Jump to content

2014 Sony Pictures hack

From Wikipedia, the free encyclopedia

The headquarters of Sony Pictures in Culver City, California, United States

On November 24, 2014, the hacker group "Guardians of Peace" leaked confidential data from the film studio Sony Pictures Entertainment (SPE). The data included employee emails, personal and family information, executive salaries, then-unreleased films, future film plans, screenplays, and other information.[1] The perpetrators then employed a variant of the Shamoon wiper malware to erase Sony's computer infrastructure.[2]

During the hack, the group demanded that Sony withdraw its then-upcoming film The Interview, starring James Franco as a reporter and Seth Rogen (who also wrote, produced, and directed the film alongside his creative partner Evan Goldberg) as his producer who are hired by the United States and South Korean governments to set up an interview with North Korean leader Kim Jong-un as part of a plot to assassinate him, and threatened terrorist attacks at cinemas screening the film. After many major U.S. theater chains opted not to screen The Interview in response to these threats, Sony chose to cancel the film's formal premiere and mainstream release, opting to skip directly to a downloadable digital release followed by a limited theatrical release the next day.[3][4][5]

United States intelligence officials, after evaluating the software, techniques, and network sources used in the hack, concluded that the attack was sponsored by the government of North Korea, which has since denied all responsibility.[6] Some independent cybersecurity experts doubt the involvement of North Korea.[citation needed]

Hack and perpetrators

[edit]

The exact duration of the hack is yet unknown. U.S. investigators say the culprits spent at least two months copying critical files.[7] A purported member of the Guardians of Peace (GOP) who has claimed to have performed the hack stated that they had access for at least a year prior to its discovery in November 2014.[8] The hackers involved claim to have taken more than 100 terabytes of data from Sony, but that claim has never been confirmed.[9] The attack was conducted using malware. Although Sony was not specifically mentioned in its advisory, the United States Computer Emergency Readiness Team said that attackers used a Server Message Block (SMB) Worm Tool to conduct attacks against a major entertainment company. Components of the attack included a listening implant, backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning[10] tool. The components clearly suggest an intent to gain repeated entry, extract information, and be destructive, as well as remove evidence of the attack.[11][12]

Sony was made aware of the hack on Monday, November 24, 2014, as the malware previously installed rendered many Sony employees' computers inoperable by the software, with the warning by a group calling themselves the Guardians of Peace, along with a portion of the confidential data taken during the hack.[13] Several Sony-related Twitter accounts were also taken over.[8] This followed a message that several Sony Pictures executives had received via email on the previous Friday, November 21; the message, coming from a group called "God'sApstls" [sic], demanded "monetary compensation" or otherwise, "Sony Pictures will be bombarded as a whole".[13] This email message had been mostly ignored by executives, lost in the volume they had received or treated as spam email.[13] In addition to the activation of the malware on November 24, the message included a warning for Sony to decide on their course of action by 11:00 p.m. UTC that evening, although no apparent threat was made when that deadline passed.[13] In the days following this hack, the Guardians of Peace began leaking yet-unreleased films and started to release portions of the confidential data to attract the attention of social media sites, although they did not specify what they wanted in return.[13] Sony quickly organized internal teams to try to manage the loss of data to the Internet, and contacted the Federal Bureau of Investigation (FBI) and the private security firm FireEye to help protect Sony employees whose personal data was exposed by the hack, repair the damaged computer infrastructure and trace the source of the leak.[13] The first public report concerning a North Korean link to the attack was published by Re/code on November 28 and later confirmed by NBC News.[14]

This is absurd. Yet it is exactly the kind of behavior we have come to expect from a regime that threatened to take 'merciless countermeasures' against the U.S. over a Hollywood comedy, and has no qualms about holding tens of thousands of people in harrowing gulags.

U.S. Ambassador to the U.N. Samantha Power

On December 8, 2014, alongside the eighth large data dump of confidential information, the Guardians of Peace threatened Sony with language relating to the September 11 attacks that drew the attention of U.S. security agencies.[13][16] North Korean state-sponsored hackers are suspected by the United States of being involved in part due to specific threats made toward Sony and movie theaters showing The Interview, a comedy film about an assassination attempt against Kim Jong-un.[17] North Korean officials had previously expressed concerns about the film to the United Nations, stating that "to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war."[18]

In its first quarter financials for 2015, Sony Pictures set aside $15 million to deal with ongoing damages from the hack.[19] Sony bolstered its cyber-security infrastructure as a result, using solutions to prevent similar hacks or data loss in the future.[13] Sony co-chairperson Amy Pascal announced in the wake of the hack that she would step down effective May 2015, and instead will become more involved with film production under Sony.[20]

Information obtained

[edit]

According to a notice letter dated December 8, 2014, from SPE to its employees, SPE learned on December 1, 2014 that personally identifiable information about employees and their dependents may have been obtained by unauthorized individuals as a result of a "brazen cyber-attack", including names, addresses, Social Security numbers and financial information.[21] On December 7, 2014, C-SPAN reported that the hackers stole 47,000 unique Social Security numbers from the SPE computer network.[22]

Although personal data may have been stolen, early news reports focused mainly on celebrity gossip and embarrassing details about Hollywood and film industry business affairs gleaned by the media from electronic files, including private email messages. Among the information revealed in the emails was that Sony CEO Kazuo Hirai pressured Sony Pictures co-chairwoman Amy Pascal to "soften" the assassination scene in The Interview.[23] Many details relating to the actions of the Sony Pictures executives, including Pascal and Michael Lynton, were also released, in a manner that appeared to be intended to spur distrust between these executives and other employees of Sony.[13]

Other emails released in the hack showed Pascal and Scott Rudin, a film and theatrical producer, discussing Angelina Jolie. In the emails, Rudin referred to Jolie as "a minimally talented spoiled brat" because Jolie wanted David Fincher to direct her film Cleopatra, which Rudin felt would interfere with Fincher directing a planned film about Steve Jobs.[24] Pascal and Rudin were also noted to have had an email exchange about Pascal's upcoming encounter with Barack Obama that included characterizations described as racist, which led to Pascal's resignation from Sony.[25][26][27][28] The two had suggested they should mention films about African-Americans upon meeting the president, such as Django Unchained, 12 Years a Slave and The Butler, all of which depict slavery in the United States or the pre-civil rights era.[25][26][27] Pascal and Rudin later apologized.[25][27] Details of lobbying efforts by politician Mike Moore on behalf of the Digital Citizens Alliance and FairSearch against Google were also revealed.[29]

