Sony Cyber Attack One of Worst in Corporate History

Hacking
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. Pawel Kopczynski/Reuters

Sony Pictures Entertainment experienced one of the most devastating corporate attacks in history. Thousands of files, seized by hackers last week, have been leaked online including personal details of around 6,000 Sony employees, upcoming Sony feature films and the salary details of top executives.

The hackers also managed to access details about Deloitte bankers who are Sony's auditors.

The initial data breach, which occurred on 24th November, resulted in the shutdown of the entire computer network of one of Hollywood's largest and most powerful studios. There have been increasing reports that the hack was carried out by North Korea in revenge for the upcoming release of a Sony comedy called The Interview. The plot follows Seth Rogan and James Franco who are employed by the CIA to assassinate Kim Jong-un.

North Korean state media denounced the film as "the most undisguised sponsoring of terrorism as well as a war action". The country's UN envoy Ja Song-Nam said there would be a "merciless response" if Sony did not cancel the release of the film but the comedy is due to be released at Christmas.

The hackers, who call themselves the Guardians of Peace, posted around 40GB of seized data on an anonymous file-sharing site called Pastebin. Among other information, the files revealed that Rogen was paid $8.4 million for his role in the film, while Franco was received $6.5 million, and that $250 spent on a "table of weed, coke, pills and panties," thought to be used as props.

Details of Sony budgets, layoff strategies, 3,888 social security numbers and the salaries of 17 of its highest paid executives were all also revealed.

As well as employee personal information, extensive documentation of the company's activities was revealed, including the leak of a script for a pilot written by Breaking Bad creator Vince Gilligan, and five high-quality videos of unreleased Sony films, which were uploaded to file-sharing websites. These included Fury, starring Brad Pitt and Annie, which is due to be released in cinemas on 19th December.

Sony has not been the only company left exposed from the attack. Hackers have also obtained what appear to be the 2005 financial records from Sony auditors Deloitte. The data from these files included detailed salary information for more than 30,000 Deloitte employees and the credit-card number of Michael Lynton, the CEO of Sony. The files - which appear to come from the computer of a single Sony employee and which were published on culture website Fusion - suggest a major gender pay discrepancy within the firm.

The files that have been leaked online so far, represent just 0.04% of the 10,0000GB

of data that the hackers claim to have seized. They have reportedly said that the rest will be published online as soon as they work out how to distribute such a colossal volume of data.

Sony have called in security specialists FireEye to investigate the security breach. The FBI are also working on the case, warning security administrators of major companies on Monday about a recently detected form of highly destructive malware that according to the agency, shuts down a computer for two hours and then reboots it whilst wiping all of its data. Whilst unconfirmed by the FBI, cyber security experts have said that the description of the malware in the alert fits that of the one that struck Sony.

Sony has been heavily criticised for having inadequate protection in place, particularly after a three-week-long hack that took place in April 2011, bringing the company's Playstation gaming networks offline and the leaking of the personal details of thousands of its customers.

According to cyber security expert Caroline Baylon of Chatham House, there is little doubt that attacks on this scale will continue to increase. "Many of our systems are not adequately protected, and even when protection is provided, it is incredibly expensive," she told Newsweek.

"I think it's reasonable for companies to be expected to protect their data against routine day-to-day attacks, but once you reach a higher level of attack like this, the government probably needs to assist," she went on.

Sony has yet to comment on where the attack may have originated, but independent researchers have identified significant similarities with an attack on South Korea, dubbed Dark Seoul, that is widely thought to have been carried out by North Korea.

According to Baylon, even though there is no almost no internet connectivity in the North Korea, except among the elite, North Korea are actually very skilled at launching cyber attacks. "Many people speculate that they launch some of them from across the border in China," she told Newsweek.

"Whilst Kim Jong-un doesn't want to provide his people with internet, North Korea engages in frequent cyber attacks on South Korea. So we know based on a combination of intelligence and what we see them doing that they have incredibly cyber hacking capabilities," she went on.

The hacking comes just over a week after the release of a report from the US-based Pew Research Centre which says that it is likely that a catastrophic cyber-attack would have occurred by 2025, "[causing] widespread harm to a nation's security and capacity to defend itself and its people".

"Intelligence agencies and governments are incredibly worried about it," says Baylon.

Sony Cyber Attack One of Worst in Corporate History | Tech & Science
{{label}}
{{title}}
EDITOR'S PICK