Target: Hollywood. The Sony Pictures Hack.

Date Posted:

29/11/2021

Author:

Share this Post:

Cyber Crime and Hollywood. The Sony Pictures Hack.

In December 2014, the largest ever hack of its time took place in California. The target of the attack was Sony Pictures; the details behind the cyber-attack had implications for international politics, free speech, and individual employees. It also announced the emergence of a new type of global warfare: Cyber Crime.

The lead up to the cybercrime

In 2012, a group of American writers and actors produced an idea for a new satirical comedy film. The script described the story of two journalists who would be recruited by the FBI and sent on a mission to interview and subsequently assassinate an imaginary, despotic political leader.

Biting political satire is nothing new to the film industry. For years, it is a medium that has been used to deliver highly topical and politicised messages. However, during the writing of the script, the decision was taken that the target for the assassination would change from being an invented person to being the actual sitting leader of North Korea, Kim Jong-Un.

This was breaking new ground. To parody the assassination of a ruling leader of a sovereign nation-state is something that had never, or rarely, been attempted. Furthermore, the filmmakers intended to make this a graphic portrayal of the assassination.

The rights to the film were bought by Sony Pictures, and it went into production in 2014 starring James Franco and Seth Rogan, two high-profile and successful actors.

The promotional gears started turning in the build-up to the film being launched in December 2014. Billboards went up, social media helped fuel the marketing flames and the film was screened to focus groups.

However, as news of the new film was proliferating, things were taking a sinister turn at Sony Pictures…

Sony is hacked

Unbeknownst to anyone at the time, a catfish campaign was already well underway at Sony. An external group had bombarded the social media accounts of Sony employees with messages designed to make them click on nefarious links.

It would only take one of the employees to take the bait…and that is exactly what happened. One email click and the malware was free to weave its destructive path.

Once the hackers had gained access to the network of computers and IT infrastructure at Sony, it was already too late. The hackers moved across the whole of the network, completely undetected by anyone at Sony. These were not simply bedroom hackers, they were a group of extremely organised cyber soldiers hellbent on destruction.

Their intention became clear when, in November 2014, a coordinated set of messages started appearing on employees’ computer screens one morning. These messages, which featured the image of a skeleton alongside blood-curdling sound effects, were precise about their intentions: The complete destruction of Sony Pictures.

The cyber criminals proceeded to create havoc on the network. Computers were wiped, phones were taken offline and the digital network was taken down. Even local businesses were prevented from trading as credit-card machines were affected for weeks.

But, as a warning chillingly pre-empted, it was “just the beginning.”

Prior to the attack, the hackers had already obtained libraries of internal data from the company. This data included executive salaries, private emails, gossip, and details of unreleased films.

This data was sent to local journalists, who were not slow to publish.

Salacious stories about famous A-listers were shared. Films were leaked. Executives were caught making racial slurs, and salaries of employees were made common knowledge.

The data breach continued well into 2015, with HR records, social security data and medical records being shared. In effect, every employee’s entire email inbox was in the public domain.

The fallout

It was a cyber-crime on a massive scale, and could not have been much higher profile. The commercial, reputational and security damage was enormous.

Whilst the film did manage a very low-key premier, concerns from audiences and cinemas alike led to cinemas refusing to screen it in mainstream theatres. Five days after it premiered, the film was pulled from cinemas.

The hackers had won. Furthermore, since the malware itself had its own counter-forensic measures built-in, it essentially destroyed evidence as it coursed through the network.

The fallout was immense. The hack led to an FBI investigation; employees commenced a class-action lawsuit against Sony; millions of dollars were spent on IT repairs. Many careers, at all levels, were abruptly ended.

There were also clear implications for free-speech, a cornerstone of western democracy for centuries.

Most concerning of all, the hack was declared an international incident. All suspicious eyes were trained on the secretive state of North Korea. President Obama even went as far as blaming North Korea live on television. Never before had a sovereign state been implicated by a sitting American President. But consider this fact alone: Did Obama reluctantly fuel the threat by reacting in this way?

Either way, it was clear that the Sony Pictures hack unveiled a new era for what cyber-attacks could achieve.

Lessons to be learned

What has become clear because of the Sony hack is that we live in a connected world, but it is this connectivity that means we are open to risks of the highest magnitude.

It is also obvious that not only is there the potential for egregious amounts of money to be made in cyber-crime, but enormous reputational damage too.

And if cyber-crime is a threat to multi-national conglomerates, it is a threat to everyone.

The intervening years have also taught us that the threat is not going to recede. Not only are independent cyber criminals at large, but the fear that nation-states may be sponsoring cyber-crime suggests that the parameters for global conflict have shifted from battlefield to server-banks.

There are a number of steps that we can all take to mitigate these threats.

Email is still by far accountable for the highest volume of attempted hacks. It is not enough to ensure that everyone on your network is aware of the threat. The solution is to ensure that the absolute best in next-generation firewall is in place.

Such solutions are available from a number of vendors, but it is crucial that your cyber strategy is curated by a specialist company that will be constantly on the lookout for new threats on your behalf.

SEP2 are a cyber-security specialist and protecting our customers from cyber-crime is why we exist. We are constantly working at the bleeding edge of technology to ensure your security. We employ the greatest technicians and work with world-class vendors. This is why we say we are Tech Driven and People Powered.

Share this Post:

Tech Driven. People Powered.

Protect your business today

To find out more about how we can secure your organisation against all forms of cyber security attack, get in touch with SEP2 now or sign up to our newsletter.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
_lfa	2 years	This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address.
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_LSE9RP433S	2 years	This cookie is installed by Google Analytics.
_gat_UA-89994160-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
mf_user	3 months	Mouseflow sets this cookie to identify whether a visitor is new or returning.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Risk & Assurance

Technical Services

SEP2.security

Network, Firewall & Cloud Solutions

User, Data & Endpoint

Security Operations

Threat Management & GRC

Target: Hollywood. The Sony Pictures Hack.

Date Posted:

29/11/2021

Author:

Tags:

Share this Post:

Cyber Crime and Hollywood. The Sony Pictures Hack.

Sony is hacked

The fallout

Lessons to be learned

Share this Post:

You May Also Like:

Blog: Scaling Security Operations

Blog: Cyber Security School Success!

Blog: The Remote Worker Question

Tech Driven. People Powered.

Protect your business today

Sign Up

join our newsletter today

Kieron

Central Response Team Manager

Connect with Kieron on LinkedIn