2014 Sony Pictures Hack

2014 Sony Pictures Hack

Part of a series on North Korea. [View Related Entries]

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.


2014 Sony Pictures Hack refers to a cyberattack which compromised the Sony Pictures entertainment company's computer network in late November 2014, resulting in the leak of several unreleased films and confidential information regarding Sony staff.


The Interview

On June 11th, 2014, Sony Pictures Entertainment’s official YouTube channel uploaded the first teaser trailer for the upcoming American political action-comedy film The Interview. The film follows the story of a talk show host and his producer, portrayed by James Franco and Seth Rogen respectively, who are tasked by the CIA to assassinate Kim Jong-un under the pretext of conducting an interview with North Korean dictator. Within six months, the trailer gained over 7.4 million views.

On June 25th, a representative for the North Korean Ministry of Foreign Affairs released a statement[2] about the film, saying:

“If the United States administration tacitly approves or supports the release of this film, we will take a decisive and merciless countermeasure.”

The same day, Seth Rogen[1] tweeted a joking response to the threat. In less than 48 hours, the tweet received over 8,000 favorites and over 5,000 retweets.

Seth Rogen @Sethrogen 塩Follow People don't usually wanna kill me for one of my movies until after they've paid 12 bucks for it. Hiyooooo!! Reply t. Retweet ★ Favorite More RETWEETS FAVORITES 5,5068,779 10:48 AM -25 Jun 2014

Sony Pictures Entertainment Hack

In late November 2014, weeks before the box office premiere of The Interview, Sony Pictures Entertainment’s online database was hit by critical cyberattacks from a group of hackers who identified themselves as the Guardians of Peace (GOP), leading to the leak of private corporate data at an unprecedented volume in the tens of terabytes in early December. Among other things, the leaked data included many scripts and screeners of recently released or upcoming films to be distributed by the studio, including Fury, Annie, Still Alice, Mr. Turner and To Write Love On Her Arms, as well as the personally identifiable information and corporate profiles of over 6,000 employees.

CI Hacked y GOP Warning: We've already warned you, and this is justa bedinnins We continue till our request be met. We've obtained all your Internal data Including your secrets and top secret If you don't obey us,we'll release data shown below t Determine what will you do till November me 24th, 11:00 PM(GM. Data Link: o the worl https:/7www.sonyplcturesstockfootage.com/SPEData.zip http://dmiplaewh36.spe.sony.com/SPEData.zlp http://www.ntcnt.ru/SPEData.zip http://www.thammasatpress.com/SPEData zip http://moodle.aniversidadebemat br/SPEData.zip

Notable Developments

North Korea's Denial of Involvement

On December 4th, North Korean officials released a statement denying any involvement in the cyberattack, though one of them implied that the hack “might [have been] a righteous deed” of its supporters or sympathizers. Also on December 4th, researchers at the computer security firm AlienVault revealed that the computer that compiled the malware responsible for compromising the Sony network was written using Korean characters.[5]

E-mail Threats Against Sony Employees

On December 5th, Variety reported that Sony employees were receiving mass threatening emails, purportedly from the hackers who carried out the cyberattacks.

"Please sign your name to object the false (sic) of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger."

The Interview Actors' SNL Sketch

On December 6th, The Interview actors James Franco and Seth Rogen appeared on Saturday Night Live, where they joked that hackers had leaked humorous and embarrassing photos of each other in compromised positions (shown below).

Guardians of Peace Official Demand

On December 8th, the GOP created a Github[6] page, which demanded that Sony stop showing the "movie of terrorism which can break the regional peace and cause the war," in reference to The Interview. In addition, 2.7 gigabytes of files were released by the group.

Leaked Internal E-Mails

Included in the 2.7 gigabytes of files were internal e-mails between Sony Pictures Television president Stephen Mosko and Sony Pictures Entertainment co-chairman Amy Pascal, in which they divulge their personal opinions on several actors and actresses who have worked with the studio. On December 9th, Gawker[4] reported on leaked emails between Pascal and film producer Scott Rudin, in which the two argue about an upcoming Steve Jobs biopic and the ego of actress Angelina Jolie, whom Rubin referred to as a “minimally talented spoiled brat.” Additionally, The Wall Street Journal reported that several of Pascal’s leaked emails revealed that Sony planned on making a crossover film between the comedy film series Jump Street and Men in Black.

