WEBVTT - The 2014 Sony Hack Revisited 0:00:04.400 --> 0:00:07.800 Welcome to Tech Stuff, a production from I Heart Radio. 0:00:12.119 --> 0:00:15.000 Hey there, and welcome to tech Stuff. I'm your host, 0:00:15.160 --> 0:00:18.439 Jonathan Strickland. I'm an executive producer with iHeart Radio and 0:00:18.480 --> 0:00:22.639 I love all things tech. And for today's show, I 0:00:22.800 --> 0:00:27.720 thought I would cover kind of an infamous thing that 0:00:27.880 --> 0:00:32.520 happened in tech a few years ago. So in hackers 0:00:32.640 --> 0:00:37.360 infiltrated the computer systems of Sony Pictures and they stole 0:00:37.440 --> 0:00:41.239 an enormous amount of data. This was one of the 0:00:41.320 --> 0:00:47.840 highest profile incidents of hacking in that decade, and it 0:00:47.880 --> 0:00:53.360 involves everything from political posturing to the studio of Sony 0:00:53.479 --> 0:00:55.360 waffling over whether or not it was actually going to 0:00:55.440 --> 0:00:58.680 release a movie. So I thought we could revisit that 0:00:58.760 --> 0:01:01.639 story kind of walk through you to see what we 0:01:01.680 --> 0:01:05.040 know about it and what we suspect, or maybe it 0:01:05.240 --> 0:01:08.560 might be more accurate to say, you know, what is 0:01:08.600 --> 0:01:11.319 the official stance of the FBI, and what do other 0:01:11.360 --> 0:01:14.600 people think, and also what has happened since, including how 0:01:14.640 --> 0:01:18.040 the people accused of being behind the attack also stand 0:01:18.120 --> 0:01:21.760 accused of other cyber crimes. And I should point out 0:01:21.840 --> 0:01:26.399 that early on a lot of these details um around 0:01:26.400 --> 0:01:28.960 the hack. I mean even now, they still remain unknown, 0:01:29.760 --> 0:01:33.160 or at least if they are known, the folks who 0:01:33.280 --> 0:01:36.640 know it are kind of keeping it to themselves. And 0:01:37.040 --> 0:01:39.240 you know, there's a lot of speculation out there, with 0:01:39.360 --> 0:01:43.760 conflicting accounts as to when things got started, why the 0:01:43.800 --> 0:01:46.440 hack happened, and who is behind the whole ding dang 0:01:46.560 --> 0:01:50.400 darn thing. There's even a suspect whom an entire country 0:01:50.400 --> 0:01:55.360 insists does not actually exist. So it's a legit mystery, 0:01:55.400 --> 0:02:01.440 including conspiracy theories and enormous consequences. But let's begin with 0:02:01.560 --> 0:02:05.800 the morning of Monday, November twenty four, two thousand fourteen. 0:02:06.760 --> 0:02:10.320 Sony Pictures employees come in to go to work. Yeah, 0:02:10.360 --> 0:02:13.240 they boot up their machines and they see something that 0:02:13.280 --> 0:02:17.160 could have come straight out of a Sony Pictures film. 0:02:17.240 --> 0:02:19.120 In fact, it feels like something straight out of the 0:02:19.240 --> 0:02:25.040 nineties movie A red Skeleton Cartoons skeleton appears on their 0:02:25.080 --> 0:02:28.720 computer screen, and then their computer speaker system plays the 0:02:28.800 --> 0:02:32.360 sounds of gun shots, and there's a message that pops 0:02:32.480 --> 0:02:37.240 up that says hacked by hashtag g O P. Now 0:02:37.320 --> 0:02:40.120 for Americans, that might have caused a little bit of 0:02:40.160 --> 0:02:44.520 confusion because here in America, GOP typically stands for Grand 0:02:44.560 --> 0:02:48.520 Old Party. It's another name for the Republican Party, the 0:02:48.560 --> 0:02:52.480 one commonly associated with conservative political views here in the 0:02:52.560 --> 0:02:57.680 United States. But that was not the GOP behind this attack. 0:02:58.880 --> 0:03:04.040 This GOP stood for Guardians of Peace. As to who 0:03:04.120 --> 0:03:07.320 was behind that, well, it's obviously a big part of 0:03:07.360 --> 0:03:11.480 the mystery. There was a further bit to this message. 0:03:11.520 --> 0:03:15.280 It wasn't just hacked by hashtag g OP. It read quote, 0:03:15.760 --> 0:03:19.160 We've already warned you, and this is just a beginning. 0:03:19.600 --> 0:03:23.679 We continue till our request be met. We've obtained all 0:03:23.720 --> 0:03:28.000 your internal data, including your secrets and top secrets. If 0:03:28.080 --> 0:03:31.560 you don't obey, us will release data below to the world. 