The Sony Pictures Entertainment Hack

and I are thickest thieves. Ben is one of those most valuable player types in her office who will jump in at a moment's notice to help folks out, even at the expense of his own sanity, which I don't value. So I'm happy to have him here. Thanks man, that might be the nicest thing you've ever said to me. It could be. Ben also had me on his show Stuff They Don't Want You To Know, to talk about today's topic, the Sony Hack, And at the time when we were recording, it was still in December and the

story was still unfolding. In fact, you could say that's still unfolding now, although the news has certainly slowed down significantly since the end of December. But we ended up talking about the story as far as we could at that point, and even made some predictions of our own,

some some theories of our own. So, uh, in order to return the favor, Ben's joined me for this episode so that we can revisit that topic, talk about the Sony hack, maybe talk a little bit about some of the information that came out after we had already recorded the episode, and uh, just kind of explain what happened and how it's different from some of the other big stories we've heard, Like you know, all the stories about the Sony PlayStation network at the Xbox Live network getting

brought down, those were done through direct denial of service attacks or distributed denial of service attacks, I should say, so they were just atributed denial of service attacks, which is really a brute force way of shutting up a server. Completely different in comparison to the original Sony hacks, wherein the various films were downloaded. But before we go any further, I just have to say I really appreciate what you're

saying here, Jonathan. I'm blushing. Thank god I grew this beard out so you can see it, and thank god as an audio podcast, but this is not entirely all truism on my part. I come here also as a representative of my co host Matt Frederick. UM, we had such a great time doing this two part episode on Sony for stuff they want, you know, and uh we we actually went back and listened to it because we liked some of the jokes that the three of us were doing. But we really wanted another crack at this

just because other information is emerged. UM, and listeners out there, if you do check out Jonathan's earlier appearance, UM, spoiler alert, some of those predictions that you and I made are not that far off. Yeah yeah, And in fact that again we don't We still don't have all the details. We still have some conflicting information out there, stuff that

conflicts with the theories we have. It still hasn't changed my theories yet, But I do acknowledge the fact that I the thing that I believe may not be true, and in fact is being said to be untrue by certain entities that go by three letter initialisms, like the FBI. Uh So, let's start at the beginning, A very good

place to start. On November that was the day that the Sony hack was revealed, and I say revealed because the extent of this hack, the incredible amount of information that was stolen as part of this hack was so huge as to require months of time toensic research. I mean, you're talking about the initial story we got and was that the the hackers responsible claim to have stolen one

terabytes of data. A terabyte of data is a huge amount, right, And if you're thinking of a hacker that's accessing a system remotely, so we're assuming that this person did not dress themselves up as a Sony employee infiltrate the company. If you're talking about remotely accessing this and siphoning off that data. Guys, you know, if you've ever downloaded a big file, you know it takes time. Even if you have a fast internet connection, it could take a while.

You know, if you're trying to download let's say a really big computer game that's maybe thirty or forty gigabytes, that takes time. Terabytes are enormous. A hundred terabytes is huge. It would take months to download that much information, and only if the faucet is always on. Yeah, you and also to be able to do it without raising anyone's attention, because would see the activity over the connection. Yeah, you would think at least someone would figure out something in

that time. So all of this is to say that it's the While November twenty was when we became aware of it, the actual activity had to have been happening for at least a few months, if not longer. Right, So what what exactly happens? I love this description because it's so cinematic. Yeah, so imagine you are an employee of Sony Pictures Entertainment, because we always say the Sony hack, but we're specifically referring to Sony Pictures, so the movie

industry arm of Sony. So you're an employee of Sony Pictures Entertainment. You go into work on November. It's the week of Thanksgiving. You're looking forward to having dinner with your family, having a few days off. You come in, you turn on your computer to get your little work you work done, type of, type of, type of, and then all of a sudden, like it was a nineteen eighties computer thriller, a skull stylized skull all pops up

on your screen, and this feels like it. It feels like a stupid movie already, Like you think about those movies like the net. You know, any movie where Hollywood is trying to get across the idea of what hacking is like, and they they visualize it where it's not someone saying at a computer typing in code. No, it's creeping through a dungeon. And then you see a skull and crossbones. That's firewall. That's what this was in real life.

The skulls pop up on everyone's screen and it has a phrase that essentially says, this is just the beginning. We've obtained all your internal data, and it went on to warn that if the company did not quote obey the hackers demands end quote, that the internal information would be shared with the world. And this had this included everything from well, they didn't even know what it included yet, so they didn't have any idea of the extent of

that personal information that I that that sensitive info. As it turns out, it was incredibly sensitive information. And those demands we're going to get back to because the demands are one of the keys I think to this mystery, which is still sort is okay. So the way the way it works out, the news spreads quickly eleven am same day November, it hits the media right, that's right, and so this is where, uh, different media outlets start to cover the story. Uh, the employees of Sony Pictures

have no access to their computers. Also, their email servers are completely down, and even their phone systems because they were using networked phones, which is you know, we we've had network phones in this office in the past, so it's one of those things that if your internet goes down, suddenly you don't have phone service either, and that's kind of creepsy out a little bit. So they literally couldn't

do any work. They couldn't access any of their files, any of those important documents, contracts, all that kind of stuff. All of that was inaccessible. And uh, meanwhile, as the story would go on, I'm gonna skip ahead a little bit, but we're gonna go through a timeline, little little detail this stuff as we go through. But eventually the hackers refer to themselves as Guardians of Peace or GOP. Yeah.

Also amuses me because to think when we're talking about the GOP and this, since it's not the Grand Old Party, the Guardians of Peace. Um, this is when they claim to have stolen one terabytes of data. Ten terabytes is enough for all the information in the Library of Congress. So they stole ten Libraries of Congress. Yes, they stole the Library of Congress ten times. Now right, Yeah, I used to use UM. I used to use uh conquistadors as an element as a unit of measurement for everything.