The leak revealed multiple details of behind-the-scenes politics on Columbia Pictures' current Spider-Man film series, including emails between Pascal and others to various heads of Marvel Studios.[30] Due to the outcry from fans, the Spider-Man license was eventually negotiated to be shared between both studios. In addition to the emails, a copy of the screenplay for the James Bond film Spectre, released in 2015, was obtained.[31] Several future Sony Pictures films, including Annie, Mr. Turner, Still Alice and To Write Love on Her Arms, were also leaked.[32][33][34] The hackers intended to release additional information on December 25, 2014,[35] which coincided with the release date of The Interview in the United States.

According to The Daily Dot, based on the email leaks, while he was at Sony, executive Charles Sipkins was responsible for following senior executives' orders to edit Wikipedia articles about them.[36]

In December 2014, former Sony Pictures Entertainment employees filed four lawsuits against the company for not protecting their data that was released in the hack, which included Social Security numbers and medical information.[37] As part of the emails, it was revealed that Sony was in talks with Nintendo to make an animated film based on the Super Mario Bros. franchise.[38][39]

In January 2015, details were revealed of the MPAA's lobbying of the United States International Trade Commission to mandate U.S. ISPs either at the internet transit level or consumer level internet service provider, to implement IP address blocking pirate websites as well as linking websites.[40] WikiLeaks republished over 30,000 documents that were obtained via the hack in April 2015, with founder Julian Assange stating that the document archive "shows the inner workings of an influential multinational corporation" that should be made public.[41] Sony condemned the WikiLeaks publication and their attorneys responded by saying it "indiscriminately" disseminated stolen data, and that this "conduct rewards a totalitarian regime seeking to silence dissident speech". The lawyers also said that "WikiLeaks is incorrect that this Stolen Information belongs in the public domain".[42][43][44][45]

In November 2015, after Charlie Sheen publicly announced in a television interview that he was diagnosed with HIV, it was revealed that Sony executives were aware of the diagnosis as early as March 10, 2014, even though he never told them about it.[46][47] In December, Snap Inc., due to the hack, was revealed to have acquired Vergence Labs for $15 million in cash and stock, the developers of Epiphany Eyewear, and mobile app Scan for $150 million.[48][49]

Threats surrounding The Interview

[edit]

On December 16, for the first time since the hack, the Guardians of Peace mentioned the then-upcoming film The Interview by name, and threatened to take terrorist actions against the film's New York City premiere at Sunshine Cinema on December 18, as well as on its U.S.-wide release date, set for December 25.[33] Sony pulled the theatrical release the following day.

We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you'd better leave.) Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. All the world will denounce the SONY.[50]

Seth Rogen and James Franco, the stars of The Interview, responded by saying they did not know if it was definitely caused by the film,[51] but later canceled all media appearances tied to the film outside of the planned New York City premiere on December 16, 2014.[52] Following initial threats made towards theaters that would show The Interview, several theatrical chains, including Carmike Cinemas, Bow Tie Cinemas, Regal Entertainment Group, Showcase Cinemas, AMC Theatres, Cinemark Theatres, as well as several independent movie theater owners announced that they would not screen The Interview.[53][54][55] The same day, Sony stated that they would allow theaters to opt out of showing The Interview, but later decided to fully pull the national December 25 release of the film, as well as announce that there were "no further release plans" to release the film on any platform, including home video, in the foreseeable future.[56][57][58]

On December 18, two messages (both allegedly from the Guardians of Peace) were released. One, sent in a private message to Sony executives, stated that they would not release any further information if Sony never releases the film and removed its presence from the internet. The other, posted to Pastebin, a web application used for text storage that the Guardians of Peace had used for previous messages, stated that the studio had "suffered enough" and could release The Interview, but only if Kim Jong-un's death scene was not "too happy". The post also stated that the company cannot "test [them] again", and that "if [Sony Pictures] makes anything else, [they] will be here ready to fight".[59]

President Barack Obama, in an end-of-year press speech on December 19, commented on the Sony hacking and stated that he felt Sony made a mistake in pulling the film, and that producers should "not get into a pattern where you are intimidated by these acts".[60] He also said, "We will respond proportionally and we will respond in a place and time and manner that we choose."[61] In response to President Obama's statement, Sony Entertainment's CEO Michael Lynton said on the CNN program Anderson Cooper 360 that the public, the press and the President misunderstood the events. Lynton said the decision to cancel the wide release was in response to a majority of theaters pulling their showings and not to the hackers' threats. Lynton stated that they would seek other options to distribute the film in the future, and noted "We have not given in. And we have not backed down. We have always had every desire to have the American public see this movie."[62][63]

On December 23, Sony opted to authorize approximately 300 mostly-independent theaters to show The Interview on Christmas Day, as the four major theater chains had yet to change their earlier decision not to show the film.[64][65] The FBI worked with these theaters to detail the specifics of the prior threats and how to manage security for the showings, but noted that there was no actionable intelligence on the prior threats.[66] Sony's Lynton stated on the announcement that "we are proud to make it available to the public and to have stood up to those who attempted to suppress free speech".[67] The Interview was also released to Google Play, Xbox Video, and YouTube on December 24.[68] No incidents predicated by the threats occurred with the release, and instead, the unorthodox release of the film led to it being considered a success due to increased interest in the film following the attention it had received.[69]

On December 27, the North Korean National Defence Commission released a statement accusing Obama of being "the chief culprit who forced the Sony Pictures Entertainment to indiscriminately distribute the movie."[70]

U.S. accusations and formal charges against North Korea

[edit]