Cancellation of The Interview

On December 16th, 2014, the GOP released a threatening message to theaters showing the film, which made reference to the September 11th, 2001 attacks:

We will clearly show it to you at the very time and places "The Interview" be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.
Soon all the world will see what an awful movie Sony Pictures Entertainment has made.
The world will be full of fear.
Remember the 11th of September 2001.
We recommend you to keep yourself distant from the places at that time.
(If your house is nearby, you’d better leave.)
Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment.
All the world will denounce the SONY."

That day, the entertainment news site Variety[7] reported that the Sunshine Cinema was canceling the New York premiere of The Interview and that Carmike Cinemas would not be playing the film at any of their locations. On December 17th, Variety[8] reported that Rogen and Franco had canceled all promotional media appearances for the film. Additional theaters subsequently announced they would not be showing The Interview upon release, including AMC, Cinemark, Cineplex, Regal and Southern Theatres. That day, Sony Pictures announced they were pulling the theatrical release of The Interview:

"We respect and understand our partners’ decision and, of course, completely share their paramount interest in the safety of employees and theatergoers. We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees, and the American public. We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome."[10]

On December 19th, United States President Barack Obama said he felt Sony "made a mistake" in pulling the film (shown below).

FBI Investigation

On December 19th, 2014, the United States Federal Bureau of Investigation (FBI) released a statement[9] officially naming the North Korean government as being “responsible for these actions,” citing their technical analysis of the malware used in the hack and various comparisons to other previous North Korean cyber attacks (shown below).

Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.

The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack.

Separately, the tools used in the SPE attack have similarities to a cyber attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.

Internet Blackout

On December 22nd, the technology news site North Korea Tech[12] reported that Internet connections in the country were repeatedly losing connectivity over the past 24 hours. That day, the Internet performance analytics company Dyn Research[11] posted a tweet revealing that North Korea's national Internet was offline following an entire day of "increasing instability" (shown below).

Globally Reachable Networks December 22, 2014 Times in UTC 0 3.5 3 3.0 2.0 1.5 2 1.0 0.5 North Korea 0.0 02:00 05:00 08:00 11:00 14:00 17:00 Dyn Source: BGP Data Dyn Research @DynResearch Follow After 24hrs of increasing instability, North Korean national Internet has been down hard for more than 2hrs 1:56 PM-22 Dec 2014 344 RETWEETS 77 FAVORITES

Also on December 22nd, the Associated Press[13] published a quote from United States State Department spokeswoman Marie Harf, who did not confirm or deny U.S. involvement in the Internet blackout.

"We aren't going to discuss, you know, publicly operational details about the possible response options or comment on those kind of reports in anyway except to say that as we implement our responses, some will be seen, some may not be seen."

On the following day, Dyn Research tweeted[14] an update that North Korean Internet had been restored but "connectivity problems" continued.

Dyn Research * 塩Follow @DynResearch Internet of North Korea restored at 16:12 UTC as connectivity problems continue twitter.com/DynResearch/st.·. わ ★ Globally Reachable Networks December 23, 2014 Times in UTC 4.0 3.5 3 3.0 2.5 2.0 1.5 Z 1.0 0.5 North Korea 0.0 15:00 16:00 Dyn Source: BGP Data Favo FAVORITES 38 7 11:42 AM-23 Dec 2014


Park Jin-hyok

On September 6th, 2018, The United States Department of the Treasury announced that they had charged North Korean man Park Jin-hyok (shown below), an alleged North Korean operative, with involvement in the Sony Hack and the WannaCry ransomware attack. [15] In a statement, First Assistant United States Attorney Tracy Wilkison said:[16]

“The complaint charges members of this North Korean-based conspiracy with being responsible for cyberattacks that caused unprecedented economic damage and disruption to businesses in the United States and around the globe. The scope of this scheme was exposed through the diligent efforts of FBI agents and federal prosecutors who were able to unmask these sophisticated crimes through sophisticated means. They traced the attacks back to the source and mapped their commonalities, including similarities among the various programs used to infect networks across the globe.”

According to FastCompany,[16] Park worked with the hacking group "sometimes referred to as the Lazerous Group," who would allegedly wage phising campaigns against victims by "impersonating potential job applicants, and posted links to malware on Facebook and Twitter."

Search Interest

External References

Recent Videos 12 total

Recent Images 31 total

+ Add a Comment

Comments (310)

Display Comments

Add a Comment

Greetings! You must login or signup first!