But now I'm I'm willing to go and switch to Library of Congress at least when it comes to data. So yeah, this and and of course some of that information was in the form of high resolution digital film files. We'll talk more about that. And the second so on top of all that, this is this is another like you know, kick once you're down. You've already been knocked down because you've had your this hack stop your work. You've been told that a lot of your information has

been stolen. On top of all that, they also the hackers also installed malware called Wiper And you can probably guess what this does just based on the name. It starts to erase all the data on these various machines. So not only did you have all this information stolen, but now it's truly inaccessible. It's been white from your computers. I'm sure some of it was probably UM. You were probably able to get back at some of it using some I T. Expertise, like deleting a file off your

computer doesn't mean it's gone forever. Overwriting it does so unless wiper and it may very well do this. Unless Wiper over was overwriting all the data as it was erasing it, then you could in theory at least get some of that. But at any rate, Uh, there were even that UM reports that Sony account Twitter feeds were being uh compromised, and so the Guardians of Peace were able to tweet out using that. We actually saw something similar to that recently here in the United States with

UM the Central Command Twitter feed. Did you see that? Yeah? Yeah, yeah. The The thing is that Twitter is uh, from what I understand, much easier to compromise than something that would be a well protected, uh corporate level system of of this magnitude. But it does tell us something really important, Jonathan, because it tells us that this would have been a

multi tiered attack. Even if even if or rather a multifront attacked, sir, even if Twitter was just uh the sprinkle on the cupcake, this still shows us that this was well thought out, It was established in advance, so it doesn't seem to be an impulsive thing at all. Just just going back to how much memory and how much time it would take to steal Yes, yeah, I mean obviously, like you wouldn't be able to do that

all on a single day. So novemby was essentially the day that the hackers decided, Okay, now we let them know what we have done. Like, we've already done it. It's it's that parts. So we're we're already scott away, scott free, you know. Now we're just gonna set the the we're gonna make the world burn, and we're gonna walk away in slow motion. But Sony still has no

idea what's going on? For like a week? Right? Yeah? Well, I mean again, it happened during Thanksgiving weeks, so this was a time when a lot of people were planning on being on vacation and suddenly, now you've got this amazing crisis to deal with. Uh. And it would take more than a week for for executives to start even

getting a hint at how bad this attack was. So on December one, that's when executives became aware that the stolen data included personal information about employees and their depends, such as social security numbers and financial information as well as health information, like one of the leaks of documents gave details to employees who had sought treatment for things like cirrhosis or cancer or there or had dependents who had to seek treatments for such things. And so, I

mean that's a huge breach. Now are we talking, uh, in terms of for sent injury numbers? How many employees? About fifty thousand social Security numbers were stolen? Actually around forty seven thousand. I rounded up round, I rounded up for forty seven thousand and fifty. But yeah, more than

forty seven thousand social Security numbers were stolen. Now these were both current and former Sony employees, because it was just it was databasis full of information of the various employees who had either worked there in the past or we're currently working. Not to downplay the gravity of this, because it is very dangerous and it's an absolute nutter

of violation and privacy. But not only is that not the end of what they stole, but they stole so much that if you're okay, I'd like to infomercial this and maybe chime in with some but wait, there's more. Yeah, in fact, that is well warranted, right, because the first one the one that's probably the easiest for people to latch onto, because it's a simple it's a simple story, the idea of stolen intellectual property, in this case, stolen movies. Right.

So the theft included five movies that were scheduled for Sony release, one which had already been released, which was a fury that one had already come out. But then there was also Annie Mr Turner, Still Alice and to Write Love on Her Arms. Those had all been stolen as well. Uh okay, Yeah, So so those are the

easy ones for people to latch onto. But then there was all the internal communications, right, this is where you had information about salary, uh for top executives, like the top seventeen executives, not to mention I think six thousand other Sony employees. Their information got leaked as well. Uh. There was also internal documents that uh that were the

records of people having complaints about Sony. Yeah, and there were there were some fairly undiplomatic internal communications regarding regarding coworkers or talent, yeah, or the President of the United States. There were Yeah, no, there's we'll we'll touch on that again in a moment. But out of all these you probably heard the most about Adam Sandler. He got he

got raked over the coals quite a bit. And the internal communications a lot of in place that they just didn't like the direction that the movie studio was going in, and they wanted to see if you were Adam Sandler comedies, which is I guess okay, because Netflix picked him up so for four films. Yeah, so Sony might be free of him. We're not. And that's not the only stuff that got leaked. Still, no, no, there's still more, right, I mean, there's tons of information that got taken from this. Uh,

personal information about talent was leaked. Stuff like passports and visas, like copies of this stuff that people needed to do. Uh, there were so much things that so many things that were stolen as a result of this. And uh, we're gonna go through the rest of the timeline to kind of give you an idea of how this all unfolded and what extent we begin to learn more and more

about the damages. Uh. Meanwhile, one other thing to mention is that Sony employees have many of them, have filed lawsuits against the company for not protecting their personal information well enough to prevent this from happen. Name so, there are several class action lawsuits have been leveled against the company as a result of this. Because people's lives have been really impacted. We're not just talking about you know, celebrities here. I mean that their lives have been impacted too.

And it's not I personally don't think that that means that celebrities should be expected to deal with more crap than the rest of us. I mean, sometimes that happens because it's just one of those things that goes along with all the fame and everything else. But regular employees, people just normal folks like me and you who go in to do their job every day and it may not be glamorous, but it's it's an important part of

the function of the company. They were impacted too, just regular folks, and they will tend not to have the financial wherewithal or the social safety net to help protect themselves in the aftermath of such an event, right right. They don't have the benefit of that safety net like people who might have of a lawyer on retainer or enormous sums of money to lay in when you go to sleep at night. You know, I have a I have a very particular fantasy in my head of what