U.S. government officials stated on December 17, 2014 their belief that the North Korean government was "centrally involved" in the hacking, although there was initially some debate within the White House whether or not to make this finding public.[6] White House officials treated the situation as a "serious national security matter",[71] and the FBI formally stated on December 19 that they connected the North Korean government to the cyber-attacks.[72][73] Including undisclosed evidence, these claims were made based on the use of similar malicious hacking tools and techniques previously employed by North Korean hackers—including North Korea's cyberwarfare agency Bureau 121 on South Korean targets.[6][74] According to the FBI:[75]

  • "[A] technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korea previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks.
  • "The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the U.S. government has previously linked directly to North Korea. For example, the FBI discovered that several Internet protocol (IP) addresses associated with known North Korean infrastructure communicated with IP addresses that were hardcoded into the data deletion malware used in this attack. The FBI later clarified that the source IP addresses were associated with a group of North Korean businesses located in Shenyang in northeastern China.[76]
  • "Separately, the tools used in the SPE attack have similarities to a cyber-attack in March of last year against South Korean banks and media outlets, which was carried out by North Korea."

The FBI later clarified more details of the attacks, attributing them to North Korea by noting that the hackers were "sloppy" with the use of proxy IP addresses that originated from within North Korea. At one point the hackers logged into the Guardians of Peace Facebook account and Sony's servers without effective concealment.[77] FBI Director James Comey stated that Internet access is tightly controlled within North Korea, and as such, it was unlikely that a third party had hijacked these addresses without allowance from the North Korean government.[78][79] The National Security Agency assisted the FBI in analyzing the attack, specifically in reviewing the malware and tracing its origins; NSA director Admiral Michael S. Rogers agreed with the FBI that the attack originated from North Korea.[80] A disclosed NSA report published by Der Spiegel stated that the agency had become aware of the origins of the hack due to their own cyber-intrusion on North Korea's network that they had set up in 2010, following concerns of the technology maturation of the country.[76]

The North Korean news agency KCNA denied the "wild rumours" of North Korean involvement, but said that "The hacking into the SONY Pictures might be a righteous deed of the supporters and sympathizers with the DPRK in response to its appeal."[16][31][81] North Korea offered to be part of a joint probe with the United States to determine the hackers' identities, threatening consequences if the United States refused to collaborate and continued the allegation.[82][83] The U.S. refused and asked China for investigative assistance instead.[84] Some days after the FBI's announcement, North Korea temporarily suffered a nationwide Internet outage, which the country claimed to be the United States' response to the hacking attempts.[85]

On the day following the FBI's accusation of North Korea's involvement, the FBI received an email purportedly from the hacking group, linking to a YouTube video entitled "you are an idiot!", apparently mocking the organization.[86][87][88]

On December 19, 2014, U.S. Secretary of Homeland Security Jeh Johnson released a statement saying, "The cyber attack against Sony Pictures Entertainment was not just an attack against a company and its employees. It was also an attack on our freedom of expression and way of life." He encouraged businesses and other organizations to use the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) to assess and limit cyber risks and protect against cyber threats.[89] On the same day, U.S. Secretary of State John Kerry published his remarks condemning North Korea for the cyber-attack and threats against movie theatres and moviegoers. "This provocative and unprecedented attack and subsequent threats only strengthen our resolve to continue to work with partners around the world to strengthen cybersecurity, promote norms of acceptable state behavior, uphold freedom of expression, and ensure that the Internet remains open, interoperable, secure and reliable," he said.[90]

On January 2, 2015, the U.S., under an Executive Order issued by President Obama, installed additional economic sanctions on already-sanctioned North Korea for the hack,[91] which North Korean officials called out as "groundlessly stirring up bad blood towards" the country.[92]

Doubts about accusations against North Korea

[edit]

Cyber security expert Kurt Stammberger from cyber security firm Norse,[93][94] DEFCON organizer and Cloudflare researcher Marc Rogers,[95] Hector Monsegur[96] and Kim Zetter, a security journalist at Wired magazine,[97] have expressed doubt and tended to agree that North Korea might not be behind the attack.

Michael Hiltzik, a journalist for the Los Angeles Times, said that all evidence against North Korea was "circumstantial" and that some cybersecurity experts were "skeptical" about attributing the attack to the North Koreans.[98] Cybersecurity expert Lucas Zaichkowsky said, "State-sponsored attackers don't create cool names for themselves like 'Guardians of Peace' and promote their activity to the public."[99] Kim Zetter of Wired magazine called released evidence against the government "flimsy".[100] Former hacker Hector Monsegur, who once hacked into Sony, explained to CBS News that exfiltrating one or one hundred terabytes of data "without anyone noticing" would have taken months or years, not weeks. Monsegur doubted the accusations due to North Korea's insufficient internet infrastructure to handle the transfer of that much data. He believed that it could have been either Chinese, Russian, or North Korean-sponsored hackers working outside of the country, but most likely to be the deed of a Sony employee.[101]

Stammberger provided to the FBI Norse's findings that suggest the hack was an inside job, stating, "Sony was not just hacked; this is a company that was essentially nuked from the inside. We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history."[102] Stammberger believes that the security failure may have originated from six disgruntled former Sony employees, based on their past skill sets and discussions these people made in chat rooms. Norse employees identified these people from a list of workers that were eliminated from Sony during a restructuring in May 2014, and noted that some had made very public and angry responses to their firing, and would be in appropriate positions to identify the means to access secure parts of Sony's servers.[103][104] After a private briefing lasting three hours, the FBI formally rejected Norse's alternative assessment.[105]

Seth Rogen also expressed doubts about the claims that North Korea was behind the hack. Based on the timeline of events and the amount of information hacked, he believes the hack may have been conducted by a Sony employee. "I've also heard people say that they think someone was hired to do the hack as a way of getting Amy Pascal fired. I don't know if I subscribe to those theories, but I kind of don't think it was North Korea."[106]

Other investigations

[edit]

In response to allegations that the intrusion was the result of an inside job, or something other than a state-sponsored cyber attack, computer forensic specialist Kevin Mandia, president of the security firm FireEye, commented that there was not a "shred of evidence" that an insider was responsible for the attack and that the evidence uncovered by his security firm supports the position of the United States government.[107][108]

