Was It Worth All The Fuss?

Sony Water Tower

Image courtesy of AOL

Was It Worth All The Fuss?
| published December 26, 2014 |

By Thursday Review staff


It may be the worst movie to have ever received this much advance attention or publicity. And in the end, it may have been at the center of the costliest corporate data breach since the great Target retail hack of 2013. The movie has already been at the epicenter of the biggest computer security breach of a non-retail, non-bank entity.

Despite the shifting positions at Sony Pictures, The Interview, which stars Seth Rogen and James Franco, opened in select theaters across the U.S. on Christmas Eve and on Christmas Day. And after all the hoopla, the film turns out to be not that good—a lowball, slob comedy with lots of wasted time and few truly funny moments, that despite the generally reliable comic pairing of Franco and Rogen.

With less than a week before Christmas, Sony Pictures reversed its earlier decision to withdraw the premier of the movie amid widespread confusion and concern—from theater chains, from retailer associations and malls, some even from local law enforcement—that the safety of moviegoers and shoppers might be uncertain in the wake of vague threats of physical attack on certain theaters if the first showings of The Interview proceeded as planned.

First and second rounds of reviews—by both the movie-going public and the critics—seem to indicate, to put it gently, that The Interview is a less-than-first-rate comedy. Some reviewers say it is a first class stink bomb. Others suggest it merely falls a little short of traditional comic expectations.

One thing is certain: the movie surely could not have lived up to the outsized expectations generated from all the buzz, scandal and political upheaval. How many films get to have no less than the President of the United States offer an endorsement, even before the movie has been released?

But advocates of freedom of speech and freedom of expression, not to mention freedom of assembly, insist that there are larger issues at stake. Surely, The Interview was expected to be neither Citizen Kane, nor Schindler’s List, nor even The Spy Who Came in From the Cold. More like Austin Powers meets the Manchurian Candidate by way of Pineapple Express, even by the lights of the talk months before the Sony Pictures data breach. But when there is widespread agreement between Democrats and Republicans, conservatives and liberals, vegetarians and carnivores, Coke drinkers and Pepsi drinkers, then there must be something more important at work than whether, as one critic said, The Interview was a waste of both film and time.

For those who have been unconscious for the last month, The Interview is an action-comedy about two trash-TV journalists who are recruited by the CIA to assassinate North Korean leader Kim Jong-un. When word of the film’s screenplay reached Pyongyang early in 2014, the government there issued complaints that the movie would be an insult to North Korea and its leader. Bu then, as the release date approached in November (the movie was scheduled all along for a Christmas Day premier), hackers calling themselves Guardians of Peace (GoP), broke into the computer network at Sony Picture’s Culver City, California offices, whereupon the thieves helped themselves to digital, pre-release copies of several movies and copies of current films, stole files, spreadsheets and corporate data, harvested tens of thousands of emails and Outlook messages, and ransacked personnel files—swiping social security numbers, medical records, home addresses and cell phones, even the aliases sometimes used by actors when they make reservations at hotels or restaurants.

Within hours of the attack, millions of digital copies of the stolen movies were being uploaded all over the world, and a tsunami of salacious and inappropriate emails were being reported upon in the press. So much information was being disseminated and repeated in the media that high-powered attorney Stephen Boies, brought on board by Sony, issued a widely received letter and email demanding that news services and media outlets cease and desist from any further exploitation of stolen information, and insisting that any data held in reserve be destroyed or erased. By this point in the rapidly-evolving story, Sony was facing at least two lawsuits by former and current employees, whose lawyers have charged Sony with reckless and inadequate security of personal information. Days later, amidst vaguely-defined concerns regarding the safety of theater goers after the hackers warned of a 9/11 style attack, the movie’s premier was in doubt. Theater chains first began to decline scheduling the film—blaming Sony for inadequate promotion, support and publicity—and within hours Sony itself pulled the film. In the words of Rob Lowe, “everyone caved.”

That’s when President Obama weighed-in, calling Sony Picture’s decision to yank the film a mistake, and ruminating to reporters “I wished they’d called me first.” Within hours, Sony CEO Michael Lynton fired back, saying that press, the public, even the President, were mistaken in the sequence of events. Lynton blamed the theaters for the total collapse of the film. Theater chains fired back with their own missives, only minutes later: it was Sony Pictures that caved in by cancelling support (meaning: full-scale marketing, promotions, routine events, vendor support), and by asking theaters to agree to a blanket arrangement wherin Sony would not be held responsible for injuries or death. Some theater chains blamed the retail associations and mall owners, who in turn blamed inconsistent and unclear statements by law enforcement at every level. Even some homeowner and neighborhood associations weighed-in where malls were adjacent to residential areas.

Everyone caved, though in the merry-go-round of blame, everyone was held harmless. Outrage came from every direction: actor and director George Clooney, late-night talk show host Jimmy Kimmel, independent filmmaker Michael Moore, Republican National Committee chairman Reince Priebus. Lynton told CNN’s Fareed Zakaria that Sony had not caved in, and that it had always been Sony Pictures’ endgame to make sure the film reached audiences.

In the meantime, the FBI, the White House and the National Security Council—along with several independent and privately contracted cyber sleuth teams—had all reached the same conclusion: North Korea was behind the attack.

But now that the film has finally reached selected movie theaters, and now that the general opinion is that this motion picture is no award-winner—even for the lowball standards set for the slob comedy—what conclusions have really been drawn from a cyber-attack which may have been among the most costly in history?