Hollywood celebrities like, how they live. It's mostly Scrooge McDuck oriented. Yeah, yeah, did you see that? This is totally unrelated, But did you did you ever see the study of what what would happen if you tried to swim through a vault full of gold? I imagine that you would not feel very good. Yeah, it will. It will break you in numerous ways. So maybe it's good that you were talking about sleeping on paper money probably better for your back. And speaking of back, you went to Let's see where

where should we go next? Let's look at November twenty eight, because we've been talking a lot about this hack. The the initial messages from the hackers didn't identify any particular motivation for the attack. They it was more of almost like an extortion thing, like do what we tell you, or you're gonna get it. You know. It was like and it essentially sounded like pay us off or we will ruin you. Now. They didn't name a specific amount of money at that initial point. They just said do

what we say. Yeah, so they The reason why this is important is because a lot of the discussion that has followed has centered around a very specific topic that we're about to touch on. But that all came after the fact, which makes me a little cautious in actually saying that that was the reason for the whole thing, the whole time. So November twenty, this is four days after the initial attack was discovered. That's the first time anyone floats the possibility that the attack was in response

to Sony's plans to release the film. The interview, which I have we both seen it at this point. I have not seen it. Did you watch it? I did see it. What did you think? Well, I will I will say that I enjoy uh, Seth Rogan and James Franco a bit more than you, which is which is something we've talked about before. Yeah, and it's not hard to enjoy Seth Rogan and James Franco more than you do. No offense. Right now, I have a very low you own it. You own it, though, and I respect that. Um,

you know. I'll be I'll be candid here. It was not my favorite film because I think that while I I enjoy a lot of a lot of what might be termed low brow comedy, I'm not above it. You know, one thing that I noticed sometimes is that it is very convenient to conflate satire and racism, and I think

there's uh to me. There were moments in the film that I that I thought were racist, and I and also was talking with my girlfriend about this and said, okay, well check me here, like my am I being two PC and my and my getting my jim socks, I'll punched up over something unnecessarily. And she came in and watched part of it, and she said, no, I think

that's pretty very racist. Yeah. No, there is definitely a difference between using satire in order to point out things that you see as being important or unequal or whatever. It's something that you are actually commenting on and bringing attention to and starting a discussion over. And then there's a totally different type where you're just making fun of something or or you know, especially in hurtful ways. Well,

here's a here's the question I have for you. I don't want to derailist, but the question would be then, uh, in comparison to let's say the South Park film also a work of satire in any ways, So what makes these two different? You know? Is it because the south Park film is animated. I think part of it is that South Park is really about pointing out the uh,

the the absolute ridiculousness of things like racism. I mean, south Park used the movie used Canadians as the the great big enemy, you know, that's what all the people they blame Canada. There's a whole song about it. It's yeah, it's a good song, actually was nominated for an Academy Award.

But at any rate, the you know, that was really to kind of poke fun saying like this is literally there's no difference between people like you know, you look at Canadians and Americans, there's no difference there, just as there's no difference with any people of any two nations, and therefore the concept of racism itself is utterly ridiculous. I see what you're saying. There's there's a method to the prat falls, as you would say. But the I

don't know if anyone's ever said that before. But the thing about the interview, despite that, I think it was enjoyable. I definitely laughed out loud a couple of times. But I believe it's received much much more, much more international attention than ever would have had it not been associated with this, and also, you know, for people who aren't familiar with it, Uh, the entire film is about people traveling to assassinate Kim Jong un, the current leader of

North Korea. Right, The whole idea about a host of a celebrity talk show type program and his producer heading over to North Korea because it turns out Kim jongun is a big fan of the program, and then being told by is the CIA, Yeah, yeah, the CIA to take this opportunity to assassinate Kim Jong un and uh and of course, uh spoiler alert, the leader is killed in the film. Uh. So this was November. Was the first time anyone had even mentioned this as a possibility

of a monovader. Yeah, there was. This was not from the attackers at all. This was all just kind of a I wonder if this thing that's coming out later this month had anything to do with our actually next month, because this was still in November. Um so, yeah, we didn't really have any evidence here. And now there was a North Korean website that had referred to the interview as quote an evil act of provocation end quote. So you could say, well, they said that it was an

evil act of provocation. We were they were provoked, so maybe this was the act they were provoked into doing. But you know, yeah, I mean, like I said, the the attack itself must have gone on for months, and it was only in those last few months that the interview was even getting the promotion of here's a movie that's coming out soon, and here's what it's all about.

So that would have meant that North Korea was just paying attention to this film for longer than the American public was, and that that the attack began months in advance, in anticipation for this December release. All that being said, December one, that's when the top seventeen Sony executive salaries were leaked. Uh, the information had already been stolen, but

the information that had then been leaked publicly. A lot of these leaks happened on an app that allows for anonymous text dumps, so you can just put things up on that app and not leave a trace of who you are, and that's how a lot of this information got distributed, also, including that same file where the salaries of more than six thousand Sony employees. One of the big things that came out about this was a disparity in pay depending upon gender and race. And so this

also makes me think the nature of the leak. The first stuff that's leaked here, here's a bread crumb for bread crumb later on, the nature of the stuff that was leaked first was incredibly harmful to Sony the company uh in an industry perspective, but had nothing to do with any sort of like it didn't have anything to do with the interview directly anyway. So that to me suggests that there's a very specific motivation behind the attack. But we'll get into that when we get towards the end.

So December three was when the Adam Sandler PDF dump happened. There's a big dump of Adam Sandler information. And I'm using that word in a couple of different ways. It could have been a little bit of editorializing. This is also when the data including a passport information, visa information, other private information about celebrities who had worked on various Sonny films, actors, actresses, directors, that kind of thing got leaked. So this is where people were getting copies of Angelina

Jolie's passport, for example. Um they also included confidential information about film contracts, and budgets. So again, very industry specific stuff and very very damaging because Okay, first off, this breeds such dissension amidst the employees, you know, each other's salaries, and huge morale issue. Huge and then also the idea about finding numbers and film contracts and budgets, that's a

massive amount of leverage lost on Sony's part. Well, and it's you know, these are industry secrets, like if you've ever heard stories about how miraculously no movie ever released makes money, like you know, if you have, if you have the inside look on these budgets, the actual numbers, the real thing, then suddenly you know how much actual money was being spent producing it versus how much was made in revenue. And then you've got some really tough

tax questions that you need to answer. So again, very much a very savvy attack. This is gonna be trouble for Sony down the road. Yeah, it's gonna be troull for a while. So December four, when the Associated Press reports that cybersecurity experts found similarities in the code used in the Sony hacks of with another attack that targeted South Korean companies in two thou and you remember the name of that attack, right, Oh, I do remember reading it.