In February 2016, analytics firm Novetta issued a joint investigative report into the attack. The report, published in collaboration with Kaspersky Lab, Symantec, AlienVault, Invincea, Trend Micro, Carbon Black, PunchCyber, RiskIQ, ThreatConnect and Volexity, concluded that a well-resourced organization had committed the intrusion, and that "we strongly believe that the SPE attack was not the work of insiders or hacktivists". The analysis said that the same group is engaged in military espionage campaigns.[109][110][111]

Because of the depth and scope of malware tools, structure of the analyzed code bases, TTP overlap with similar attacks, and long trail of activities attributed to the Lazarus Group, Novetta does not believe that the SPE attack was carried out by insiders or hacktivists, but rather by a more structured, resourced, and motivated organization. ... Although our analysis cannot support direct attribution of a nation-state or other specific group due to the difficulty of proper attribution in the cyber realm, the FBI's official attribution claims could be supported by our findings.[112]

Formal charges

[edit]

The U.S. Department of Justice issued formal charges related to the Sony hack on North Korean citizen Park Jin-hyok on September 6, 2018. The Department of Justice contends that Park was a North Korean hacker that worked for the country's Reconnaissance General Bureau, the equivalent of the Central Intelligence Agency. The Department of Justice also asserted that Park was partially responsible for arranging the WannaCry ransomware attack of 2017, having developed part of the ransomware software. The Department of Justice had previously identified Park and had been monitoring him for some time, but could not indict him immediately as much of the information around him was classified.[113] The Criminal Complaint was unsealed by the US Department of Justice via a press release in September 2018.[114]

[edit]

Obama also issued a legislative proposal to Congress to update current laws such as the Racketeer Influenced and Corrupt Organizations Act and introduce new ones to allow federal and national law enforcement officials to better respond to cybercrimes like the Sony hack, and to be able to prosecute such crimes compatibly to similar off-line crimes, while protecting the privacy of Americans.[115][116]

Public discussion

[edit]

About reporting on the hack

[edit]

In December 2014, Sony requested that the media stop covering the hack.[4] Sony also threatened legal action if the media did not comply, but according to law professor Eugene Volokh, Sony's legal threats are "unlikely to prevail".[117] Sony then threatened legal action against Twitter if it did not suspend accounts of people who posted the hacked material.[118] American screenwriter Aaron Sorkin wrote an op-ed for The New York Times opining that the media was helping the hackers by publishing and reporting on the leaked information.[119] On December 18, Reddit banned the subreddit r/SonyGOP that was being used to distribute the hacked files.[120]

About pulling The Interview

[edit]

The threats made directly at Sony over The Interview were seen by many as a threat to free speech. The decision to pull the film was criticized by several Hollywood filmmakers, actors, and television hosts, including Ben Stiller, Steve Carell, Rob Lowe, Jimmy Kimmel and Judd Apatow.[121][122] Some commentators contrasted the situation to the non-controversial release of the 2004 Team America: World Police, a film that mocked the leadership of North Korea's prior leader, Kim Jong-il.[123] The Alamo Drafthouse was poised to replace showings of The Interview with Team America until the film's distributor Paramount Pictures ordered the theaters to stop.[124]

In light of the threats made to Sony over The Interview, New Regency cancelled its March 2015 production plans for a film adaptation of the graphic novel Pyongyang: A Journey in North Korea, which was set to star Steve Carell.[125] Hustler announced its intentions to make a pornographic parody film of The Interview. Hustler founder Larry Flynt said, "If Kim Jong-un and his henchmen were upset before, wait till they see the movie we're going to make".[126]

Outside the United States

[edit]

In China, the media coverage of the hackings has been limited and outside sources have been censored. A search for "North Korea hack" on Baidu, China's leading search engine returned just one article, which named North Korea as "one of several suspects." However, Google, which was and is inaccessible in China, returned more than 36 million results for the same query. Hua Chunying, a spokeswoman of foreign affairs, "shied away from directly addressing" the Sony hacking situation.[127]

See also

[edit]