For one, there is growing skepticism that North Korea acted alone on this one. Though the FBI, the White House, and the National Cybersecurity and Communications Integration Center (NCCIC) all concluded that there was ample evidence that Pyongyang’s so-called Brigade 121 was behind the attack, many computer experts and analysts are questioning North Korea’s ability to have pulled off such a complex and penetrative heist. If North Korea did act, then it must surely have had outside help—from China, for example, or from hackers in Russia, Thailand, Taiwan, or the Ukraine. And some have gone as far as to suggest that the real roots of the crime may be based more in previous cyber-assaults against Sony—cyber-attacks meant to disrupt Sony’s popular Playstation Network, including a widespread assault which wrecked the system in 2011. This contrarian view is based on the fact that some computer code analysts say that a hacker group calling itself The Lizard Squad has closer connections to Guardians of Peace than do any contacts in North Korea. Furthermore, both the LS and GoP have used some of the same language, terminology and hacker slang, and according to a report in Bloomberg, even cross-post on each other’s social media sites.  (Also, The Lizard Squad is taking credit for the latest shutdowns of both the Playstation and xBox platforms, two highly poplar gaming systems now on about the second day of widespread shutdowns or delays). 

Other security analysts point out that North Korea’s limited computer infrastructure and highly limited internet access make it a dubious conclusion to suggest that North Korea could have acted alone, if at all. Less than one percent of all North Koreans have internet access, and much of that access is carefully restricted. And only the 1600 members of North Korea’s cyber-military unit have anything close to what westerners would regard as modest access to the web, and then—according to intelligence reports—using computers that are hardly state-of-the-art.

But the prevailing view is that the investigators got their man. North Korea has launched major attacks before, and some of the most notable were last year’s cyber-assaults against banks and financial institutions in South Korea. A close analysis of the code used in the malware in the Sony Pictures attack shows much of the same coding language, in places, verbatim. And those close to the investigations into the Sony attack say that some of that same computer code has turned up in other partially-successful or unsuccessful attacks against U.S. companies during 2012 and 2013.

North Korea has steadfastly denied any involvement in the attack, but has—conversely—praised the assault as “a righteous deed.” In fact, state-controlled media reports in Pyongyang have made heroes of the attackers who penetrated Sony networks and wreaked havoc, while simultaneously claiming no responsibility. Analysts of the Pyongyang media narrative say that such disparities are common in the country’s official responses to such activities and events. Besides, U.S. authorities say, North Korea had previously warned that it would regard the release of The Interview as an act of war, and as such—the film’s sponsor, Sony Pictures, the fair target of any and all attacks. Such blustery talk is normal for Pyongyang, as are its attempts—sometimes clumsy, others time successful—to exact revenge.

Still, some computer analysts say that to place 100% of the blame at Pyongyang’s doorstep is too convenient and too pat. The sort of sleuthing required to fully understand and unravel this kind of cyber-attack, they say, is far too complex. Hackers often use circuitous routes to cover their tracks, and advanced hackers—such as the ones who broke into Sony Picture’s database in November—may have taken care to bounce the evidence of their attack around the globe many times over, perhaps through scores, if not hundreds, of servers and services in dozens of countries. Retracing those steps can be time-consuming and difficult, and fraught with problems—not the least of which is that the real perpetrators rarely act alone in an age when so many mercenary coders are out there in so many distant, far-flung locations.

“Gone are those good old days,” said a cyber-security expert who works for a major communications company with operations in Denver, “when law enforcement can just analyze some code, and then, draw a straight line from the point-of-entry to some teenager’s basement computer in Richmond, Virginia or Syracuse, New York. The new cyber terrorists know how to cover their tracks, and they socialize and chat online with like-minded hackers all over the world, in a thousand cities, using routers and servers in hundreds of places, and using code and bits of malware which has been borrowed or stolen from still other places, then patched together using improvised methods. By the time a hack has been executed there could be hundreds or thousands of accomplices.”

The expert we spoke to by email, who asked not to be identified for the purpose of this article, said that the image of those North Korean cyber soldiers sitting in one room in a bland building in Pyongyang—working nine to five trying to crack the Sony firewall—is misleading. “These attacks don’t work that way. The Target attack, Home Depot, even the previous attacks on Sony—none of these fit that oversimplified model.”

Sony is also being blamed by some cyber security analysts for their current disaster. Multiple previous hack attacks (including the Playstation disruptions of 2011), some experts suggest, should have given a clear warning to top Sony execs to upgrade their security and protection. But Sony, for reasons that are still unclear, chose to defer implementing a more robust security measures. Sony also experienced cyber intrusions earlier this year, and some law enforcement officials have told reporters that those known breaches were exploratory in nature. Again, Sony’s tech team reported the intrusions, but counter measures were never implemented. Worse, Sony may have left most of its valuable data in plain viewer all along. Coupled with what appears to be common knowledge by many Sony employees that its employer had ineffective cyber security in place, those lawsuits seeking to hold Sony Pictures accountable for stolen personnel data may prove even costlier than its loss of revenue for stolen films like Annie and Fury.

Meanwhile, film critics—those who have set aside issues of freedom of expression and international terror—seem fairly uniform in their conclusion: The Interview misses the mark, a comedy which turns out to be only rarely funny, and which makes no real Chaplinesque satiric statement about a country with the worst human rights record on the planet (behind even Cuba).

Related Thursday Review articles:

What Now For Sony Pictures?; R. Alan Clanton; Thursday Review; December 18, 2014.

Sony Pictures, Theaters: Everyone Caved; Thursday Review staff; December 20, 2014.