What was it? Dark Soul, spelled like the capital of South Korea. Oh, that's so brilliant. Nah, I was thinking of something else too, so I didn't. I didn't even hear of it called dark Soul. That's awesome, but it's so again. This was sort of a a uh a hint that perhaps North Korea was behind it, because Korea was was very much believed to be behind the two thousand thirteen attacks against South Korea. Yeah, so uh, but

no one's come out and said anything yet. December five was when messages allegedly from Guardians of Peace threatened Sony executives that they don't condemn their own company, but they're really poorly constructed. They actually don't read the same way as the initial messages did in the attack reveal back on Nowyo. So one of the things we need to keep in mind is that the various communications to Sony and to others may or may not have come from

the hackers. We don't necessarily know. It's kind of like when you hear about anonymous targeting someone, you don't know what to what extent The the overall group of Anonymous feels that way right, Because Anonymous is made up of a huge number of people with different ideologies, different motivations. Sometimes a splinter group will end up targeting somebody, whereas the rest of the group either doesn't care actively saying hey,

don't do that. But that's the thing is that it's impossible that like you say, I got a message from Anonymous, and maybe technically that's true, but you're gonna have people in Anonymous saying, hey, whoa dude, I'm totally not that was not us. That was not us. That that people create factions within Anonymous that are oriented towards a specific project that sort, and I think we even mentioned it. I think I might have brought it up in our

Sony Hack episodes for stuff they don't want you to know. Then, this reminds me a lot of the Jack the Ripper letters, because when Jack the Ripper was active, there were letters written to the police, the London police that was the were essentially taunting the police, and a lot of ripperologists experts in the field believe that many of those, if

not all of them, are fakes. They weren't written by the killer, and it could be that some of the messages that are attributed to Guardians the piece we're not written at all by anyone remotely involved. We don't know, right, because there's no way to verify now. On December seven, North Korea officially says they had nothing to do with this attack. On December eight, another alleged Guardians of Peace message demands that Sony stop immediately showing the movie of Terrorism,

which can break regional peace and caused the war. Um, they don't specifically name the interview, although I guess, you know, I don't know what other films. I don't think they were talking about Annie, So if they did, it was The Hard Knock Life for us. But uh no, I think they meant the interview, but that wasn't specifically named. And uh these events continue though, because the hackers, now after a little bit of silence, are communicating semi regularly

or at least leaking information there. There's someone is communicating semi regularly. Whether it's the actual hackers or not, we don't really know. Um. Also, it's kind of interesting that, uh that you know, we had that that previous message supposedly from the Guardians of Peace saying, you know, condemn your own company, which is a very odd request. It's that's another breadcrumb force, I think. Yeah, to say, like, please sign a paper that says your company stinks. That's

essentially what they were saying. It just seems seems a little odd. It seems a bit childish and personal. Yeah, it's a little weird, all right. So December night through eleventh, now we get a little bit more activity with more leaked material. The hackers release emails that reveal some pretty ugly conversations about various actors, directors, and even the President of the United States, including some remarks that you could at least say are racially insensitive, if not outright racist.

Uh and Sony executive Scott Ruden actually with an issue an apology on the on December eleventh for the messages that he claims were written in just with no offense intended and um yeah, saying that was just a joke. I didn't mean any offense. It really meant like I didn't expect any one of that race to ever read this email that I wrote. That's what it comes across to me. Maybe I'm I'm sorry, I got caught. Yeah, I love I love the I'm sorry, I'm sorry if

I offended you. Not I'm sorry I offended you. Not I'm sorry I said that thing, but I'm sorry that you felt this way in response to something I said. Well, I'm sorry that you're upset. Yeah exactly. I'm like, well, you can just keep your apologies then, Mr. Now this isn't this is an interesting thing that comes next, because this is something I did not know about until you told me. Yeah. So, December fifte Aaron Sorkin publishes an

open editorial column in The New York Times. Now, Sorkin had had some of his emails revealed in a process of this, some of which ended up having Sorkin being a little uh uncharitable towards certain Hollywood personalities. Yeah, like saying that certain actors are not a draw and therefore there's no reason to ever have them in one of his movies. That kind of thing. Anyway, in the open editorial,

he did not say that, because how would be crazy? Uh. Instead, he actually said that journalists were being just as uh just as destructive as the hackers were by sharing this confidential information, that they were essentially enabling the hackers in their attack to cause damage to the company by taking that same info. He says, you know, I imagine that the hackers are sorting through that mountain of information they stole,

looking for the most harmful pieces of information. Meanwhile, the journalists are next door doing the exact same thing with all the stuff that's been leaked. And he drew a differentiation, however, between the two. Well, yeah, I mean, he was saying that the hackers are at least doing it out of the sense of ideology, but the journalists are just doing it to make a make a nickel is essentially what I said. He actually did say make a nickel? Uh no word if he was walking and talking as he

wrote this. Um, that's the only way I imagined Sorkin. But anyway, so it's an interesting point, And honestly, one of the things that's really important to me reporting on this stuff is that we're reporting on the incidents, but we're not sharing any of that information that was linked. I haven't sought it out, I haven't downloaded a in it. I'm not interested in the contents, uh Like, I'm not

interested in the specifics. I'm interested in the impact. I I agree with you partially, I'm ultimately interested in the big mystery and in the final answer, the stuff about people's salaries, people's medical records, things like that. As strange as it is to say, it comes down to an issue of you know, your personal opinion of what is what is right and wrong to look at because a lot of people nowadays, with the cost of information and communication being so low, there are a lot of people

who will simply hoard information to collect it. You know, um, I because I would not really want anybody reading my medical It's not that I'm like secretly awarewolf or something secret. No, I'm pretty open about it. Where your like candor part on your sleeve when you when you're able to wear sleeves, when I'm able to wear sleeves indeed. But but the point is that, uh, you know, I think both you and I kind of go on a golden rule basis

for this stuff. I'm very much a proponent of compassion and understanding as much as possible in general, not just in this case. But yeah, I mean, I think it's newsworthy that it happened. I think taking that information and actually disseminating what was inside it apart from a generalization, like you could say it was salary information without going into the details of what that salary information was. Right.