0:03:32.000 --> 0:03:36.320 Determine what will you do? Till November two p m 0:03:36.440 --> 0:03:40.040 g MT End quote. Then there were data links to 0:03:40.160 --> 0:03:43.200 a list of the assets the hackers had stolen from 0:03:43.240 --> 0:03:49.720 Sony's systems. Employees found that pretty much every aspect of 0:03:49.760 --> 0:03:55.280 their network was inaccessible. Voicemail was offline, the telephone directory 0:03:55.280 --> 0:03:58.440 in general was gone. There was no way to access 0:03:58.480 --> 0:04:02.440 the Internet, and even the cafeteria couldn't connect to credit 0:04:02.440 --> 0:04:06.080 card verification services, which meant all transactions had to be 0:04:06.200 --> 0:04:09.240 cash only that day, not just that day either. This 0:04:09.320 --> 0:04:12.680 lasted a while so never mind trying to access something 0:04:12.680 --> 0:04:16.680 off of Sony's servers. Before lunchtime, news of the hack 0:04:16.720 --> 0:04:21.000 had already broken online, with outlets like geek dot com 0:04:21.040 --> 0:04:25.520 and Deadline reporting on it straight away. Sony employees found 0:04:25.560 --> 0:04:29.919 themselves unable to do any work or they had to 0:04:29.960 --> 0:04:33.920 switch to you know, like pen and paper or white 0:04:33.960 --> 0:04:36.520 boards in an old school approach to trying to to 0:04:36.640 --> 0:04:39.280 do anything productive in the face of a massive attack. 0:04:39.839 --> 0:04:43.599 In fact, when it was all said and done, Sony 0:04:43.839 --> 0:04:48.560 had to wait until February of twift to get systems 0:04:48.600 --> 0:04:51.520 back online, so you know, that's like more than a 0:04:51.600 --> 0:04:55.200 month of the systems being down. They had to retire 0:04:55.320 --> 0:05:00.000 three thousand, two hundred sixty two employee PCs that's how 0:05:00.080 --> 0:05:04.240 of six thousand, seven nine seven total, so almost half 0:05:04.279 --> 0:05:07.320 of all computers had to be replaced, and had to 0:05:07.360 --> 0:05:10.520 do the same with eight hundred thirty seven out of 0:05:10.640 --> 0:05:14.120 one thousand, five hundred fifty five servers, so more than 0:05:14.200 --> 0:05:17.080 half of their servers had to be replaced. This is 0:05:17.120 --> 0:05:21.359 all according to a Vanity Fair article titled The Untold 0:05:21.440 --> 0:05:25.400 Story of the Sony Hack by Richard Stingle. At the 0:05:25.440 --> 0:05:28.680 time of the hack, Stingle was actually working for US 0:05:28.800 --> 0:05:32.200 Secretary of State and had a direct connection as he 0:05:32.320 --> 0:05:36.880 was friends with the the then CEO of Sony Pictures. 0:05:37.560 --> 0:05:42.479 According to Sony itself, as reported by computer World, the 0:05:42.520 --> 0:05:45.800 hack represented a thirty five million dollar cost in I 0:05:45.960 --> 0:05:49.839 T repairs. That was the figure quoted for quote restoring 0:05:49.880 --> 0:05:53.279 our financial and I T systems end quote according to 0:05:53.279 --> 0:05:57.599 a Sony spokesperson, And that actually sounds low to me. 0:05:58.120 --> 0:06:00.920 And of course there were other monitor are damages as 0:06:00.920 --> 0:06:03.800 well due to how the hackers would release much of 0:06:03.839 --> 0:06:08.200 that stolen information online. And then there's the damage to 0:06:08.279 --> 0:06:12.000 Sony's reputation, a rep that already had more than a 0:06:12.000 --> 0:06:16.640 little tarnish on it before the hack even happened. Meanwhile, 0:06:17.040 --> 0:06:20.080 the details of the attack included links that the hackers 0:06:20.160 --> 0:06:22.560 left behind two sites that showed off some of the 0:06:22.640 --> 0:06:25.360 data they had taken, So this was more of like 0:06:25.560 --> 0:06:30.480 a directory of what was stolen, with the actual data 0:06:30.520 --> 0:06:34.240 itself to follow in the weeks to come. As it 0:06:34.240 --> 0:06:37.400 would turn out, the hackers who had infiltrated the system 0:06:37.720 --> 0:06:41.000 had been hard at work inside Sony's cyber walls for 0:06:41.040 --> 0:06:43.520 at least a few weeks at the point where they 0:06:43.600 --> 0:06:47.800 left this message, and some accounts suggest that the initial 