PRESENTED BY GROUP 4

Sony Pictures Entertainment

Cyberattack:
The Fallout and Impact of a Major
Data Breach
INTRODUCTION
• In November 2014, a group called "Guardians of
Peace" leaked confidential data from Sony Pictures
Entertainment. The data included personal
information, emails, executive salaries, unreleased
films, and other information. They also used
malware to erase Sony's computer infrastructure.

• Sony's movie, "The Interview" was threatened by a

group of hackers who demanded that the movie be
withdrawn. The group also threatened terrorist
attacks at cinemas screening the film. As a result,
Sony cancelled the film's premiere and mainstream
release. Later, it was discovered that the hack was
sponsored by the North Korean government, which
has denied all responsibility.
HACK AND
PERPETRATORS
• The hackers copied critical files for at least two months.
The Guardians of Peace members who claimed
responsibility said they had access for at least a year
before it was discovered in November 2014.

• Attackers used an (SMB)Server Message Block Worm Tool

to target a major entertainment company. The attack
included a listening implant, backdoor, proxy tool,
destructive hard drive tool, and destructive target
cleaning tool, indicating an intent to gain repeated entry,
extract information, and remove evidence of the attack.
• In November 2014, Sony was hacked and many of its
employees' computers were rendered inoperable by
malware installed by a group calling themselves the
Guardians of Peace. The group also took some
confidential data.

• following this hack, the Guardians of Peace began

leaking yet-unreleased films and started to release
portions of the confidential data to attract the attention
of social media sites, although they did not specify
what they wanted in return.

• Sony responded to a data breach by organizing internal teams

and contacting the FBI and FireEye to protect employees' data,
repair computer infrastructure, and trace the source of the leak.
Reports later confirmed a link to North Korea.
Threats
Surrounding
The Interview
•In December, the "Guardians of Peace" group
threatened terrorist actions against the release of
the film "The Interview." Sony initially withdrew
the theatrical release due to safety concerns,
leading to cancellations of media appearances by
the film's stars and major theaters refusing to
screen it. Sony later pulled the national release
entirely, following specific demands from the
hackers. President Obama criticized Sony's
decision, but the CEO defended it, pledging
alternative distribution. Eventually, independent
theaters were authorized to show the film on
Christmas Day, alongside online releases. Despite
threats, the release was incident-free, considered a
success, though North Korea accused Obama of
forcing the film's distribution.
Attribution Of The 01.
On December 17, 2014, U.S.
government officials declared
the involvement of the North

Cyber Attack
Korean government in the
cyberattack on Sony Pictures
Entertainment.

The FBI linked North Korea to the attack through

technical analysis, citing similarities in hacking

02. tools, techniques, and infrastructure, including

communication with North Korean businesses in
China and specific IP addresses associated with
known North Korean networks.

The attribution relied on unique features in

03.
the data deletion malware, connecting it to
known North Korean cyber capabilities and
revealing overlaps with prior cyber
activities, including an attack on South
Korean banks and media outlets.
 The FBI's analysis linked the data
deletion malware to previous North
01 Korean malware, revealing similarities
in code, encryption algorithms, and
data deletion methods.​

FBI Director James Comey noted

"sloppy" actions by the hackers, such
as using North Korean proxy IP
02 addresses and logging into Facebook
and Sony servers without proper
concealment.​​

President Obama issued an Executive

Order on January 2, 2015, imposing
additional economic sanctions on
03 North Korea for the hack, leading to
further tensions and denials from
North Korean officials.
 Doubts about accusations against North Korea

• Wired magazine doubts North Korea's involvement in the

attacks.

• Michael Hiltzik, a journalist for the Los Angeles Times,

said that all evidence against North Korea was
"circumstantial" and that some cybersecurity experts
were "skeptical" about attributing the attack to the North
Koreans.

skeptical
circumstantial
Former hacker Hector
Monsegur, who once hacked
into Sony

He explained to CBS News that exfiltrating

one or one hundred terabytes of data
"without anyone noticing" would have taken
months or years, not weeks.

he doubted the accusations due to North Korea's

insufficient internet infrastructure to handle the
transfer of that much data.
• He believed that it could have
been either
• Chinese, Russian, or North Korean-
01.
sponsored hackers working outside
of the country, 02.
• but most likely to be the deed of
a Sony employee.
03.
• Kevin Mandia, president of FireEye, stated that there
is no evidence of an insider being responsible for the
cyber attack and that his firm's evidence supports
the US government's position.

• In Feb 2016, Novetta, along with Kaspersky Lab,

Symantec, and others, concluded in a joint
report that a well-resourced organization was
behind the SPE attack and not insiders or
hacktivists.

• The analysis said that the same group is

engaged in military espionage campaigns .
• But in September 2018 the US Department of Justice

at last laid out sweeping evidence showing that

North Korea had indeed been behind the attack.
• Specifically naming one individual Park Jin Hyok,
highlighting his attacks against Sony, the WannaCry
attack, and a major theft from a bank in Bangladesh.
• Ultimately it’s clear that North Korea was
behind the Sony Pictures hack.
Formal Charges
• The U.S. Department of Justice issued formal charges on September
6, 2018, against North Korean citizen Park Jin-hyok.
• Park Jin-hyok is identified as a North Korean hacker associated
with the Reconnaissance General Bureau, comparable to the
Central Intelligence Agency.
• The charges state that Park played a role in the 2017 WannaCry
ransomware attack, having developed a portion of the ransomware
software.
• The Department of Justice had been monitoring Park for some
time, and the Criminal Complaint was unsealed in September 2018.
 Legal Response
• In response to the Sony hack, President Obama issued a
legislative proposal to Congress.
• The proposal aimed to update existing laws, such as the
Racketeer Influenced and Corrupt Organizations Act, and
introduce new ones.
• The objective was to empower federal and national law
enforcement officials to better address cybercrimes,
specifically the Sony hack.
• The proposed legislation aimed to enable the prosecution of
cybercrimes in a manner consistent with offline crimes while
safeguarding the privacy of Americans.
• This legislative response reflects the government's
commitment to enhancing the legal framework for
addressing cyber threats.
PRESENTED BY GROUP 4

THANK YOU
VERY MUCH!