Question

Case Two: Sony’s Response to North Korea’s Cyberattack

On November 24, 2014, employees of Sony Pictures Entertainment booted up their computers to find an image of a skull along with a message from a group calling itself the Guardians of Peace. The message read: “We’ve already warned you and this is just the beginning. We’ve obtained all your internal data including your secrets and top secrets [which will be released] if you don’t obey us.”

As Sony would eventually discover, the hackers had stolen reams of sensitive data, including the Social Security numbers of 47,000 current and former employees, system passwords, salary lists, contracts, and even copies of some Sony employees’ passports. The hackers accessed hundreds of Outlook mailboxes as well as Sony IT audit documents. They also stole media files and placed pirated copies of five of Sony’s movies on illegal file-sharing servers. Sony was forced to completely shut down its information systems in an attempt to stem the data breach. Ultimately, Sony would determine that the damage done by the hackers was far more extensive than it first believed. Not only had data been stolen, but 75 percent of the company’s servers had been destroyed and several internal data centers had been wiped clean.

Contacted within hours of the event, the FBI soon identified the culprit. In June, several months before the hack, North Korea’s Ministry of Foreign Affairs had declared that it would take “a decisive and merciless countermeasure” if the U.S. government did not prevent the planned release of Sony’s motion picture The Interview, which features two reporters who venture to North Korea to interview and assassinate the country’s dictator, Kim Jong-un. In the film, the main character, initially won over by the dictator’s apparent kindness, discovers that the tyrant is lying about the country’s prosperity and freedoms. The plot, along with the movie’s unflattering portrayal of the dictator as ruthless and childish, had caught the attention of the North Korean government.

The U.S. government disclosed that it had proof that the North Koreans had made good on their threat. The U.S. National Security Agency (NSA) had reportedly penetrated the North Korean cyberwarfare unit four years prior to the attack and had been monitoring its capabilities since then. After Sony alerted the FBI of the attack, the NSA was able to trace the attack back to North Korea, using a digital fingerprint the hackers had left in the malware. Several weeks after the attack, FBI Director James Comey, revealed in a speech that the Sony hackers had been sloppy. “We could see that the IP [Internet protocol] addresses that were being used to post and to send the emails were coming fromIPs that were exclusively used by the North Koreans.”

The hackers warned Sony not to release The Interview, and then on December 16, the group issued a message threatening large terrorist attacks on theaters that showed the film. The National Organization of Theatre Owners contacted the Department of Homeland Security for information and advice. The FBI and NSA released a bulletin explaining that they had no credible information about a plan to attack theaters, but they could neither confirm nor deny whether the hackers had the ability to launch such an attack. Shortly after the bulletin was released, the four largest U.S. theater chains withdrew their requests to show the movie—Carmike Cinemas first, followed by Regal Entertainment, AMC Entertainment, and Cinemark. Within hours, Sony announced that it had canceled the film’s release. White House officials, Hollywood personalities, and the media were aghast. Comedian Jimmy Kimmel tweeted that the decision by the major theater chains to refuse to screen The Interview was “an un-American act of cowardice that validates terrorist actions and sets a terrifying precedent.”

On December 19, President Obama addressed the issue publicly: “Sony is a corporation. It suffered significant damage. There were threats against its employees. I’m sympathetic to the concerns that they faced. Having said all that, yes, I think they made a mistake.” Obama explained, “We cannot have a society in which some dictator in some place can start imposing censorship in the United States.” The president’s remarks highlighted the seriousness of the incident to the American public, many of whom came to view the incident as an attack on the freedom of expression.

In response to Obama’s comments, Sony officials released a statement later the same day: “Let us be clear—the only decision that we have made with respect to release of the film was not to release it on Christmas Day in theaters, after the theater owners declined to show it.... After that decision, we immediately began actively surveying alternatives to enable us to release the movie on a different platform. It is still our hope that anyone who wants to see this movie will get the opportunity to do so.”

In fact, on Christmas Day, the planned release day in the theater, The Interview became available through video on- demand outlets such as Amazon.com, and within less than a month, the movie had brought in over $40 million in revenue. Approximately 6 million viewers had rented or purchased the movie in this way. Several hundred movie theaters that opted to screen the movie generated another $6 million. Over the next two months, Sony also released the movie on Netflix, on DVD and Blu-Ray, and in theaters in other countries.

Meanwhile, Sony has worked to recover from the damage done to the company itself by the hack. Sony Pictures’ parent company, which is based in Japan, asked regulators there for an extension to file its third-quarter financial results. It also fired executive Amy Pascal whose leaked emails contained derogatory remarks about Hollywood producers and the U.S. president’s movie preferences. The company also provided one year of free credit protection services to current and former employees.