0:06:47.839 --> 0:06:51.000 intrusion might have happened even more than a year in 0:06:51.080 --> 0:06:54.919 advance because of just the enormous amount of information that 0:06:54.960 --> 0:06:58.200 got siphoned away. But either way, this was not some 0:06:58.279 --> 0:07:01.039 sort of hasty message that was sent immediately after the 0:07:01.040 --> 0:07:04.560 hackers got access to the system. Now, the hackers had 0:07:04.600 --> 0:07:08.599 clearly already copied a vast amount of information, which again 0:07:08.640 --> 0:07:12.040 depending on the account, ranged anywhere from forty gigabytes to 0:07:12.160 --> 0:07:16.920 around a hundred terra bytes or more, a truly astonishing 0:07:17.080 --> 0:07:22.760 amount of information. They also deleted files on Sony's systems 0:07:22.880 --> 0:07:25.680 and then they sent the message. So it's only after 0:07:25.720 --> 0:07:28.560 they had siphoned off the data and burned everything behind 0:07:28.640 --> 0:07:31.640 them that they tipped their hand that they were involved. 0:07:32.200 --> 0:07:34.240 So yeah, this was the moment where the world at 0:07:34.320 --> 0:07:38.480 large learned about the attack, But again, it had clearly 0:07:38.560 --> 0:07:43.480 happened or at least started before November. In fact, this 0:07:43.600 --> 0:07:47.120 wasn't even the first attack on Sony's computer systems in 0:07:48.680 --> 0:07:51.840 and the company had a history of cybersecurity issues which 0:07:51.880 --> 0:07:55.200 did not make it look particularly strong. Let's go back 0:07:55.240 --> 0:07:58.760 to April of two thousand eleven, and don't worry, this 0:07:58.800 --> 0:08:01.240 bit is just a quick overview to set the stage, 0:08:01.280 --> 0:08:04.080 and this is going to focus not on Sony Pictures, 0:08:04.080 --> 0:08:07.560 but another branch of Sony. So in two ten, there 0:08:07.640 --> 0:08:10.720 was a security hacker named George Hots, a k a. 0:08:10.920 --> 0:08:14.440 Geo Hot, and he became the target of Sony's ire 0:08:15.120 --> 0:08:18.480 after Geo Hot started working on a method to breach 0:08:18.560 --> 0:08:22.400 the PlayStation three consoles security in order to unlock the 0:08:22.440 --> 0:08:24.520 console so that you could do all sorts of different 0:08:24.520 --> 0:08:26.440 stuff with it. You could hack it, in other words, 0:08:27.000 --> 0:08:30.160 and and really use that special hardware of the PS 0:08:30.240 --> 0:08:34.600 three to tackle specific types of computational problems, because the 0:08:34.720 --> 0:08:37.400 architecture of the PS three was very different from other 0:08:37.440 --> 0:08:42.680 consoles at the time. Sony brought some legal action against Hots, 0:08:42.760 --> 0:08:46.400 who had pointed out a pretty massive flaw in Sony's 0:08:46.440 --> 0:08:52.040 own security, and then Anonymous got involved. And you don't 0:08:52.080 --> 0:08:55.720 hear about Anonymous as much these days as used to. 0:08:55.960 --> 0:09:00.560 But it's it's a loosely organized activist group and there's 0:09:00.640 --> 0:09:05.440 usually no identifiable leadership within the group itself, and members 0:09:05.480 --> 0:09:09.440 can have drastically different philosophies and approaches, So you can 0:09:09.480 --> 0:09:15.120 have like concerned activists to nihilistic anarchists in that same group. 0:09:15.559 --> 0:09:19.560 Anonymous named Sony a prime target for hacking in response 0:09:19.600 --> 0:09:24.040 to how Sony was pursuing hots and what followed was 0:09:24.080 --> 0:09:27.079 a distributed denial of service or d d o S 0:09:27.120 --> 0:09:31.480 attack on Sony's PlayStation network servers, which interrupted service for 0:09:31.600 --> 0:09:35.520 millions of Sony PlayStation owners. Sony would actually end up 0:09:35.559 --> 0:09:39.880 taking the network offline entirely on April twenty while looking 0:09:39.960 --> 0:09:43.440 for a way to counter the attacks. Later the world 0:09:43.520 --> 0:09:46.120 learned that a you know, leading up to Sony taking 0:09:46.160 --> 0:09:50.760 down the PlayStation network, hackers had actually infiltrated Sony systems 0:09:50.960 --> 0:09:54.400 and accessed a database containing user data for seventy seven 0:09:54.600 --> 0:09:59.880 million