick, or something else, it's not making anyone look very good right now.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: guardians of peace, hack, james franco, north korea, seth rogen
Companies: sony, sony pictures
Reader Comments
Subscribe: RSS
View by: Time | Thread
'Pretty please don't' security?
Seriously, hacked by North Korea? That's just sad.
[ link to this | view in thread ]
[ link to this | view in thread ]
This is Sony; what did you expect?
[ link to this | view in thread ]
North Korea? Really?
My guess is that this is Sony trying to pretend that their security wasn't so bad that it was penetrated by some immature teenage basement dwellers.
[ link to this | view in thread ]
Sony should have some fun with this actually, and release a public statement along the lines of "After careful consideration, we have determined that the North Korean government is not in fact responsible for the recent attack on our servers, as we have determined that they lack the technological capability to do so."
Then everyone gets to sit back and have a good laugh as NK blusters on about how big and bad and scary they are, and how they could totally hack Sony if they wanted to.
[ link to this | view in thread ]
"
One must ask what the hell creative content and personnel info are doing on the same network. Apparently Sony's IT personnel still think it's 1997.
[ link to this | view in thread ]
Clickbait!!! I want my $0.04!
Just think how pissed Michael Pavlic must be to be paid less than Michael Barker, all because of the alphabetical payroll scheme there @ Sony.
[ link to this | view in thread ]
[ link to this | view in thread ]
Thank you for that mental image... at once terrifying and deeply enlightening.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
More info.
and
h ttp://torrentfreak.com/sony-movies-leak-online-after-hack-attack-141129/?utm_source=feedburner&u tm_medium=feed&utm_campaign=Feed%3A+Torrentfreak+%28Torrentfreak%29
Eleven TB of data! "Their network admins never noticed this shit being siphoned off?" -- SunnyZ@TF.
The last time somebody hacked Sony, it was learned they were running servers which hadn't been updated in years, and their tiny tech support staff had no chance to keep up with what would be expected of them.
Sony cheaps out on tech support, screws over users and customers, loses shareholders' IP, and exposes their employees (including Angelina Jolie's) personal information to crackers.
Fairly stunning faceplant for a corp the size of Sony.
[ link to this | view in thread ]
Money for Security? Ha!
[ link to this | view in thread ]
Re: Money for Security? Ha!
[ link to this | view in thread ]
Chamber Of Commerce pushing Cybersecurity bill because of SONY today:
http://thehill.com/policy/cybersecurity/225758-industry-still-pushing-for-lame-duck-cyber-bill as many of you know CISA legalizes NSA Spying http://www.theguardian.com/commentisfree/2014/jul/12/senate-nsa-secret-cybersecurity-information-sha ring-act and gets rid of Net Neutrality online without FCC approval http://www.usnews.com/news/articles/2014/07/07/nsa-net-neutrality-fears-overshadow-senate-cybersecur ity-vote I know I am conspiratorial, but I find it very strange all these hacker attacks are happening and I remember last October when Congressman Mike Rodgers promised he would do everything in his power to get CISA on the Senate floor http://thehill.com/policy/technology/219429-house-chairman-fears-political-tantrums-could-sink-cyber -bill With a case being decided about controlling and arresting people for there Free Speech when making comments on the web http://www.latimes.com/nation/la-na-supreme-court-facebook-threats-free-speech-20141201-story.html (I wonder after this decision would it be legal to want death for Usama Bin Laden especially if people were so angry about the towers falling and this case was ruled before 9/11 happened would then the BIG BAD FBI come over your house and put you in jail?) Insane. Techdirt please let your readers know the Chamber Of Commerce has not given up in putting CISA to a vote this month before the Senate Christmas recess. Do not let the Senate take over the internet. Help stop CISA S.2588 and for all you readers call the Senate www.senate.gov 2022243121 and after you give the operator your Zip Code, tell your 2 Senators NO TO CISA S.2588
[ link to this | view in thread ]
[ link to this | view in thread ]
NK is well known to use such vocabulary as "merciless retaliation" so that part would not surprise me. I sort of felt like I got a merit badge or something on Reddit as NK has a bot hunting for anyone saying bad about it. Bans you before you even know it was there. Can't say I missed a dang thing; rather proud of being banned from it without showing up or even knowing of it's existence.
Little chubby from NK gets butt hurt over the slightest things so I wouldn't be surprised.
[ link to this | view in thread ]
Re:
I was soaking in the karma schadenfreude when Sony Entertainment of America laid off their network and security staff six months before PSN got hacked because they were too expensive. A friend of mine laid off six months before was asked by Sony to come back and help them fix PSN after it got hacked, and he told them to take a long walk off a short pier.
This is just icing on the cake I am already choking on.
[ link to this | view in thread ]
Re: North Korea? Really?
[ link to this | view in thread ]
Well, Sony is rather a hostile force, on average, as laughable as this NK comment is. But with very low defenses, apparently.
[ link to this | view in thread ]
North Korea the Most Petty Communist Country
[ link to this | view in thread ]
Re: So what's in the SPEData.zip?
These two files are the lists of secret data we have acquired from SPE.
