The 2014 Sony Hack Revisited

an enormous amount of data. This was one of the highest profile incidents of hacking in that decade, and it involves everything from political posturing to the studio of Sony waffling over whether or not it was actually going to

release a movie. So I thought we could revisit that story kind of walk through you to see what we know about it and what we suspect, or maybe it might be more accurate to say, you know, what is the official stance of the FBI, and what do other people think, and also what has happened since, including how the people accused of being behind the attack also stand accused of other cyber crimes. And I should point out that early on a lot of these details um around

the hack. I mean even now, they still remain unknown, or at least if they are known, the folks who know it are kind of keeping it to themselves. And you know, there's a lot of speculation out there, with conflicting accounts as to when things got started, why the hack happened, and who is behind the whole ding dang darn thing. There's even a suspect whom an entire country insists does not actually exist. So it's a legit mystery,

including conspiracy theories and enormous consequences. But let's begin with the morning of Monday, November twenty four, two thousand fourteen. Sony Pictures employees come in to go to work. Yeah, they boot up their machines and they see something that could have come straight out of a Sony Pictures film.

In fact, it feels like something straight out of the nineties movie A red Skeleton Cartoons skeleton appears on their computer screen, and then their computer speaker system plays the sounds of gun shots, and there's a message that pops up that says hacked by hashtag g O P. Now for Americans, that might have caused a little bit of confusion because here in America, GOP typically stands for Grand

Old Party. It's another name for the Republican Party, the one commonly associated with conservative political views here in the United States. But that was not the GOP behind this attack. This GOP stood for Guardians of Peace. As to who was behind that, well, it's obviously a big part of the mystery. There was a further bit to this message. It wasn't just hacked by hashtag g OP. It read quote, We've already warned you, and this is just a beginning.

We continue till our request be met. We've obtained all your internal data, including your secrets and top secrets. If you don't obey, us will release data below to the world. Determine what will you do? Till November two p m g MT End quote. Then there were data links to a list of the assets the hackers had stolen from Sony's systems. Employees found that pretty much every aspect of their network was inaccessible. Voicemail was offline, the telephone directory

in general was gone. There was no way to access the Internet, and even the cafeteria couldn't connect to credit card verification services, which meant all transactions had to be cash only that day, not just that day either. This lasted a while so never mind trying to access something off of Sony's servers. Before lunchtime, news of the hack had already broken online, with outlets like geek dot com

and Deadline reporting on it straight away. Sony employees found themselves unable to do any work or they had to switch to you know, like pen and paper or white boards in an old school approach to trying to to do anything productive in the face of a massive attack. In fact, when it was all said and done, Sony had to wait until February of twift to get systems back online, so you know, that's like more than a

month of the systems being down. They had to retire three thousand, two hundred sixty two employee PCs that's how of six thousand, seven nine seven total, so almost half of all computers had to be replaced, and had to do the same with eight hundred thirty seven out of one thousand, five hundred fifty five servers, so more than half of their servers had to be replaced. This is all according to a Vanity Fair article titled The Untold

Story of the Sony Hack by Richard Stingle. At the time of the hack, Stingle was actually working for US Secretary of State and had a direct connection as he was friends with the the then CEO of Sony Pictures. According to Sony itself, as reported by computer World, the hack represented a thirty five million dollar cost in I T repairs. That was the figure quoted for quote restoring our financial and I T systems end quote according to a Sony spokesperson, And that actually sounds low to me.

And of course there were other monitor are damages as well due to how the hackers would release much of that stolen information online. And then there's the damage to Sony's reputation, a rep that already had more than a little tarnish on it before the hack even happened. Meanwhile, the details of the attack included links that the hackers left behind two sites that showed off some of the data they had taken, So this was more of like a directory of what was stolen, with the actual data

itself to follow in the weeks to come. As it would turn out, the hackers who had infiltrated the system had been hard at work inside Sony's cyber walls for at least a few weeks at the point where they left this message, and some accounts suggest that the initial intrusion might have happened even more than a year in advance because of just the enormous amount of information that got siphoned away. But either way, this was not some sort of hasty message that was sent immediately after the

hackers got access to the system. Now, the hackers had clearly already copied a vast amount of information, which again depending on the account, ranged anywhere from forty gigabytes to around a hundred terra bytes or more, a truly astonishing amount of information. They also deleted files on Sony's systems and then they sent the message. So it's only after they had siphoned off the data and burned everything behind them that they tipped their hand that they were involved.