accounts, including people's names, their email addresses, their past 0:10:00.040 --> 0:10:03.120 words they're log in. There was a question about maybe 0:10:03.160 --> 0:10:06.480 their credit card information got leaked as well, something that 0:10:06.600 --> 0:10:09.200 Sony said did not happen. But this was just the 0:10:09.240 --> 0:10:13.160 beginning of Sony's woes. Different groups of hackers, most of 0:10:13.200 --> 0:10:18.640 which were using fairly unsophisticated tools, attacked Sony Online Entertainment, 0:10:19.360 --> 0:10:23.559 Sony websites, and numerous other Sony sites and services, so 0:10:23.720 --> 0:10:27.360 they weren't necessarily coordinating with one another, but rather kind 0:10:27.400 --> 0:10:31.480 of all acting on an opportunity that presented itself. And 0:10:31.720 --> 0:10:34.240 this isn't to suggest that the people behind these attacks 0:10:34.280 --> 0:10:38.000 in eleven were linked to the ones we saw in fourteen, 0:10:38.440 --> 0:10:41.680 but rather to point out that Sony as a company 0:10:41.920 --> 0:10:48.120 had truly atrocious cybersecurity systems and practices in place. This 0:10:48.160 --> 0:10:52.160 was in so you would think that after that experience 0:10:52.320 --> 0:10:56.840 of being hit by these attacks, that Sony would really 0:10:56.880 --> 0:11:00.760 beef up security considerably and make future attack its less likely. 0:11:01.120 --> 0:11:05.000 I mean, you would think that, but you'd be wrong. 0:11:05.559 --> 0:11:10.199 According to multiple sources, Sony systems had poor password protection, 0:11:10.640 --> 0:11:15.199 like super poor like according to the Hollywood Reporter, some 0:11:15.320 --> 0:11:19.520 servers had passwords like Sony pictures, which you know, is 0:11:19.520 --> 0:11:23.200 not great, not super secure, And the fact that security 0:11:23.240 --> 0:11:26.520 was so poor meant that the list of possible perpetrators 0:11:26.520 --> 0:11:30.720 would be really, really big, big enough so that even 0:11:30.720 --> 0:11:35.120 when the FBI would announce a suspect that being hackers 0:11:35.120 --> 0:11:38.160 connected to North Korea, there was enough doubt among the 0:11:38.200 --> 0:11:41.520 security community to raise questions about it. All right, so 0:11:41.559 --> 0:11:45.160 let's get back to our timeline. The Hollywood Reporter article 0:11:45.240 --> 0:11:49.560 titled five years Later, Who Really Hacked Sony includes the 0:11:49.600 --> 0:11:53.640 fact that, according to leaked internal emails at Sony, the 0:11:53.679 --> 0:11:58.040 company discovered an earlier breach inteen. That's the February one, 0:11:58.679 --> 0:12:01.360 and the keep in mind that the big hack, the 0:12:01.400 --> 0:12:04.079 one that we're really focused on in this episode, would 0:12:04.080 --> 0:12:07.560 take place later that year in November. But in that 0:12:07.640 --> 0:12:10.840 February hack, there was a fear that the hackers managed 0:12:10.880 --> 0:12:14.320 to secure the credentials to get administrative control of a 0:12:14.400 --> 0:12:19.840 Sony Pictures system, potentially uploading malware into the system in 0:12:19.880 --> 0:12:24.640 the process, and as we just covered, Sony's security wasn't 0:12:24.920 --> 0:12:28.160 really up to code. Now, I tried to track down 0:12:28.160 --> 0:12:32.520 more information about this February two, fourteen hack and came 0:12:32.600 --> 0:12:35.600 up empty. Now it's possible that this was something that 0:12:35.679 --> 0:12:39.080 Sony just tried to contain completely internally and it just 0:12:39.160 --> 0:12:43.280 never went beyond those internal emails. At any rate, it 0:12:43.440 --> 0:12:46.400 is very challenging to search for anything related to Sony 0:12:46.440 --> 0:12:50.280 and hacking that happened in that doesn't relate to the 0:12:50.360 --> 0:12:54.559 more notorious event that happened in November. However, there's one 0:12:54.559 --> 0:12:56.840 thing I do have to talk about that happened between 0:12:57.080 --> 0:13:02.040 February and November that does play into the story, and 0:13:02.120 --> 0:13:08.120 that's the Interview. The Interview is a film. It's a 0:13:08.120 --> 0:13:11.600 comedy that was developed by Seth Rogan and Evan Goldberg 0:13:11.920 --> 0:13:15.720 about a TV journalist and his producer getting a gig 0:13:15.760 --> 0:13:19.559 to come to North Korea and interview the country's leader, 0:13:19.720 --> 0:13:24.040 Kim Jong Un. Only they are intercepted by members of 0:13:24.080 --> 0:13:26.240 the c i A who want to use this rare 0:13:26.280 --> 0:13:31.600 opportunity to assassinate Kim Jong Un, turning the vacuous Hollywood 0:13:31.640 --> 0:13:36.840 types into state backed assassins. Seth Rogan and James Franco 0:13:36.960 --> 0:13:41.080 played the producer and the TV host, respectively. Randall Park 0:13:41.440 --> 0:13:44.400 a k agent, Jimmy Wou and the m c U 0:13:44.520 --> 0:13:48.080 played Kim Jong Un. The film went into production in 0:13:48.120 --> 0:13:51.720 two thousand thirteen with Sony Pictures behind it, and the 0:13:51.800 --> 0:13:55.520 release date was set for October of two thousand fourteen. 0:13:55.800 --> 0:13:58.440 So in the summer of two thousand fourteen, when the 0:13:58.440 --> 0:14:01.439 movie's publicity was starting to get all the ground, that's 0:14:01.440 --> 0:14:05.880 when there were rumblings from North Korea. The media. North 0:14:05.960 --> 0:14:10.280 Korea condemned the film months before it was set to premiere, 0:14:10.800 --> 0:14:13.680 calling for Sony to not release it and even to 0:14:13.840 --> 0:14:16.240 just destroy the movie, and that the release of the 0:14:16.280 --> 0:14:20.320 movie would be considered an act of terrorism and war. Now, 0:14:20.320 --> 0:14:24.760 on the one hand, the Interview is a pretty dumb movie. 0:14:25.400 --> 0:14:28.760 It's it's not a hard hitting thriller. It doesn't say 0:14:28.760 --> 0:14:32.960 anything particularly insightful about North Korea or Kim Jong un. 0:14:33.560 --> 0:14:37.280 But on the other hand, it's pretty darn taboo to 0:14:37.360 --> 0:14:40.440 make a fictional film about a planned assassination of a 0:14:40.480 --> 0:14:44.760 real world person who is very much still alive. I mean, 0:14:45.040 --> 0:14:49.280 it has been done, but it's a tricky thing to do. Honestly, 0:14:49.320 --> 0:14:51.800 I think if someone were to make a movie about 0:14:51.920 --> 0:14:55.160 trying to assassinate me, I'd take it a little personally. 0:14:56.120 --> 0:14:59.200 Sony pushed back the release of the film from October 0:14:59.360 --> 0:15:02.440 to Decen two thousand fourteen, the idea of being of 0:15:02.440 --> 0:15:06.280 releasing it on Christmas Day, and they also made some 0:15:06.400 --> 0:15:09.240 changes to the movie. Now, whether these changes were meant 0:15:09.240 --> 0:15:12.960 as concessions to North Korea or not, I don't know, 0:15:13.600 --> 0:15:16.680 but there's a pretty solid story of the company easing 0:15:16.760 --> 0:15:21.720 back on the death scene of Kim Jong un. Spoiler alert. 0:15:21.760 --> 0:15:24.560 He does die in the movie. He gets blown to 0:15:24.680 --> 0:15:27.600 smithereens when his helicopter is hit with a shot from 0:15:27.600 --> 0:15:32.720 a Franco driven tank, and apparently in the version that 0:15:32.760 --> 0:15:36.920 they filmmakers originally created, that death scene was far more 0:15:37.000 --> 0:15:41.320 graphic than it is in the finished film. Well, North 0:15:41.400 --> 0:15:44.920 Korean media was pushing rhetoric that suggested that release of 0:15:44.920 --> 0:15:49.400 the film would lead to disastrous consequences, and Sony pushed 0:15:49.400 --> 0:15:51.600 back the date but still planned to release the film. 0:15:51.920 --> 0:15:55.480 And then in November, the other shoe dropped, or at 0:15:55.520 --> 0:15:59.320 least it appeared too. I'll explain more after we take 0:15:59.360 --> 0:16:09.040 this break. Before the break, I said that the other 0:16:09.080 --> 0:16:12.120 shoe appeared to drop. And the reason I used that 0:16:12.240 --> 0:16:15.520 wishy washy language is that when it comes to what happened, 0:16:15.840 --> 0:16:18.280 there's some stuff we can say for sure and some 0:16:18.280 --> 0:16:21.560 stuff we have to kind of guess at what. When 0:16:21.560 --> 0:16:23.240 it comes to the stuff we can say for sure, 0:16:23.320 --> 0:16:27.000 we can summari rise like this. You know, hackers definitely 0:16:27.080 --> 0:16:31.760 got access to