References

[edit]
  1. ^ Siboni, Gabi; Siman-Tov, David (December 23, 2014). Cyberspace Extortion: North Korea versus the United States (PDF) (Report). INSS. Archived (PDF) from the original on August 20, 2016. Retrieved March 23, 2023.
  2. ^ Zetter, Kim (February 24, 2016). "The Sony Hackers Were Causing Mayhem Years Before They Hit the Company". Wired. Archived from the original on March 12, 2017. Retrieved March 23, 2023.
  3. ^ "Sony Pictures Entertainment Notice Letter" (PDF). State of California Department of Justice Office of the Attorney General. December 8, 2014. Archived (PDF) from the original on February 12, 2015. Retrieved December 20, 2014.
  4. ^ a b Feeney, Nolan (December 16, 2014). "Sony Asks Media to Stop Covering Hacked Emails". Time. Archived from the original on July 23, 2016. Retrieved December 17, 2014.
  5. ^ Weise, Elizabeth (December 17, 2014). "Experts: Sony hackers 'have crossed the line'". USA Today. Archived from the original on December 17, 2014. Retrieved December 17, 2014.
  6. ^ a b c Sanger, David E.; Perlroth, Nicole (December 17, 2014). "U.S. Links North Korea to Sony Hacking". The New York Times. Archived from the original on January 8, 2022. Retrieved December 17, 2014.
  7. ^ Sanger, David E.; Fackler, Martin (January 19, 2015). "N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say". The New York Times. Archived from the original on March 13, 2017. Retrieved March 23, 2023.
  8. ^ a b Zetter, Kim (December 3, 2014). "Sony Got Hacked Hard: What We Know and Don't Know So Far". Wired. Archived from the original on January 7, 2015. Retrieved January 4, 2015.
  9. ^ Cook, James (December 16, 2014). "Sony Hackers Have Over 100 Terabytes Of Documents. Only Released 200 Gigabytes So Far". Business Insider. Archived from the original on December 17, 2014. Retrieved December 18, 2014.
  10. ^ Lennon, Mike (2014). "Hackers Used Sophisticated SMB Worm Tool to Attack Sony".
  11. ^ Lennon, Mike (December 19, 2014). "Hackers Used Sophisticated SMB Worm Tool to Attack Sony". SecurityWeek. Archived from the original on December 20, 2014. Retrieved February 29, 2016.
  12. ^ Palilery, Jose (December 24, 2014). "What caused Sony hack: What we know now". CNNMoney. Archived from the original on January 4, 2015. Retrieved January 4, 2015.
  13. ^ a b c d e f g h i Seal, Mark (February 4, 2015). "An Exclusive Look at Sony's Hacking Saga". Vanity Fair. Archived from the original on February 4, 2015. Retrieved February 4, 2015.
  14. ^ Hesseldahl, Arik (November 28, 2014). "Sony Pictures Investigates North Korea Link In Hack Attack". Recode. Archived from the original on January 27, 2016. Retrieved February 1, 2016.
  15. ^ Yoon, Sangwon (December 22, 2014). "U.S. Denounces North Korea at UN". Bloomberg. Archived from the original on December 25, 2014. Retrieved December 22, 2014.
  16. ^ a b "Sony hack: White House views attack as security issue". BBC. December 18, 2014. Archived from the original on December 19, 2014. Retrieved December 18, 2014.
  17. ^ Child, Ben (December 9, 2014). "Hackers demand Sony cancel release of Kim Jong-un-baiting comedy". The Guardian. Archived from the original on December 21, 2016. Retrieved March 23, 2023.
  18. ^ Beaumont-Thomas, Ben (July 10, 2014). "North Korea complains to UN about Seth Rogen comedy The Interview". The Guardian. Archived from the original on July 30, 2014. Retrieved December 18, 2014.
  19. ^ Frizell, Sam (February 4, 2015). "Sony Is Spending $15 Million to Deal With the Big Hack". Time. Archived from the original on February 6, 2015. Retrieved February 4, 2015.
  20. ^ Cieply, Michael; Barnes, Brooks (February 5, 2015). "Amy Pascal Leaving as Sony Studio Chief". New York Times. Archived from the original on August 21, 2020. Retrieved February 5, 2015.
  21. ^ "Submitted Breach Notification Sample, Sony Pictures Entertainment Notice Letter". State of California Department of Justice Office of the Attorney General. December 8, 2014. Archived from the original on December 20, 2014. Retrieved December 20, 2014.
  22. ^ "Washington Journal – Hacking and Cybersecurity Threats". C-SPAN. December 7, 2014. Archived from the original on December 22, 2014. Retrieved December 22, 2014.
  23. ^ Fackler, Martin (December 15, 2014). "Sony's International Incident: Making Kim Jong-un's Head Explode". The New York Times. Archived from the original on December 7, 2015. Retrieved December 15, 2014.
  24. ^ Stedman, Alex (December 9, 2014). "Leaked Sony Emails Reveal Nasty Exchanges and Insults". Variety. Archived from the original on February 26, 2015. Retrieved March 3, 2015.
  25. ^ a b c Fleming, Mike Jr. (December 11, 2014). "Scott Rudin Apologizes After Leak Of Sony's Hacked Racially Insensitive E-Mails On Barack Obama". Deadline. Archived from the original on May 6, 2020. Retrieved March 23, 2023.
  26. ^ a b "Sony's Amy Pascal Apologizes for Obama Emails". Variety. December 11, 2014. Archived from the original on August 10, 2020. Retrieved March 23, 2023.
  27. ^ a b c Christopher Rosen, Scott Rudin & Amy Pascal Apologize After Racially Insensitive Emails About Obama Leak Archived February 22, 2017, at the Wayback Machine, The Huffington Post, December 11, 2014
  28. ^ Rushe, Dominic (February 5, 2015). "Amy Pascal steps down from Sony Pictures in wake of damaging email hack". The Guardian. ISSN 0261-3077. Archived from the original on October 24, 2021. Retrieved October 15, 2017.
  29. ^ Wingfield, Nick (December 16, 2014). "Google's Detractors Take Their Fight to the States". The New York Times. Archived from the original on August 15, 2017. Retrieved January 1, 2015.
  30. ^ Fritz, Ben (December 9, 2014). "Sony, Marvel Discussed Spider-Man Movie Crossover". The Wall Street Journal. Archived from the original on December 10, 2014. Retrieved December 18, 2014.
  31. ^ a b Stedman, Alex (December 14, 2014). "Sony Hack: Bond Producers Say 'Spectre' Screenplay Among Stolen Material". Variety. Archived from the original on December 16, 2014. Retrieved December 15, 2014.
