1) In November 2014, Sony Pictures Entertainment experienced a major cyberattack that compromised their computer systems. Hackers posted unreleased movies and stole confidential data, including personal employee information.
2) The attack was unprecedented in its scale, leaking over 38 million files. It severely damaged Sony's brand and put their security practices under scrutiny.
3) The timing of the attack was in relation to Sony's upcoming comedy film The Interview, which depicted the assassination of North Korean leader Kim Jong-un. While North Korea's involvement is still debated, the hackers claimed to be acting to stop the release of the film.
Analysis of Sony Corp.
To get a copy of this report, share your views about the document with your email id in Comments section... I keep on updating my presentations and documents. To ensure that you don't miss any update or new uploads don't forget to press the "FOLLOW" and "LIKE" button. You can also mail me at manigarg21@gmail.com
Two large corporations have been crippled by recent information security breaches. It may not be hard to quantify the losses in terms of lost revenue and profits but what will be hard to quantify are the losses to reputation. Cited as two of the most damaging cyber-attacks on corporate America, this presentation looks at what went wrong and what could have been done to prevent these situations.
(ISM202) Sony Pictures' Rapid Recovery Solution for Disaster Recovery and Bus...Amazon Web Services
This session will discuss the solution used by Sony Pictures Entertainment to achieve rapid business continuity in digital media delivery and secure IT services. The combination of AWS infrastructure, Amazon Workspaces, and Aspera application software allowed Sony Pictures Entertainment to restore file transfer business services in less than one day and give business users and administrators secure access to infrastructure. Details include: An overview of the software and AWS infrastructure architecture used on day one and through expansion of the service; statistics for media transfer volumes and delivery times achieved; use cases for VDI secure access and associated controls; an overview of the longer-term hybrid architecture using the cloud solution as a cost-effective disaster recovery/secondary complement to Sony’s on-premise capabilities; and business benefits, practical challenges, and best practices learned in the process.
Analysis of Sony Corp.
To get a copy of this report, share your views about the document with your email id in Comments section... I keep on updating my presentations and documents. To ensure that you don't miss any update or new uploads don't forget to press the "FOLLOW" and "LIKE" button. You can also mail me at manigarg21@gmail.com
Two large corporations have been crippled by recent information security breaches. It may not be hard to quantify the losses in terms of lost revenue and profits but what will be hard to quantify are the losses to reputation. Cited as two of the most damaging cyber-attacks on corporate America, this presentation looks at what went wrong and what could have been done to prevent these situations.
(ISM202) Sony Pictures' Rapid Recovery Solution for Disaster Recovery and Bus...Amazon Web Services
This session will discuss the solution used by Sony Pictures Entertainment to achieve rapid business continuity in digital media delivery and secure IT services. The combination of AWS infrastructure, Amazon Workspaces, and Aspera application software allowed Sony Pictures Entertainment to restore file transfer business services in less than one day and give business users and administrators secure access to infrastructure. Details include: An overview of the software and AWS infrastructure architecture used on day one and through expansion of the service; statistics for media transfer volumes and delivery times achieved; use cases for VDI secure access and associated controls; an overview of the longer-term hybrid architecture using the cloud solution as a cost-effective disaster recovery/secondary complement to Sony’s on-premise capabilities; and business benefits, practical challenges, and best practices learned in the process.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
Secretary Johnson called the attack on Sony Pictures Entertainment “an attack on our freedom of expression and way of life.” In this MMW session, we dissect Destover malware, responsible for more than 100 terabytes of stolen data from Sony Pictures Entertainment.
Added bonus: MMW Watch List of 2014
We will summarize the “most wanted” of the year 2014, including Backoff, the POS malware, and Zberp, the financial Trojan.
Successful Outsourcing Transitions Webinar PresentationNeo Group Inc
- What is transition management and why is it important.
- What are the common challenges to a successful outsourcing transition and how to mitigate those risks.
- What are the key components of a successful outsourcing transition and how to plan and execute each stage.
On November 24 2014 Sony Pictures Entertainment found out .pdfaabdin101
On November 24, 2014, Sony Pictures Entertainment found out it had been hacked. The hackers
were able to penetrate Sony systems and networks and take over 100 terabytes of company
information, including trade secrets, email, and personnel records. Several Sony Twitter accounts
were also taken over. The hackers then installed on Sonys computers a piece of malware called
Wiper, which erased data from the companys servers and PCs. Investigators concluded that the
hackers spent more than two months, from mid-September to mid-November 2014, mapping
Sonys computer systems, identifying critical files, and planning how to destroy computers and
servers. The malware made many Sony employees computers inoperable and full recovery
difficult or impossible, slowing down company operations. Sony shut down its internal computer
network to prevent the data-wiping software from causing further damage, forcing many
employees to use paper and pen. Systems from which the company generates revenue, including
those involved with marketing and distributing films and TV shows, were the first to be restored.
The hackers, who called themselves the Guardians of Peace, released some of the stolen
information to the public and threatened to release more. That information included very
confidential and poten tially embarrassing tidbits about Sony staff; partners; Hollywood stars,
including Sylvester Stallone, director Judd Apatow, and Australian actress Rebel Wilson; and
President Obama. Confidential personal informa tion about employees such as names; addresses;
47,000 Social Security numbers; and financial details was also stolen. The personal data, along
with contracts and other sensitive Sony documents, were posted on file-sharing networks such as
Bit Torrent. The hackers also posted five Sony films to online file-sharing sites, including Brad Pitts
Fury and a remake of the musical Annie. These films had not yet been released, so the hackers
were essentially giving them away free before Sony could bring them to market. Sony quickly
organized internal staff to deal with this problem and contacted the FBI and the private security
firm FireEye to find ways to protect employees whose personal data had been exposed by the
hack, repair the damaged computers, and hunt down the hackers. The attack may have been
motivated in part by Sonys plans to release a film called The Interview about two bumbling TV
reporters trying to assassinate North Korean leader Kim Jong-un. North Korean officials had
previously expressed objections to the film at the United Nations. A December 16, 2014, message
from the Guardians of Peace threatened terrorist actions at theaters showing the film. Sony pulled
the film from theatrical release the next day, and a number of U.S. theater chains announced they
would not screen the film. U.S. government officials stated on December 17 that they believed the
North Korean government was involved with the Sony hack, pointing to North Korean hackers
previous us.