So yeah, this was the moment where the world at large learned about the attack, But again, it had clearly happened or at least started before November. In fact, this wasn't even the first attack on Sony's computer systems in and the company had a history of cybersecurity issues which did not make it look particularly strong. Let's go back to April of two thousand eleven, and don't worry, this bit is just a quick overview to set the stage, and this is going to focus not on Sony Pictures,

but another branch of Sony. So in two ten, there was a security hacker named George Hots, a k a. Geo Hot, and he became the target of Sony's ire after Geo Hot started working on a method to breach the PlayStation three consoles security in order to unlock the console so that you could do all sorts of different

stuff with it. You could hack it, in other words, and and really use that special hardware of the PS three to tackle specific types of computational problems, because the architecture of the PS three was very different from other consoles at the time. Sony brought some legal action against Hots, who had pointed out a pretty massive flaw in Sony's own security, and then Anonymous got involved. And you don't hear about Anonymous as much these days as used to.

But it's it's a loosely organized activist group and there's usually no identifiable leadership within the group itself, and members can have drastically different philosophies and approaches, So you can have like concerned activists to nihilistic anarchists in that same group.

Anonymous named Sony a prime target for hacking in response to how Sony was pursuing hots and what followed was a distributed denial of service or d d o S attack on Sony's PlayStation network servers, which interrupted service for millions of Sony PlayStation owners. Sony would actually end up taking the network offline entirely on April twenty while looking

for a way to counter the attacks. Later the world learned that a you know, leading up to Sony taking down the PlayStation network, hackers had actually infiltrated Sony systems and accessed a database containing user data for seventy seven million accounts, including people's names, their email addresses, their past words they're log in. There was a question about maybe their credit card information got leaked as well, something that Sony said did not happen. But this was just the

beginning of Sony's woes. Different groups of hackers, most of which were using fairly unsophisticated tools, attacked Sony Online Entertainment, Sony websites, and numerous other Sony sites and services, so they weren't necessarily coordinating with one another, but rather kind of all acting on an opportunity that presented itself. And this isn't to suggest that the people behind these attacks in eleven were linked to the ones we saw in fourteen, but rather to point out that Sony as a company

had truly atrocious cybersecurity systems and practices in place. This was in so you would think that after that experience of being hit by these attacks, that Sony would really beef up security considerably and make future attack its less likely. I mean, you would think that, but you'd be wrong.

According to multiple sources, Sony systems had poor password protection, like super poor like according to the Hollywood Reporter, some servers had passwords like Sony pictures, which you know, is not great, not super secure, And the fact that security was so poor meant that the list of possible perpetrators would be really, really big, big enough so that even when the FBI would announce a suspect that being hackers connected to North Korea, there was enough doubt among the

security community to raise questions about it. All right, so let's get back to our timeline. The Hollywood Reporter article titled five years Later, Who Really Hacked Sony includes the fact that, according to leaked internal emails at Sony, the company discovered an earlier breach inteen. That's the February one, and the keep in mind that the big hack, the one that we're really focused on in this episode, would

take place later that year in November. But in that February hack, there was a fear that the hackers managed to secure the credentials to get administrative control of a Sony Pictures system, potentially uploading malware into the system in the process, and as we just covered, Sony's security wasn't really up to code. Now, I tried to track down more information about this February two, fourteen hack and came

up empty. Now it's possible that this was something that Sony just tried to contain completely internally and it just never went beyond those internal emails. At any rate, it is very challenging to search for anything related to Sony and hacking that happened in that doesn't relate to the more notorious event that happened in November. However, there's one thing I do have to talk about that happened between February and November that does play into the story, and

that's the Interview. The Interview is a film. It's a comedy that was developed by Seth Rogan and Evan Goldberg about a TV journalist and his producer getting a gig to come to North Korea and interview the country's leader, Kim Jong Un. Only they are intercepted by members of the c i A who want to use this rare opportunity to assassinate Kim Jong Un, turning the vacuous Hollywood types into state backed assassins. Seth Rogan and James Franco

played the producer and the TV host, respectively. Randall Park a k agent, Jimmy Wou and the m c U played Kim Jong Un. The film went into production in two thousand thirteen with Sony Pictures behind it, and the release date was set for October of two thousand fourteen. So in the summer of two thousand fourteen, when the movie's publicity was starting to get all the ground, that's

when there were rumblings from North Korea. The media. North Korea condemned the film months before it was set to premiere, calling for Sony to not release it and even to just destroy the movie, and that the release of the movie would be considered an act of terrorism and war. Now, on the one hand, the Interview is a pretty dumb movie. It's it's not a hard hitting thriller. It doesn't say anything particularly insightful about North Korea or Kim Jong un.

