The focus on North Korea is weak and easily undercut by the facts. Nation-state attacks don't usually announce themselves with a showy image of a blazing skeleton posted to infected machines or use a catchy nom-de-hack like Guardians of Peace to identify themselves. Nation-state attackers also generally don't chastise their victims for having poor security , as purported members of Guardians of Peace have done in media interviews.
Nor do such attacks result in posts of stolen data to Pastebinthe unofficial cloud repository of hackers everywherewhere sensitive company files purportedly belonging to Sony were leaked this week. We've been here before with nation-state attributions.
Anonymous sources told Bloomberg earlier this year that investigators were looking at the Russian government as the possible culprit behind a hack of JP Morgan Chase. The possible motive in that case was retaliation for sanctions against the Kremlin over military actions against Ukraine.
Bloomberg eventually walked back from the story to admit that cybercriminals were more likely the culprits. And in , U. No proof was offered to back the claim, but glitches in the malware used for the attack showed it was less likely a sophisticated nation-state attack than a hacktivist assault against the oil conglomerate's policies.
The likely culprits behind the Sony breach are hacktivistsor disgruntled insidersangry at the company's unspecified policies. One media interview with a person identified as a member of Guardians of Peace hinted that a sympathetic insider or insiders aided them in their operation and that they were seeking "equality. Similarly, in a cryptic note posted by Guardians of Peace on hacked Sony machines, the attackers indicated that Sony had failed to meet their demands, but didn't indicate the nature of those demands.
We continue till our request be met. One of the purported hackers with the group told CSO Online that they are "an international organization including famous figures in the politics and society from several nations such as United States, United Kingdom and France. We are not under direction of any state. The person said the Seth Rogen film was not the motive for the hack but that the film is problematic nonetheless in that it exemplifies Sony's greed.
Sony Pictures produced the film harming the regional peace and security and violating human rights for money.
The news with The Interview fully acquaints us with the crimes of Sony Pictures. Like this, their activity is contrary to our philosophy.
We struggle to fight against such greed of Sony Pictures. It's unclear when the hack began. One interview with someone claiming to be with Guardians for Peace said they had been siphoning data from Sony for a year.
Last Monday, Sony workers became aware of the breach after an image of a red skull suddenly appeared on screens company-wide with a warning that Sony's secrets were about to be spilled.
News of the hack first went public when someone purporting to be a former Sony employee posted a note on Reddit , along with an image of the skull, saying current employees at the company had told him their email systems were down and they had been told to go home because the company's networks had been hacked.
Sony administrators reportedly shut down much of its worldwide network and disabled VPN connections and Wi-Fi access in an effort to control the intrusion. This is still unclear. Most hacks like this begin with a phishing attack, which involve sending emails to employees to get them to click on malicious attachments or visit web sites where malware is surreptitiously downloaded to their machines. According to the document, the programmer also lived in China before the Sony breach, which FBI special agent Nathan Shields pinpoints as having happened in late September , after the undisclosed February breach.
The idea of Russians idling in the system before and after the hack is never mentioned. Former News Corp. Pointing the finger at an enemy is the easy way out. Also, as many former and current executives note, GoP never attempted to retaliate further with additional leaks when The Interview was released in theaters albeit at small art houses rather than cineplexes on Christmas Day and on streaming platforms.
Marc Rogers, who is head of security at famed hacking conference Defcon and a consultant on Mr. Although the disgruntled-staffer angle generated headlines back in , less explored is the prospect of someone using the hack as a weapon to manipulate the Sony share price. A number of investors sold large chunks of stock in between the supposed late September breach and the day the world learned of the attack on Nov.
There was also one spike in short-selling activity in the weeks leading up to Nov. It is unclear if the SEC ever looked into Sony shortings or sell-offs given that SEC investigations are confidential unless it files an action in court.
For instance, there was an attempted bombing against publicly traded German soccer team Borussia Dortmund. The stock would collapse. You never know the lengths to which people will go.