Case Study 2 On November 24 2014 Sony Pictures Entertainme.pdfaccuraprintengineers
Case Study 2 On November 24, 2014, Sony Pictures Entertainment found out it had been hacked.
The hackers were able to penetrate Sony systems and networks and take over 100 terabytes of
company information, including trade secrets, email, and personnel records. Several Sony Twitter
accounts were also taken over. The hackers then installed on Sonys computers a piece of
malware called Wiper, which erased data from the companys servers and PCs. Investigators
concluded that the hackers spent more than two months, from mid-September to mid-November
2014, mapping Sonys computer systems, identifying critical files, and planning how to destroy
computers and servers. The malware made many Sony employees computers inoperable and full
recovery difficult or impossible, slowing down company operations. Sony shut down its internal
computer network to prevent the data-wiping software from causing further damage, forcing many
employees to use paper and pen. Systems from which the company generates revenue, including
those involved with marketing and distributing films and TV shows, were the first to be restored.
The hackers, who called themselves the Guardians of Peace, released some of the stolen
information to the public and threatened to release more. That information included very
confidential and poten tially embarrassing tidbits about Sony staff; partners; Hollywood stars,
including Sylvester Stallone, director Judd Apatow, and Australian actress Rebel Wilson; and
President Obama. Confidential personal informa tion about employees such as names; addresses;
47,000 Social Security numbers; and financial details was also stolen. The personal data, along
with contracts and other sensitive Sony documents, were posted on file-sharing networks such as
Bit Torrent. The hackers also posted five Sony films to online file-sharing sites, including Brad Pitts
Fury and a remake of the musical Annie. These films had not yet been released, so the hackers
were essentially giving them away free before Sony could bring them to market. Sony quickly
organized internal staff to deal with this problem and contacted the FBI and the private security
firm FireEye to find ways to protect employees whose personal data had been exposed by the
hack, repair the damaged computers, and hunt down the hackers. The attack may have been
motivated in part by Sonys plans to release a film called The Interview about two bumbling TV
reporters trying to assassinate North Korean leader Kim Jong-un. North Korean officials had
previously expressed objections to the film at the United Nations. A December 16, 2014, message
from the Guardians of Peace threatened terrorist actions at theaters showing the film. Sony pulled
the film from theatrical release the next day, and a number of U.S. theater chains announced they
would not screen the film. U.S. government officials stated on December 17 that they believed the
North Korean government was involved with the Sony hack, pointing to North Korean hacker.
The Tech section in Forbes magazine reported that the crimi.pdfabyssiniaimpex1
The Tech section in Forbes magazine reported that the "criminals won" in the Sony pictures
breach. An anonymous threat posted on an obscure site warned that people who watch the to-
bereleased movie The Interview would be "doomed" to a "bitter fate" and recalled the tragic events
of September 11. The threat said that the movie inappropriately made light of North Korean
officials. As a result of the threat, five large theater chains in the United States and Canada
canceled plans to include the film on their screens. Ultimately, Sony had no choice but to cancel
the theater release of the film for reasons that are both economic and legal. The former was due to
a lack of revenue given the small number of remaining theaters that might go ahead and run the
film. The latter was driven by what would happen if an attack was carried out. A Steve Carell
project that featured North Korea was also canceled. The Guardian reported that a group named
the Guardians of Peace retaliated against Sony. They hacked into Sony's systems and stole over
100 terabytes of files, including unreleased movies, social security numbers for thousands of Sony
employees, and internal e-mails, some of which revealed embarrassing conversations between
Sony employees. The hackers began distributing the files in various locations online, making them
free for the taking. The officials of that government denied any involvement in the hack but said
that it might have been a "righteous deed" of those who support the government. North Korean
officials demanded some changes to the movie, including taming down a death scene of its leader.
Sony initially refused but then decided to go ahead and edit the scene. The movie eventually
opened without incident on a limited basis in some cinemas on Christmas Day and then was made
available via online rental. According to the Mirror in the United Kingdom, neither the Department
of Homeland Security nor the FBI could find evidence that the violence was a credible threat, but
the FBI believed NorthAccording to the Mirror in the United Kingdom, neither the Department of
Homeland Security nor the FBI could find evidence that the violence was a credible threat, but the
FBI believed North Korea was behind the hacking. In turn, North Korea claimed that the U.S.
government was responsible for creation of the movie. Discussion Questions 1. Setting aside the
political issues between North Korea and the United States, is there a reasonable way to respond
to an anonymous threat found on the Internet somewhere? What elements would you require
before canceling the film if you were CEO of Sony? If you were CEO of a chain of theaters? 2.
What cybersecurity controls would you recommend Sony use to provide better security for
unreleased digital films and e-mails? Be sure to include technology as well as organizational
controls. 3. If you were a hacker, what approach would you have used to break into Sony's
system? What do you think the most important SETA elements .