But on the other hand, it's pretty darn taboo to make a fictional film about a planned assassination of a real world person who is very much still alive. I mean, it has been done, but it's a tricky thing to do. Honestly, I think if someone were to make a movie about trying to assassinate me, I'd take it a little personally. Sony pushed back the release of the film from October to Decen two thousand fourteen, the idea of being of releasing it on Christmas Day, and they also made some

changes to the movie. Now, whether these changes were meant as concessions to North Korea or not, I don't know, but there's a pretty solid story of the company easing back on the death scene of Kim Jong un. Spoiler alert. He does die in the movie. He gets blown to smithereens when his helicopter is hit with a shot from a Franco driven tank, and apparently in the version that they filmmakers originally created, that death scene was far more

graphic than it is in the finished film. Well, North Korean media was pushing rhetoric that suggested that release of the film would lead to disastrous consequences, and Sony pushed back the date but still planned to release the film. And then in November, the other shoe dropped, or at least it appeared too. I'll explain more after we take this break. Before the break, I said that the other

shoe appeared to drop. And the reason I used that wishy washy language is that when it comes to what happened, there's some stuff we can say for sure and some stuff we have to kind of guess at what. When it comes to the stuff we can say for sure, we can summari rise like this. You know, hackers definitely got access to Sony systems. They definitely stole information, and we know this because they later posted that information online,

frequently using Pastebin to do so. Pastebin is a plain text content hosting service, So you can post the code to something in plain text on a paste bind service, but you can't host you know, streaming media or you know, working files or anything like that. You could post the code to a file, but you wouldn't be able to, you know, have an execute he able file in pace bin format. So the hackers released lots of stuff over the weeks following the attack, much of which appeared to

be aimed specifically at harming Sony. More on that in a little bit as well. On November, just three days after the hack, someone in that hacker group made available five Sony films on online file sharing hubs, and they included four films that had not yet even been released to theaters, proving that this was part of the information stolen during the hack. The four unreleased films were Annie, Mr Turner, to Write Love on Her Arms and Still Alice.

The fifth film, Fury starring Brad Pitt, was already in its theatrical run at the time. The hackers also definitely wiped Sony systems, using legit tools to erase and overwrite data to make it extremely difficult to retrieve. Now, you probably know that when you delete a file from your hard drive, that information does not just magically disappear. It's not like it's gone. It's not like using in a

racer to erase away stuff you've written. The information is actually still there on your hard drive, at least until your hard drive overwrites the old data with new data. So essentially your hard drive flags the drive space where you're deleted files are, and it says this is fair game. So whenever we have to write new data, you can

do it here if you want to. But until the computer actually does write new information to that section of the hard drive, that data can sometimes be retrieved with tools like the ones that the hackers used, this process gets cut off, and that's because these tools they first delete data on a drive, then they overwrite the drives

with gibberish. So this is what you might use. If you wanted to wipe a personal computer before you sold it or traded it in or or recycled it or whatever, you would go through this process, and then you don't have to worry about whether or not you overlooked a folder that contained personal information in it, because this type of tool essentially nukes it from orbit, because it's the only way to be sure. So we know that someone gained access to Sony's systems, they stole an enormous amount

of information. They proved that they stole it by posting some of that online, and they wiped the infected computers after extricating the data. So let's talk about some of the actual data leaks now. The movies were probably the highest profile example of a data leak to a lot of people, right because people are really familiar with movies, so something like that happening, it's easy to take notice. There were also some screenplays of films that had not

yet gotten into production that got released. Those I would argue were probably one step lower than the finished films were. And then for folks in the film industry or for people who are really interested in the business side of filmmaking, what really stood out were the internal documents revealing things like people's salaries and personal emails between Sony employees and other folks, emails that frequently contained embarrassing or downright damaging information.

