Sony Pictures Hack (2014)
On November 25, 2014 a group calling itself the Guardians of Peace (GOP) hacked Sony pictures, which crippled the broad Sony network for several days. The hackers posted sensitive information on the internet from Sony’s database, including unreleased films at the time (Elkind, “Sony Hack”). Initially it was purported that North Korea was behind the attack because of the impending release of “The Interview.” However, the different developments and scenarios surrounding the hacking presented various suspicious elements. The GOP released links for torrent files that would be hosted on four different sites. It had 26 parts containing 25 1GB files and a single 894MB file (“A Breakdown and Analysis”). These files would be uploaded to Rapidgator and MEGA, although the managers would remove the files shortly after the uploading (Elkind, “Sony Hack”). Regardless, people managed to obtain the details before the info went offline. The act in itself unraveled the inner workings of Sony Pictures, which highlighted various ethical tendencies by the company.
The signs of the problem began on November 24, 2014 when a Reddit post stated that Sony Pictures had been hacked, with their internal nationwide network showing signs of the breach executed by GOP. Geek.com would report of Sony shutting down from being doxed after the hack. Risk Based Security (RBS) decided to contact the GOP to uncover the extent of the breach (“A Breakdown and Analysis”). The hackers revealed they had obtained terabytes of data from the Sony servers. The group would go on to release various forms of content relating to Sony Pictures.
On November 26, 2014 GOP published links on torrent trackers on movies that were yet to be released. Annie (release date December 19, 2014), Mr. Turner (December 19, 2014), and To Write Low on Her Arms (March 2015) were posted for torrenting by the hackers (“A Breakdown and Analysis”). Based on the details obtained from various torrent sites, the films were downloaded over 100,000 times. At the time, it was believed that North Korea was behind the attack given the controversial nature of “The Interview” meant to be released on December 25, 2014 (“A Breakdown and Analysis”). The republic would go on to complain to the United Nations about the film, which was meant to depict the potential assassination of Kim Jung-un. The film was intended as a comedy; however, the Asian contingent was not happy about the context of the movie.
It is argued that the release of the film influenced the developments on December 1 2014. GOP decided to begin publishing the first set of data files. It consisted of 26.4 GB of information, with 33,880 files and 4864 folders. Moreover, the details in the files included 47,426 social security numbers (SSN), with 15,232 belonging to current or former employees (“A Breakdown and Analysis”). GOP structured the documents to show 3,253 SSN over 100 times. In addition, 18 files each had 10,860-22,533 SSN. The data contained information such as 402 full SSN, plaintext passwords, internal emails, and worker names (“A Breakdown and Analysis”). In another file, it displayed names, contact phone numbers, employee IDs, worker work history, employment benefits, retirement and termination plans, medical plans, and even executive salaries.
This would be a consistent factor, with the hackers releasing new sensitive information every day until December 13 2014, which was testament to the degree of the hack conducted by GOP (“A Breakdown and Analysis”). The details ranged from personal information to the unethical practices by Sony. In one of the documents, it showed that Sony bought movie tickets to its own films and re-sells them to its workers. Furthermore, the information included controversial conversations amongst executives on race and gender (Alvarez, “Sony Pictures Hack”). Investigations did not provide conclusive evidence that North Korea was involved in the hacking even though the reports were intended to make the Asian state the cause of the problem.
However, various reports illustrated the intent to hack the company. The initial reports concerning the incident indicated that it was a targeted attack. GOP was skilled, funded, and motivated to conduct the hack on Sony Pictures (Bort, “How the Hackers Broke into Sony”). The nature of execution and the precision of actions taken to conduct the hack proved that GOP was focused on hacking the multinational. According to security expert Bruce Scheiner, targeted attacks are the hardest to stop as the people involved have done adequate research to identify the weaknesses of the target and even select the ideal time and day to execute an attack (Bort, “How the Hackers Broke into Sony”).