The Sony Pictures Entertainment Hack The Problem On .docxjoshua2345678
The Sony Pictures Entertainment Hack
The Problem
On November 24, 2014, a hacker group called the “Guardians of Peace” or
GOP successfully attacked Sony Pictures Entertainment (www.sonypictures.com;
SPE). The attackers obtained personally identifiable information about 47,000
current and former SPE employees and their dependents. These materials included
numerous sensitive e-mails among top SPE executives concerning actors, financial
deals, and creative disagreements; executive salaries; and complete copies of
unreleased Sony films. The information included names, addresses, social security
numbers, driver's license numbers, passport numbers, bank account information,
credit card information used for corporate travel and expenses, usernames and
passwords, and compensation and other employment-related information. The
hackers claimed to have stolen more than 100 terabytes of data from SPE.
The GOP initially released the most damaging information over the Internet.
This information consisted of digital copies of SPE films that had been released (e.g.,
Fury) or were yet to be released (e.g., Annie). In addition, the attackers announced
they would continue to release more interesting SPE information.
Although the specific motives for the attack had not been revealed as of mid-
2016, the hack has been linked to the planned release of the SPE film The Interview.
In this movie, producers of a tabloid television show learn that North Korea's leader,
Kim Jong Un, is a big fan of the show, and they set up an interview with him. While
the show's team is preparing for the interview, the CIA recruits them to assassinate
Kim Jong Un.
Prior to the Sony hack, North Korean officials had expressed concerns about
the film to the United Nations. The officials stated that “to allow the production and
distribution of such a film on the assassination of an incumbent head of a sovereign
state should be regarded as the most undisguised sponsoring of terrorism as well as
an act of war.”
On December 16, 2014, the GOP mentioned The Interview by name, and they
threatened to take terrorist actions against the film's New York City premiere at
Sunshine Cinema on December 18. The GOP also threatened similar actions on the
film's America-wide release date of December 25 (Christmas).
On December 18, two messages allegedly from the GOP appeared. The first
claimed that the GOP would not release any further information if SPE agreed not to
release The Interview and to remove it completely from the Internet. The second
http://www.sonypictures.com/
stated that SPE had “suffered enough” and it could release the film, but only if Kim
Jong Un's death scene was not “too happy.”
In the aftermath of the attack, the studio was forced to use fax machines, to
communicate through hard-copy posted messages, and to pay its employees with
paper checks. Employees worked with pen and paper, and shops located on Sony
property accepted only cash.
.
Introduction of Data Breach
Data Breach Occur Through
Countries Most Affected
The Anatomy of a Data Breach
Timeline of Events
Who is Responsible
Sony Pictures Entertainment Hack
Costs
Prevention
References
(Sony) Risk assignment final high profile security breach of Sony’s Playstat...James Dellinger
This report will explore the high profile security breach of Sony’s Playstation Network (PSN) that led to millions of users’ personal and financial information being exposed. Focus will be placed on what occurred in the aftermath, analysing Sony’s response.
Marketing Analysis Report For Sony Pictures Entertainment HollyFaust1
This analysis report evaluates the current financial standings of both Sony Pictures Entertainment and its parent company Sony as well as Sony Pictures’ standing amongst its competition. This report also addresses Sony Pictures’ current product issues with the Spider-Man: Homecoming series and its place within the Marvel Cinematic Universe based on its relationship with Walt Disney Studios. It will address the need to expand on the Spider-Man Universe and what that looks like for the future of the company.
Business Strategic management relating to lawBhavna Nirban
Sony, a conglomerate based in Tokyo, Japan, has a diversified business portfolio made of electronics, gaming, entertainment products and financial services.
In the 1990s, home video cameras were wildly popular. Improvements in film quality and manufacturing made them available to an even broader market. Seeing this as an opportunity and a huge market, SONY launched a camera with some unique and extra features including NightShots.
Unsurprisingly, the camera opened up a bundle of legal problems and privacy issues.
The near-infrared camera, with the right white lighting conditions, would reflect light through clothing directly to the skin and bounce it back to the camera, illuminating a naked form.
Reports came in of men hiding cameras under towels while at the pool and various theme parks. Then they sold those photos on their websites which lead to cybercrime issues.
Sony immediately announced a recall of 700,000 cameras. It was the largest recall in company history.
These problems not only harm personal privacy of humans but also create a sense of insecurity in the minds of people which violates one’s personal right to life and liberty under Article 21 of the Constitution of India.
a. Disclosure secret information known.Recent security incident .pdfanupamele
a. Disclosure: secret information known.
Recent security incident i.e. let us consider Sony system hacking. On November 24, 2014, a
hacker group which identified itself by the name \"Guardians of Peace\" (GOP) leaked a release
of confidential data from the film studio Sony Pictures Entertainment. The data included
personal information about Sony Pictures employees and their families, e-mails between
employees, information about executive salaries at the company, copies of then-unreleased Sony
films, and other information.
After hacking they disclose the information i.e complete story regarding the upcoming movie in
internet(James Bond sereies).
b. Disruption: problems which interrupt an event, activity, or process.
Servers may be taken down completely, data wiped and digital intellectual property released on
the internet by attackers. Victim organisations could be hounded by media inquiries for response
and status, and government reaction and statements may increase the visibility and chaos of the
attack.
Like this type massive attack I never seen. But recently some hackers enters into college
websites and stole the information from that sites then after they swiped it out.
I never think these were easily preventable.
Solution
a. Disclosure: secret information known.
Recent security incident i.e. let us consider Sony system hacking. On November 24, 2014, a
hacker group which identified itself by the name \"Guardians of Peace\" (GOP) leaked a release
of confidential data from the film studio Sony Pictures Entertainment. The data included
personal information about Sony Pictures employees and their families, e-mails between
employees, information about executive salaries at the company, copies of then-unreleased Sony
films, and other information.
