Sony CEO Slams 'Vicious' Cyberattack

Praises Employees' Actions to Get Studio Up and Running Again
Sony CEO Slams 'Vicious' Cyberattack
Sony CEO Kazuo Hirai

Sony CEO Kazuo Hirai has praised the actions of his employees in the wake of the "vicious" online attack against Sony Pictures Entertainment.

See Also: 12 Top Cloud Threats of 2016

In his first public remarks on the subject since Sony's Hollywood television and movie studio was attacked, Hirai said Jan. 5 he was "very proud" of how Sony Pictures' employees and business partners responded to the "extortionist efforts" of hackers, by working "literally 24 hours a day, sometimes for days on end" to get the studio up and running again, as well as to release the comedy film "The Interview."

Speaking at a press conference at the International Consumer Electronics Show in Las Vegas, Hirai thanked everyone who had seen the movie, stating: "I have to say that freedom of speech, freedom of expression, freedom of association, these are very important ... lifelines of Sony and our entertainment business."

Hirai also noted that current and former Sony employees were "the victims of one of the most vicious and malicious cyber-attacks we have known in recent history."

The FBI has attributed the Sony Pictures hack to North Korea, and President Obama recently imposed sanctions against 10 individuals and three entities associated with the country's Pyongyang-based government. But North Korea has denied being involved in the Sony hack and has called for a joint investigation with the United States.

A hacking group that calls itself the Guardians of Peace claimed credit for unleashing the Nov. 24 wiper malware attack against Sony Pictures that reportedly compromised 6,000 employees' computers and landline phones, after which attackers leaked high-quality digital copies of unreleased movies, as well as sensitive - and embarrassing - corporate data. Following the attack, G.O.P. said it would stop the leaks if the studio promised to never release "The Interview," which features a plot to assassinate North Korean leader Kim Jong-un.

Major movie chains balked at showing the film after G.O.P. also issued a terror threat against any theater that showed it. While Sony initially said it would shelve the film, in the face of criticism from President Obama, it instead released the film Dec. 24 via online channels, followed by it opening in about 330 independent U.S. cinemas on Christmas Day. The film quickly set an online box office record for the studio.

North Korea Slams Sanctions

Responding to Obama's new sanctions against the Democratic People's Republic of Korea as a result of the Sony attack, a North Korean government spokesman said that they represent continuing U.S. hostility toward the country. "The persistent and unilateral action taken by the White House to slap sanctions against the DPRK patently proves that it is still not away from inveterate repugnancy and hostility toward the DPRK," an unnamed spokesman for North Korea's foreign ministry said on Jan. 4, reports South Korea's Yonhap News Agency.

Many information security experts, however, continue to question the FBI's attribution of the Sony Pictures hack to North Korea, especially based on the scant amount of information that the bureau has so far released to substantiate that claim.

In fact, based on the publicly available information, Jeffrey Carr, CEO of threat-intelligence sharing firm Taia Global, has warned that there's substantial "conflicting evidence" as to North Korea being involved at all.

Many security experts have also warned that attribution, by its very nature, is typically a lengthy process - for which no solid answers may ever be found - and noted that the FBI's attribution of the Sony hack wasn't to Pyongyang or the North Korean government, but rather "North Korea."

"In many cases, it's easier to point to a region - 'Russians,' 'Chinese,' 'Moldovans' - than it is to say that the hack 'was pulled off by a Mr. George Thomason, who lives at Flat 3, Kipling Mansions, Murray Road, London, West 9,'" says information security expert Nick Selby, CEO of StreetCred Software, in a blog post.

Evidence to Remain Classified

Responding to that type of criticism, unnamed senior U.S. officials have told reporters that independent information security experts don't have access to the classified information that was used by the FBI to attribute the attacks to North Korea, the Associated Press reports.

The White House also continues to back the FBI's analysis. "They've obviously devoted significant resources to this. They have their own area of expertise when it comes to these matters, and they have come to the conclusion, based on the evidence, that North Korea was responsible for this," White House press secretary Josh Earnest told reporters in a Jan. 5 briefing. "And I don't see any reason to disagree with the conclusions that they've arrived at. If you have questions about why they've arrived at that conclusion, you can direct it to them."

Earnest acknowledged that while there was an ongoing, public debate about whether North Korea was involved in the Sony hack, "a couple of private-sector organizations ... have endorsed the findings of the FBI," although he declined to name them.

Despite calls from the information security community for the White House to declassify more of the information that the FBI used to attribute the hack attack to North Korea, Earnest says that due to the "pretty sensitive" nature of the information analyzed by the FBI, it will not release the information because that might compromise future intelligence-gathering efforts. "The evidence that they [the FBI] have reviewed and obtained, by making it public, does give a pretty strong indication to the North Koreans and, frankly, to other bad actors about the techniques that we use to investigate and to attribute these kinds of attacks," he said.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network