Sony systems. They definitely stole information, and 0:16:31.800 --> 0:16:35.000 we know this because they later posted that information online, 0:16:35.480 --> 0:16:39.760 frequently using Pastebin to do so. Pastebin is a plain 0:16:39.920 --> 0:16:44.480 text content hosting service, So you can post the code 0:16:44.760 --> 0:16:48.320 to something in plain text on a paste bind service, 0:16:48.640 --> 0:16:52.800 but you can't host you know, streaming media or you know, 0:16:53.080 --> 0:16:55.880 working files or anything like that. You could post the 0:16:55.920 --> 0:16:58.160 code to a file, but you wouldn't be able to, 0:16:58.520 --> 0:17:00.520 you know, have an execute he able file in pace 0:17:00.640 --> 0:17:03.560 bin format. So the hackers released lots of stuff over 0:17:03.560 --> 0:17:06.520 the weeks following the attack, much of which appeared to 0:17:06.560 --> 0:17:10.320 be aimed specifically at harming Sony. More on that in 0:17:10.359 --> 0:17:15.600 a little bit as well. On November, just three days 0:17:15.680 --> 0:17:19.480 after the hack, someone in that hacker group made available 0:17:19.720 --> 0:17:24.240 five Sony films on online file sharing hubs, and they 0:17:24.240 --> 0:17:27.359 included four films that had not yet even been released 0:17:27.400 --> 0:17:30.760 to theaters, proving that this was part of the information 0:17:30.880 --> 0:17:35.440 stolen during the hack. The four unreleased films were Annie, 0:17:35.640 --> 0:17:40.600 Mr Turner, to Write Love on Her Arms and Still Alice. 0:17:41.040 --> 0:17:44.959 The fifth film, Fury starring Brad Pitt, was already in 0:17:45.119 --> 0:17:49.560 its theatrical run at the time. The hackers also definitely 0:17:49.720 --> 0:17:54.840 wiped Sony systems, using legit tools to erase and overwrite 0:17:54.920 --> 0:17:58.800 data to make it extremely difficult to retrieve. Now, you 0:17:58.880 --> 0:18:01.640 probably know that when you delete a file from your 0:18:01.640 --> 0:18:06.440 hard drive, that information does not just magically disappear. It's 0:18:06.440 --> 0:18:08.280 not like it's gone. It's not like using in a 0:18:08.400 --> 0:18:13.119 racer to erase away stuff you've written. The information is 0:18:13.119 --> 0:18:15.960 actually still there on your hard drive, at least until 0:18:15.960 --> 0:18:19.560 your hard drive overwrites the old data with new data. 0:18:19.840 --> 0:18:24.080 So essentially your hard drive flags the drive space where 0:18:24.119 --> 0:18:27.680 you're deleted files are, and it says this is fair game. 0:18:28.119 --> 0:18:30.360 So whenever we have to write new data, you can 0:18:30.400 --> 0:18:32.560 do it here if you want to. But until the 0:18:32.600 --> 0:18:35.879 computer actually does write new information to that section of 0:18:35.880 --> 0:18:39.840 the hard drive, that data can sometimes be retrieved with 0:18:39.920 --> 0:18:43.120 tools like the ones that the hackers used, this process 0:18:43.160 --> 0:18:46.840 gets cut off, and that's because these tools they first 0:18:47.080 --> 0:18:51.320 delete data on a drive, then they overwrite the drives 0:18:51.480 --> 0:18:54.159 with gibberish. So this is what you might use. If 0:18:54.200 --> 0:18:57.480 you wanted to wipe a personal computer before you sold 0:18:57.520 --> 0:19:00.320 it or traded it in or or recycled it or whatever, 0:19:00.760 --> 0:19:03.320 you would go through this process, and then you don't 0:19:03.359 --> 0:19:06.000 have to worry about whether or not you overlooked a 0:19:06.040 --> 0:19:10.080 folder that contained personal information in it, because this type 0:19:10.080 --> 0:19:14.000 of tool essentially nukes it from orbit, because it's the 0:19:14.040 --> 0:19:17.560 only way to be sure. So we know that someone 0:19:17.680 --> 0:19:21.399 gained access to Sony's systems, they stole an enormous amount 0:19:21.400 --> 0:19:24.480 of information. They proved that they stole it by posting 0:19:24.520 --> 0:19:28.520 some of that online, and they wiped the infected computers 0:19:28.560 --> 0:19:31.760 after extricating the data. So let's talk about some of 0:19:31.800 --> 0:19:36.080 the actual data leaks now. The movies were probably the 0:19:36.119 --> 0:19:39.480 highest profile example of a data leak to a lot 0:19:39.520 --> 0:19:42.119 of people, right because people are really familiar with movies, 0:19:42.440 --> 0:19:45.600 so something like that happening, it's easy to take notice. 