So Sorkin was specifically pointing out the journalists who are sharing this information and essentially doing what the hackers wanted them to do in the first place, right, essentially making the hackers threats work. Yeah. Yeah, it's like now you guys are carrying out the second part of that plan essentially. Um. So you know, on the other hand, there are some very important issues that have been talked about, like the

pay disparity that clearly should be addressed. Uh. And so it's hard to just be completely like hands off on this because there are some things that have come out of this that, you know, you want to say, like, all right, some of you, some of you may be terrible people, and some of your policies may be very terrible as well, and maybe we need to take a look at that. This is not the way I would have preferred us to have this conversation. Absolutely, that's a

really good point. And and uh, it's weird because although the Guardians of Peace do not directly respond, I guess to media members, we do see that they are clearly listening to. As much as I loathe the term Jonathan to the narrative. Yes, So December sixteenth, that narrative gets pushed forward with another message allegedly from Guardians of Peace that specifically mentions the interview. This is the first time the interview is mentioned by name December sixteen. November twenty

four was when the attack was revealed. December sixteenth is when the interview is mentioned by name, and the message contains threats saying that if the film is allowed to run in theaters, there will be a September eleventh style terrorist attack as a response specifically against the New York theater where it would have premiered, but also uh nationwide um incidents if it were to run in local theaters.

Sony ends up canceling the premiere and pulls the film from theaters, but they really pull the film for theaters after several theater chains have already said that they will not show the movie. Right, and these are the big the big names, Yeah, so these are That's exactly right. So once I mean, if if the major chains say we're not going to show your movie, then canceling it kind of makes sense. So we'll come back to that. Because Tony story about this removing of the movie and

then returning the film is not totally coherent. Yeah, that's and it's a charitable way to put it. So at this time people say, well, you should release it in video on demand somehow, right, or independent theaters right, And Sony says, nope, dada, We're not releasing it in any form. Now, this is an important thing to remember that Sony has said they do not want to release the movie in

any format. And uh so, December seventeenth, the U. S Government, in the form mostly of the FBI, state that they believe North Korea was centrally involved in the hacking, although the FBI has not officially said that at this point, it was really a government official saying we believe that

North Korea was involved. This was not when the FBI specifically came out, but on December eighteen, messages again allegedly from Guardians of Peace went to Sony executives and said that if the film was never released in any format, then Guardians of Peace would not release any more damaging information stolen in the hack. So presumably they still had some that was at least as damaging as the mountain of stuff they had already released, but they were holding

it in check. And if that movie didn't come out at all, it would never see the light of day. But a second message on the web application paste band,

that's the one I was talking about. That text, it's supposedly also was from Guardians of Peace and had a different message in it, saying that Sony had suffered enough and the company could release the movie if Kim Jong UN's death wasn't quote too happy, And I guess that if it wasn't like a big emotionally uplifting moment in the film, like you weren't supposed to stand up and cheer and go yea when Kim jong un dies, and

that would be okay. I feel fairly confident and saying that this is not the same group, or at least it's not a group representing North Korea, because that seems

completely antithetical to everything else that's been said. It's even antithetical to the other message that was released that very day, Like one message says, never released the movie and we'll stop, and the other message says, go ahead and release the movie as long as it's not celebrating the death of Kim jongoon, then you you've suffered enough and you've learned your Lesson. Clearly, these can't be the same people unless

they're just message with Sony. In that case that it could be the same people, but now they're cruel mischief makers. Now there's one other thing though, that's that's a pretty big deal that was unearthed during the leaks of the Sony hats. Yeah, this is one that has become a separate issue all on its own, and it's one that I would really need to look into further to to do a full rundown on it. But in the future

I think so. Yeah, I've been trying to give it some more space so I can get more information on it.

But this was where we also saw as part of the leaked information that came out that there was this um kind of a conspiracy really among movie studios about Project Goliath, which everyone is pretty sure means Google and Google in the m p a A, the Motion Picture Association of America ended up having some um some very public spats about the information contained in the leak regarding Project Goliath, Google, saying that the m p A was

essentially trying to reinstate policies that were under the SOAPA umbrella but had been defeated because SOAPA was not adopted. Meanwhile, the m p a A Is saying Google being talking about self as a champion of free speech is a joke. It got brutal. Uh yeah, very ugly. It's definitely worth looking further into, but we won't. You know, I just wanted to mention it because again, it's like, that's not that this story wasn't big enough, but other big stories

came up to like because of it. December nineteenth, that's when the FBI announces it has connected the North Korean government to the attacks, citing unreleased evidence as well as clues such as hacking tools that have been used by North Korean hackers in the past. They also cite that the attacks seemed to originate from IP addresses within North Korea, and later stated that they believed it would have been really difficult for anyone else to have used or spoofed

those particular IP addresses. Is my favorite part coming up. Yeah, and then North Korea says it was not involved in the hacks, but praises the hackers as sympathizers and that the hack was quote a righteous deed unquote. They basically said, we didn't do it, but we should have Yeah, I like that they say it was a righteous deed, but I like to think of him saying it was a righteous deed, you know, like kind of Surfer de mutant

Ninja Turtles version of righteous. I don't know how popular Hawaiian shirts are there, but that would have been good, good costume. If they're really popular, then I've got my wardrobe should I ever visit North Korea, I've got a ton of those. President Obama also on December nineteenth, spoke out about the hack and said he felt that Sony made a mistake pulling the movie from theaters, and also said that the US would respond proportionately to the attack.

What that specifically meant, no one was really sure at the time. Yeah, I've even gotta I forgot to put the note in, but I'll mention it when we get a little further in about the something that happened in North Korea that some wonder perhaps was the proportionate attack. We don't write the response now that that same day, Sony came out and this is where the this is where their message evolves. Yeah, evolves is good. Changes makes

a degree turn. So this is the CEO Michael Lynton came out and said that the decision to cancel the film was merely in response to theater's refusing to show it, and not a sign that the company was bowing to terrorist threats. If that's the case, I don't know why they refused to release it in any format. If they said we're never releasing this movie. Ever, how could that be only because the theaters refused to show it, Because you would assume that the company wouldn't want to just

eat the expenses of producing and marketing a film. Gigantic expenses not many millions of dollars, So if you want to recapture at least some of that, you could release it online. I mean, if you're truly not scared of the threats, then why not why not release it online? Or allow independent theaters that say, look, we'll still show it.