On December one, two thousand, fourteen files that detailed Sony salaries hit the internet. The top seventeen Sony executives had their salary information pre bonus that is leaked online. Other files had more than six thousand Sony employees, current and former, and their salary information, including other stuff like personal information that was personally identifiable information. Several media outlets published this information. At least the information about the executive salaries, and that

showed a pretty large disparity in the company. Like it was no real surprise, because I mean, it's kind of an open secret, but it was no real surprise that the white men in the executive area of Sony, we're making substantially more money than people of any other designation than white male. Right, Like that was top tier was

white male. This, by the way, would lead some people like Richard Stingle to criticize the media, and the criticism mostly centers on the fact that there was a dangerous story here about hacking and cybersecurity that was in need of addressing. Like the focus in Stingles might need to be on the hackers and what they had done and the extent of their crime and the serious nature of that crime, but the media was focusing on illegally obtained

information that made Sony look bad. Now to that, I say, I understand where you're coming from, and absolutely it would be good to spend more time to focus on the ramafic cations of cybersecurity. That is a conversation that is not held often enough and never with enough sincerity or gravity.

But we also know that you know what kind of content drives clicks, Right, if you write about cybersecurity, you're going to get a fraction of the number of clicks that you're going to get if you wrote about how certain male executives were making way more money than their female counterparts, for example. And ultimately, media is a business,

so you kind of see where that's going to go. Right, It's no surprise that media companies are going to really focus on the stuff that drives traffic, because ultimately that's

what drives revenue. Sony leadership went into damage control, with Sony chiefs Amy Pascal and Michael Linton sending out a memo urging patients and understanding among Sony employees, saying, you know, calm down, chill out, it will be okay, and the two states that the hackers had taken a large amount of information and that it was pretty safe to assume that any information about the employees themselves could have been a part of all that, and that if Sony had

information about you as an employee, there was a really good chance that the hackers had that info at this point. So I think this was a clear effort to get ahead of problems like people finding out how much they were paid compared to their peers, which could definitely promote some uncomfortable discussions if they were to turn out that

salaries weren't equitable across the board. Also to kind of alert employees like, hey, you might have to pay very special attention to things like your credit report now because your personal information, including stuff like social Security numbers, is now in the hands of hackers who are making it freely available. So even if the hackers don't do anything with your data, they're making it freely available for other

cyber criminals to make use of that data. By December third, another dump caught headlines, and this data dump included stuff like scans of visas and passports of people who are working on various Sony films, so even more personal information. This also included some notable celebrities like Angelina Jolie. There were also documents that include the user names and passwords for the accounts of several Sony executives. But one thing that got wide circulation was a collection of Sony employees

takes on the works of a Mr. Adam Sandler. Turns out a lot of Sony employees have a low opinion of Adam Sandler's art and it was stories like these that received far more media coverage than the actual attacks, because again, juicy, right, watching Hollywood eat its own is something that the media thought was very entertaining and would drive a lot of engagement. Then again, you could argue that there wasn't a whole lot you would say about

the attacks other than you know they had happened. While some people had been circulating the theory that it was North Korea behind it all, even in the early stages, there were there were no smoking guns that you could

point to. Rather, there was a suspicion because of the timing, along with the upcoming release of the film the Interview, and the reaction of North Korea's media to the idea of the film the interviews, So while people were mentioning North Korea, there wasn't any definitive evidence yet to kind of lean on. In fact, on December three, Sony issued a statement that said a report that North Korea was

behind the attack was not accurate. On December five, someone claiming to be the Guardians of Peace sent a threatening message to Sony employees, and on the eighth, someone claiming to be that same group posted a message on a file sharing site that said sony was to quote stop immediately showing the movie of terrorism, which can break regional

peace and cause the war end quote. But this message says that the previous one on the fifth was written by someone else, someone who was not affiliated with the group, and the plot thickens. In the meantime, North Korea media states that the North Korean government played no part in the attack, but does call out the attack as a quote righteous deed end quote. So, in other words, their statement is, hey, we didn't do it, but whoever did

is aces in our book. On December nine, the hackers dumped a huge number of Amy Pascal's email correspondence online. This dump included some stuff that was particularly embarrassing for the studio, such as an exchange between Pascal and producer Scott Rudin, who called Angelina Jolie quote a minimally talented, spoiled brat end quote. The following day, more emails between Pascal and Rudin emerged, showing the two joking about what

President Obama's films might be. And those were jokes that were at best racially insensitive, which is a gentle way of putting it. I have some other thoughts but I'll reserve them. I should add that Ruden earned a reputation as a real piece of work. In fact, just earlier this year, in one he was essentially forced to resign from Broadway League after numerous people were stepping forward to you know, accuse him of engaging in abusive, violent behavior.

