As Cybersecurity Awareness Month winds down, it’s worth noting the upcoming 10-year anniversary of one of the most notorious spear phishing incidents: the 2014 Sony Pictures Entertainment hack. Learn all about it in this edition of Tech Time Warp.
Frankly, the whole saga would make a decent plot for a movie. Two actors (Seth Rogen and James Franco) decided to make “The Interview,” a comedy with a questionable storyline: the CIA-directed assassination of a fictional Kim Jong Un, the real-life North Korean leader. The North Korean government expressed its displeasure about the movie by sending a letter to the United Nations, accusing the United States of “sponsoring terrorism” for allowing its production.
The fallout of the Sony hack
Because of the controversy, Sony had already delayed the film’s release date from Oct. 10 to Christmas Day. But on the morning of Nov. 24, 2014, Sony employees arrived at work to find their corporate network had been hacked by the “Guardians of Peace.” Employees had to work without access to any electronic files. Even worse, the “Guardians of Peace” had helped themselves to years of Sony files. This included embarrassing email exchanges between high-level Sony employees that forced an apology to President Barack Obama.
In September 2018, the Department of Justice charged North Korean citizen Park Jin Hyok with conspiracy to conduct “multiple cyber attacks and instructions.” Park was a leader in the Sony hack. He was also part of the government-sponsored hacking team responsible for WannaCry 2.0 in 2017 and the 2016 theft of $81 million from Bangladesh Bank. The Sony case represented a classic spear phishing incident. Attackers specifically targeted high-level employees, including then-CEO Michael Lynton, with various emails designed to steal their credentials. One email, for instance, purported to contain Apple ID verification links. A Columbia University case study cited several practices that made Sony vulnerable. This included not implementing two-factor authentication and lax password standards.
The incident raised interesting questions about free speech and the use of cyberthreats by nation-states to suppress it. “The Interview” was ultimately released on YouTube, Google Play and Xbox Video.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: New Africa / Shutterstock