0:19:46.359 --> 0:19:49.280 There were also some screenplays of films that had not 0:19:49.400 --> 0:19:52.280 yet gotten into production that got released. Those I would 0:19:52.359 --> 0:19:56.000 argue were probably one step lower than the finished films were. 0:19:56.400 --> 0:19:59.280 And then for folks in the film industry or for 0:19:59.320 --> 0:20:02.240 people who are really interested in the business side of filmmaking, 0:20:02.880 --> 0:20:06.680 what really stood out were the internal documents revealing things 0:20:06.720 --> 0:20:13.119 like people's salaries and personal emails between Sony employees and 0:20:13.200 --> 0:20:20.120 other folks, emails that frequently contained embarrassing or downright damaging information. 0:20:21.160 --> 0:20:25.520 On December one, two thousand, fourteen files that detailed Sony 0:20:25.600 --> 0:20:30.120 salaries hit the internet. The top seventeen Sony executives had 0:20:30.160 --> 0:20:35.960 their salary information pre bonus that is leaked online. Other 0:20:36.040 --> 0:20:40.520 files had more than six thousand Sony employees, current and former, 0:20:40.640 --> 0:20:44.760 and their salary information, including other stuff like personal information 0:20:45.040 --> 0:20:52.240 that was personally identifiable information. Several media outlets published this information. 0:20:52.280 --> 0:20:55.399 At least the information about the executive salaries, and that 0:20:55.480 --> 0:20:58.879 showed a pretty large disparity in the company. Like it 0:20:59.000 --> 0:21:02.240 was no real surprise, because I mean, it's kind of 0:21:02.240 --> 0:21:05.239 an open secret, but it was no real surprise that 0:21:05.359 --> 0:21:09.160 the white men in the executive area of Sony, we're 0:21:09.240 --> 0:21:16.040 making substantially more money than people of any other designation 0:21:16.040 --> 0:21:18.679 than white male. Right, Like that was top tier was 0:21:18.720 --> 0:21:22.399 white male. This, by the way, would lead some people 0:21:22.560 --> 0:21:26.280 like Richard Stingle to criticize the media, and the criticism 0:21:26.440 --> 0:21:29.600 mostly centers on the fact that there was a dangerous 0:21:29.760 --> 0:21:34.720 story here about hacking and cybersecurity that was in need 0:21:34.800 --> 0:21:38.480 of addressing. Like the focus in Stingles might need to 0:21:38.480 --> 0:21:42.000 be on the hackers and what they had done and 0:21:42.440 --> 0:21:45.119 the extent of their crime and the serious nature of 0:21:45.160 --> 0:21:49.160 that crime, but the media was focusing on illegally obtained 0:21:49.160 --> 0:21:53.720 information that made Sony look bad. Now to that, I say, 0:21:53.920 --> 0:21:57.320 I understand where you're coming from, and absolutely it would 0:21:57.320 --> 0:21:59.480 be good to spend more time to focus on the 0:21:59.560 --> 0:22:03.280 ramafic cations of cybersecurity. That is a conversation that is 0:22:03.320 --> 0:22:08.879 not held often enough and never with enough sincerity or gravity. 0:22:08.920 --> 0:22:11.800 But we also know that you know what kind of 0:22:11.800 --> 0:22:16.359 content drives clicks, Right, if you write about cybersecurity, you're 0:22:16.400 --> 0:22:18.800 going to get a fraction of the number of clicks 0:22:18.840 --> 0:22:20.840 that you're going to get if you wrote about how 0:22:20.880 --> 0:22:24.360 certain male executives were making way more money than their 0:22:24.400 --> 0:22:29.480 female counterparts, for example. And ultimately, media is a business, 0:22:29.520 --> 0:22:32.040 so you kind of see where that's going to go. Right, 0:22:32.880 --> 0:22:36.359 It's no surprise that media companies are going to really 0:22:36.400 --> 0:22:40.560 focus on the stuff that drives traffic, because ultimately that's 0:22:40.560 --> 0:22:45.000 what drives revenue. Sony leadership went into damage control, with 0:22:45.080 --> 0:22:48.959 Sony chiefs Amy Pascal and Michael Linton sending out a 0:22:49.000 --> 0:22:54.960 memo urging patients and understanding among Sony employees, saying, you know, 0:22:55.960 --> 0:22:59.399 calm down, chill out, it will be okay, and the 0:22:59.440 --> 0:23:02.439 two states that the hackers had taken a large amount 0:23:02.440 --> 0:23:05.320 of information and that it was pretty safe to assume 0:23:05.680 --> 0:23:09.800 that any information about the employees themselves could have been 0:23:09.840 --> 0:23:12.080 a part of all that, and that if Sony had 0:23:12.119 --> 0:23:15.879 information about you as an employee, there was a really 0:23:15.880 --> 0:23:18.480 good chance that the hackers had that info at this point. 