After hacking they disclose the information i.e complete story regarding the upcoming movie in
internet(James Bond sereies).
b. Disruption: problems which interrupt an event, activity, or process.
Servers may be taken down completely, data wiped and digital intellectual property released on
the internet by attackers. Victim organisations could be hounded by media inquiries for response
and status, and government reaction and statements may increase the visibility and chaos of the
attack.
Like this type massive attack I never seen. But recently some hackers enters into college
websites and stole the information from that sites then after they swiped it out.
I never think these were easily preventable..
iPads a Distant Reality In Indian Healthcare : Kapil Khandelwal, www.kapilkha...Kapil Khandelwal (KK)
My fortnightly column, A Dose of IT discusses on the adoption of iPads in Indian healthcare
Kapil Khandelwal
QuoteUnquote with KK
www.kapilkhandelwal.com
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdfamcointernationaljam
On April 19, 2011, system administrators at Sony's On April 22, Sony informed the FBI of the
potential online gaming service PlayStation Network (PSN), with massive data leakage. On April
26, Sony notified the 40 over 77 million users, began to notice suspicious activity states that have
legislation requiring corporations to on some of its 130 servers spread across the globe and
announce their data breaches (there is no similar federal 50 software programs. The PlayStation
Network is used law at this time), and made a public announcement that by Sony game machine
owners to play against one hackers had stolen some personal information from all another, chat
online, and watch video streamed over the 77 million users, and possibly credit card information
internet. The largest single data breach in Internet from 12 million users. Sony did not know
exactly what On April 20, Sony engineers discovered that some The hackers corrupted Sony's
servers, causing them to history was taking place. data had likely been transferred from its
servers to mysteriously reboot. The rogue program deleted all log outside computers. The nature
of the data transferred files to hide its operation. Once inside Sony's servers, the was not yet
known but it could have included credit card rogue software transferred personal and credit card
and personal information of PlayStation customers. information on millions of PlayStation
users, On May 2. Because of the uncertainty of the data loss, Sony shut. Sony shut down a
second service, Sony Online down its entire global PlayStation network when it real-
Entertainment, a San Diego-based subsidiary that makes ized it no longer controlled the personal
information multiplayer games for personal computers. Sony believed contained on these
servers.
The tocal Secy data frracb now sumben oner too of secutaly, whatener it wis, ther believe in wai
Aacker. Acoording to Song, hackers kel a lees file are kecion. Anorg moev is the thame of an
leierset collactive of hackites and wigilandes whose mocto is "We was Google' haman teiources
department. had attacked MasterCatd and ceher onchuary serven in the Purdon Whionity Ccoter
for Baducation and retaliation for curtina their financiel irlationihipi with Wesearch in
Iaformation Assurance and Secuiricy Widibeaks a Web site drvoted to releationg secret Amer-
(CE.R1AS). Gild the problem at Soay was that ele ican poverment filek. PlaySiation Netwek was
asing an oldcr verviot of Socy and cehers believe the hacktr atrack. which Apache Web server
loftware, which has well knoon follownd wecks of a denial-of iervice atiack on the same lecurity
iswes. In astition. Sony's Wob site had uet) Soey servers. was netaliation by Anogymoer for
Sony's poor fifen all pectection. He said the pecblemi wit civil seit a paint Gicoge flote, ooe of
the world's beit fepotied on an open foriam months before the incidetik x. known hackers. Holte
cracked the iFhnoe operationg US. Secret Servise agcet told the comminise thail.
Similar to Sony Pictures Entertainment Case A (20)
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
Sony Pictures Entertainment Case A
1. Sony Pictures Entertainment, Inc.:
A Cybersecurity Attack from North Korea (A)
Cyberattack
November 24, 2014 began like most other days for Michael Lynton, Chief Executive Officer of
Sony Pictures Entertainment. Upon arriving at the office, Lynton received a call from CFO
David Hendler informing Lynton that Sony’s cybersecurity had been compromised. Employees
started their computers that morning only to find disturbing images of Lynton’s severed head
appear on their screens. Shortly after, Sony shut down all computer systems worldwide, issuing
the following statement: “We are investigating an I.T. matter.” 1
The next day, four of the studio’s unreleased movies were posted on pirate Web sites.
The hackers also claimed to have stolen approximately 100 terabytes of internal data, including
personal and confidential information from thousands of Sony Pictures employees.2
Lynton and
Sony executives could not have predicted that in three short weeks, the digital attack would be at
the center of a global controversy. In total, eight leaks released an estimated 38 million files and
thousands of personal, damaging e-mails belonging to Sony Pictures executives.3
According to
investigators, the magnitude of the data published was simply unprecedented in U.S. corporate
history.
Sony Pictures soon found its brand identity under scrutiny, making headlines in all major
news sources. Rich Klein, partner at McLarty Associates advisory firm, called the event “an
international crisis, the cyberattack that put Americans’ vulnerability on display, a free speech
cause, an Oval Office gut-check, and a cautionary tale for the future of warfare.” 4
Entering the Motion Picture Entertainment Business
Sony Pictures is a United States based subsidiary of Sony Corporation. Sony Corporation was
established in 1946 and based in Tokyo, Japan.5
In 1960, Sony Corporation of America was
established in the United States and was listed on the New York Stock Exchange in 1970. Late
in the Twentieth Century, Sony had become one of the world’s leading consumer electronics
manufacturers.