In any case, the hackers appeared to be bent on humiliating Sony, particularly Pascal, who was in the middle of negotiating her contract renewal at the time of the hack. Leaked emails showed Pascal making inappropriate jokes about President Obama and later fighting with Rudin. Sony fought to keep its composure as executive and talent salaries became public the fact that Amy Adams and Jennifer Lawrence made less than their male co-stars in American Hustle became a Hollywood rallying cry.
Internally, fear reigned. Top executives were given old BlackBerrys that had been stored in the basement of the Thalberg Building. Pascal enlisted a nurse to give sleep-deprived staffers B12 shots. Another former executive says he hired a private investigator after being hacked multiple times following the incursion. As a sign of their resilience, staffers created a video of how they were carrying on, in which they extolled the virtues of going back to basics and having face-to-face conversations.
The Sony legal team advised that it should not be released to the public. No one wanted to tell that story. But in an increasingly data-driven industry, the attack provided a wake-up call for the rest of Hollywood. Both Pascal and Rudin were Democratic and Obama donors, and the stories focused on their contemptible interchange about Obama and a range of African American—centric films. Now that I was in government, I saw things from the other side: Why was the press publishing what was in effect stolen property—that is, emails hacked and leaked by a hostile foreign power?
Why was that acceptable behavior? You could still report on the hack, but without using the poisoned fruit of the hack. What exactly was the public interest in Scott Rudin speculating that President Obama likes Kevin Hart movies compared to a foreign power assaulting free expression in America? I also had a personal interest. Michael Lynton, the chairman of Sony, was a good friend of mine, and, while I was in office, I had asked him to help me with what had become the focus of my job: countering ISIS messaging and countering Russian disinformation and propaganda.
Sony, it turned out, was one of the largest sellers of content for the Russian periphery. A few days into the attack, I had reached out to Michael to see if there was anything I could do at State to help him. He was frustrated. There was one profile in courage during this whole story, one person in Hollywood and Washington who stood up for freedom of speech and expression, though he was not a senator, or the head of a studio, or the publisher of a newspaper: George Clooney. Clooney had immediately recognized the threat of the hack against Hollywood and the media business, and had drawn up a letter that he and his agent, Bryan Lourd, sent to all the heads of all the studios and big Hollywood production companies, asking them to support Sony.
Clooney was appealing to values all of the studios stood for: freedom of expression and personal liberty. No one signed. This was a dumb comedy that was about to come out. This is a silly comedy, but the truth is, what it now says about us is a whole lot. We have a responsibility to stand up against this. What was the important story to be covering here? I understand that someone looks at a story with famous people in it and you want to put it out. The problem is that what happened was, while all of that was going on, there was a huge news story that no one was really tracking.
And if it is, are we really going to bow to that? Sony then had basically little choice but to cancel the Christmas release of the movie.
Even the video-on-demand distributors had turned Sony down. Sony then suspended all of its promotion, advertising, screening, and digital ads on Facebook and Twitter. On the day that Sony basically scrapped the movie, I got this email from Jeff Shell:. It was only then, after the theaters refused to show the film and Sony paused the release, that the White House seemed to get engaged—and not in a terribly helpful way. He did it anyway. We do not own movie theaters. We cannot determine whether or not a movie will be played in movie theaters.
Almost everybody refused—Netflix, Facebook, Apple, Comcast—all of whom were concerned about getting hacked. Only Google and Stripe were willing to help to get the movie out. But there was another shoe to drop, and it affected me and what I was trying to do at State: the leaking of emails between myself and Lynton. The WikiLeaks release contained a number of emails between Lynton and me.
This was the email that got the most attention:. Michael: It was great to see you yesterday. In both cases, there are millions and millions of people in those regions who are getting a skewed version of reality. This is a conversation about ideas, about content and production, about commercial possibilities.
I promise you it will be interesting, fun, and rewarding. Many publications in their story about the Sony hack made passing references to the email and our dialogue, including New York magazine and Gawker. But the one publication that did the most with it was Russia Today.
0コメント