Sony: Pictures hack cost $15M; 2,100 smartphone job cuts coming

Last year’s massive hack on Sony Pictures Entertainment, which the U.S. administration has blamed on North Korea, cost the Sony division around $15 million.

In [company]Sony[/company]’s results (PDF) for the third quarter of its fiscal year (the fourth quarter of 2014 proper), the company had to provide forecasted rather than actual results for the movie unit, because the cyberattack so severely disrupted its network and infrastructure.

The Japanese company placed the cost for investigating and remediating the attack at approximately $15 million, a hit that it will place on its books for the current quarter. It said the impact on its full-year results “will not be material.”

The quarterly results also showed a year-on-year 28.7 percent boost in sales and operating revenue for Sony’s smartphone unit, and the division’s operating profit for the quarter was up 46 percent, reaching a modest $76 million.

However, the smartphone unit is still heading for a bigger-than-anticipated full-year operating loss of 215 billion yen ($1.83 billion), and Sony also reiterated its plan to cut a couple thousand jobs in its smartphone division — now more specifically laid out as 2,100 jobs — by the end of March 2016. Previous reports have indicated these job losses will mostly take place in China and Europe.

NSA’s North Korean insight reportedly helped attribute Sony hack

When the FBI formally accused North Korea of being behind the Sony Pictures hack, it was clear that it knew more than it were letting on about the evidence – it’s one thing to give anonymous briefings about the attack’s attribution, and another to officially name the attacker. Unsurprisingly, it turns out that the NSA played a major role in creating that confidence.

Apart from providing interesting context for the global digital arms race and noting how Chinese hacks on the U.S. Defense Department turned out to be awfully expensive, a Der Spiegel article over the weekend referenced a document (PDF) that described the “ramping up” of the NSA’s targeting of North Korea. The NSA has a clever “fourth party collection” strategy of tracking what other spies are doing and stealing what they find – in this case, it was South Korea spying on North Korea, and after a while the NSA decided to establish its own window into North Korean intelligence.

On Sunday the New York Times described these efforts in greater detail, citing anonymous officials and computer experts to assert that the NSA had penetrated the Chinese networks connecting North Korea with the rest of the world, and “picked through connections in Malaysia” that North Korean hackers use. This program apparently dates back to 2010 – long before the Sony Pictures kerfuffle.

However, despite this insight and the fact that North Korea had expressed anger at the upcoming release of “The Interview”, it seems the NSA failed to alert Sony Pictures about the incredibly damaging hack – internal documents were stolen and published, movies were leaked, executives were embarrassed – before it happened. Officials told the NYT that the NSA should have been able to spot the spear phishing that gave the attackers access to Sony’s networks, but “those attacks did not look unusual”.

According to the piece, South Korea reckons North Korea has around 6,000 hackers in its Reconnaissance General Bureau spy agency and Bureau 121 hacking unit, and a large hacking “outpost” in Shenyang, China. The Sony hack involved two months of planning, U.S. investigators later decided.

Earlier this month, FBI chief James Comey claimed that the North Koreans “got sloppy” in the Sony hack, failing to properly mask the North Korea-associated IP addresses from which their attack originated. According to the NYT piece, this same laxity manifested in a North Korean hack on South Korean banks and broadcasters back in 2013, which was traced back to Shenyang with the addresses falling “within a spectrum of IP addresses linked to North Korean companies.”

FBI: North Korea “got sloppy” with IP addresses in Sony hack

The FBI continued to insist Wednesday that North Korea was responsible for hacking Sony Pictures Entertainment, the Associated Press reported. FBI Director James Comey said at a New York cybersecurity conference that North Korea “got sloppy” when it attempted to use proxy servers that would mask the attacks.

Apparently, North Korea forgot to conceal some of its activities with the proxy servers, which resulted in the FBI discovering messages that were linked to IP addresses that North Korea “exclusively used,” Comey said.

When North Korea realized it made a mistake, it rectified the situation, but Comey said it was too late and the FBI “saw where it was coming from,” reported Wired.