In 1991, Sony acquired Columbia Pictures Entertainment and renamed it Sony Pictures
Entertainment, Inc., (SPE). In 2004, Michael Lynton joined SPE as Chairman and Chief
Executive Officer. That same year, Amy Pascal was promoted to Chairman of the Motion
Picture Group, and to Co-Chairman of SPE two years later. In 2006, SPE crossed the $1 billion
mark in domestic box-office receipts for the fifth year in a row.6
2. Sony pledged to operate SPE as independently as possible. The motion picture business
represents 10% of revenue for the parent corporation. Although SPE provides just a small
fraction of the company’s total income, the motion picture business bears Sony’s name, which
carries major implications for the Sony brand.
Size and Scope of Sony Motion Picture Entertainment
The entertainment division is one of the most profitable sectors of the company. Sony Motion
Pictures has retained profits between 4% and 7% in recent years, while the electronics divisions
have operated consistently in the red.7
In the fiscal year ending March 31, 2014, Sony Pictures
reported $8 billion in revenue.8
(See Appendix A).
Sony is a major player in the motion picture industry with 199 completed movies.9
Sony
Motion Pictures Entertainment retains an estimated 12.2% of market share, which can be
compared to 20th
Century Fox (17.3%), Buena Vista (15.6%), and Warner Bros (15.1%). In sum,
these four enterprises account for approximately 60% of the total market. Universal and
Paramount – other well-known players – both lag behind Sony with respect to market share.10
(See Appendix B for additional industry information.)
Technology Revolutionizes the Filmmaking Business
New video technology has revolutionized the way movies are made. Historically, 35mm film
was the standard for producing, distributing, and displaying motion pictures. This required the
physical film to be copied and distributed to theaters. In 2002, Star Wars: Episode II led the
charge as the first movie shot entirely on digital video.11
This helped inspire an entire digital
generation of producers and editors, offering cost savings in both time and money and flexibility
and simplicity in post-production edits.
Digital movies are essentially very large computer files that theaters are able to play on
as many movie screens as they desire. In years past, a theater was dependent on the number of
film reels that could be manually delivered to them. Now, via satellite delivery, theaters have
much greater flexibility, which affords the capability to match screen decisions to consumer
demand. In 2013, the Digital Cinema Distribution Coalition provided digital distribution
technologies to more than 1,200 theaters and 17,000 screens.12
While digital movie distribution has major benefits, it does not come without its drawbacks and
risks. Enhanced security protocols, such as encryption techniques, are necessary to help prevent
piracy. Distribution, a critical component of the movie industry, has also changed as a result,
requiring theaters to invest in new digital projection equipment. This investment represents a
large capital expenditure for theaters, costing as much as $70,000 per screen for a digital cinema
retrofit.13,14
Fortunately, studios and distributors have helped theaters offset such costs due to the
importance of digital distribution. Sony Pictures, for example, relies on exhibitors to generate
box office sales. The risk is assumed by exhibitors who choose to turn screens over to Sony and
rely on Sony to drive consumer demand and produce box office hits.
2
3. 2014: The Year of Cybersecurity Attacks
The digital age has led to a new era of crime and theft of corporate assets. Companies now store
important data such as corporate assets, company records, and customer information digitally.
This lends itself to the possibility that hackers could retrieve this valuable information if proper
security standards are not set and followed.
The year 2014 was popular for corporate data theft. Target, Snapchat, Forbes, Michael’s,
eBay, Home Depot, and USPS all suffered major data breaches. CNBC has estimated that over
one billion personal data records were compromised that year as a result of approximately 1,500
incidents. This is a 78% increase from 2013.15
Hackers were able to retrieve everything from
users’ e-mail messages, passwords, and credit card information, to employee data and phone
numbers.16
The cyberattacks were designed to access customers’ financial accounts, as well as
sensitive information that might allow identity theft. The Target hack, for example, resulted in
the online auction of 2 million credit cards, allowing hackers to steal some $53 million.17
Trends
in data hacking reveal that cybercriminals are shifting focus from short-term credit card theft to
long-term identity theft, which helps to create sustainable revenue streams.18
Sony’s Data Protection Controls
Security experts examining Sony’s malware discovered that the hackers were familiar with
Sony’s network long before the breach occurred. Evidence suggests that the attackers gained
control of Sony’s private cryptographic keys, which secured encrypted information. Control of
these keys allowed suspicious movements of data to go undetected.
Historically, Sony has been a popular target for hackers. In 2011, account information of
77 million Sony Playstation users was stolen.19
It was reported that Sony was threatened in
advance of this breach and failed to implement adequate safeguards to protect it,20
even though it
is a company’s responsibility to change their keys frequently, especially after notification of
vulnerabilities.
A class-action complaint was filed against Sony in response to the 2014 cyberattack. The
complaint alleges that, “Sony failed to secure its computer systems, servers, and databases
(‘Network’), despite weaknesses that it has known about for years . . . .” and, “Sony
subsequently failed to timely protect confidential information of its current and former
employees from law-breaking hackers . . . .” 21
The Interview: A Comedy
SPE was in the final preparations for launching The Interview to theaters nationwide when the
cyberattack occurred. The movie, a fictional comedic film depicting the attempted assassination
of North Korean leader Kim Jong-un, starred Seth Rogen and James Franco. It was directed by
Evan Goldberg and Seth Rogen. Sony invested $44 million in production, and the movie was
3
4. projected to bring in $90 million in revenue, based on a strong record of comedies starring Seth
Rogen.22
Sony embarked on a major marketing campaign prior to the movie’s winter premiere.