Why not allow them to do it? And that was that was the thing is that this response to me did not ring true because the actions that Sony had taken just a couple of days earlier, U spoke very differently than what they were saying. However, of course, they want to save face. They want to say, hey, we weren't scared. It's just that there was no place to show it, so that's why we pulled it, which is patently else because there were several in the city of

Atlanta that was ready to show it. Uh. There are two theaters in general that are specific, rather too specific theaters that said they wanted to show the film. One is in Atlanta called the Plaza, which is just down the street from where I live. Independent theater, yeah, a little tiny independent theater. Uh, and they said we'll show it. And then there was the other one in Texas, Alamo Drafthouse. Yeah yeah, yeah, which are which are too um unforeseen

champions there. We we do know though. This is another thing that's really interesting to me because all this stuff takes place after you and I and Matt did the earlier show. So what happens on December twenty That's when North Korea offers to take part in a joint investigation of the hack and the U. S Government declines. So North Korea says, hey, we weren't responsible, but we will totally help you try and track down who was responsible for this thing that we approve of but totally didn't do.

And the United States said, Uh, here's what's interesting to mean though, if North Korea is telling the truth, right, and if they were in no way involved in that hack, right, this this uh, these bits of code that somehow could have come from them. I'm wondering if maybe maybe their willingness to investigate was seen as uh disingenuous. Maybe they were looking to find out how their how their work got out there, how he got found, or maybe they were.

It could also possibly be that North Korea is saying, hey, you know, we didn't um, we didn't allow for this to happen. We didn't, we didn't designate someone to go and do this on our behalf. We would like to track down the person responsible for reasons of our own right, Yeah, exactly. Or it could be that they totally did it, and that's one thing that we should point out, Like I have pretty strong skepticism about this, but they totally could

have done it. Right now, it's just not enough information. We'll get to we'll get to the biggest, the biggest problem in the information gap here pretty soon, I think. But then on that same day, December twentie that's when North Korea also warned that there would be serious consequences should the United States attack North Korea if this retaliation

were to happen, right, whatever that would be. Yeah, So essentially like whatever proportionate response you're thinking of, better not be against us, because boy haality, we will we And and they were very like, very militant, not big surprise, I mean North Korea, very angry. North Korea has got a long history of of you know, beating the drama and saying that they will take severe action without backing it up. That you would ever want them to back

it up. But the United States and North Korea remember still technically in a ceasefire with the war that never ended. Yes, North Korea has never acknowledge the end of the war. So December twenty three, Sony would authorize three theaters to show the interview on Christmas Day, and they also released the film to streaming options late on the Christmas Eve.

And there were no further attacks. Despite that fact that you know, you had those messages earlier saying that if you ever show this, we will attack more, there weren't any There were no real life violent consequences. December seven, North Korea condemns the release of the film, and they're real jerks about it. They used a racially insensitive term to describe our president, which was pretty ugly and I

got a lot of people up in arms. But I mean the most important thing is obviously that there wasn't any kind of physical retaliation for the release of the movie. It was just a really nasty worded message from people who were upset about it. Well and the film itself. Of course, given we talked about this a little bit, but given the political environment and ideology of the Democratic People's Republic of Career North Korea, this is this is

a profoundly offensive thing. It's it's similar to a film that came out featuring Mohammed from you know, from the Muslim faith, uh, which depicting Mohammed is already supposed to be a profound defense, and then having him killed. It's similar to that because of the deification of the leadership of North Korea. Sure, yeah, it's it's it's a very

much a kind of divine right sort of thing. Yeah, that's a good phrase, and so a nastily worded statement, uh with with added racism, I guess, just to make it really pop, is uh the least you could expect. Ye Uh. Sony also has threatened media companies that are covering the hack with legal action saying they will sue companies that specifically companies that are sharing the leaked information.

I mean, reporting on something is one thing. Obviously, Sony suing a company for reporting on the story would be pretty difficult to win. I mean, you know, no one wants to get sued. It's an expensive endeavor. But you know, most most media outlets are going to say, like, well, we're just covering the news. This is news, and that's what we do. A government, you can't claim that this

is a national security issue. Yeah. Now if if in fact they were releasing private like corporate secrets that kind of thing, then you get into sort of a murky ground. And I can see why Sony definitely wanted to to try and cut down on people sharing this information and disseminating it further, which is another reason why I report about the story but not go into it. Uh, there's not always altruistic. Now, there's one other thing you that you were going to mention as well about this, which

is something funny happened in North Korea's internet. Yeah, their internet um had a real slow down and eventually just a complete halt of operations in late December, and there was some question about whether or not that was in fact the proportionate response that the United States was going to take against whomever perpetrated the hack um and we don't know. We don't know if it was. In fact.

There's so few nodes in North Korea, and it's all stuff that the government and military can have access to, but no one else outside of those organizations has access to the Internet. So but those those nodes that all the connections were essentially shut down, like the Internet went

dark in North Korea. It led some people to wonder if perhaps there was an attack, if it was a state sponsored attack like the United States proportionate response, if that was it, or if it was just as an example of infrastructure breaking down, which could have been the case. It could have been that it was as simple as someone needed to go and reboot a machine in order for it to reconnect to the Internet at large. So uh,

there just wasn't any answer to that. Of course, you know, you had a lot of speculation around it, but since there's not enough information, I don't want to speculate right the We're just saying that the issue of antiquated or malfunctioning equipment is at least as likely a culprit as a state sponsored attack, if not more likely in my opinion. But so happy New Year, Sony. You made it to

uh the and that's January second. There's a funny thing, Jonathan, you and I have talked about this off air before, but there's this funny way that stories drop. Uh, some big stories drop on Friday afternoon. Listeners will recall that January two was a Friday. There's a great subreddit about

important news that drops on Friday. Yeah. The hope that there are a lot of companies that will released like unpleasant news on a Friday, hoping that it just gets buried and then by the time everyone's ready to talk about it again on Monday, it's old news, so no one talks about it, right, Yeah, exactly, And so this is, uh, this is a pretty big Friday to drop some disappearing

news because it's the day after New Year's Day. Everyone's hungover, no one can no one can remember what their name is, let alone read a press release right right, And like, you don't drink, and you're probably just hungover from having to deal with all the people drinking. It's mostly made dealing with the immense frustration of all my drunk friends who are who are texting me as they're like, dude, did I call you last night? And if I did,

don't remember the things I said? Check the message. Yes you know your your co host Matt Frederick has done that to me. At one thirty in the morning, I got a call from him. That was a few years ago though that was not this year. That was in his checkered past. So here's what happens. On January second. The White House announces a new round of sanctions on