Hecked Wall Street Journal said he would brag about burning through one nineteen personal assistants in five years. Anyway, this is the kind of juicy stuff that media companies go gaga for, and clearly I am no exception to that. By December twelve, people discovered that the hackers had posted documents that included Sony employee medical records. Some of the details include not just the Sony employees, but their families.

The media, for once did not go bunkers and start publishing those documents, which I guess is a small favor. Right On December, screenwriter and director Aaron Sorkin had an editorial piece published in The New York Times calling out the media for playing a part in helping the hackers. Sorkin's point was that the hackers committed the crime, but the media was disseminating the information to the public. On a scale that would not have been possible by the

hackers alone. That, in fact, the way the hackers were posting information was really challenging to sieve through. Your average person isn't just gonna troll through a paste bend site to read through mountains of text files to look for

something juicy. The media companies had folks like on staff or probably a lot of unpaid or barely paid interns, who were doing precisely that thing all day, and so Sorkin argued, the hackers saw their goals real lies, not through their own efforts, but because the media was taking care of all that, bringing more harm to Sony and the people who worked there, which is at least partly true. I think, honestly, I don't think we really have any

good guys in this story. Because we've got Sony, which was clearly the victim of an attack, but it was also a company that had a lot of skeletons in a lot of closets. Then you have the general media sensationalizing every revelation, and then you had the actual hackers who were responsible for the attack itself. It was kind of like a Tarantino movie. Everybody is at least to some degree a bad guy. On December sixte we got

a major development in the saga. The hackers presumably the hackers anyway, posted a threat stating that movie theaters that chose to screen The Interview would be targeted for attacks, likening the effort to the terrorist attacks. On September eleven, two thousand one, the Department of Homeland Security issued a statement saying that it had no credible evidence that any such attack was actually being planned or prepared, and so there wasn't any evidence to show that this was something

that was really going to happen. But Rogan and Franco canceled their promotional tour for The Interview, and movie theaters, including Big Chains, began to issue statements that they would not carry the film. Sony Pictures, seeing this quick response from theaters, makes the decision to postpone the release of

The Interview, essentially canceling its debut on Christmas Day. Now I should add this was really after movie theaters had already said they were not going to show the movie, But once Sony made this announcement, there was a huge backlash against the company, with people calling the studio to reverse its decision. But we gotta take a quick detour here, right, Okay, in the old days of the movie business, movie studios pretty much owned a piece of every part of the

movie making process. Us. I'm talking about everything from you know, the production studios that were shooting movies, to the companies that were actually producing Cellu Lloyd film to shoot on to chains of theaters to where you would show the film. But the US government broke all that up because it

was considered to be anti competitive and a monopoly. And so then movie theater companies were divorced from movie studios and they had more of a say of what films they would and would not show in their respective houses.

So Sony could reverse its decision, in fact, it ultimately did, but it couldn't force theaters to play the interview because Sony didn't own the theaters, and a lot of theaters just didn't want to take then the risk without you know, you know, and didn't become the company that potentially put audiences in mortal peril or were associated with that desire.

A few theaters still had plans to show the interview, but then, you know, Sony makes this decision, So then those theaters announced that they would instead screen a print of the film Team America World Police, which was made in two thousand four and which features Kim jong Il, Kim Jong UN's father as the antagonist of the movie. And if you're not familiar with Team America World Police, that was made by the creators of South Park, so

you probably get the gist of it. Anyway. Paramount Pictures released a statement that said it was not going to offer the film for redistribution, so it canceled those backup

plans as well. A couple of days later, President Obama said that Sony really made a mistake canceling the release of the film, And at this point, the general belief was that the hack was directed by North Korea and that capitulating to the demands was sending a bad international message, and Sony was kind of in a tight spot on

this one. Following that, there was an escalation and rhetoric between the United States government and North Korea, with the US calling on North Korea to compensate Sony for the losses that had suffered as a result of the attack. North Korea continue you to deny involvement, but it did extend an offer to help investigate the attack and both countries leveled some veiled and not so veiled threats against

each other. On December, Sony announced it was in fact going to release the interview on Christmas Day, both in any theater that wanted to show it, as well as video on demand. Sony got praise from the President for this decision. And then the movie comes out and no theaters are attacked, and for some media outlets, this was the end of the story. But we actually have a lot more to cover. But first we're gonna take another break. So the Guardians of Peace, who the heck were slash?