In February 2015, President Obama held the first-ever White House summit on cyber security issues in Silicon Valley. The summit was billed as an attempt to deal with the increasing vulnerability of U.S. companies to cyber attacks— including those backed by foreign governments. However, the chief executives of Microsoft, Google, Facebook, and Yahoo all refused to attend the summit. Those companies have long advocated for the government to stop its practice of collecting and using private data to track terrorist and criminal activities and have worked to find better ways to encrypt the data of their customers. However, U.S. security agencies have continually pressured the IT giants to keep the data as unencrypted as possible to facilitate the government’s law enforcement work. Ultimately, both the government and private businesses will need to find a way to work together to meet two contradictory needs—the country’s need to make itself less vulnerable to cyber attacks while at the same time protecting itself from potential real-world violence.

Critical Thinking Questions:

1. Do you think that Sony’s response to the attack was appropriate? Why or why not?
2. What might Sony and the U.S. government done differently to discourage future such attacks on other U.S. organizations?
3. Are there measures that organizations and the U.S. government can take together to prevent both real-world terrorist violence and cyber attacks?

Answer 1

1. Do you think Sony’s response to the attack was appropriate? Why or why not?

Sony was correct in taking the action that they took, because they did not know they did not know the extent of the terrorist attack that North Korea was going to impose on the theaters, they could have set bombs off around the country, or did some type of other massive attack on the country. But reading between the lines Sony released a statement saying they would not release it in the movie theaters, so they played it smart and streamed the movie thru video on demand, and one of the ways was with Amazon.com, viewers also rented the movie and there were theaters that did show the movie. It was also released on Netflix, DVD’s and Blu-Ray and in theaters in other countries.

2. What might Sony and the U.S. government done differently to discourage future, such attacks on other U.S. organizations?

There is nothing anyone can do to prevent cyber-attacks and terrorist threats. They should implement a layered security solution to make computer break ins extremely difficult that if an attacker gets through one layer there will be more layers to get thru and eventually they hacker will give up.

Outsourcing their network security operations to a managed security provider, they will monitor, mange, and maintain computer and network securities for organizations. Some of the managed security service provider even provides vulnerability scanning and Web blocking and filtering capabilities.

Organizations need to implement strategies, policy updated technology that allows them to be

aware of breaches when they are happening, then can they mitigate them.

Teamwork by creating multi-agency groups Arizona has formed a Cyber Threat Response Alliance to analyze attacks. This alliance includes the FBI, Homeland Security and an academic institution with an understanding of the kind of barriers that may slow down coordinated responses to cyber-attacks. The New Jersey Cybersecurity and Communications Integration Cell have focused on information sharing around cyber-threats.

Employee training state and local have developed a process called security awareness training. Making employees aware of mistakes that can lead to an intrusion or an attack or inadvertently allow certain types of fraud.

Insurance it helps to cover the cost of investigating the attack, and notify individuals impacted by the breach and recovering the theft of government funds. It is an added benefit of shoring up their defenses.

3. Are there measures that organization’s and the U.S. government can take together to prevent both real-world terrorist violence and cyber-attacks?

Implementing a corporate firewall, which is a software and sometimes hardware combined to guard between an organization’s internal network and the Internet and limits network access compared to the company’s accessibility policy. Companies set up limits on their computers for suspicious incoming traffic blocking certain sites that have sex and violence, also block instant messaging newsgroups and other inappropriate activity.

Implementing a next generation firewall hardware or software, network security system that can detect and revert sophisticated attacks by means of filtering the traffic using the packet contents. It goes deeper and inspects payload of packets and match sequences of bytes for harmful activities, known and unknown vulnerabilities, exploit attacks, viruses, and malware.

Utilizing a security dashboard the purpose is to reduce the effort required to monitor and identify threats in time to take action. This is a software that provides a comprehensive display of vital data related to an organization’s security defense, which includes threats, exposures, policy compliance and incident alerts.

Sony was correct in taking the action that they took, because they did not know they did not know the extent of the terrorist attack that North Korea was going to impose on the theaters, they could have set of bombs, did a mass shooting. But reading between the lines Sony released a statement saying they would not release it in the movie theaters, so they played it smart and streamed the movie thru video on demand, and one of the ways was with Amazon.com, viewers also rented the movie and there were theaters that did show the movie. It was also released on Netflix, DVD’s and Blu-Ray and in theaters in other countries.

There is nothing anyone can do to prevent cyber attacks.

****Please please please LIKE THIS ANSWER, so that I can get a small benefit, Please****