U.S. taking seriously possibility of a N. Korea role in Sony hacking
Federal law enforcement officials investigating the escalating computer hacking attack on Sony Pictures Entertainment say they are taking seriously the possibility that the North Korean government may be behind the crime.
“North Korea can really do this kind of thing,” said one official, who was not authorized to speak publicly. “We’re talking about a country that doesn’t even have the lights on for most of their people but [has] the sophistication to do something like this.”
The FBI is investigating the hack of Sony Pictures computers as a crime and the Department of Homeland Security is providing support and assistance, according to another law enforcement official who also spoke on the condition of anonymity.
The forensics analysis of the hack is ongoing and investigators have not yet come to a definitive conclusion about who perpetrated the infiltration of the movie studio’s computer systems, that person said. The FBI has alerted other businesses of ways to protect themselves from a similar attack, and DHS has alerted U.S. government agencies to also be on guard for similar intrusions.
Officials stressed that the investigation is just getting underway, and that a potential North Korean involvement has not been confirmed. Private security experts have speculated that the attack could have been carried out by disgruntled current or former studio employees. However, investigators have told Sony executives that the hack appears to be the work of a sophisticated operation, and not unhappy employees, said a person with knowledge of the situation.
North Korea has come under scrutiny in part because of its threats to retaliate over the release of Sony Pictures’ upcoming film, “The Interview,” a comedy that centers on a fictional attempt to assassinate North Korean leader Kim Jong Un.
Since hackers infiltrated Sony’s network, a cache of sensitive computer files has been leaked onto the Internet, including documents purported to contain several top Sony executives’ salaries, the Social Security numbers of thousands of current and former employees, as well as sensitive financial information such as deal terms and the profitability of movies. Several of the studio’s films were also uploaded to the Internet, including the forthcoming holiday musical “Annie.”
Anxiety deepened on Friday when hackers going by the name Guardians of Peace sent an email to Sony Pictures employees threatening to harm their families.
The cyberassault comes at a bad time for Sony Pictures, a unit of Tokyo-based Sony Corp.
The breach follows layoffs at the studio, which late last year committed to cutting overhead by $250 million after some of its 2013 films performed poorly and an activist shareholder criticized the studio’s management.
However, a Sony Pictures spokesman said the layoffs did not compromise the studio’s cybersecurity.
“The studio’s IT and information security budgets were not affected by the reductions of the past few years,” the spokesman said.
This isn’t the first large-scale cyberattack Sony has grappled with in recent years. In 2011, the company’s PlayStation Network was hacked — a breach Sony said cost it $170 million.
But after that attack Sony beefed up its cybersecurity protocols, said one person close to the studio.
Actor Andrew Garfield, right, rehearses a scene with his stunt double William Spencer on the “The Amazing Spiderman 2” movie set in Madison Square Park in New York.(Ray Tamarra/Getty Images)
Still, Ralph Echemendia, chief executive of digital security consulting firm Red-e Digital, said Sony operates a network that is massive and sprawling, making it vulnerable to attacks.
“The alarming thing about it was the size of the network and the way it was being operated,” said Echemendia, who consulted for Sony in the aftermath of the PlayStation hack. “When you have something that crosses between Sony Music, Sony Entertainment — a lot of different entities — you could potentially get into so many different aspects of Sony.”
The attack has cast a harsh spotlight on the studio’s top executives: Chairman Michael Lynton and co-Chairman Amy Pascal.
They’ve already endured a tough 18 months, having spent part of 2013 and this year fending off criticism from activist shareholder Dan Loeb of hedge fund Third Point. Last year, Loeb criticized Sony’s entertainment arm for being poorly managed, citing box-office misfires “After Earth” and “White House Down.”
Hacking scandals have led to resignations at other companies. In May, a massive data breach at Target forced Chief Executive Gregg Steinhafel to resign.
But Arvind Bhambri, associate professor of management and organization at USC, said he doesn’t believe that the hack attack leaves Pascal and Lynton vulnerable to dismissal.
“What happened at Sony could have happened to any company,” Bhambri said.
Pascal, viewed as the studio’s top creative decision maker, could be scrutinized for the decision to move forward with “The Interview.” Though intended as a satire, the R-rated comedy due out on Christmas sparked outrage from North Korea this summer, with a government spokesman calling it tantamount to an “act of war.”
Seth Rogen and Evan Goldberg, who co-directed the movie, told The Times in an interview before the hack became public that private consultants told them to be prepared for possible retaliation from North Korea.
In the mid-November interview, Rogen expressed appreciation for Sony’s commitment to the picture.
“This was in a lot of ways bizarrely our easiest movie to get made ever. [Sony] really loved the idea,” he said.
Pascal and Lynton declined to be interviewed, the Sony spokesman said.
The studio’s computer systems remain partly offline, with employees communicating via mobile phone to avoid using computers. The nature of the data leaks — sensitive information has been parceled out and posted online on a nearly daily basis — has driven morale at the company to new lows.
On Thursday, hackers released the personal information of roughly 47,000 people, including that of actors Sylvester Stallone and Rebel Wilson, according to data-security consulting firm Identity Finder.
The hack could cost the studio tens of millions of dollars as it deals with rebuilding its computer network, paying a cyberforensics firm to investigate the breach and addressing legal liabilities. There are other potential costs associated with the loss of revenue associated with the pirating of five Sony Pictures movies.
Laura Martin, a senior media analyst for Needham & Co., said that the hack attack would put the entertainment industry on notice.
“This raises the risk to all of the studios,” Martin said. “There is no economic motivation for [hackers]. It is more about creating chaos.”
Times staff writers Richard Verrier, Yvonne Villarreal, Meg James and Josh Rottenberg contributed to this report.
From the Oscars to the Emmys.
Get the Envelope newsletter for exclusive awards season coverage, behind-the-scenes stories from the Envelope podcast and columnist Glenn Whipp’s must-read analysis.
You may occasionally receive promotional content from the Los Angeles Times.