  32. ^ McCurry, Justin (December 4, 2014). "North Korea denies hacking Sony Pictures". the Guardian. Archived from the original on December 18, 2014. Retrieved December 17, 2014.
  33. ^ a b Rushe, Dominic (December 17, 2014). "Hackers who targeted Sony invoke 9/11 attacks in warning to moviegoers". The Guardian. Archived from the original on December 17, 2014. Retrieved December 17, 2014.
  34. ^ "Sony's New Movies Leak Online Following Hack Attack". NBC News. December 1, 2014. Archived from the original on December 2, 2014. Retrieved December 1, 2014.
  35. ^ Weise, Elizabeth (December 15, 2014). "Sony fights hack damage as new threats emerge". USA Today. Archived from the original on December 15, 2014. Retrieved December 15, 2014.
  36. ^ Owens, Simon (April 23, 2015). "Sony executives ordered edits to Wikipedia pages". The Daily Dot. Archived from the original on September 5, 2015. Retrieved September 14, 2015.
  37. ^ Ellis, Ralph (December 20, 2014). "Lawsuits say Sony Pictures should have expected security breach". cnn.com. Archived from the original on December 21, 2014. Retrieved December 21, 2014.
  38. ^ Makuch, Eddie (December 12, 2014). "Leaked Emails Show Sony and Nintendo Discussing Mario Movie". GameSpot. Archived from the original on February 1, 2017. Retrieved December 8, 2016.
  39. ^ Vary, Adam (December 11, 2014). "Sony Pictures Lands "Mario Bros." Movie Rights From Nintendo, Leaked Emails Show". BuzzFeed. Archived from the original on December 12, 2014. Retrieved June 24, 2018.
  40. ^ Brandom, Russell (January 2, 2015). "The MPAA has a new plan to stop copyright violations at the border". The Verge. Archived from the original on January 3, 2015. Retrieved January 4, 2015.
  41. ^ Lang, Brent (April 16, 2015). "WikiLeaks Publishes Thousands of Hacked Sony Documents". Variety. Archived from the original on April 19, 2015. Retrieved April 16, 2015.
  42. ^ Fleming, Mike Jr. (April 18, 2015). "Sony Attorney David Boies Warns Media After WikiLeaks Hacked E-Mail Rehash". Deadline. Retrieved September 9, 2023.
  43. ^ Boies, David (April 17, 2015). "RE Privileged and or Confidential Information Stolen From Sony Pictures Entertainment" (PDF). Deadline.
  44. ^ "Sony Pictures slams WikiLeaks over hacked data release – DW – 04/17/2015". dw.com. Retrieved September 9, 2023.
  45. ^ "Sony Pictures condemns WikiLeaks' release of hacked material". Los Angeles Times. April 16, 2015. Retrieved September 9, 2023.
  46. ^ Rutter, Claire (November 17, 2015). "Did Sony hack disclose Charlie Sheen's HIV status in email nearly TWO years ago?". mirror. Archived from the original on January 11, 2018. Retrieved April 5, 2018.
  47. ^ "Charlie Sheen HIV Positive — Sony Hack Email Discussed Open Secret - Radar Online". Radar Online. November 16, 2015. Archived from the original on November 19, 2015. Retrieved November 18, 2015.
  48. ^ Yarow, Jay; Shontell, Alyson; Cook, James (December 16, 2015). "It Looks Like Snapchat Paid $15 Million To Buy A Google Glass-Like Startup". Business Insider. Archived from the original on November 19, 2016. Retrieved November 14, 2016.
  49. ^ Constine, Josh (December 16, 2014). "Snapchat Plans Music Feature, Acquired QR Scan.me For $50M And Vergence Eyeglass Cam For $15M". TechCrunch. Archived from the original on November 16, 2016. Retrieved November 15, 2016 – via AOL.
  50. ^ Boot, William (December 17, 2014). "Exclusive: Sony Emails Say State Department Blessed Kim Jong-Un Assassination in 'The Interview'". The Daily Beast. Archived from the original on December 17, 2014. Retrieved December 19, 2014.
  51. ^ "Seth Rogen and James Franco Address the Sony Hack". ABC News. December 15, 2014. Archived from the original on December 15, 2014. Retrieved December 15, 2014.
  52. ^ Stedman, Alex (December 16, 2014). "Seth Rogen and James Franco Cancel All Media Appearances for 'The Interview'". Variety. Archived from the original on December 16, 2014. Retrieved December 16, 2014.
  53. ^ Kilday, Gregg (December 16, 2014). "Sony Hack: Carmike Cinemas Drops 'The Interview'". The Hollywood Reporter. Archived from the original on December 17, 2014. Retrieved December 17, 2014.
  54. ^ Weise, Elizabeth (December 17, 2014). "Second theater chain pulls "The Interview" after hacker threats". USA Today. Archived from the original on December 17, 2014. Retrieved December 17, 2014.
  55. ^ Kilday, Gregg (December 17, 2014). "Top Five Theater Circuits Drop 'The Interview' After Sony Hack". The Hollywood Reporter. Archived from the original on December 17, 2014. Retrieved December 17, 2014.
  56. ^ Grow, Kory (December 17, 2014). "Sony Cancels 'Interview' New York Premiere Amid Terror Threats". Rolling Stone. Archived from the original on December 18, 2014. Retrieved December 17, 2014.
  57. ^ Lang, Brent (December 17, 2014). "Sony Cancels Theatrical Release for 'The Interview' on Christmas". Variety. Archived from the original on December 18, 2014. Retrieved December 17, 2014.
  58. ^ McNary, Dave (December 17, 2014). "Sony Has 'No Further Release Plans' for 'The Interview'". Variety. Archived from the original on December 18, 2014. Retrieved December 17, 2014.
  59. ^ Weise, Elizabeth; Johnson, Kevin (December 19, 2014). "FBI confirms North Korea behind Sony hack". USA Today. Archived from the original on December 19, 2014. Retrieved December 19, 2014.
  60. ^ "US President Barack Obama holds last news briefing of 2014". BBC. December 19, 2014. Archived from the original on January 13, 2015. Retrieved December 19, 2014.
  61. ^ "Obama pledges proportional response to Sony hack". San Diego Union-Tribune. Associated Press. December 19, 2014. Archived from the original on March 23, 2023. Retrieved March 23, 2023.
  62. ^ Pallotta, Frank (December 19, 2014). "Sony exec fires back at President Obama". CNN Money. Archived from the original on December 20, 2014. Retrieved December 19, 2014.
  63. ^ "Sony 'will not drop' North Korea film The Interview". BBC. December 19, 2014. Archived from the original on December 20, 2014. Retrieved December 19, 2014.
