Target: Hollywood. The Sony Pictures Hack.

Date Posted:




Share this Post:

Cyber Crime and Hollywood. The Sony Pictures Hack. 

In December 2014, the largest ever hack of its time took place in California. The target of the attack was Sony Pictures; the details behind the cyber-attack had implications for international politics, free speech, and individual employees. It also announced the emergence of a new type of global warfare: Cyber Crime. 

The Sony Pictures Hack

The lead up to the cybercrime 

In 2012, a group of American writers and actors produced an idea for a new satirical comedy film. The script described the story of two journalists who would be recruited by the FBI and sent on a mission to interview and subsequently assassinate an imaginary, despotic political leader. 

Biting political satire is nothing new to the film industry. For years, it is a medium that has been used to deliver highly topical and politicised messages. However, during the writing of the script, the decision was taken that the target for the assassination would change from being an invented person to being the actual sitting leader of North Korea, Kim Jong-Un. 

This was breaking new ground. To parody the assassination of a ruling leader of a sovereign nation-state is something that had never, or rarely, been attempted. Furthermore, the filmmakers intended to make this a graphic portrayal of the assassination. 

The rights to the film were bought by Sony Pictures, and it went into production in 2014 starring James Franco and Seth Rogan, two high-profile and successful actors. 

The promotional gears started turning in the build-up to the film being launched in December 2014. Billboards went up, social media helped fuel the marketing flames and the film was screened to focus groups. 

However, as news of the new film was proliferating, things were taking a sinister turn at Sony Pictures… 

Looking at code on monitor

Sony is hacked 

Unbeknownst to anyone at the time, a catfish campaign was already well underway at Sony. An external group had bombarded the social media accounts of Sony employees with messages designed to make them click on nefarious links. 

It would only take one of the employees to take the bait…and that is exactly what happened. One email click and the malware was free to weave its destructive path. 

Once the hackers had gained access to the network of computers and IT infrastructure at Sony, it was already too late. The hackers moved across the whole of the network, completely undetected by anyone at Sony. These were not simply bedroom hackers, they were a group of extremely organised cyber soldiers hellbent on destruction. 

Their intention became clear when, in November 2014, a coordinated set of messages started appearing on employees’ computer screens one morning. These messages, which featured the image of a skeleton alongside blood-curdling sound effects, were precise about their intentions: The complete destruction of Sony Pictures. 

The cyber criminals proceeded to create havoc on the network. Computers were wiped, phones were taken offline and the digital network was taken down. Even local businesses were prevented from trading as credit-card machines were affected for weeks. 

But, as a warning chillingly pre-empted, it was “just the beginning.” 

Prior to the attack, the hackers had already obtained libraries of internal data from the company. This data included executive salaries, private emails, gossip, and details of unreleased films. 

This data was sent to local journalists, who were not slow to publish. 

Salacious stories about famous A-listers were shared. Films were leaked. Executives were caught making racial slurs, and salaries of employees were made common knowledge. 

The data breach continued well into 2015, with HR records, social security data and medical records being shared. In effect, every employee’s entire email inbox was in the public domain. 

Typing on laptop

The fallout 

It was a cyber-crime on a massive scale, and could not have been much higher profile. The commercial, reputational and security damage was enormous. 

Whilst the film did manage a very low-key premier, concerns from audiences and cinemas alike led to cinemas refusing to screen it in mainstream theatres. Five days after it premiered, the film was pulled from cinemas. 

The hackers had won. Furthermore, since the malware itself had its own counter-forensic measures built-in, it essentially destroyed evidence as it coursed through the network. 

The fallout was immense. The hack led to an FBI investigation; employees commenced a class-action lawsuit against Sony; millions of dollars were spent on IT repairs. Many careers, at all levels, were abruptly ended. 

There were also clear implications for free-speech, a cornerstone of western democracy for centuries. 

Most concerning of all, the hack was declared an international incident. All suspicious eyes were trained on the secretive state of North Korea. President Obama even went as far as blaming North Korea live on television. Never before had a sovereign state been implicated by a sitting American President. But consider this fact alone: Did Obama reluctantly fuel the threat by reacting in this way? 

Either way, it was clear that the Sony Pictures hack unveiled a new era for what cyber-attacks could achieve. 

Lessons to be learned 

What has become clear because of the Sony hack is that we live in a connected world, but it is this connectivity that means we are open to risks of the highest magnitude. 

It is also obvious that not only is there the potential for egregious amounts of money to be made in cyber-crime, but enormous reputational damage too. 

And if cyber-crime is a threat to multi-national conglomerates, it is a threat to everyone. 

The intervening years have also taught us that the threat is not going to recede. Not only are independent cyber criminals at large, but the fear that nation-states may be sponsoring cyber-crime suggests that the parameters for global conflict have shifted from battlefield to server-banks. 

There are a number of steps that we can all take to mitigate these threats. 

Email is still by far accountable for the highest volume of attempted hacks. It is not enough to ensure that everyone on your network is aware of the threat. The solution is to ensure that the absolute best in next-generation firewall is in place. 

Such solutions are available from a number of vendors, but it is crucial that your cyber strategy is curated by a specialist company that will be constantly on the lookout for new threats on your behalf. 

SEP2 are a cyber-security specialist and protecting our customers from cyber-crime is why we exist. We are constantly working at the bleeding edge of technology to ensure your security. We employ the greatest technicians and work with world-class vendors. This is why we say we are Tech Driven and People Powered. 

Share this Post:

You May Also Like:

Tech Driven. People Powered.

Protect your business today

To find out more about how we can secure your organisation against all forms of cyber security attack, get in touch with SEP2 now or sign up to our newsletter.

Sign Up

join our newsletter today

To find out more about how we can secure your organisation against all forms of cyber security attack sign up to our newsletter.

Your data will be handled in accordance with our Privacy Notice

Kieron sitting at a desk in the SEP2 office posing for his headshot


Central Response Team Manager

Kieron has been with SEP2 since 2019 and works in our support team.

For Kieron, there is no typical day at SEP2, for one day he can be working through open tickets, another day you could be working on a priority case for the duration of the day, and another day you could be working on an ongoing project, but what Kieron enjoys is that the mix of challenges keeps the role fresh and interesting.

Kieron likes that within the support team everybody works well together, and shares knowledge between every level and are constantly being encouraged to learn.

In his spare time, Kieron’s current favourite hobby is working on his allotment, which gives him a nice change of scenery and a break from technology.