A few days prior to the Thanksgiving holiday, Sony employees discovered a threatening message as they logged onto their computers. The message, from the hacker group Guardians of Peace, also known as GOP, demanded that Sony cancel its scheduled release of The Interview, a film with a comedic plot involving an assassination attempt on North Korean leader Kim Jong-un.
Shortly after the grim message, personal information involving thousands of Sony employees, retired workers, and their families was released online. This breach not only included Social Security numbers, personal information, and private emails, but it also contained the alleged salaries of high-ranking Sony executives. To complicate things even further, five movies produced by Sony, including the yet-to-be-released Annie, appeared on various file-sharing websites.
In a statement during an interview with the Associated Press, Sony CEO, Michael Lynton said that the information security hack not only completely destroyed servers and computers, it also removed all of Sony's vital data. To date, given the extensive damage and disruption to business, Sony has taken its entire computer network offline.
An FBI Cyber Security Investigation Update
On December 19, 2014, an FBI update on the status of the cyber security investigation affecting Sony Pictures Entertainment was issued. Responsibility was claimed by the Guardians of Peace who issued additional threats against Sony, its employees, and theaters that partner with Sony for movie distribution [1].
Upon discovering the cyber attack, Sony immediately contacted the FBI for assistance. The FBI is still working closely with Sony and highly praised Sony as an excellent partner. The FBI strongly encourages any company facing a cyber attack to follow Sony's quick response in reaching out for help. These actions greatly helped in identifying the source and facilitating the investigations.
Given the extensive FBI investigation and its collaboration with other U.S. government departments and agencies, the FBI has a sufficient amount of information to state that the government of North Korea is responsible for this attack.
The FBI accusations are based on numerous things including encryption algorithms, specific lines of code, compromised networks, and data deletion methods, among others. Given the scope and notoriety of this breach, we believe this incident will become a case that is researched and talked about on the same scale as the one that Target fell victim to at the end of 2013.
Cyber Insurance Concerns
Though Sony has a cyber insurance policy that will cover them for the majority of the damages brought about during this hack, some are saying it may not be enough for the entire situation. Here we see another parallel between Sony and the Target breach. Large corporations may need to begin rethinking the scale at which they insure their enterprise’s IT infrastructure to accommodate the new cyber security climate that has evolved over the past two years.
References:
[1] http://www.fbi.gov/news/pressrel/press-releases/update-on-sony-investigation