In addition, the hack was an inside job. Journalists had contacted GOP where one of the group members called “Lena” revealed the details about the hack (Bort, “How the Hackers Broke into Sony”). The hacker claimed that Sony did not lock their doors, which allowed the group access into the Sony building. Moreover, the GOP member claimed that Sony lacked adequate “Physical Security” (Bort, “How the Hackers Broke into Sony”). This referred to windows, keycards, doors, and video cameras. Therefore, Sony Pictures did not have the necessary measures to identify the hackers, when they entered the premises, and when the hack began.
Lena also confirmed that empathetic employees allowed them access into the building. Given that Sony did not lock its doors, GOP collaborated with workers that shared the same ideology concerning the company and gave them access to various parts within the building (Alvarez, “Sony Pictures Hack”). It is uncertain as to whether the staff were coerced or volunteered to aid the hackers; however, it is evident that the nature of the security at Sony made it easy for the hackers with workers, one way or another, to hack and obtain the sensitive info.
It was reported that GOP obtained a key password from an IT administrator. The investigation into the hacking revealed the hackers needed to have obtained a password from a systems administrator in the Sony IT department in order to get to the sensitive information concerning SSN and other personal data (Bort, “How the Hackers Broke into Sony”). The investigation did not determine whether it was the same case as the employees that allowed GOP access into the Sony building, but the access to sensitive material required a password. The developments also indicate there was little or no resistance in aiding the hackers access to the material, which means that a system administrator may have part of the people willing to help the hackers.
The analysis of the network revealed that GOP had installed malware. Security experts tasked with assessing the network discovered that a “wiper” malware was installed on the network. The software is used to destroy data; however, GOP used it to collect data along with destroying files (Bort, “How the Hackers Broke into Sony”). The strategy involved using the Microsoft Windows management and the network file-sharing features, integrating the malware into the system, and it caused a network shutdown while rebooting the computers. The wiper malware is believed to have been a copy of the malware DarkSeoul used to hack South Korean banks in 2013 (Bort, “How the Hackers Broke into Sony”). In addition, the malware was also used to steal passwords. It grabbed computer source codes, private files, and files that contained the passwords for Oracle and SQL databases (Alvarez, “Sony Pictures Hack”). It allowed GOP to access the movie production schedules, financial documents, and emails, which the hackers went on to publish in early December 2014.
Further details regarding the investigation revealed that Sony could have prevented GOP from taking so much info even after hacking the system. Sony fell under the same category as the majority of companies that do not want to invest in extra security that would apply in protecting databases, password files, and email servers (Bort, “How the Hackers Broke into Sony”). If Sony had integrated layers of security protection, it would have prevented GOP obtaining the large volume of sensitive information.
This prompted the industry to become proactive in establishing better security measures. The initial measure implemented by Sony was to create a hotline that allowed employees to contact Sony management to know of what data was stolen regarding their personal details (Hess, “Inside the Sony Hack”). The company also included on-site counsellors that would help the workers deal with the situation in the corporation. Its aim was to help the staff address the concerns of fear, anger, denial, frustration, and even powerlessness to prevent the situation (Hess, “Inside the Sony Hack”). It was an initial step to regaining the positive accord between employers and the subordinates.
Another measure was to create a suitable system to protect any Sony data. It involved creating traditional firewalls, while having the IT department monitor and analyzes any unusual patterns (Boorstin, “The Sony Hack”). For example, logins into the company website or database would assess concerning place of access, and potentially the name of person accessing the data. The proactive measure was meant to ensure that Sony could identify any potential hacks or unusual activity before it escalates to the degree of the 2014 hack (Boorstin, “The Sony Hack”). Sony also employed Vera to develop an encrypted cloud system in the Sony database to add protection for employees communicating on the Sony network. The protocol included the option for Sony to revoke access to the company’s systems.
In conclusion, the 2014 hack was a lesson on the consequences of inadequate security in managing sensitive data. The investigation after the hack indicated that Sony did not have adequate security, and workers intervened in helping GOP execute their hack. It is evident that the multinational has learned from the ordeal and has initiated necessary measures to protect the sensitive information going forward. Consequently, the incident was a learning experience for many companies to strengthen their IT departments to prevent data theft that could jeopardize the firm’s future.