The Sony Pictures Entertainment Hack
The Problem
On November 24, 2014, a hacker group called the “Guardians of Peace” or
GOP successfully attacked Sony Pictures Entertainment (www.sonypictures.com;
SPE). The attackers obtained personally identifiable information about 47,000
current and former SPE employees and their dependents. These materials included
numerous sensitive e-mails among top SPE executives concerning actors, financial
deals, and creative disagreements; executive salaries; and complete copies of
unreleased Sony films. The information included names, addresses, social security
numbers, driver's license numbers, passport numbers, bank account information,
credit card information used for corporate travel and expenses, usernames and
passwords, and compensation and other employment-related information. The
hackers claimed to have stolen more than 100 terabytes of data from SPE.
The GOP initially released the most damaging information over the Internet.
This information consisted of digital copies of SPE films that had been released (e.g.,
Fury) or were yet to be released (e.g., Annie). In addition, the attackers announced
they would continue to release more interesting SPE information.
Although the specific motives for the attack had not been revealed as of mid-
2016, the hack has been linked to the planned release of the SPE film The Interview.
In this movie, producers of a tabloid television show learn that North Korea's leader,
Kim Jong Un, is a big fan of the show, and they set up an interview with him. While
the show's team is preparing for the interview, the CIA recruits them to assassinate
Kim Jong Un.
Prior to the Sony hack, North Korean officials had expressed concerns about
the film to the United Nations. The officials stated that “to allow the production and
distribution of such a film on the assassination of an incumbent head of a sovereign
state should be regarded as the most undisguised sponsoring of terrorism as well as
an act of war.”
On December 16, 2014, the GOP mentioned The Interview by name, and they
threatened to take terrorist actions against the film's New York City premiere at
Sunshine Cinema on December 18. The GOP also threatened similar actions on the
film's America-wide release date of December 25 (Christmas).
On December 18, two messages allegedly from the GOP appeared. The first
claimed that the GOP would not release any further information if SPE agreed not to
release The Interview and to remove it completely from the Internet. The second
http://www.sonypictures.com/
stated that SPE had “suffered enough” and it could release the film, but only if Kim
Jong Un's death scene was not “too happy.”
In the aftermath of the attack, the studio was forced to use fax machines, to
communicate through hard-copy posted messages, and to pay its employees with
paper checks. Employees worked with pen and paper, and shops located on Sony
property accepted only cash.
.
The Sony Pictures Entertainment Hack The Problem On .docx
1. The Sony Pictures Entertainment Hack
The Problem
On November 24, 2014, a hacker group called the “Guardians of
Peace” or
GOP successfully attacked Sony Pictures Entertainment
(www.sonypictures.com;
SPE). The attackers obtained personally identifiable information
about 47,000
current and former SPE employees and their dependents. These
materials included
numerous sensitive e-mails among top SPE executives
concerning actors, financial
deals, and creative disagreements; executive salaries; and
complete copies of
unreleased Sony films. The information included names,
addresses, social security
numbers, driver's license numbers, passport numbers, bank
account information,
credit card information used for corporate travel and expenses,
usernames and
passwords, and compensation and other employment-related
information. The
hackers claimed to have stolen more than 100 terabytes of data
from SPE.
The GOP initially released the most damaging information over
the Internet.
This information consisted of digital copies of SPE films that
had been released (e.g.,
2. Fury) or were yet to be released (e.g., Annie). In addition, the
attackers announced
they would continue to release more interesting SPE
information.
Although the specific motives for the attack had not been
revealed as of mid-
2016, the hack has been linked to the planned release of the SPE
film The Interview.
In this movie, producers of a tabloid television show learn that
North Korea's leader,
Kim Jong Un, is a big fan of the show, and they set up an
interview with him. While
the show's team is preparing for the interview, the CIA recruits
them to assassinate
Kim Jong Un.
Prior to the Sony hack, North Korean officials had expressed
concerns about
the film to the United Nations. The officials stated that “to
allow the production and
distribution of such a film on the assassination of an incumbent
head of a sovereign
state should be regarded as the most undisguised sponsoring of
terrorism as well as
an act of war.”
On December 16, 2014, the GOP mentioned The Interview by
name, and they
threatened to take terrorist actions against the film's New York
City premiere at
Sunshine Cinema on December 18. The GOP also threatened
similar actions on the
film's America-wide release date of December 25 (Christmas).