Advertising costs were estimated to reach nearly $30 million.23
Sony Corporation CEO Kazuo Hirai voiced concerns soon after learning about the film’s
plot because of Japan and North Korea’s tense bilateral relationship. Hirai sent formal demands
to Pascal and the team to change parts of the film after receiving warnings from North Korean
news agencies in June of 2014.24
Sony executives worked with government think tanks to talk about possible political
consequences. The company made some changes, such as using “Columbia Pictures” instead of
the Japanese Sony brand. Direct retribution from North Korea was simply not envisioned as a
credible threat.25
Various entertainment media reported that studio executives questioned
whether The Interview should refer to the real North Korean regime or, perhaps, a fictitious
dictator.26
After consulting with several experts, Lynton was told the film was safe to release.
The movie was set to premiere on Christmas Day, December 25, 2014, at all major
cinemas across the United States. The launch plan included premieres in 10 other countries
within the following eight weeks.27
(See Appendix C for the movie poster.)
North Korea’s Involvement
The Democratic People’s Republic of Korea is a rigidly authoritarian state that has been led by
the Kim family for more than 60 years.28
North Korea maintains strict government controls over
its citizens, including many that are thought to violate basic human rights. Draconian laws
involving severe punishment enforce citizen loyalty to the North Korean regime. Although
North Korea limits access to the Internet, the nation maintains a robust corps of computer
hackers.29
The North Korean regime chooses some of its best talent for cyberwarfare training
and allocates substantial resources to maintain and develop the program. “Cyberwarrior,” in
fact, is a highly coveted government position.30
North Korea’s reaction to The Interview reflects the unusually strict ideology of the
country. The movie parodied the country’s leader and his imagined assassination. The depiction
of Kim Jong-un and his dynasty as fallible – an impossible and frightening image to the regime –
likely helped to inspire calls for retribution.31
Credible, material evidence gathered following the
data breach indicates that the hackers engineered the attack to damage Sony’s computer systems
and to humiliate the company, thereby proving their loyalty to Kim Jong-un. This objective
differs from the majority of corporate hacks, which focus on financial gain.
On December 19th
, the United States government was able to confirm that the hack originated in
North Korea. Investigators found significant overlap between the digital fingerprints of the Sony
attack to other North Korean cyberattacks on South Korean banks. The U.S. stated that it
viewed the event as a “serious national security matter.” 32
4
5. The Aftermath of the Cyberattack
In the immediate aftermath of the cyberattack, Sony’s communication system was shut down.
Senior executives quickly implemented alternative communication networks at the company,
leveraging phone trees, notepads, and outdated cell phones. The compromised system at Sony
Pictures took weeks to restore. The hackers not only stole Sony’s data, but had completely
erased it.
The attackers threatened to leak Sony movies as well as thousands of internal documents
and the personal information of more than 47,000 people, including employees, freelancers, and
movie stars. They did not identify themselves or issue specific demands. Although it was
suspected that the hack was perpetrated by North Korean cybercriminals, officials of the DPRK
denied all allegations. This made it difficult to communicate details surrounding the attack to
employees and external parties.
The crisis-management team at Sony Pictures set up desks to help employees with credit
protection and fraud alerts. The team also set up new e-mail accounts and telephone numbers.
They were doing what they could to shift all digital systems back to traditional pen-and-paper
methods; however, it seemed to be too late. The hackers already had accessed all the data they
needed to irrevocably damage Sony’s reputation.
Leadership
Sony Corporation CEO Kazuo Hirai played a negligible media role during the attack, preferring
to place his confidence in Lynton and Pascal. However, Hirai claimed he signed off on all
external communication and decisions made with regards to the cyberattack.33
CEO Michael
Lynton, reserved and analytical, was forced to jump into the spotlight, shadowing Motion Picture
Chief, Amy Pascal, who had long been the “face of Sony Pictures.” Pascal’s credibility had
deteriorated after several of her e-mails surfaced on December 8th
and 10th
, which included
celebrity insults and racist comments involving President Obama. 34
Sony leadership promised employees that they would receive an e-mail outlining steps to
sign up for identity protection services. Two days after the promised e-mail, 47,426 unique
social security numbers and other personal information of more than 15,000 current and former
Sony employees were leaked.35
(Appendix D outlines details of this memo.)
Sony took a gamble when deciding how to respond to the cyberattack. Several
employees would later allege that Sony knew about the risks to its digital storage and the
geopolitical sensitivity of The Interview but chose to make decisions that were not in the best
interest of Sony employees.
5
6. In response to the allegations that Sony did not react well to the cyberattack, CEO
Michael Lynton said that he felt otherwise. He stated that his top priority was to make important
decisions quickly, saying, “You can’t be caught in the headlights doing nothing.” 36
Lynton
described the situation as difficult, with no playbook to follow.
Revenue at Stake as Theaters Cancel Film Showing
On December 15th
, the Guardians of Peace (#GOP) claimed responsibility for the Sony hack and
threatened major terrorist attacks on theaters showing the film. Theaters such as Regal
Entertainment Group, AMC Entertainment Holdings Inc., Cinemark Holdings Inc., and Carmike
Cinemas Inc., as a result, opted out of showing the movie, citing concerns for audience safety.37
The Department of Homeland Security said the #GOP’s threats lacked credibility. Due
to concerns over box office sales across the industry, theater operators encouraged Sony to delay
the opening. After Sony declined, the theaters announced they wouldn’t show The Interview
until the FBI completed its investigation.38
(Appendix E shows the effects of this decision on the
company’s stock price.) Shortly after this announcement, Sony Pictures decided to cancel its
planned release of The Interview, a last-minute decision unprecedented in the modern motion
picture industry. Entertainment industry sources estimated that damage to the studio and losses
incurred from shelving the release would top at least $100 million.39
As of Thursday, December
18th
, Sony had no plans to release the film in any capacity.40
Discussion Questions
1. How can Sony employ communication strategies to defend its public reputation and improve
employee morale?