  64. ^ Shaw, Lucas (December 23, 2014). "Sony to Release The Interview in More Than 300 Theaters on Christmas Day". Bloomberg. Archived from the original on December 25, 2014. Retrieved December 26, 2014.
  65. ^ "The Interview: Obama hails move to screen North Korea film." Archived August 6, 2018, at the Wayback Machine BBC. Retrieved December 24, 2014.
  66. ^ Brown, Pamela (December 24, 2014). "FBI reaching out to theaters screening 'The Interview'". CNN. Archived from the original on December 29, 2014. Retrieved December 29, 2014.
  67. ^ Coyle, Jake (December 23, 2014). "Sony announces limited release of 'The Interview'". Boston Globe. Retrieved December 29, 2014.[permanent dead link]
  68. ^ Kelsey, Eric (December 24, 2014). "Sony releases 'The Interview' on Youtube, other Internet channels". Reuters. Archived from the original on August 17, 2021. Retrieved December 24, 2014.
  69. ^ Hamedy, Saba (December 28, 2014). "'The Interview' finds its audience at indie theaters, online". Los Angeles Times. Archived from the original on December 29, 2014. Retrieved December 29, 2014.
  70. ^ "North Korea berates Obama over The Interview release". BBC News. December 27, 2014. Archived from the original on December 28, 2014. Retrieved December 30, 2014.
  71. ^ Bacle, Ariana (December 18, 2014). "White House is treating Sony hack as 'serious national security matter'". Entertainment Weekly. Archived from the original on December 19, 2014. Retrieved December 18, 2014.
  72. ^ "FBI — Update on Sony Investigation". FBI. December 19, 2014. Archived from the original on March 5, 2022. Retrieved December 22, 2014.
  73. ^ Weise, Elizabeth; Johnson, Kevin (December 19, 2014). "FBI confirms North Korea behind Sony hack". USA Today. Archived from the original on December 19, 2014. Retrieved December 19, 2014.
  74. ^ Laughland, Oliver; Rushe, Dominic (December 19, 2014). "Sony cyber attack linked to North Korean government hackers, FBI says". The Guardian. Archived from the original on August 27, 2016. Retrieved December 19, 2014.
  75. ^ "Update on Sony Investigation" (Press release). Federal Bureau of Investigation. December 19, 2014. Archived from the original on March 5, 2022. Retrieved December 19, 2014.
  76. ^ a b Sanger, David E.; Fackler, Martin (January 18, 2015). "N.S.A. Tapped Into North Korean Networks Before Sony Attack, Officials Say". New York Times. Archived from the original on January 19, 2015. Retrieved January 19, 2015.
  77. ^ Schmidt, Michael S.; Perlroth, Nicole; Goldstein, Matthew (January 7, 2015). "F.B.I. Says Little Doubt North Korea Hit Sony". The New York Times. Archived from the original on July 5, 2017. Retrieved March 23, 2023.
  78. ^ Brandom, Russell (January 7, 2015). "FBI Director Comey reveals new details on the Sony hack". The Verge. Archived from the original on January 7, 2015. Retrieved January 7, 2015.
  79. ^ Scannell, Kara (January 8, 2015). "FBI details North Korean attack on Sony". CNBC. Archived from the original on November 15, 2022. Retrieved March 23, 2023.
  80. ^ Frizeel, Sam (January 8, 2015). "NSA Director on Sony Hack: 'The Entire World is Watching'". Time. Archived from the original on January 9, 2015. Retrieved January 9, 2015.
  81. ^ "Spokesman of Policy Department of NDC Blasts S. Korean Authorities' False Rumor about DPRK". Korea News Service. December 7, 2014. Archived from the original on November 24, 2019. Retrieved January 1, 2015.
  82. ^ "North Korea seeks joint probe with US on Sony hack". BBC. December 20, 2014. Archived from the original on December 20, 2014. Retrieved December 20, 2014.
  83. ^ "North Korea demands joint inquiry with US into Sony Pictures hack". The Guardian. December 20, 2014. Archived from the original on December 20, 2014. Retrieved December 20, 2014.
  84. ^ Makinen, Julie (December 20, 2014). "North Korea decries U.S. allegations on Sony hack; U.S. turns to China." Archived May 7, 2020, at the Wayback Machine Los Angeles Times. Retrieved December 21, 2014.
  85. ^ Helsel, Phil (December 26, 2014). "North Korea Insults Obama, Blames U.S. For Internet Outages". NBC News. Archived from the original on December 28, 2014. Retrieved December 29, 2014.
  86. ^ "Hackers 'mock' FBI investigation into Sony cyber attack." Archived December 21, 2014, at the Wayback Machine ITV News. December 20, 2014. Retrieved December 21, 2014.
  87. ^ Boot, William (December 20, 2014). "Sony Hackers Guardians of Peace Troll FBI, Anonymous Convinced Hack Didn't Come From North Korea." Archived May 18, 2017, at the Wayback Machine The Daily Beast. Retrieved December 21, 2014.
  88. ^ Gajewski, Ryan; Siegel, Tatiana (December 20, 2014). "Sony Hackers Appear to Mock FBI in Latest Message." Archived May 6, 2020, at the Wayback Machine The Hollywood Reporter. Retrieved December 21, 2014.
  89. ^ "Statement By Secretary Johnson On Cyber Attack On Sony Pictures Entertainment" (Press release). United States Department of Homeland Security. December 19, 2014. Archived from the original on December 24, 2014. Retrieved December 24, 2014.
  90. ^ "Condemning Cyber-Attack by North Korea". United States Department of State. December 19, 2014. Archived from the original on January 21, 2017. Retrieved December 24, 2014.
  91. ^ Lederman, Josh (January 2, 2015). "US slaps sanctions on North Korea after Sony hack". San Francisco Chronicle. Associated Press. Archived from the original on January 5, 2015. Retrieved January 5, 2015.
  92. ^ Siddique, Haroon (January 4, 2015). "North Korea responds with fury to US sanctions over Sony hack". The Guardian. Archived from the original on January 5, 2015. Retrieved January 5, 2015.
  93. ^ Kopan, Tal (December 29, 2014). "U.S.: No alternate leads in Sony hack". Archived from the original on December 30, 2014. Retrieved January 4, 2015.
  94. ^ "New evidence Sony hack was "inside job", not North Korea". New York Post. December 30, 2014. Archived from the original on March 7, 2018. Retrieved January 4, 2015.
  95. ^ Rogers, Marc (December 18, 2014). "Why the Sony hack is unlikely to be the work of North Korea". Archived from the original on May 14, 2015. Retrieved January 4, 2015.