On December 18, two messages allegedly from the GOP
3. appeared. The first
claimed that the GOP would not release any further information
if SPE agreed not to
release The Interview and to remove it completely from the
Internet. The second
http://www.sonypictures.com/
stated that SPE had “suffered enough” and it could release the
film, but only if Kim
Jong Un's death scene was not “too happy.”
In the aftermath of the attack, the studio was forced to use fax
machines, to
communicate through hard-copy posted messages, and to pay its
employees with
paper checks. Employees worked with pen and paper, and shops
located on Sony
property accepted only cash.
The Law Enforcement Response
Meanwhile, the FBI launched an investigation into the incident.
In 2014, the
bureau announced it had connected the North Korean
government to the attack. The
FBI's statement was based on intelligence gathered during a
2010 U.S. hack of North
Korea's networks. In that action, the United States had tracked
the internal
operations of North Korean computers and networks. North
Korea responded to the
charges by denying any responsibility for the hack. Although
most of the speculation
about the attack has focused on North Korea, the authorities are
4. investigating
alternative scenarios, including the possibility that an SPE
employee or former
employee was involved.
The Sony Response
As a result of the attack, SPE shut down its entire network on
November 25,
2014, and pulled the theatrical release of The Interview on
December 17. Two days
later, President Obama labeled the attack as “cybervandalism”
and not an act of war.
He also charged that that Sony's decision to pull the film from
release rather than
defy the hackers was a mistake because the company appeared
to have capitulated
to the hackers' demands.
Following initial threats made towards theaters that showed The
Interview,
several cinema chains, including Carmike Cinemas, Bow Tie
Cinemas, Regal
Entertainment Group, AMC Theaters, and Cinemark Theaters,
announced they
would not screen the film. On December 23, 2014, SPE
authorized 300 largely
independent theaters to show the movie on Christmas Day. The
following day SPE
released The Interview to Google Play, Xbox Video, and
YouTube.
Sony defended its decision to pull the film by claiming they
were a blameless
victim. Specifically, because the attackers came from a foreign
government, they had
5. far more resources to attack than Sony had to defend. Therefore,
the studio
concluded that the attack was unstoppable. Significantly, both
the FBI and security
company FireEye acknowledged that the malicious software
used in the Sony hack
was “undetectable by industry standard antivirus software.”
At the same time, however, Sony apparently failed to employ
basic
information security countermeasures. For example, the
company's e-mail retention
policy left up to seven years of old, unencrypted messages on
company servers. Sony
was using e-mail for long-term storage of business records,
contracts, and
documents it saved in case of litigation. Also, sensitive
information—including user
names and passwords for IT administrators—was stored in
unencrypted
spreadsheets and Word files with names such as “Computer
Passwords.”
Sony has since implemented its “secure rebuild” information
security
strategy. The plan's fundamental idea is zero trust. Its
objectives are to keep
attackers from entering the company's networks, to prevent
them from accessing
information if they do get in, and to block them from stealing
information if they
actually manage to access it. Specifically:
6. network. The
remainder will be stored securely, encrypted, and cut off from
the Internet.
-mails will be archived after a few weeks. System
administrators will have
access only to areas required to do their jobs.
only preapproved
applications.
-step login (multifactor authentication)
procedures.
The Results
Beginning on December 22, 2014, North Korea experienced an
Internet
failure, for which the government blamed the United States,
identifying the
disruptions as an attack in retaliation for the SPE hack. The
U.S. government denied
any role in the disruptions.
Interestingly, North Korea's only Internet connections run
through servers in
China. Therefore, China could interdict any hacking attempts
originating in North
Korea. However, China and the United States are embroiled in a
dispute over
bilateral hacking, so it does not seem likely that China will
police North Korean
hacking attempts.
7. The SPE attack had serious repercussions for Sony, for the U.S.
government,
and for every organization. Consider the damage to SPE.
Analysts estimate that the
costs of the attack could exceed $150 million. Such costs
include business
disruption, loss of information and revenue, decreased customer
confidence, and
many others. However, the damage done to SPE's reputation
(via very sensitive e-
mails) could be incalculable.
In fact, several former SPE employees are suing the company
for failing to
adequately protect their personal data. (SPE offered one year of
free credit
monitoring and fraud protection to current and former
employees.) In July 2015,
seven cases were consolidated into a proposed class action
lawsuit in a Los Angeles
federal court.
In October 2015, Sony agreed to pay up to $10,000 to each
claimant for
identity theft losses and up to $1,000 each to cover the cost of
credit-fraud
protection services in connection with the cyberattack. The total
settlement was
expected to cost Sony approximately $8 million.