2. What options are available to Sony to minimize revenue loss on The Interview?
3. Is Sony to blame for the cyberattack in the first place? Should the company take the blame?
4. If you were Sony Pictures CEO Michael Lynton, what actions, if any, would you have taken
when you first heard about the security breach?
Appendix A
6
10. Appendix D
Internal Memo
On the evening of December 2, 2014, sources reported that Sony CEO Michael Lynton and Co-
Chairman Amy Pascal at Sony sent an internal memo to 6,500 current employees that confirmed
that a “large amount of confidential Sony Pictures Entertainment data has been stolen by the
cyberattackers, including personnel information,” stated that “the privacy and security of our
employees are of real concern to us,” warned that “we are not yet sure of the full scope of
information that the attackers have or might release” and “unfortunately have to ask you to
assume that information about you in the possession of the company might be in their
possession,” and promised employees that they would receive an email on December 3, 2014
that outlined steps to sign up for identity protection services.
10
12. 1
Cieply, M., & Barnes, B. (2014, December 30). “Sony Cyberattack, First a Nuisance, Swiftly Grew Into a
Firestorm.” The New York Times. Retrieved from <http://www.nytimes.com/2014/12/31/business/media/sony-
attack-first-a-nuisance-swiftly-grew-into-a-firestorm-.html>
2
Seal, M. (2015, March). “An Exclusive Look at Sony’s Hacking Saga.” Vanity Fair (Online). Retrieved from
<http://www.vanityfair.com/hollywood/2015/02/sony-hacking-seth-rogen-evan-goldberg>
3
Johnson, K., Dorell, O., & Weise, E. (2014, December 18). “Official: North Korea Behind Sony Hack.” USA
Today. Retrieved from <http://www.usatoday.com/story/news/world/2014/12/17/north-korea-sony-hack/20558135/>
4
Seal, M. (2015, March). “An Exclusive Look at Sony’s Hacking Saga.” Vanity Fair (Online). Retrieved from
<http://www.vanityfair.com/hollywood/2015/02/sony-hacking-seth-rogen-evan-goldberg>
5
“Company History.” (n.d.). Sony Corporation Global Headquarters. Retrieved from <http://www.sony.net/
SonyInfo/CorporateInfo/History/history.html>
6
“Company History.” (n.d.). Sony Pictures. Retrieved from <http://www.sonypictures.com/corp/history.html>
7
Inagaki, K. (2015, January 19). “Sony’s Backers Focus on Bigger Picture After Cyber Attack.” Financial Times.
Retrieved from <http://www.ft.com/cms/s/0/3af3b790-97f2-11e4-84d4-00144feabdc0.html#axzz3XoHwAEBe>
8
“Sony: Consolidated Financial Statements For the Fiscal Year Ending March 2014.” (n.d.). Retrieved from
<http://www.sony.net/SonyInfo/IR/financial/fr/FY13_Consolidated_Financial_Statement.pdf>
9
“Sony Pictures.” (n.d.). Movie Insider. Retrieved from <http://www.movieinsider.com/c8/sony-pictures/>
10
“Box Office by Studio: Studio Market Share.” (n.d.). Box Office Mojo. Retrieved from
<http://www.boxofficemojo.com/studio/?view=company&view2=yearly&yr=2014&p=.htm>
11
Harris, T. (n.d.). “How Digital Cinema Works.” HowStuffWorks. Retrieved from <http://entertainment.howstuff
works.com/digital-cinema.htm>
12
Stewart, A. (2013, October 23). “Digital Cinema Distribution Coalition Flips the Switch on Theatrical Satellite
Service.” Variety (Online). Retrieved from <http://variety.com/2013/digital/news/digital-cinema-distribution-
coalition-flips-the-switch-on-theatrical-satellite-service-1200755429/>
13
Acharya, A., Hamilton, M., Head, T., Hosu, J., Sarma, H., & Torres, D. (n.d.). “The Evolution of Digital Cinema:
Executive Summary.” The Tuck School of Dartmouth. Retrieved from <http://faculty.tuck.dartmouth.edu/
images/uploads/faculty/ron-adner/Digital_Cinema_Exec_SummaryFinal.pdf>
14
Stewart, A. (2013, April 17). “Filmmakers Lament Extinction of Film Prints.” Variety (Online). Retrieved from
<http://variety.com/2013/film/news/film-jobs-decline-as-digital-distribution-gains-foothold-1200375732/>
15
Kharpal, A. (2015, February 12). “Year of the Hack? A Billion Records Compromised in 2014.” CNBC (Online).
Retrieved from <http://www.cnbc.com/id/102420088#>
16
Bitium. (2015, February 10). “The Biggest Data Breaches and Hacks of 2014.” Recode. Retrieved from
<http://recode.net/2015/02/10/the-biggest-data-breaches-and-hacks-of-2014/>
17
Gilbert, D. (2014, December 19). “Hackers Take Control in 2014.” International Business Times (Online).
Retrieved from <http://www.ibtimes.co.uk/hackers-take-control-2014-sony-pictures-anonymous-hacktivism-
fappening-snappening-regin-1480274>
References
12
13. 18
“Identity Theft: Evolving with Technology.” (n.d.) San Jose Police Department. Retrieved from
<https://www.sjpd.org/BFO/Community/Crimeprev/crimeprevention%20forms/Identitytheft.pdf>
19
Brustein, J. (2014, December 3). “Experts: Sony Hackers Were Inside The Company Network For A Long Time.”
