Arts & Entertainment

Sony hack: FBI confirms it's investigating hack, leak of 5 movies (updated)

The FBI confirmed Monday that it has opened an investigation into the hack of Sony Pictures Entertainment's internal network and email systems.
The FBI confirmed Monday that it has opened an investigation into the hack of Sony Pictures Entertainment's internal network and email systems.
File photo by Kazuhiro Nogi AFP/Getty Images

Listen to story

Download this story 4MB

The FBI confirmed Monday that it has opened an investigation into the hack of Sony Pictures Entertainment's internal network and email systems.

Following the hack — which compelled the studio to shut down its email and other systems — at least five of the studio's feature films appeared on file-sharing sites, including several that have not yet been released, reported. They include watermarked awards DVD screeners of the films "Fury," "Annie," "Still Alice," "Mr. Turner" and "To Write Love on Her Arms."

FBI spokeswoman Laura Eimiller issued the following statement:

The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment. The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.

The Sony films that appeared on file-sharing networks have been downloaded more than 2 million times, according to the piracy-tracking firm Excipio; "Fury" alone saw more than 1.6 million downloads.

The attacks have left Sony scrambling to restore its network and find the culprits responsible. 

Meanwhile, Re/Code posted a report — citing unnamed sources — that Sony Pictures Entertainment is exploring the possibility that hackers working on behalf of North Korea, perhaps operating out of China, may be behind the attack, a possible reaction to the imminent release of “The Interview,” a Sony film that depicts a CIA plot to assassinate North Korean leader Kim Jong-Un. (Trailer for the film is below.)

Clip: The Interview

This breach is different from other recent ones at Target and Home Depot ­– and Sony itself ­– because the hackers don’t appear to be interested in financial gain, Clifford Neuman, director of USC's Center for Computer Systems Security, told KPCC's Ben Bergman.

“This attack seems to be more targeted specifically at Sony, trying to compromise their specific system to make some kind of point,” Neuman said. Neuman, echoing Re/Code, cited North Korea as one possible suspect. North Korea’s foreign ministry called "The Interview" an "act of war" this summer.

Sony declined to comment, saying only that it’s beginning to bring back some of its key systems – like employee email — a week after the breach. Spokeswoman Jean Guerin said the following in a written statement Monday:

“Sony Pictures continues to work through issues related to what was clearly a cyber attack last week. The company has restored a number of important services to ensure ongoing business continuity and is working closely with law enforcement officials to investigate the matter.”

Sony appears to have been so badly compromised that USC's Neuman speculated that the company has no choice but to completely rebuild its network from the ground up.

“That’s a very long process, but it’s something that they have to do in the long term and is something similar studios should probably be looking at now,” said Neuman.

Sony's computer breach a week ago could have serious box-office consequences, as five DVD-quality rips of the films appear on piracy hubs. It could also impede the studio's Oscar campaign. (A screener is a copy of a movie provided ahead of its release to critics and others in the industry who vote for awards.)

In a message left on Sony computer screens last week, the hackers — who called themselves the "Guardians of Peace" or "#GOP" — said: "We've obtained all your internal data including your secrets and top secrets." If the studio didn't obey the hackers, they threatened to release the data "to the world."

The appearance of the pirated films may be the hackers making good on their threat.

Sony has made itself a ripe target for hackers, says Philip Lieberman, the President and CEO of Lieberman Software, which sells security products.

“They haven’t had a good history of security, or of being situationally aware,” said Lieberman. “They were attacked once before with their PlayStation network. Clearly they haven’t gotten the religion of security yet.”

A spring 2011 data breach exposed the names and passwords of millions of gamers on Sony’s PlayStation Network. In August, another attack shut down the network.

With regard to the most currrent hack, The Frame spoke with Arik Hesseldahl, a senior editor at the tech news website Re/Code. Below are excerpts of The Frame's interview.

There are two big hacks, right? One is to Sony's internal IT and email system, and the other one is about downloading movies, four of which haven't even hit theaters.

So we don't know very many details; Sony is keeping a lot of the technical details very close to its vest about what's happening, but we know the attack started Monday, it brought its internal corporate network down, and people were unable to do basic work. Then there was a revealing of several sensitive files of information on various movie stars and whatnot. And then over the weekend the movies were released to the file-sharing sites.

Is there any theory about who's behind this?

It would seem that these hacks are connected, and it would seem that a primary suspect is North Korea. The reason is that Sony is close to releasing a movie called "The Interview," which stars Seth Rogen and James Franco. It's about two journalists who get an interview with Kim Jong-Un and who are, in the course of the plot, recruited by the CIA to try to kill him. North Korea's not very happy about this movie, and it's tried to get it derailed.

Does North Korea have the capability to pull off something like this against Sony?

It's actually very interesting. North Korea doesn't have much in the way of meaningful Internet infrastructure inside the country; barely any at all, actually. But it does have a very interesting cyberwarfare unit. It's called Unit 121, and the U.S. Department of Defense has studied it, various security companies have studied it, and they operate out of China, oddly enough. There's a North Korean-owned luxury hotel about a three hour drive from the North Korean border that's located in Shenyang, China, and that's apparently where Unit 121 tends to operate. Of course, China has lots of Internet infrastructure, so they can use it there.

There are also theories that disgruntled Sony employees or the Guardians of Peace — a note that read "hacked by #GOP" appeared on infected Sony computers — are behind the hacks. What do you think of those theories?

It's very common for hackers to use some sort of cover, and there are going to be multiple layers of obfuscation, both political and to try to muddy the waters, but it's being considered very seriously inside Sony and within law enforcement circles now — the FBI's now on the case — that North Korea is one of the primary suspects, and their motivation is this movie.

We should add that Sony has just issued a statement that reads: "Sony Pictures continues to work through issues related to what was clearly a cyberattack last week. The company has restored a number of important services to insure ongoing business continuity, and it's working closely with law enforcement officials to investigate the matter." Is it possible to actually trace these leaks? What does that entail?

This is what computer security researchers call "attribution," and it's one of the trickiest parts of the operation. Usually what you find is that it's very rare; there's one notable case a couple years ago in which the firm Mandiant pointed the finger very directly at a unit of the Chinese Army that was responsible for attacking the networks of several U.S. companies, among them Google, Intel, and The New York Times. That was a very rare case, as attribution is more a case of conjecture or reading between the lines. We may never see definitive proof that this was a North Korean hack, and at this point it's still very much a theory, but it's an active theory, and given the timing, motivations, and the noises that North Korea has made about this movie, they are definitely topping the list of suspects.

If they really wanted to hurt "The Interview," they would have released a pirated version of it, right? Because once a pirated movie is out, it really kills a movie at the box office, doesn't it?

Except for the fact that North Korea is exceptionally sensitive to how its leader is portrayed in the global media. This is a comedy, and though I haven't seen it, the trailer paints a very unflattering portrait of Kim Jong-Un. Now remember that Kim Jong-Un is revered as though he were a god within North Korea, and that's just the way it is, and so they try very hard to keep that image consistent both within and without North Korea. What they don't understand is that they don't really have much control outside of North Korea.