Movie Heist: Did North Korea Hack Sony Pictures?

Seth and James

Image courtesy of Sony Pictures

Movie Heist: Did North Korea Hack Sony Pictures?
| published December 2, 2014 |

By R. Alan Clanton
Thursday Review editor


The production, marketing and release of major motion pictures are monumentally costly undertakings. Many millions are spent—sometimes $25, $30, $40 million or more—just on filming, editing and talent. The studios have an expectation that these movies, once projected onto big screens across the world, will rake in at least a modest profit.

In fact, the business model has evolved so completely over the last two decades that few films reach the shooting stage without first being subjected to a long, grueling process of approval by the powers-that-be. In the corporate model which now dominates the movie industry, few films reach the theaters without first being carefully measured for their capacity to make money for the studio, the parent company, and the stockholders.

So when word of the massive theft at Sony Pictures—a hack job which resulted in a dozen movies being digitally offloaded in their entirety—hit the streets of Hollywood and New York, it sent a shudder through the spines of anyone and everyone who has ever worked in the film business. The data breach at Sony Pictures resulted in, among other things, a premature online release of the new movie Annie. Annie was not scheduled for theatrical release until close to Christmas. Now, by conservative estimates, the movie has already been downloaded half a million times since the security breach was discovered less than one week ago. In fact, Annie is being downloaded at the rate of 500 units per minute worldwide even as you read this article. By tomorrow, industry analysts suggest, Annie will be available—for free—to more than 2 million viewers.

Sony has enlisted the FBI, as well as the services of several expensive private security teams to analyze the breach and halt the digital hemorrhage. But for Annie, the damage may already be financially catastrophic.

But Annie was not exactly the true target, at least according to some theories. In one of those strange cases of life imitating art—or vice-versa (sometimes it’s hard to tell the difference which comes first)—and politics imitating comedy (think of Saturday Night Live’s uncanny parody of the failure of the health care website rollout)—North Korean hackers may, and we stress may, have been directly responsible for the security breach at Sony. The reason? Sony was weeks away from the release of a fictional comedic take on the political thriller called The Interview, a story in which two American guys—posing as amateur web journalists—are sent by the CIA across the DMZ into North Korea with the task of assassinating the North Korean leader, Kim Jong-un. The movie stars Seth Rogen and James Franco.

Sony Pictures has multiple teams of security clean-up crews fixing the damage caused by the breach. In addition to the theft of digital copies of entire motion pictures—at least five of which have already been downloaded millions of times within the last few days—the hackers also crashed most of Sony’s computer system, disrupting databases and making email delivery and receipt impossible. Sony has hired contractor Fire Eye’s “Mandiant” crew to repair the damage and get all systems back online, but it may take a few more days before all loopholes are closed and all network operations are back to normal. Sources inside Sony have revealed to some in the media that the security breach, in terms of cost and scale, may be bigger than last year’s Target hack, or this year’s massive Home Depot data breach.

Though law enforcement has not made any comment publicly on where it is looking, dozens of sources—both those with knowledge of the FBI and those with direct connections inside Sony—have indicated that the cyber-attack may have been retribution by North Korean techies in the service of Kim Jong-un, who has called the farcical movie “an act of war” and an “aggressive form of cultural attack.”

When the computer system crashed last week, employees at Sony say that most screens displayed a dark red skull with the words “hacked by #GOP.” And no, that’s not the Grand Old Party we think of generally as Republicans, but a group allegedly calling itself the “Guardians of Peace.” In the meantime, as thousands of people in the business world and the Hollywood movie industry have noted, emails sent to Sony Pictures employees are immediately bounced back. In the meantime, all Sony business is being conducted old school: by phone, by fax, or by Xerox machine.

Can North Korea claim victory on this attack? Neither the FBI nor other law enforcement agencies are commenting—at least in specific ways—but there have plenty of indications that U.S. agencies ae looking directly at North Korea as the perpetrator of the attack. According to several major news sources, law enforcement officials who are speaking off-the-record say that the Sony cyber-heist has Pyongyang’s thumbprints all over it. One can only assume that the damage is real and measurable, especially when calibrated by the revenue apparently lost because of films prematurely released online. Besides the new Annie, the other films apparently stolen in the breach include Mr. Turner and Fury. Fury, a war movie, directed by David Ayer and starring Brad Pitt and Shia LeBeouf, opened in theaters last month, but the illegal downloads of it also reached the thousands per hour as of this past weekend. According to the film website IMDb, Fury has already grossed about $82 million. But the illegal downloads may quickly suppress future profits.

Sony Pictures’ data breach would be the largest such single cyber-attack to hit a major motion picture studio.

North Korea has made no official comment on the brouhaha. But many in both the foreign policy arena, as well as the movie business, recall that the isolated country—which sits north of the demilitarized zone established by the United Nations at the end of military hostilities more than 50 years ago—was not amused by the thought of an American-made movie about the assassination of its dear leader, parody or otherwise. In June 2014, a spokesperson for the North Korean government declared that all North Koreans were being challenged to “mercilessly destroy anyone who dares hurt or harm the supreme leadership of the country…even one bit.” Serious words. Except that those who follow the daily narrative from Pyongyang know that such harsh language is par for the course, as it were.

Like its larger neighbor to its north and west (China), and like the rogue Iran, North Korea has established a specialized military unit whose sole purpose is cyber-warfare. This brigade of 1500 techies—dressed in army uniforms (unlike their counterparts in California in blue jeans and black t-shirts)—is tasked with engaging in digital battle, and it is empowered to ignore web etiquette and international law. In North Korea, this cyber-warrior battalion is called Unit 121. Some U.S. security experts have suggested that the Sony Pictures data breach has all the markings of an attack by the loyal shock troops of Unit 121.

Ironically, North Korea has one of the tiniest internet footprints in the world. By some estimates, less than one percent of its population has any internet access at all. Those with web access are either top military, high government officials, or those members of Unit 121—and even then web access is greatly limited and activities closely monitored. North Korea’s small internet footprint means that proof of its authorship or sponsorship of the attack will be difficult, and retaliation may be close to impossible.

North Korea has a tradition of being easily riled, and many experts say that if the data breach at Sony turns out to have its roots in Pyongyang, it may be an indication of more trouble for American companies in the future. North Korea has been the chief suspect in several cyber-attacks against banks and financial companies in South Korea in recent years, as well as in a major cyber-attack on South Korean television and radio broadcasters in 2013.

Security experts and law enforcement say that cyber-attacks and data heists are what crime will look like for the foreseeable future. Gone are the days of guys with guns hijacking trucks carrying reels of film, boxes of videotapes or stacks of CDs. In the place of this kind of strong arm crime is a new kind of criminal who uses the computer to steal digital data. Since much of the motion picture industry is moving toward fully digital production and editing processes, this means that the heist at Sony Pictures may be the first of many to come.


Related Thursday Review articles:

The End of the Film; R. Alan Clanton; Thursday Review; January 18, 2014.

Hackers Seek Your Hilton Rewards; Thursday Review staff; Thursday Review; November 7, 2014.