0:23:19.000 --> 0:23:20.720 So I think this was a clear effort to get 0:23:20.760 --> 0:23:23.919 ahead of problems like people finding out how much they 0:23:23.960 --> 0:23:27.640 were paid compared to their peers, which could definitely promote 0:23:27.760 --> 0:23:31.040 some uncomfortable discussions if they were to turn out that 0:23:31.080 --> 0:23:34.720 salaries weren't equitable across the board. Also to kind of 0:23:34.760 --> 0:23:38.680 alert employees like, hey, you might have to pay very 0:23:38.720 --> 0:23:42.320 special attention to things like your credit report now because 0:23:42.480 --> 0:23:47.480 your personal information, including stuff like social Security numbers, is 0:23:47.480 --> 0:23:49.800 now in the hands of hackers who are making it 0:23:49.840 --> 0:23:53.240 freely available. So even if the hackers don't do anything 0:23:53.280 --> 0:23:56.440 with your data, they're making it freely available for other 0:23:56.560 --> 0:24:00.880 cyber criminals to make use of that data. By December third, 0:24:01.200 --> 0:24:05.840 another dump caught headlines, and this data dump included stuff 0:24:05.920 --> 0:24:09.360 like scans of visas and passports of people who are 0:24:09.359 --> 0:24:13.639 working on various Sony films, so even more personal information. 0:24:14.040 --> 0:24:18.160 This also included some notable celebrities like Angelina Jolie. There 0:24:18.200 --> 0:24:21.640 were also documents that include the user names and passwords 0:24:21.680 --> 0:24:25.120 for the accounts of several Sony executives. But one thing 0:24:25.119 --> 0:24:29.719 that got wide circulation was a collection of Sony employees 0:24:29.800 --> 0:24:34.280 takes on the works of a Mr. Adam Sandler. Turns 0:24:34.280 --> 0:24:37.320 out a lot of Sony employees have a low opinion 0:24:37.680 --> 0:24:41.120 of Adam Sandler's art and it was stories like these 0:24:41.160 --> 0:24:44.560 that received far more media coverage than the actual attacks, 0:24:44.600 --> 0:24:49.399 because again, juicy, right, watching Hollywood eat its own is 0:24:49.480 --> 0:24:53.920 something that the media thought was very entertaining and would 0:24:54.000 --> 0:24:57.919 drive a lot of engagement. Then again, you could argue 0:24:58.119 --> 0:25:01.080 that there wasn't a whole lot you would say about 0:25:01.160 --> 0:25:04.920 the attacks other than you know they had happened. While 0:25:05.040 --> 0:25:07.639 some people had been circulating the theory that it was 0:25:07.720 --> 0:25:10.720 North Korea behind it all, even in the early stages, 0:25:11.280 --> 0:25:14.120 there were there were no smoking guns that you could 0:25:14.119 --> 0:25:17.919 point to. Rather, there was a suspicion because of the timing, 0:25:18.480 --> 0:25:21.879 along with the upcoming release of the film the Interview, 0:25:22.119 --> 0:25:26.280 and the reaction of North Korea's media to the idea 0:25:26.400 --> 0:25:30.400 of the film the interviews, So while people were mentioning 0:25:30.440 --> 0:25:34.480 North Korea, there wasn't any definitive evidence yet to kind 0:25:34.480 --> 0:25:37.879 of lean on. In fact, on December three, Sony issued 0:25:37.920 --> 0:25:40.240 a statement that said a report that North Korea was 0:25:40.280 --> 0:25:44.960 behind the attack was not accurate. On December five, someone 0:25:45.000 --> 0:25:47.760 claiming to be the Guardians of Peace sent a threatening 0:25:47.800 --> 0:25:52.000 message to Sony employees, and on the eighth, someone claiming 0:25:52.040 --> 0:25:54.800 to be that same group posted a message on a 0:25:54.800 --> 0:25:57.919