Bloomberg (Online). Retrieved from <http://www.bloomberg.com/bw/articles/2014-12-03/sony-hackers-were-
inside-the-company-network-for-a-long-time>
20
“Class Action Complaint, Corona v. Sony Pictures Entertainment, Inc., CV09600.” (2014, December 15). Page
15. Retrieved from <http://www.aceds.org/wp-content/uploads/2014/12/Corona-and-Mathis-v.-Sony-Pictures-
Entertainment-12-15-14.pdf>
21
“Class Action Complaint, Corona v. Sony Pictures Entertainment, Inc., CV09600.” (2014, December 15). Page
2. Retrieved from <http://www.aceds.org/wp-content/uploads/2014/12/Corona-and-Mathis-v.-Sony-Pictures-
Entertainment-12-15-14.pdf>
22
Inagaki, K. (2015, January 19). “Sony’s Backers Focus on Bigger Picture After Cyberattack.” Financial Times
(Online). Retrieved from <http://www.ft.com/intl/cms/s/0/3af3b790-97f2-11e4-84d4-00144feabdc0.html#
axzz3Y444OMrD>
23
Reyes, M. (2014, December 23). “The Staggering Amount of Money Sony Could Lose On the Interview.” Cinema
Blend. Retrieved from <http://www.cinemablend.com/new/Staggering-Amount-Money-Sony-Could-Lose-Interview-
68751.html#comment-1750448701>
24
Seal, M. (2015, March). “An Exclusive Look at Sony’s Hacking Saga.” Vanity Fair (Online). Retrieved from
<http://www.vanityfair.com/hollywood/2015/02/sony-hacking-seth-rogen-evan-goldberg>
25
Fritz, B., Yadron, D., & Schwartzel, E. (2014, December 30). “Behind the Scenes at Sony as Hacking Crisis
Unfolded.” The Wall Street Journal (Online). Retrieved from <http://www.wsj.com/articles/behind-the-scenes-at-
sony-as-hacking-crisis-unfolded-1419985719>
26
Seal, M. (2015, March). “An Exclusive Look at Sony’s Hacking Saga.” Vanity Fair (Online). Retrieved from
<http://www.vanityfair.com/hollywood/2015/02/sony-hacking-seth-rogen-evan-goldberg>
27
Internet Movie Database. (n.d.). “The Interview.” Retrieved from
<http://www.imdb.com/title/tt2788710/?ref_=nv_sr_1>
28
U.S. Department of State. (n.d.) “Democratic People’s Republic of Korea: 2013 Human Right Report.” Retrieved
from <http://www.state.gov/j/drl/rls/hrrpt/humanrightsreport/index.htm?year=2013&dlid=220202#wrapper>
29
Fritz, B., Schwartzel, E., & Devlin, B. (2014, December 18). “Sony Pulls Korea Film 'The Interview;' U.S. Blames
Pyongyang for Hack.” Wall Street Journal (Online). Retrieved from <http://www.wsj.com/articles/sony-cancels-
release-of-the-interview-us-blames-pyongyang-for-hack-1418844906>
30
Kwaak, J. S. (2014, December 18). “Sony Hack Shines Light on North Korea's Cyber Attackers.” Wall Street
Journal (Online). Retrieved from <http://www.wsj.com/articles/sony-hack-shines-light-on-north-koreas-cyber-
attackers-1418877740>
31
Foweler, S. (2014, December 17). “Why North Korea Fears The Interview.” BBC (Online). Retrieved from
<http://www.bbc.com/culture/story/20141217-why-north-korea-fears-this-film>
32
Curran, J. (2015, January 12). “White House Sets Sanctions on North Korea for Sony Hack.” Cybersecurity Policy
Report. Retrieved from <http://search.proquest.com/docview/1648337932?accountid=12874>
13
14. 33
Inagaki, K. (2015, January 19). “Sony’s Backers Focus on Bigger Picture After Cyber Attack. Financial Times
(Online). Retrieved from <http://www.ft.com/intl/cms/s/0/3af3b790-97f2-11e4-84d4-00144feabdc0.html?
siteedition=intl#axzz3RNT92iUr>
34
Seal, M. (2015, March). “An Exclusive Look at Sony’s Hacking Saga.” Vanity Fair (Online). Retrieved from
<http://www.vanityfair.com/hollywood/2015/02/sony-hacking-seth-rogen-evan-goldberg>
35
“Class Action Complaint, Corona v. Sony Pictures Entertainment, Inc., CV09600.” (2014, December 15). Page 9.
Retrieved from <http://www.aceds.org/wp-content/uploads/2014/12/Corona-and-Mathis-v.-Sony-Pictures-
Entertainment-12-15-14.pdf>
36
Fritz, B., Yadron, D., & Schwartzel, E. (2014, December 30). “Behind the Scenes at Sony as Hacking Crisis
Unfolded.” Wall Street Journal (Online). Retrieved from <http://www.wsj.com/articles/behind-the-scenes-at-sony-
as-hacking-crisis-unfolded-1419985719>
37
Fritz, B., Schwartzel, E., & Devlin, B. (2014, December 18). “Sony Pulls Korea Film 'The Interview;' U.S. Blames
Pyongyang for Hack.” The Wall Street Journal (Online). Retrieved from <http://www.wsj.com/articles/sony-cancels-
release-of-the-interview-us-blames-pyongyang-for-hack-1418844906>
38
Ibid.
39
Richwine, L. (2014, December 9). “Cyber Attack Could Cost Sony Studio as Much as $100 million.” Reuters.
Retrieved from <http://www.reuters.com/article/2014/12/09/sony-cybersecurity-costs-idUSL1N0TT1YO20141209>
40
Alexander, B.; Mandell, A.; Weise, E. (2014), December 18). “No ‘Interview’ . . . on any platform.” USA Today.
<http://www.usatoday.com/story/tech/2014/12/17/sony-hack-the-interview/20519545/>
14