Computer servers used by Sony’s film studios were compromised for months as hackers examined, then stole, a trove of sensitive data related to the company’s employees and business transactions.
Documents examined by TheBlot Magazine reveal unidentified hackers had direct access to Sony’s corporate computer servers since at least July of this year. Some of the data was allegedly stolen using malicious software designed to infiltrate Sony’s computer network, while other data was taken after hackers compromised authentication tools — including hundreds of usernames and passwords — that granted access to Sony’s computers through conventional means, according to a source familiar with the matter.
In November, hackers calling themselves “Guardians of Peace” began releasing thousands of sensitive documents purportedly belonging to Sony executives and other high-level employees in response to the forthcoming release of “The Interview,” a crude comedy starring James Franco and Seth Rogen that parodies an assassination plot against North Korean leader Kim Jong-un.
Suspicion quickly fell on North Korea as the perpetrators of the cyberattack. North Korean diplomats denied any involvement in the compromise, though the country’s official state media called the attack a “righteous deed.”
On Wednesday, unnamed U.S. government officials confirmed to various news organizations that there was credible evidence to suggest North Korea instigated the attack against Sony, although officials left open the possibility that outside forces were directly responsible. Officials also considered the possibility that an insider at Sony may have knowingly or unwittingly provided hackers with access to Sony’s computer network.
“This was not the kind of attack where hackers grab whatever they can find,” a government official speaking on condition of anonymity told The Desk on Wednesday. “All indications so far is that the person or group behind the attack had a general sense of what they wanted and a pretty good idea on where to find it. And so, for that reason, we’re exploring the possibility that someone [at Sony] may have helped out here.”
The exact timeline of the cyber intrusion is unknown, but there are indications that hackers were able to access and collect data from Sony’s computer network since at least this summer.
An automated log from a tool that scans Sony’s computer network revealed the last successful connection to various servers was in mid-June, suggesting the log was captured around the same time. The log, which shows a “last access” date in early July, was just one document among thousands released by hackers since late November. A law enforcement source who asked not to be identified confirmed the authenticity of the log.
Investigators still haven’t pieced together an exact timeline detailing how long hackers had access to Sony’s computer network, the source said, but there is ample evidence to suggest the network was compromised for “an exceptionally long time.”
The attack has embarrassed Sony executives, some of whom were revealed to have made unflattering remarks about celebrities and other notable individuals when their corporate e-mails were leaked by hackers over the past few weeks. At an all-staff meeting on Monday, Sony’s chief executive apologized for the compromise, but remained steadfast that “hackers won’t take us down.” Hackers responded the following day by leaking the content of the executive’s e-mail account.
On Wednesday, more than a half-dozen movie-theater chains announced they would not screen “The Interview” on its scheduled Christmas Day release date. The announcement followed an online threat against movie theaters warning of a Sept. 11-style attack. Sony later said it would not release the film on Christmas and had no further plans to release the movie in theaters or on home video.
Matthew Keys is a contributing journalist for TheBlot Magazine.