North Korea, and they do this via executive order. Uh. We've got a quotation here, uh, which we should say also that as the US is releasing these new sanctions of people are already raising um skeptical concern about this North Korea allegation. And they're saying, you know, the FBI or the CIA or the rest of the alphabet soup seems convinced that North Korea was involved. And they're saying that due to information we have, we know it was

North Korea. And people are saying, but how and why what is this information that you have that is such a convincing smoking gun, right, And uh, they that's why we've got the exact quotation of why they are sanctioning this, Uh, if if you could probably do a better voice to the response. So, it's a response to ongoing provocative, destabilizing, and repressive actions and policies. Particularly it's destructive and coercive cyber attacks on Sony Pictures Entertainment. So specifically, not not

just specifically cyber crime, but specifically Sony Pictures Entertainment. They're saying, not only do we think he did it, this is our official response to that. Yeah. So in this case, I mean, it's essentially saying, like cases closed, guys, this

is they did it. And uh, we're gonna kind of segue into sort of the skepticism about this, including my own personal skepticism, but I want to preface it with saying, and we said this on on the stuff they don't want you to know episode as well, that this is based upon the information that we have available to us. And it could be that the US government hasn't its possession information that is damning evidence that proves that North

Rhea's government was in fact behind the attacks. Uh, And it's just that we don't have access to that information, and therefore that's why things look a little hokey to us. Uh. That being said, things look a little hokey to us. How so what what are some of the points that make this not an iron clad theory? All right? So, first, it's odd to have a state sponsored attack where you have a hacker group claiming responsibility and giving itself a cool name. Yes. So so having a group come out

and say, hey, we're guardians of peace. Were the ones who did this, this is the reason we did it, here's how you can stop it from happening, is a lot different from a state sponsored attack. A state sponsored attack usually one thing is they don't want to leave any trace of who it was that did it. You know, this is if you remember the episodes we've done about stuck s net, then you know this is the case. Like you want, you want to have the effect without

having it be autographed, you know, love North Korea. Next, the amount of data stolen was huge, so we mentioned this earlier. It takes a really long time to siphon off a hundred terabytes of data, particularly if you're not on site. So that is an enormous undertaking. It's not impossible,

it is something that could happen, but it would take months. Well, it would suggest to me that if in fact this is North Korea that's behind it, that they targeted Sony essentially sometime mid two thousand and fourteen for a movie that wasn't going to come out for six months at the latest, because that's how long it's going to take

to steal that much information. Also, that they were able to identify the information that would be most harmful to the company, target it, take it, and not ever be noticed.

Now granted, when they're taking it, they're making copies. It's not like stealing from a store where suddenly there's there's an empty space where a TV used to be, right, So it's a little different from physical theft, but still you could end up being caught, you know, you could at lead people could see unusual traffic in the Internet servers,

that kind of thing. Um, so it's unusual. Also the fact that the information that was released to harm the company was incredibly savvy, like this speaks of someone who has a real understanding of what is going to make

a company, specifically a media company vulnerable. Matter right, how do I strike at the morale of the employees, how do I strike at the relationship between the production company and the other big players in the industry, how do I strike at the American public's perception of that company. This is incredibly savvy stuff. Not to say that there are there aren't people in North Korea who are aware

of this. They very well maybe, but it seems to me like it's a real in cider's insight to what is important within the film industry in general and Sony in particular. That's a nice turn of phrase. Yeah, it was a little clunky myself, but okay. Also, the threats to obey the hackers had nothing to do with the interview for a really long time, like, so essentially they were saying, obey us, do what we say, but they weren't saying They weren't giving instructions, Like, they didn't give

Sony the chance to pull the interview. It was only after leaking the information that the demand was even made. So it's really odd that if the interview was in fact the reason for the attack, and if the goal of the attack was to have the interview pulled from film from theaters, why not actually give the company a chance to do that rather than just slash and burn because the film was released anyway, yeah to me. That's

that's one of the most important parts. Let alone the fact that UH states don't typically attack other states for media like private films, you know, private sector films. UH. We've already talked about. You know something that ties into that earlier point you just made, which is, UH, how to attribute who said what? Yeah? How do you How can you be sure that a message supposedly from the hackers was actually from the hackers? And you can't know.

I mean, you know, you might as well sit there and go to four chan and try and say this particular message was from this particular person. It's all supposed

to be anonymously protected, so you don't know. Also, security firm Norse identified six former Sony employees who had the skills necessary to pull off something like this and had participated in chat room discussions revealing their negative feelings towards the company, which wasn't anything incriminating, but they were clearly disgruntled. They were former employees, they were part of a layoff

that happened in two thousand fourteen. UM and the FBI rejected this information, which is interesting because one other thing that I believe it was NORSE found when North submitted their stuff to the FBI. They they are big proponents of this insider job argument because within the code they found the credentials that you would need to access some

of these uh some of these compartmentalized basis of information, right. Yeah, it seemed to a lot of cybersecurity experts that whomever pulled off this attack had access to passwords and other verification UH criteria that would allow them access to these very sensitive areas of information that would be challenging for an outsider to identify and use. But if you're if you were familiar with the system already, then you would

know what you needed before you did your attack. So it's it's one of those things where you're like, yeah, it's not impossible for someone outside the group to have figured this out, but it's far more likely that there was at least some insider assistance because you know, they were able to target specific pieces of information. And perhaps

it's unwitting insider assistance too. It could be, you know, it could just very well be a case of social engineering where UH, an outside hacker gets unwitting participation and the people who handed over the information or the the access the keys to the Kingdom weren't aware of what they were doing at the time, that's possible. Um, I still think that the insider hypothesis is the most compelling based upon what was stolen, how it was leaked, and

the effect it had. But and also the fact that the demand for the film thing didn't come until after the leaks had happened. But again that's that's just based on the information have available to me. So what do you think then about one of the early things presented as smoking gun evidence the idea that uh, certain pieces of code that have been used in the attacks were

present in these most recent attacks. Well, Ben, as you and I know, on the internet, um, all code is incredibly proprietary and can't be spread around or tweaked or changed or altered or added to or taken away from.

