Sony On The Defensive After Hackers Attack Its Computer Network
RENEE MONTAGNE, HOST:
And as you might've heard, Sony Pictures Entertainment is dealing with a corporate nightmare. In one of the most spectacular digital security failures ever, hackers have collected huge amounts of Sony's private information and are making it public. Executive salaries, embarrassing emails, yet-to-be-released movies, and the hackers are now promising a Christmas surprise. For more, we reached reporter Kim Zetter, who covers cyber security for WIRED magazine. Good morning.
KIM ZETTER: Good morning.
MONTAGNE: Now, many people have assumed that these hacks are in retaliation for a Sony movie, "The Interview," which is a comedy involving the assassination attempt on North Korea's dictator, Kim Jong Un. But there are also indications that this might not be the case. What do you think about who the hackers could be?
ZETTER: Nation-state attacks don't generally unfold in the way that this one has. This is a very noisy hack. The hackers announce themselves at least publicly to employees with an image of a blazing red skull on their computers. There were a lot of threats made in announcements to the company and also just the name that they've given themselves, Guardians of Peace. Nation-state hackers don't usually use fancy nom de hacks like that.
MONTAGNE: So if not North Korea, who would be the other candidates for this?
ZETTER: Well, I believe that they're probably hacktivists. And they may be hacktivists that are supportive of North Korea, but, you know, in their initial statements to Sony, they've never mentioned North Korea. So it's unclear, and there was an email that was discovered also that looked like an extortion attempt against Sony prior to the release of these documents.
So it could be, you know, people within a group of hackers that have sort of multiple motives. Some of them can be economic, monetary motives. Some of them can be political motives. They could be, you know, something like the Anonymous group that sort of forms. People come into the group and leave the group, and so they all have different targets and different complaints and issues.
MONTAGNE: Now, in the case of Sony, it seems that there are serious holes in its digital security. First of all, would that be correct? And also does this have implications for other movie studios?
ZETTER: It definitely does have implications, not only for other movie studios but for any corporation. I mean, every, you know, security officer in every company right now has got to be scrambling to figure out, you know, how vulnerable they are.
A really concerted hacking group, a really committed hacking group is going to get into any company. Security is really difficult to get right. The issue is not necessarily keeping all of the hackers out, but monitoring your system internally enough to know when hackers are in it and also if they're exfiltrating data.
In the case of Sony, the hackers have claimed that they have exfiltrated about 100 terabytes of data. That's a really massive amount of data to be stealing from a network and not be noticed. So that sort of implies there that Sony didn't have really good, strong security.
MONTAGNE: Well, in perfect movie fashion these hackers are promising a big denouement on Christmas Day. They're going to release something else, a surprise, as they call it. What could that possibly be?
ZETTER: They've said that they are going to release a massive amount of information that's even more interesting than what's been released so far. It may involve a lot more information about their piracy efforts that could, you know, sort of raise the ire of the Internet community against them. Maybe there's information about illegal activity. Who knows? I mean, it's unclear at this point.
MONTAGNE: Kim, thanks very much.
ZETTER: You're welcome.
MONTAGNE: That is Kim Zetter, who covers cyber security for WIRED magazine.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.