The Sony leak Scandal - What we know so far
- 25 December, 2014 11:56
In what has been one of the most momentous years in infosec ever - the Sony hack has topped everything. Although the Sony hack did not impact as many people directly as Apple's "goto: fail" bug or the Heartbleed exploit, the commercial and political ramifications of the attack on Sony have garnered more attention than any other attack - surpassing even the target attack in November 2013.
So - what do we actually know about the attack on Sony?
Back in June 2014, the North Korean government declared the Sony Pictures movie "The Interview" to be an “undisguised sponsoring of terrorism, as well as an act of war” in a letter to UN Secretary-General Ban Ki-moon.
It's fair to say that most people ignored this as the ramblings of a government considered to be somewhat loose with what many people pass as sanity.
But then, on November 24, a group calling themselves the "Guardians of Peace" (or #GOP - get it, like the American Republican Party) took over the internal computer system at Sony, rendering the network useless and putting staff back in the 1970s as they tried to do their jobs with pens and paper.
The GOP also seized control of promotional Twitter accounts for Hollywood movies.
While this sounds a trifle annoying, of greater concern for Sony was that the hackers stole a massive trove of data - and they went public with it. A number of unreleased movies were shared over pirate move services and confidential emails were made public.
Aside from some interesting news about contract negotiations and employee salaries, we also learned that a number of Hollywood stars are a tad insecure and can get a little whiny.
The FBI conducted an investigation and blamed the North Korean government.
Of course, the North Korean government denies being behind the hack although they do think it was a "righteous deed". We suspect they're sitting back with tubs of popcorn, enjoying the "fun".
Apparently, all the fuss was caused by the as yet unreleased Seth Rogan and James Franco movie, The Interview, in which the supreme leader of the Democratic People's Republic of Korea, Kim Jong-un, is assassinated.
In response, movies theatres, worried that they would be targeted by terrorists if the released the movie, have said they won't be screening the movie - which was scheduled for release on Christmas Day.
Sony then pulled the release completely, drawing the ire of President Obama. Sony then said they had to pull it because no one would show it. However, they have backtracked on that having been called out by many public figures over free speech concerns, saying they will release the movie - we're just not sure how or when that might happen.
Along the way, the FBI's conclusion that this was a state-based attack on Sony has been questioned with the more likely culprit hacktivists. This is based on the proposition that state-based attacks tend to be more secretive and the language used in correspondence by the #GOP.
In summary - Sony was severely hacked resulting in vast swathes of data being made public. While there was some initial finger pointing at North Korea, we're not sure who really did it.
What we're all waiting for is "What's Next?".
When Christmas Day rolls around in North America, what will happen with Sony? There are several possibilities.
Sony will call the hacker's bluff and release The Interview into the public domain or via other channels for public distribution.
The hackers will release more, embarrassing information from Sony's network.
Everyone will enjoy their turkey and ham and nothing will happen.
Releases on 26th December about the Sony Hackers:
BBC .com : Sony comedy The interview opens
The Australian: Doubts persist North Koreans responsible for Sony hack
This article is brought to you by Enex TestLab, content directors for CSO Australia.