Sony Pictures Entertainment attack (2014)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date Sony Pictures was made aware of the hack on 24 November 2014.[1] However, it is likely that the hackers had been granted physical access into Sony’s networks months before the malicious act happened.[2]
Suspected actor A group of hackers called “Guardians of Peace” (GOP). Following an FBI investigation, the US Government blamed the North Korean government as being the supporters of the malicious group.[3] Despite the FBI claimed to have several evidence linking the attack to the Northern Korean regime, no proof has been officially disclosed.[4] Officially, North Korea denied any involvement in the attack.[5]
Target Sony Pictures Entertainment (SPE) in New York
Target systems Microsoft Windows-based systems
Method The wiping malware was spread after being physically introduced into the Company´s networks. An executable “dropper” installed itself as a windows service once executed. The malware used Microsoft Windows’ own management and network file sharing features to propagate and shut down network services.[6] Once propagated into the system, the Trojan-Wiper created a link between Sony’s network and the hackers, who were able to steal protected information as well as destroy data on the infected systems.
Purpose The hackers were taking retaliatory action for Sony's failure to meet a previous demand to halt the release of “The Interview”, a then-upcoming satirical movie published by Sony Pictures.[7] The movie depicted a CIA assassination attempt against Kim Jong-un, the North Korean Supreme Leader.[8]
Result Leaking of not-yet-released films and scripts – theft of employees’ personal information such as social security numbers, medical records; disclosure of salary lists and sensitive email correspondences. Moreover, Sony had to cease all online activity, severing their network’s connection and going offline for days.
Aftermath On 19 December 2014 President Obama claimed that the US would respond “proportionally” against these attacks and, in particular, against the North Korean government.[9] The attack not only damaged the company’s employees and families, but also undermined the economic and social prosperity of the US citizens.[10] The US Government may have retaliated in response to the malicious activity against Sony. In particular, attacks on its own critical infrastructures were claimed by the People´s Republic of Korea to have been conducted by the US. On December 22 and 23, North Korea´s internet temporarily blacked out.[11] If these events and attributions are true, this would mark the first time that the United States has been known to react against a cyber-attack on American soil.[12]
Analysed in Scenario 05: Criminal investigation

Collected by: Samuele De Tomas Colatin

  1. DE Sanger, DD Kirkpatrick, N Perlroth, “The World Once Laughed at North Korean Cyberpower. No More”, (15 October 2017), New York Times.
  2. DE Sanger, N Perlroth, “U.S. Said to Find North Korea Ordered Cyberattack on Sony”, (17 December 2014), New York Times. “At Sony, investigators are looking into the possibility that the attackers had inside help. Embedded in the malicious code were the names of Sony servers and administrative credentials that allowed the malware to spread across Sony’s network. “It’s clear that they already had access to Sony’s network before the attack,” said Jaime Blasco, a researcher at AlienVault, a cybersecurity consulting firm.
  3. O Laughland, D Rushe, “Sony cyber attack linked to North Korean government hackers, FBI says”, (19 December 2014), The Guardian.
  4. FBI National Press Office, “Update on Sony Investigation”, (19 December 2014), FBI website.
  5. Associated Press, “North Korea: Sony hack a righteous deed but we didn't do it”, (7 December 2014), The Guardian.
  6. S Gallagher, “Inside the “wiper” malware that brought Sony Pictures to its knees”, (4 December 2014), Ars Technica.
  7. J Boorstin, “The Sony hack: One year later”, (24 November, 2015), CNBC.
  8. R Brandom, “The malware that took down Sony was written in Korean”, (4 December 2014), The Verge.
  9. DE Sanger, MS Schmidt, N Perlroth, “Obama Vows a Response to Cyberattack on Sony”, (19 December 2014), The New York Times.
  10. E Perez, J Sciutto, J Diamond, “Obama: Sony 'made a mistake'”, (19 December 2014), CNN. "We cannot have a society in which some dictators someplace can start imposing censorship here in the United States because if somebody is able to intimidate us out of releasing a satirical movie, imagine what they start doing once they see a documentary that they don't like or news reports that they don't like," Obama said. "That's not who we are. That's not what America is about."
  11. F Chambers, L Crossley, A Klausner, “North Korea's internet is shut down AGAIN after losing connectivity for nine hours yesterday”, (23 December 2014), MailOnline.
  12. J Kim, “North Korea blames U.S. for Internet outages, calls Obama 'monkey'”, (28 December 2014), Reuters.