The Sony data breach is also linked to North Korean-developed malware, which the isolated nation supposedly used to break into South Korean banks last year, he said.

While Comey shared a few more tidbits into the [company]Sony[/company] hack, he was hesitant to go into greater detail on how exactly the U.S. was able to pinpoint North Korea as the culprit beyond what he said because the U.S. has to “preserve our methods and sources.”

This will undoubtedly not please the security experts who have been raising concerns about the U.S. government’s story that North Korea was responsible, claiming the little evidence the FBI has shown so far does not prove its case. Security firm Norse Corp. recently showed the FBI its own forensics on the Sony hack, which the FBI reportedly brushed aside.

Addressing the skeptics, Comey said during the cybersecurity conference, “They don’t have the facts I have.”

Again, this seems to be a “take us at our word” situation with the FBI holding the details and releasing the occasional nugget of information to appease naysayers. It’s safe to say there’s been no smoking gun released so far.

The Interview tops YouTube’s list of popular videos

Getting hit by hackers who may or may not be from North Korea isn’t the worst way to drum up interest for a movie: “The Interview” is currently at the top of YouTube’s “Popular Right Now” list. A related video is third.

After initially canceling the December 25 release of “The Interview,” Sony backtracked and the film ended up showing in 331 U.S. theaters, according to Variety. That’s less than 10 percent of the locations at which the movie was originally slated to play. Only independent theaters showed the film after the large chains stuck to their original decision to drop the movie.

The film managed to hit the $1 million mark in theaters, but came in 15th for ticket sales on Christmas Day, Variety reported. A Sony statement said it sold out in some theaters.

So Sony’s decision to release the film online, where it is available for rent or purchase, was a smart one considering the interest in the movie after the hacking story received national attention. Sony’s anti-piracy measures, however, were not so smart. Variety estimates the film was illegally downloaded at least 900,000 times within 24 hours.

Interested in watching “The Interview” online? Here’s our guide to accessing it on your Apple TV, Roku, iPad or iPhone.

The Interview will reportedly be screened on Christmas Day

The movie that Sony at first wouldn’t release, then claimed it wanted to release, may get released after all. The Dallas Morning News is reporting that Texas indie theater chain Alamo Drafthouse has gotten the go-ahead to screen The Interview on Christmas Day.

The Seth Rogan–James Franco comedy about the assassination of North Korean dictator Kim Jong-un was pulled from distribution last week after Sony became the target of a massive hacker attack tied to North Korea. Then it looked as if the movie would never see the light day of day, but since then Sony has said it would find some way of distributing the movie.

Since then there have been swarms of rumors and speculation about how and when the movie would be released. But Alamo Drafthouse founder Tim League confirmed to the News that Sony has “authorized shows for Christmas Day.” League added the Drafthouse “will have Dallas shows on sale within the hour.”

The Plaza Theater also stated on social media it will screen The Interview and began posting showtimes on its Facebook page. According to the Hollywood Reporter, Sony is telling theaters it plans on releasing the movie on video-on-demand as it debuts on the screen.

 

North Korea appears to be back online

The internet seemed to be back up in North Korea on Tuesday, after experiencing a nearly “unprecedented” interruption, according to the BBC and other reports although Akamai said sporadic glitches occurred throughout the day (see chart.)

David Belson, [company]Akamai[/company] senior director of industry and data intelligence said the root cause of Monday’s multi-hour outage and shorter glitches on Tuesday remains unclear. He noted via mail that “it’s unlikely to be a physical cause [like a] fiber cut, a concerted effort on the part of the DPRK government (since that’s usually more of a go down/stay down scenario), or a router misconfiguration.”

Monday’s outage, reported by tech vendors including Dyn and CloudFlare, remains shrouded in mystery — sort of like the Sony hack that preceded it. Last week, the FBI blamed North Korea for breaking into Sony’s servers, taking corporate documents and releasing embarrassing internal emails. But some cyber security experts don’t believe that North Korea is the culprit.

