Get more Mail & Guardian
Subscribe or Login

Hackers ‘may attack other film studios after leak of Sony Pictures’ data’

Security researchers have warned that hackers could be preparing attacks on other major film studios in the wake of the Sony Pictures cyber-attack that paralysed the company’s computer systems and resulted in the leak of several unreleased films.

Sean Sullivan, senior adviser and researcher at the security company F-Secure, said that he believes the purpose of the Sony hack was extortion. “If it was just hacktivists, they’d have released everything all at once,” he said. “But these releases, it’s like they’re shooting hostages. One thing one day, another the next. This is a really different tactic from what we usually see.”

The hackers behind the Sony attack emailed five top Sony Pictures executives on 21 November, three days before they began leaking the files, and demanded monetary compensation.

The email – headed “Notice to Sony Pictures Entertainment” – warned: “We’ve got great damage [sic] by Sony Pictures. The compensation for it, monetary compensation we want. Pay the damage, or Sony Pictures will be bombarded as a whole.” The executives appear to have ignored the message, which did not have any contact information, deadline or details about amounts or actions wanted.

On 25 November the hackers  paralysed Sony Pictures’ computer systems, forcing the company to send some staff home while others had to use pen, paper and fax machines across its international offices. The studio could only watch while films such as Brad Pitt’s Fury, scheduled for a Christmas DVD release, were leaked to file-sharing networks.

But over the past few days the hackers, who appear to have gained access to the computers of every executive at the film studio, have released the  entire email stores of executives, including the first, garbled, threat

The pattern of disclosures 
On Thursday they posted links to files containing every email to and from Sony Pictures’ top lawyer Leah Weil, including some which showed her annoyance at claims by Aaron Sorkin that he could not release the script of a film about Steve Jobs to Lisa Brennan, Jobs’s daughter, because the studio owned the copyright – a claim that infuriated Weil. The pattern of disclosures convinced Sullivan that other companies may be at risk.

He said that Sony’s network could have been infected through a “watering hole” attack – where malware is planted on a site used by staff from different companies in the same business sector.  In January 2013, an Eastern European gang used that method to target 40 companies including Facebook, Apple and Twitter through an independent iPhone development site.

He warned that other studios should take any future extortion threat from hackers seriously. Graham Cluley, an independent security expert, said that the warning email “wasn’t the height of professionalism” – but added that Sony’s experience is “a warning shot for any studio”.

However there is still widespread disagreement among security researchers about the motives and origin of the hackers. So far they have revealed little about themselves, posting brief notes and links on Pastebin – a site favoured by hackers to “dump” material – writing in garbled English that suggests it is not their first language.

Attempts at extortion 
There is also deep disagreement on whether the attackers are in North Korea, and want to block the release of the film The Interview, which lampoons Kim Jong-Un, the communist country’s leader. Sullivan believes references to “the terrorist film” in the hackers’ demands are a smokescreen for attempts at extortion, though Cluley said some of the imagery used by the hackers recalls the “Dark Seoul” attacks of spring 2013, where systems in South Korea were targeted by the North.

The leaked emails, released by a group calling themselves “Guardians of Peace”, also showed that the new James Bond film could cost $300m (£191m), making it one of the most expensive films of all time, according to senior executives at Sony. Messages sent last month to Bond producer Barbara Broccoli from Jonathan Glickman, the president of MGM studios, show that MGM and Sony Pictures, who will co-finance and distribute the film, were attempting to scale back a budget which then stood at “the mid-$300m”.

In an exchange which copied in Sony co-chair Amy Pascal, Glickman requests that cuts be made by scaling back action sequences. Broccoli, however, refused to trim the number of carriages to be used in a train chase, and insisted certain scenes be shot in Rome rather than London, despite inflated costs. In a separate message to Glickman, Pascal expresses her anxiety, writing: “It’s insane and you know with no script this movie is gonna go overbudget.”

The start of shooting on Spectre, the 24th James Bond film, was announced last week at Pinewood studios. The emails also reveal that new cast member Andrew Scott will be paid $1m less than would have been paid to Chiwetel Ejiofor, that the character Blofeld will make a return as predicted, and that the plot features a “lesbian bad lady”.

Further embarrassment for Sony  
This fresh round of leaks looks to further embarrass the studio following disclosed communications earlier this week in which Pascal and producer Scott Rudin speculated that president Barack Obama would prefer films featuring African-Americans.

Both have since apologised, with Pascal saying: “Although this was a private communication that was stolen, I accept full responsibility for what I wrote and apologize to everyone who was offended.”

Those emails followed the first, and still so far most damaging, round of leaks, which documented the breakdown in relations between Pascal and Rudin, who had previously collaborated on films such as The Social Network and Captain Phillips.

In the course of their exchanges, Rudin called Angelina Jolie “a minimally talented spoiled brat” with a “rampaging ego”. He also called Megan Ellison, the successful producer of films such as Foxcatcher and Inherent Vice, a “bipolar 28-year-old lunatic”. 

Subscribe for R500/year

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and get a 57% discount in your first year.

Charles Arthur
Charles Arthur works from Tranquility Base Hotel & Casino. Journalist, speaker, moderator. The Guardian’s Technology editor 2009-14. Coming May ‘18: Cyber Wars, on hacking. Prev: Digital Wars: Apple v Google v Microsoft Charles Arthur has over 74656 followers on Twitter.

Related stories


If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here


Subscribers only

Fears of violence persist a year after the murder of...

The court battle to stop coal mining in rural KwaZulu-Natal has heightened the sense of danger among environmental activists

Data shows EFF has lower negative sentiment online among voters...

The EFF has a stronger online presence than the ANC and Democratic Alliance

More top stories

Libyan town clings to memory of Gaddafi, 10 years on

Rebels killed Muammar Gaddafi in his hometown of Sirte on 20 October 2011, months into the Nato-backed rebellion that ended his four-decade rule

Fishing subsidies in the W. Cape: ‘Illegal fishing is our...

Fishers claim they are forced into illegal trawling because subsidies only benefit big vessels

Kenya’s beach boys fall into sex tourism, trafficking

In the face of their families’ poverty, young men, persuaded by the prospect of wealth or education, travel to Europe with their older female sponsors only to be trafficked for sex

press releases

Loading latest Press Releases…