Cloud, General, Security

Laughing Red Skeleton: Mainstream Explanation of Hollywood Takedown

Sony Hack by G.O.P.

This report will look at the hack of Sony Pictures that took place in November, as follows:

  • Introduction – Politically Motivated Stunt?
  • Red Skeleton Says Good Morning
  • Whodunit?
  • Sony Response

Introduction – Politically Motivated Stunt?

Let’s look at the raw mainstream media understanding of this event.

Andrea Peterson, technology policy reporter for the Washington Post, recently provided an overview of the hack, in attempt to summarize the facts for a trending topic that has been rife with speculation of international intrigue.

Hackers successfully breached Sony Pictures in November. They extracted massive amounts of private, sometimes sensitive files from the film production company and made them publicly available on the Web, so that the hacker community and reporters have been able to examine the information, with the latter digging through the content to find gems related to Hollywood (TMZ probably has a whole division working on this) or to legitimately understand the type of data that was stolen and the cultural meaning of the hack.

At some point, consensus started to develop that the attack came from North Korea: “Multiple reports suggest US government officials believe the attack is tied to the North Korean government,” wrote Peterson.The idea is that North Korea was enraged about the Sony Hollywood movie The Interview and took decisive action.The Interview, starring Seth Rogen and James Franco, is a comedy about an assassination attempt on the dictator of North Korea, Kim Jong Un. Note that fingering North Korea as the perpetrator has been called preposterous by the security community, which I will discuss in the next article.

Sony decided on Wednesday, December 17, to cancel the Christmas Day release of the movie, after several movie theater corporations backed down from their agreements to show it following a vague and unconfirmed, yet violent threat from the cybercriminals.

Red Skeleton Says Good Morning

On November 24, when employees of Sony Pictures attempted to log into the company’s systems, they saw something truly jarring: a red skeleton with the announcement “Hacked by #GOP” (not the Republican Party). The skeleton page noted that documents that had been stolen would be posted that evening if an undescribed demand were ignored. Additional comments from Guardians of Peace, the “GOP” that tagged the skeleton, appeared on PasteBin, an anonymous service frequently used by hackers.

The hacker statements typically also included links to access huge data files taken from Sony. Michael Lynton and Amy Pascal, top executives at Sony Pictures, noted to the press after the Hollywood Reporter announced the leaks that a “large amount of confidential” data had been compromised.

The FBI sent out an alert that day about the malware that was used for the breach. As of December 18 (more than three weeks after the attack), some Sony computers were still unusable.

Whodunit?

It’s difficult to determine the source of hacking: the trail of digital information is usually untraceable to a single human party. However, US government officials including the FBI have suggested that the culprit is North Korea.

One intelligence official cited by Andrea said that North Korea had been identified as the attacker with “99% certainty.” We can safely assume that the other 1% allows for the possibility that evil cyborg unicorns were responsible.

North Korea has said that it did not carry out the hack, but the nation’s leadership has applauded it as “righteous.”

Since it is not easy to confidently pinpoint the human being behind a breach, the US generally does not list countries that it believes to be affiliated – although the Department of Justice did indict a number of Chinese military staffers earlier this year whom it had determined were spying on US corporations.

North Korea was suspected of the attack almost immediately, as indicated by coverage on re/Code. Following the re/Code story, the hackers mentioned The Interview in their communications and threatened physical terrorist attacks. It’s unclear if the movie was in fact central to the project or was adopted by the hackers to increase media exposure.

The hack loosely resembled attacks waged by North Korea against South Korean institutions, but experts in Wired and elsewhere remain unconvinced by the government’s argument.

Sony Response

The production house announced that they would no longer be releasing The Interview according to schedule, following statements by several prominent theater franchises that they would not be presenting the movie.

Early last week, a Sony Pictures attorney wrote to the press instructing publishers and reporters that there would be legal consequences of using the data. However, that move will not work: a 2001 Supreme Court ruling determined that a radio station was acting within its legal rights when it broadcast recordings that had been made illegally.

However, everyone needs to decide for themselves if they are comfortable looking through stolen material just because it came from a large corporation. It’s a little weird that we are instructed that it’s okay to look through someone’s email when it’s a non-whistleblower situation that has nothing to do with public safety, and when the documents are only available because someone ripped them out of a company illegally.

We will look at President Obama’s response and the skeptical perspective of the security community in the next article posted to this blog. We are covering the Sony hack in detail because security is fundamental to our business – as indicated by our datacenters, all of which are audited to meet the American Institute of Certified Public Accountants’ SSAE 16 standard .

By Kent Roberts