The U.S. government is faced with a serious problem. By
presidential
8. directive, the U.S. military has the responsibility to help protect
and defend the
nation's critical infrastructure, such as its power grid, banking
system, and
communications networks. However, U.S. and international
entertainment
companies are not part of that infrastructure. The question is: If
a foreign
government is attacking U.S. corporations, what is the federal
government's
responsibility? A related question is: If the U.S. government
had known of an
impending cyberattack on SPE, why didn't the government warn
SPE?
And the lessons to be learned? SPE's inability to protect its
information from
hackers serves as a reminder to corporations and individuals
that if you are
connected to the Internet, your information is simply not safe.
Further, no one
should commit anything on e-mail that he or she would not want
to see on the front
page of a newspaper. The likelihood of serious breaches is
increasing, as is the
damage these breaches can cause. Therefore, the time, effort,
and money that
organizations spend on information security needs to increase as
well.
One final note: In February 2016, cybersecurity companies
Kaspersky
(www.kaspersky.com) and Alienvault (www.alienvault.com)
announced that they
had found new evidence linking the SPE attack with ongoing
malware attacks
9. directed at South Korea. The security firms did not definitively
specify where the
attacks originated, but noted only that their evidence pointed to
a group operating
out of North Korea.
Sources: Compiled from A. Tarantola, “Study Links North
Korea to Sony Hack and Malware Campaign,” Engadget,
February 12,
2016; W. Ashford, “Sony $8M Breach Settlement Underlines
Need to Secure Personal Data,” Computer Weekly, October 22,
2015; P.
Elkind, “Inside the Hack of the Century,” Fortune, July 1, 2015;
N. Perlroth, “Jolted by Sony Hacking, Hollywood Is Embracing
Digital
Security,” The New York Times, March 30, 2015; W. Ashford,
“Sony Data Breach Claims First Scalp as Co-Chair Steps
Down,” Computer
Weekly, February 6, 2015; A. David, “Security Think Tank:
Sony Employee Lawsuit over Data Breach Marks Watershed
Moment,”
Computer Weekly, February, 2015; W. Ashford, “U.S. Blamed
North Korea for Sony Attack Based on Data from 2010 U.S.
Hack,” Computer
Weekly, January 20, 2015; “North Korea Slams ‘Hostile’ U.S.
Sanctions over Sony Cyber Attack,” Computer Weekly, January
5, 2015; M.
Fackler, “North Korea Accuses U.S. of Staging Internet
Failure,” The New York Times, December 27, 2014; “Sony
Hack: The Consequences
of Mocking Kim Jong Un,” The Week, December 26, 2014; B.
Barnes and M. Cieply, “Sony, in About-Face, Will Screen ‘The
Interview’ in a
Small Run,” The New York Times, December 23, 2014; M.
Williams, “Sony Looking for Ways to Distribute ‘The
Interview’ Online,” IDG
10. News Service, December 21, 2014; B. Tau, “Obama Calls Sony
Hack ‘Cybervandalism’ Not Act of War,” Washington Wire,
December 21,
2014; M. Elgan, “The Sony Pictures Hack Changes Everything,”
Baseline Magazine, December 19, 2014; A. Bacle, “White
House Is Treating
Sony Hack as ‘Serious National Security Matter,’”
Entertainment Weekly, December 18, 2014; D. Yadron, D.
Barrett, and J. Barnes, “U.S.
Struggles for Response to Sony Hack,” The Wall Street Journal,
December 18, 2014; E. Weise, “Experts: Sony Hackers ‘Have
Crossed the
http://www.kaspersky.com/
http://www.alienvault.com/
Line’,” USA Today, December 17, 2014; D. Sanger and N.
Perlroth, “U.S. Links North Korea to Sony Hacking,” The New
York Times,
December 17, 2014; M. Williams, “Sony Hackers Release More
Data, Promise ‘Christmas Gift’,” IDG News Service, December
14, 2014; B.
Child, “Hackers Demand Sony Cancel Release of Kim Jong-un-
Baiting Comedy,” The Guardian, December 9, 2014; W.
Ashford, “North
Korea Denies Sony Hack That Exposed 47,000 Personal
Records,” Computer Weekly, December 5, 2014; B. Fritz and D.