  96. ^ "Ex-Anonymous hacker questions North Korea's role in Sony hack". December 18, 2014. Archived from the original on December 31, 2014. Retrieved January 4, 2015.
  97. ^ Zetter, Kim. "Evidence of North Korea hack is thin". Wired. Archived from the original on January 4, 2015. Retrieved January 4, 2015.
  98. ^ Hiltzik, Michael (December 19, 2014). "The Sony hack: What if it isn't North Korea?" Archived February 9, 2016, at the Wayback Machine Los Angeles Times. Retrieved December 21, 2014.
  99. ^ Mendoza, Martha (December 3, 2014). "Security experts doubt North Korea hacked into Sony; regime is angry over new Seth Rogen movie." Archived December 31, 2014, at the Wayback Machine Associated Press (Canada.com). Retrieved December 21, 2014.
  100. ^ Zetter, Kim (December 17, 2014). "The Evidence That North Korea Hacked Sony Is Flimsy." Archived March 8, 2017, at the Wayback Machine Wired. Retrieved December 21, 2014.
  101. ^ Monsegur, Hector (December 18, 2014). "Former Anonymous hacker doubts North Korea behind Sony attack" (Interview). Interviewed by Elaine Quijano. CBS News. Archived from the original on December 18, 2014. Retrieved December 21, 2014.
  102. ^ "Did the FBI get it wrong on North Korea?" Archived April 7, 2020, at the Wayback Machine CBS News. December 23, 2014. Retrieved December 24, 2014.
  103. ^ Kiss, Jemina (December 30, 2014). "Sony hack: sacked employees could be to blame, researchers claim". The Guardian. Archived from the original on December 30, 2014. Retrieved December 30, 2014.
  104. ^ Kopan, Tal (December 29, 2014). "FBI briefed on alternate Sony hack theory". Politico. Archived from the original on December 30, 2014. Retrieved December 30, 2014.
  105. ^ Kopan, Tal (December 31, 2014). "FBI rejects alternate Sony hack theory". POLITICO. Archived from the original on January 3, 2015. Retrieved March 23, 2023.
  106. ^ Desta, Yohana (April 30, 2018). "Actually, Seth Rogen Doesn't Think North Korea Was Behind the Sony Hack". HWD. Archived from the original on February 28, 2021. Retrieved July 28, 2018.
  107. ^ Fried, Ina (April 21, 2015). "Sony Hack Was Not an Inside Job, Says Security Expert Kevin Mandia". Vox. Archived from the original on October 2, 2022. Retrieved March 23, 2023.
  108. ^ Hesseldahl, Arik (April 30, 2015). "FireEye's Kevin Mandia Talks About the World After the Sony Hack (Full Video)". Vox. Archived from the original on December 6, 2022. Retrieved March 23, 2023.
  109. ^ Saarinen, Juha (February 25, 2016). "North Korea linked to Sony hack attack: researchers". iTnews. Archived from the original on August 13, 2022. Retrieved March 23, 2023.
  110. ^ "Novetta Exposes Depth of Sony Pictures Attack" (Press release). McLean, VA: GlobeNewswire News Room. Novetta. February 24, 2016. Archived from the original on March 23, 2023. Retrieved March 23, 2023.
  111. ^ Collaborative Operation Blockbuster aims to send Lazarus back to the dead, symantec.com, February 24, 2016.
  112. ^ Operation Blockbuster: Unrevealing the Long Thread of the Sony Attack (PDF) (Report). February 2016. Archived from the original (PDF) on July 7, 2022.
  113. ^ Sanger, David; Benner, Katie; Goldman, Adam (September 6, 2018). "North Korean Spy to Be Charged in Sony Pictures Hacking". The New York Times. Archived from the original on September 6, 2018. Retrieved September 6, 2018.
  114. ^ "2018 09 06 Park Complaint Unsealed - Department of Justice". Archived from the original on July 19, 2020. Retrieved May 22, 2020.
  115. ^ Daunt, Tina; Szalai, Georg (January 13, 2015). "White House Unveils Proposal for Cybersecurity Legislation in Wake of Sony Hack". The Hollywood Reporter. Archived from the original on January 20, 2015. Retrieved January 13, 2015.
  116. ^ "SECURING CYBERSPACE - President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts". whitehouse.gov (Press release). January 13, 2015. Archived from the original on August 8, 2019. Retrieved February 28, 2021 – via National Archives.
  117. ^ Volokh, Eugene (December 15, 2014). "Can Sony sue media outlets who publish the stolen Sony documents?". The Washington Post. Archived from the original on December 15, 2014. Retrieved December 15, 2014.
  118. ^ Isidore, Chris (December 23, 2014). "Sony threatens Twitter with lawsuit over hack tweets". CNNMoney. Archived from the original on May 8, 2020. Retrieved March 23, 2023.
  119. ^ Sorkin, Aaron (December 15, 2014). "The Sony Hack and the Yellow Press". The New York Times. Archived from the original on December 15, 2014. Retrieved December 16, 2014.
  120. ^ Goldman, David (December 29, 2014). "Reddit takes down Sony hack forum". CNNMoney. Archived from the original on January 4, 2015. Retrieved January 4, 2015.
  121. ^ Sinha-Roy, Piya (December 17, 2014). "Hollywood slams Sony, movie theaters for canceling 'The Interview'". Reuters. Archived from the original on September 24, 2015. Retrieved December 18, 2014.
  122. ^ Marcus, Stephanie (December 7, 2014). "Celebrities React To Sony Canceling 'The Interview' Release". The Huffington Post. Archived from the original on December 18, 2014. Retrieved December 18, 2014.
  123. ^ Rife, Katie (December 18, 2014). "Alamo Drafthouse replaces The Interview with Team America: World Police—or not". The A.V. Club. Archived from the original on December 19, 2014. Retrieved December 18, 2014.
  124. ^ Farnham, Donovan (December 18, 2014). "Paramount tells theaters no 'Team America: World Police'". San Jose Mercury News. Archived from the original on March 3, 2016. Retrieved December 18, 2014.
  125. ^ Ford, Rebecca (December 17, 2014). "Steve Carell's North Korea Thriller Dropped After Sony Hack". The Hollywood Reporter. Archived from the original on December 29, 2014. Retrieved December 17, 2014.
  126. ^ Hynes, Tom (December 19, 2014). "Take That, Jong-un! Hustler Plans 'The Interview' Porn Parody". AVN. Archived from the original on April 6, 2015. Retrieved December 20, 2014.
  127. ^ Ripley, Will (December 24, 2014). "China censors news on Sony hack". CNN. Archived from the original on December 24, 2014. Retrieved March 23, 2023.