Are they? There were six messages signed as though they came from this group. One is generally thought to be from someone else, a journalist who sent a hoax message, and uh, you know, then, of course you have the instance of the one message from the Gardens of Piece that says a previous message was not written by them. So maybe we just have four official messages. But who sent them? Who was behind the attack? Different people have

different answers to that question, and they are contradictory answers. See, there are a few different theories as to who was behind the whole thing. Attribution is very hard with cybersecurity, it is much easier to get a handle on what damage was done than it is to definitively say this

is who was behind it. One story that tends to be pitched is that the attacks were not particularly sophisticated, largely because you know, Sony had such terrible security that it actually didn't require a state backed military hacker group to gain access, that it could have potentially been carried out by amateurs. And since one of the big theories was that it was a North Korea sponsored hacker group that was to blame, this would cast some doubt on

that particular story. After all, anyone could infiltrate this system, then there's no reason to suspect it was a really well equipped, well funded, and highly trained group of hackers that were to blame. But you get into some other elements, each of which makes the actual difficulty of pulling off the whole thing a little more steep if you assume

the attackers were not from North Korea. For one thing, a lot of the stuff posted from the raid included code that appeared to have been compiled on a machine running in the Korean language. Now, as many people have pointed out, that could just be a strategy to throw investigators off the scent. You could have said it to you know, the internal language of the computer to Korean as a smoke screen, and it could just be a red herring in order to shift the blame to North Korea.

Then there was the issue that some of the i P addresses so seated with posting stuff about the raid appeared to be originating from North Korea. And again you can fake that. You can use tools to hide your true i P address and substitute another one, and this is not really that hard to do, but it's also not exactly the sort of thing a really amateurish group

of hackers wouldn't necessarily think about. So my point is that if we use critical thinking, we see that the argument of anyone could have done this doesn't necessarily hold water, simply because it would require a bit more thought and effort put into it then a lot of folks would typically manage. Now that's not to say that the North Korea hypothesis is iron clad, but rather that dismissing it

out of hand is something we cannot do either. It's certainly a huge challenge to make off with that much data. If you're talking about actual terabytes of information? How do you get that off of Sony's serves and into your own grubby little hands without anyone noticing? Now, as I'm

sure you're aware, data transfer speeds hit a limit. Depending upon the nature of your connection, you could have a data throughput that would mean transferring a terrabyte could take several hours or more than a day, depending on those speeds. Higher bandwidth connections can do this a lot faster, but you're still talking about a ton of data from a lot of different Sony systems. This takes time. On top

of that. On the I T side over at Sony, these kinds of transfers could potentially raise some red flags if anyone is paying attention and I T admin could see that amount of data transferring out of the company, and they might have some questions, or they might at least look into it to see what the heck Sony is transferring and and to whom and why is that much information going to a single place or or a small group of IP addresses. Of course, it's possible that

no one even noticed, but another possibility. One the hypotheses that some people put forward is that the hack was at least in part an inside job. The story goes that there was some Sony employee or maybe a former employee, who had beef with the company. Maybe it was over salaries, maybe it was over work conditions, maybe it was a general culture issue or whatever. But this person then had a plan to help some hackers get access to a huge amount of data that could damage the company that

the employee hated oh so much. This narrative helps explain how the hackers might have gained access to data without anyone noticing, with someone perhaps literally transferring files onto drives inside Sony and then just smuggling those drives out rather than establishing some sort of external network connection with another computer. Then at some point the hackers introduced the tools to wipe those systems, which might have been done remotely or premises.

But that theory is a little iffy. I mean, it's it's certainly possible. I don't know if I would go so far as to say plausible. There were definitely Sony employees who had beef with Sony. Sony was going through layoffs in two thousand and fourteen, and morale at Sony was pretty low. But it's it's challenging to see how this kind of approach would also have hackers say, oh, let's throw the sent off and cast the blame on

North Korea. Um Also, one of the arguments that supports this is that the evidence that was dropped had a particular harm towards Sony and was targeted specifically at Sony, and that only people in the know in Hollywood would know to drop that specific information. That I think is a spurious argument because the information that was dropped was in huge, huge chunks of data, and yes, there was incredibly damaging stuff thrown in there, but it wasn't necessarily targeted, right.