That led Sony to make the controversial decision to pull The Interview, a comedy centered on a plot to assassinate North Korean leader Kim Jong Un.

Some suspect the interruption in North Korea is part and parcel of the “proportional response” to the Sony hack that President Barack Obama vowed last week. Others point to China — North Korea relies on China Unicom as its main pipeline to the rest of the world so that is obviously a possible single point of failure, Belson said although other than that there is no indciation that China is responsible for the outage.

A Chinese Foreign Ministry spokeswoman said reports of Chinese involvement had “no basis in reality,” according to the BBC.

north korea outage

Note: This story was updated at 3:04 p.m. PST with comments and data from Akamai.

The fair use case to show The Interview if Sony will not

After Sony cravenly cancelled The Interview, people who had no interest in the comedy now want to see it — mostly so they can stick it to North Korea, whose threats caused the film to be cancelled in the first place. But where can they watch it?

Some options are already emerging. As the Wall Street Journal proposed, the U.S. government could release the film everywhere, including North Korea where dissidents already smuggle in movies via balloons and USB sticks. Under the Journal’s plan:

[A]n alternative would be for the U.S. government to buy the movie rights from Sony and release it into the public domain. Anyone could then share the file online without violating copyright, burn it onto DVDs or even re-edit it to make new viral videos. Chinese netizens love to mock Kim, and North Koreans like to watch movies smuggled across the border from China. Perhaps the CIA could dub the movie into Korean to make sure it gets to its target audience.

It’s not a bad idea, but perhaps there’s no need to wait for the U.S. government to buy the movie. Instead, distributors of any shape or size, from Netflix to film blogs, could rely on copyright’s fair use exemption to show the movie without asking [company]Sony[/company].

Law professor James Grimmelmann raised this idea last week:

Fair use rules involve courts balancing the rights of the copyright owner against the interest of the public. And in this case, the public interest case for showing the movie is enormous, given the awful precedent that this piece of censorship is setting. As David Carr of the New York Times put it:

Once the film was successfully censored, you could count the days until other films were affected. Actually, it happened earlier in the same day, before The Interview was shelved, when New Regency announced that it would drop an untitled thriller about North Korea that was to have starred Steve Carell. […]

The threats and subsequent cancellation will become a nightmare with a very long tail. Now that cultural discourse has become the subject of online blackmail, it is hard to imagine where it will end.

There is still the matter, though, of how fair use rules actually apply. Here, as with any other copyright case, it involves a standard test. The test involves four steps, but in practice, only two factors really matter: the reason someone is using the copyrighted work, and the effect that this use will have on the market.

As Grimmelmann notes above, the market factor tilts heavily in favor of anyone showing The Interview since, right now, there is no market for the film. And as for the other major fair use factor (known as “the purpose of the use”), there is a good argument that showing the film counts as a so-called transformative use. Unlike Sony’s original intention for the movie, which was as a lowbrow form of entertainment, others who show it would be making a powerful political statement. As President Obama noted on Friday:

“We cannot have a society in which some dictators someplace can start imposing censorship here in the United States … That’s not who we are. That’s not what America is about.”

Does this mean that the fair use case for showing The Interview is open-and-shut? No, it’s not. But the case is strong and, anyway, would Sony really double down by filing copyright lawsuits over a movie that it was too cowardly to release in the first place?

So let’s hope that everyone from [company]Netflix[/company] to [company]BitTorrent[/company] considers making a stand on this one. This would be a good occasion for the file-sharing crowd to prove that they care about something more than getting movies for free. And for [company]Hulu[/company] and [company]Amazon [/company]and anyone else with an interest in Hollywood, this would be a second chance to take up George Clooney’s call for the film industry to take a stand about something that matters more than money.

China slams cyberattacks after Sony job leads US to ask for help

The United States has asked China for help in blocking cyberattacks emanating from North Korea, officials told CNN and the New York Times in the wake of the attack on Sony Pictures that the U.S. administration has now pinned on North Korea. And now China has responded, albeit obliquely.