I mean, if only we lived in a world where you could take existing programs, change them and make them do things for your on your own behalf, then we would live in a world where you can't attribute a source for a particular attack simply because of the code that was Oh wait, that is the world we live in. So yeah, here's the problem is that just because the code was found in attacks from a previous instance doesn't

mean that that code only belongs to one group. A lot of these tools get to be through various channels online hackers. When they create a really powerful tool, sometimes they love to share it. Not all the time. Some of them are very jealous with what they create and they keep it for themselves. But some will go and say, hey, I made this tool, it's perfect for cracking passwords. Have at it. And then the people who downloaded and use it, we often call them script kiddies. They aren't the ones

who developed the code. They're just making use of code that was built to do a specific thing. So I hesitate to attribute an attack to us specific group simply because the code that was included. Yeah, I agree with you there, because it's strange too. It's strange to think that someone could own a process, and especially when there's

so much sharing in the toolbox. And uh, if this code was recognized right then, that already inherently tells us that other people have seen it, which also means they could replicate it. It would be I think it's a little bit movie thriller right now to say, uh that someone purposely put it in his red herring but wouldn't that be cool? No, I just think it's also movie thriller to say I recognize this code if it could only come from one place, and that's totally a movie. Yeah,

And and you're right about that. And one thing that we should also list that I think is important to note here is that I've seen several journalists UM reciting these u S statements of North Korean involvement as fact,

and it is true. The problem with this is something that you and I have have touched upon already in the show, which is that we know that the United States and some of its cooperative countries have this vast array of sophisticated and in many plate cases classify UH collection methods, right sure, And this means that it is fair to assume that the United States has access to information that civilians and journalists may not be able to analyze.

Right So so yeah, that leads you to the conclusion that again, there could be a smoking gun sure that I am completely unaware of that says no, it was North Korea. It was not some insider. Uh, it was not. It wasn't a disgruntled employee. This was a very effective attack,

which if that is here's the thing. If that's the real answer, if that really is the real answer, that's terrifying, because not only does it mean that you have a country that has created an incredibly effective, invasive attack into a major corporation, but they understand the culture and the impact that corporation has and how to best attack it. It

It just doesn't make sense though to do so. I would be surprised to do something of that magnitude for a work of fiction that honestly, honestly, and I say this as as a fan of Seth Rogan, it's not it's not going to be his Oscar winning film. I had said that. Um when Sony first pulled the film, I said, listen, I don't plan to see the interview, but I want that to be my option that I don't see the interview, right, you want it to be your choice. I don't don't want the choice made for

me that I don't see the interview. And see, that's the thing is that they released it, and again we

didn't see more attacks, at least not yet. I mean, it could be by the time this podcast goes out that in fact, more has developed the story, which we do have to be conscious of but going back to that point of the missing information, this also means that without access to it, there's no way for someone to independently verify the accuracy of the statements on the part of Uncle Sam, and it's been it's being used as the proof, and the fact that their further sanctions really

does show I think it indicates that there is some sort of belief. Yeah. Yeah, I I am at least hopeful that they are sincere in the statement that they fully believe North Korea to be behind it, because otherwise we're talking about a very bizarre clancy like thriller, where the US government is taking advantage of an insane hacking attack on a media company as an excuse to step up sanctions against a hostile foreign power, which is such a weird thing to even say. But what I love

about the plan is that it's so straightforward. Right, step three profit. Yeah. So, so where does this leave us, Well, it pretty much leaves us in the same place we were at the beginning. We don't really know you, and I certainly don't know who. Yeah, and it may very well be we said that in fact it is North Korea, and it's just that that's such it's it stretches my belief so much. That's why I really have trouble with it. But it could very well be true. I'm curious what

our listeners think. Guys, if you have any suggestions, If you if you have an opinion on this, or you have a suggestion for a future episode, you should write in the addresses tech Stuff at how stuff works dot com or drop us a line on Facebook or Twitter. They handle it's tech stuff hs W ben Where can they find you? Ah? Yes, well you can find Jonathan and I hanging out on several shows where I'm brain Stuff together on YouTube and What the Stuff. We've got

an upcoming episode of brain Stuff. Where were we both appear in the same episode? Oh, we do. Only one of us talks and that's why. Yeah, you know on on that is What the Stuff. I believe it's uh, it is What the Stuff technology spoilers. My bad, it's it's that. That was a strange shoot. I hope listen is enjoy. You can find my co host Matt and I on stuff they don't want you to know. You can find uh a former guest host or recurring guest host of tech Stuff, Scott Benjamin, who works works with

me on car stuff next to me. Yeah, yeah, he does. You guys have some of the most interesting conversations in the office. Yeah, you know Scott. I was peg Scott as the super quiet guy in the office, but he really does enjoy a fun, bizarre, thoughtful conversation. He's a big true crime fan too, by the way. That's good to know. It's good to know. It's more more risks

for the mill my friend. Uh. And if somebody, if somebody wants to learn more about let's see the future of technology and they haven't heard of your other show, where would they go, Well, they would go to fw thinking dot com for Forward Thinking. That's where Lauren Vogelbaum, Joe McCormick and I will end up talking at nauseum about all sorts of things from the future. Uh. It's also the video series Forward Thinking. I the soul host of that show and sometimes the writer. Uh. But you

should definitely check that out. If you haven't listened to that podcast, you've got to check out the episodes that just went live so you can find them. In the most recent ones, we did Back to Back to the Future to part one, and then we did Back to Back to the Future, to part two, where we looked at the technology that Marty McFly encounters when he travels to two thousand fifteen and see how it measures up

to the actual two thousand fifteen technology of today. Yeah, I wonder if they're ever going to come out with that Pepsi can Pepsi bottle. I can tell you that the power laces are going to happen this year. Finally, Nike's gonna bring us power laces sometime in twent to hear more check out that show. Yeah, and thanks so much for having me back on, Jonathan. I look forward to seeing how this situation develops, and I do hope

we get an answer. Yeah, me too. I mean, this could be one of the great mysteries where you know, we have an official word, but there may always be lingering down. I'm not normally a conspiracy theory guy. It's just sometimes there are things like, you know, you like, this just doesn't smell right, and it could very well be that just a stinky, stinky mess. So anyway, thanks again guys for listening, and we will talk to you again really soon for more on this and thousands of

other topics. Does it have toff works dot com,