It was more like the shotgun approach. Lots of little pellets, some of which are hitting the target, but it I don't know necessarily that the hackers had a deep appreciation for which bits of information have potentially the biggest punch. I think it was just that shotgun approach. Then there's the theory that the hacks orchestrator wanted to hurt Sony for financial gain, and this story says that the person

responsible maybe they wanted to short sell Sony stock. So that's when you borrow stock in a in a specific company from some other investor, you sell that stock at whatever the current market value is, and then you wait. Now you have to return the stocks you borrowed at some specific deadline, but what you're hoping is that the stock price will drop, So then you buy back the shares you borrowed, but you do so at a lower

price and you get to keep the difference. Anyway, that was another hypothesis as being thrown around, But the really big one, the main one, the one that the FBI pushed, was that North Korea directed a government funded hacker group to conduct these attacks, and some of the evidence seemed to point that way, such as the fact that, as I said, the code was definitely compiled on machines that were switched to the Korean language, and that some of

these IP addresses associated with the attack appeared to be from Korea. While some security experts questioned the reliability of the evidence cited by the FBI, the National Security Agency or an essay, said it had more ironclad evidence that supported the link to North Korea, but it was not able to publicize what evidence was due to concerns about national security, which then critics said was oh, isn't that convenient.

In two thousand eighteen, the U s Department of Justice charged a man named Park Jin Yolk, who was believed to be in North Korea, as being a responsible party in several hacking attacks, among them the attack on Sony. He was also charged with stealing more than eighty million dollars from a bank in Bangladesh and being partly responsible for the development and deployment of a famous piece of

ransomware called Wanna Cry. US officials said that a multi year investigation led to the discovery that Park was one of the hackers responsible for these attacks, and that he belonged to a North Korean backed hacker organization called the Lazarus Group. The officials said that Park had headed up a company in China that posed as a legit tech company, but it was in fact affront for this hacker group.

And from a code perspective, there seemed to be links to the Lazarus Group, which was known to repurpose bits of code in updated malware design, so they just would reuse certain bits of code, and that was one way that security researchers could say this either came from the Lazarus Group or it came from someone who was taking malware that was developed by the Lazarus Group and repurposing it, and that this this code dates back to two thousand

nine in some cases, which suggests that the Lazarus Group is kind of a long time actor in the hacking world. North Korea, I should point out, denies that Park even exists, But earlier this year, US federal prosecutors announced charges against Park and two other North Korean citizens, Jong Chung Yolk and Kim Ill with criminal conspiracy, conspiracy to commit wire fraud, and bank fraud. And again, this is about more than

just sony pictures. These charges include claims that the three set up fraudulent blockchain operations and defrauded targets of millions of dollars. There is zero chance that these men will ever have to face charges in the United States for their crimes, because the United States and North Korea do not have the sort of diplomatic relationship to extradite people from one country to the other to stand trial for crimes. That is just not where North Korea and the United

States are diplomatically, not by a long shot. So these charges are you know, they're formal charges, but they're also kind of paper threats because there's there's not any chance that these three will stand trial for those crimes, and so we're left with just the charges, and that is very weak evidence for a lot of people, right like it could just be they could argue it's a convenience and that we don't really have the full or real

story about who was behind the Sony hack. So it's one of those things that feeds into things like conspiracy theories, because when you have a lack of information, people will fill that gap in with speculation, and often they become more and more certain that that speculation is fact. As for me, I do not know who committed the Sony hack. I honestly don't know. I'm inclined to think it was

North Korea. But at the same time, I must honest and how clumsy the whole handling of it was it it is also it's it's simultaneously easy and hard to believe that it was North Korea. Um, but only because of the lack of sophistication and how the aftermaths of the attack was carried out. So I do not know, and I'm not gonna put my money down on any

particular party at this point. I hope one day we have a definitive answer and UH, and that we can see exactly how this was carried out, why it was carried out and UH, and more importantly, figure out how to prevent future attacks, largely by practicing better security hygiene. But that's it for this episode. Hope you enjoyed this. If you have suggestions for topics I should cover in future episodes of tech Stuff, please reach out to me. The handle on Twitter is text stuff h s W

and I'll talk to you again release it. Text Stuff is an I Heart Radio production. For more podcasts from I Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.