Anyone who needs the data, send an email titled ¡¶To the Guardians of Peace¡· to the following email addresses.
marc.parker-8t52ebo@yopmail.com
emma.murphy-0ohbp3m1@yopmail.com
lisa.harris-cxkjch3@yopmail .com
john.murphy-7o2h3uh3@yopmail.com
axel.turner-ffqbv9c@yopmail.com
lisa.harris-ezd6e1j@yopmail.com
mi ke.morris-f2iyqki@yopmail.com
abc@spambog.com
lena@spambog.com
john@spambog.com
Here's the head and tail of the two listing files, just to give you an idea what they claim to have:
C:\Users\MYNAME\Downloads\SPEData>head list1.txt list2.txt
==> list1.txt <==
Credit Templets Aug 2011.xlsx
DataRestorationSheet.docx
DataRestorationSheet.pdf
J Belknip Inventory box pickup.doc
Blank Inventory Sheet.xlsx
Mixing Log.xlsx
ADR & Foley Crew Costs.xlsx
PRORECAP.DOC
PRORECA2.DOC
PROPPROP.DOC
==> list2.txt <==
voldata.tdf
Shortcut to apps on 'usccipwv05' (I).lnk
dev_rfc.trc
wiped00
Thumbs.db
DATA_Inventory.html
CIFS_testfile
.DS_Store
QA.CFG
THESTUDI.LNK
C:\User s\MYNAME\Downloads\SPEData>tail list1.txt list2.txt
==> list1.txt <==
10s DSR 10.25.10, 10-11-SP.xls
10s DSR 10.25.10, 09-10 and 10-11-KO.xls
Sloane's DSR w-o 10-25.pdf
Sloane's DSR w-o 11-8.pdf
10s DSR 10.18.10, 10-11-SP.xls
Kirk's DSR w-o 10-25.pdf
Kirk's DSR w-o 10-18.pdf
Kirk's DSR w-o 11-8.pdf
Dr. Oz Fall11 Terre Haute.docx
Fargo.Dr. Oz Renewal Pitch.pdf
==> list2.txt <==
n38500311_31917115_5966.jpg
boards.weddingbee.com.htm
Thumbs.db
n12128422_32339518_8425.jpg
n38500 311_31917100_1902.jpg
n12128422_32339516_6355.jpg
n38500311_31917280_6102.jpg
Desktop.ini
SPE_DT.log
SPE_ DT.sdb
C:\Users\DKAdmin\Downloads\tablet\SPEData>
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: North Korea? Really?
[ link to this | view in thread ]
[ link to this | view in thread ]
AHAHAHAHAHAHAHAHAHAHA!
This has been wonderful news. The only way it gets topped off: "Sony declares bankruptcy."
[ link to this | view in thread ]
Re: Re: Re:
I'm not of that opinion, though it is certainly valid.
There is a lot of security that is stupidly expensive and absolutely worthless (i.e. TSA) and those should be removed or replaced with better security that is also cheaper. There is a lot of security that is cheap and absolutely necessary, like installing security patches on a regular basis. If you think computer security is expensive, you should look at what you have, determine if it is necessary and worth the risk of not having it, and go from there.
You should never make any decision on anything, security or otherwise, solely based on the cost alone. After all, Sony did replace their security/networking staff with cheaper ones, that brought with them the lack of experience and understanding of basic security/administration principles. Many of the machines compromised did not have the latest security patches...pretty basic system administration 101 type stuff.
[ link to this | view in thread ]
This is a unique opportunity....
As part of this hack, it looks like DVD images of the following movies have been released: “Fury”, “Annie”, “Mr. Turner”, “Still Alice” and “To Write Love on Her Arms”
This seems like an excellent opportunity to determine if Piracy really will destroy the earnings for those films. By the film industries own logic, it should at this point be impossible for any of these movies to bring in any money, now that they're available for free...
[ link to this | view in thread ]
"self-proclaimed necro-deity"
[ link to this | view in thread ]
Re: Re: Re: Re:
In terms of the old adage about the cost of security, things like what the TSA is doing doesn't count -- because what they're doing isn't really security. The adage is talking about actual security.
[ link to this | view in thread ]
Re: This is a unique opportunity....
Of course Sony will blame the low performace of these movies on this hack... whether the movies make money or not.
For example, "Annie" could go on to make a billion dollars, but Sony will still complain that it could have made more if not for the North Korean hackers.
Of course, this doesn't address the question of why they decided the world needed an "Annie" remake, but whatever.
[ link to this | view in thread ]
Re: "self-proclaimed necro-deity"
The summary is this:
[ link to this | view in thread ]
Re: "self-proclaimed necro-deity"
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: North Korea? Really?
[ link to this | view in thread ]
Re: Re: North Korea? Really?
NK's hacking groups are extremely good, but why do you characterize them as a serious threat to the technical infrastructure? Are they remotely setting bombs at routers or severing trunk lines?
[ link to this | view in thread ]
Re: Re: Re: North Korea? Really?
Add the scare stories about all the non-airgapped and net accessible micro-controllers on critical infrastructure, and you've got the bar to potential disaster set dangerously low.
A few days ago, I clicked onto a site that's displaying realtime CCTV output from thousands of security cameras whose owners hadn't bothered to secure them. There are plenty of professionals who tell stories about egregiously vulnerably implemented micro-controllers hooked up to potential Bhopal scary disaster situations.
Any number of "bad guys" out there could be biding their time, accumulating access to controller after controller, just waiting for their perfect moment to spring the trap.
[ link to this | view in thread ]
Re: Re: Re: Re: North Korea? Really?
That's a very broad brush, but it's also not as far from wrong as it should be.
Nonetheless, it doesn't address my question at all: how is this a threat to the technical infrastructure? It's certainly a threat to data, but that's a totally different thing.
[ link to this | view in thread ]