Yadron, “Sony
Hack Exposed Personal Data of Hollywood Stars,” The Wall
Street Journal, December 5, 2014; B. Barnes and N. Perlroth,
“Sony Pictures
and F.B.I. Widen Hack Inquiry,” The New York Times,
December 3, 2014; W. Ashford, “Films Leaked Online After
Sony Pictures Hack,”
Computer Weekly, December 1, 2014; “Sony's New Movies
11. Leak Online Following Hack Attack,” Variety, November 29,
2014;
www.sonypictures.com, accessed July 29, 2015.
http://www.sonypictures.com/
Disaster Recovery planning on Contingency planning project
A Best Practice for developing your Business Continuity Plan.
Plan Objectives
1.0 Scope of Plan
2.0 Plan Assumptions
3.0 Time Frames
4.0 Contingency Strategies
5.0 Disaster Definition
6.0 Plan Implementation Phases
7.0 Emergency Response Teams
8.0 Team Responsibility
9.0 Plan Administration
10.0 Procedures
Real time scenarios for Organizations
Sample Company
Business Contingency Plan
Last Revised:
I. Plan Overview and Definitions
II. Restoration by Functional Area
Restoration of other areas
I. Plan Overview and Definitions
II. Plan Assumptions
INSERT MAP HERE
Operating Structure
INSERT ORGANIZATION CHART(S) HERE
Processing or Data Center and Network Infrastructure
12. INSERT AS DETAIL DESCRIPTION OF TECHNOLOGY
INFRASTRUCTURE AS APPROPRIATE HERE.· Assignment
of Non-Essential Functions· Emergency Response Management·
Functional Area Recovery Management TeamsPeriodic Testing
and Plan Evaluation· Emergency Declaration Phase · Alternate
Site Activation Phase
INSERT DESCRIPTION OF EACH ADDITIONAL AREA AND
LEAD PERSON
INSERT LIST OF CRITICAL FUNCTIONAL AREAS
Category 2 - Essential Functionsare those functions that are
important, but which may be suspended for a period of time
(ranging from three to five days) without having a critical
impact on the business. Sample Company has defined Category
2 functions as follows:
Office applications such as word processing or spreadsheet
solutions
General Accounting (General Journal, General Ledger, Fixed
Assets)
INSERT OTHER FUNCTIONS AS APPROPRIATE
Category 3 - Necessary Functionsare important to the business,
but in the case of a catastrophic failure, could be suspended for
a period of time or restored after Category 1 and 2 functions are
operational. Sample Company has defined Category 3 functions
as follows:
INSERT OTHER FUNCTIONS AS APPROPRIATE
Category 4 - Desirable Functionsare those tasks that are a part
of day-to-day business, but could be performed manually, by
using personal computers not connected to the network, or
independently. Desirable functions can be suspended for more
than 30 days, without a significant economic impact on the
company. Sample Company has defined these as all other
functions of the business
INSERT DESIRABLE FUNCTIONS AS APPROPRIATEII.
Restoration by Functional Areas
13. INSERT DESCRIPTION HEREBackup Restoration Testing
INSERT DESCRIPTION OF BACKUP RESTORATION
PROCESS HEREManagement of Application MediaWorkstation
Standards
The user environment is composed of INSERT DESCRIPTION
based workstations from various vendors.Standard Workstation
Configuration
The Sample Company workstation configuration is subject to
change. The following is a current standard workstation
configuration for replacement in an emergency situation.
INSERT CURRENT STANDARD WORKSTATION
CONFIGURATIONPrinter Standards
INSERT CURRENT STANDARD PRINTER
CONFIGURATION(S) Power Requirements and
Protection
INSERT CURRENT STANDARD UPS
CONFIGURATION(S)Security
IT will restore all replacement units to provide for password
protection.Electronic Mail
In the event of a Level 3 failure of the Sample Company
electronic mail server, the ISP mail services provider will be
notified to hold mail until a backup server is restored.
In the event of a Level 4 failure of the Sample Company
electronic mail server, IT will “failover” to hosted services
provided by the ISP until such time as regular services are
restored.Restoration of [Insert Department Name(s)]
Staff Responsibilities – Assignments
INSERT RESPONSIBLE PERSONS AND ASSIGNMENTS
HERE
· Description of Operating Environment
· File Restoration Procedures for Core Applications
· File Restoration for User Work Files
· List of Required Forms Stored Off-Site
· List of Form Vendors for Reorders
· List of Employee Contact Information
· List of Key Contacts (Vendors, Suppliers, Customers)
14. · List of Critical Documents Stored at Primary Place of
BusinessREPEAT RESTORATION PROCEDURES FOR EACH
DEPARTMENT
End of Sample Business Contingency Plan