On Monday, the Chinese foreign ministry said the country “opposes any country or individual using other countries’ domestic facilities to conduct cyberattacks on third-party nations,” according to a Reuters report. Chinese Foreign Minister Wang Yi told U.S. Secretary of State John Kerry that “China opposes all forms of cyberattacks and cyber terrorism.” However, China said there was still no proof that North Korea had perpetrated the attack.

North Korea isn’t exactly a highly-connected nation — only a few high-level officials are allowed to access the global internet – but what access it does have mostly flows through Chinese networks. There have been reports that the attack on Sony Pictures emanated partly from China (though such attacks can be routed through proxy servers pretty much anywhere.)

North Korea itself released a statement over the weekend, denying involvement in the hack and saying “the U.S. should not pull up others for no reason.”

The colorfully-phrased statement included this:

It is a common sense that the method of cyber warfare is almost similar worldwide. Different sorts of hacking programs and codes are used in cyberspace. If somebody used U.S.-made hacking programs and codes and applied their instruction or encoding method, perhaps, the “wise” FBI, too, could not but admit that it would be hard to decisively assert that the attack was done by the U.S….

After all, the grounds cited by the FBI in its announcement were all based on obscure sci-tech data and false story and, accordingly, the announcement itself is another fabrication. This is the DPRK’s stand on the U.S. gangster-like behavior against it.

China, of course, has spent much of 2014 engaged in a war of words with the U.S. over hacking. It began in May, when the U.S. charged several Chinese officials over the alleged hacking of U.S. firms for economic espionage reasons, and since then China’s authorities have been generally making life hard for U.S. firms trying to do business there. China, which has enthusiastically pointed to Edward Snowden’s revelations about U.S. cyber-naughtiness, said in October that the country was “resolutely opposed” to hacking.

Act of vandalism, not war

The Sony Pictures hack saw the theft of reams of the company’s strategic and commercial information, as well as employees’ personal information and several unreleased films.

Although the motives of the “Guardians of Peace” hackers were initially unclear, speculation that the attack was related to the imminent release of a Seth Rogen comedy called The Interview crystallized over the last few weeks. After theaters were threatened with some kind of physical attack if they screened the movie, which features a plot to assassinate North Korean dictator Kim Jong-un, Sony cancelled its release.

Following criticism by U.S. President Barack Obama for pulling The Interview, Sony is now insisting that it will release it somehow. The file-sharing platform BitTorrent has offered its BitTorrent Bundles facility for the release, though Sony has yet to respond.

Obama described the attack as a “very costly, very expensive” act of cyber-vandalism rather than an act of war, but he said he is considering putting North Korea back on the U.S.’s list of sponsors of terrorism, as part of the official response.

Experts skeptical

However, despite the U.S. administration and the FBI finally having gone on the record in blaming North Korea, many in the security community remain deeply skeptical. Marc Rogers, principal security researcher at Cloudflare, wrote over the weekend that the evidence for that attribution – at least, the evidence that has been shown to the public — was weak.

The FBI said that there were great similarities in the attack code and methods between the Sony job and earlier attacks attributed to North Korea, but Rogers pointed out that the evidence for North Korea having been behind those earlier attacks was “flimsy and speculative at best.” He pointed out that many components of the malware were publicly available and easy to use, and noted that almost all the IP addresses used in the Sony attack were proxies that were again open to the public.

A message allegedly posted by the Guardians of Peace over the weekend accused the FBI of being idiots in concluding that North Korea was the culprit.

Meanwhile, south of the Korean DMZ there is concern over the safety of several nuclear power plants. Unidentified hackers have warned the Korea Hydro and Nuclear Power Co. that the reactors should be shut down or people should “stay away from them. The hackers stole equipment designs and manuals and posted them online. While the energy company has played down the threat to the plants’ safety, it is conducting drills to test defences against a cyberattack.

This article was updated at 2.55am PT to include North Korea’s statement and again at 3.10am PT to note China’s comments on the evidence.

FBI: Sony hack was North Korea’s work

The U.S. Federal Bureau of Investigation has officially pointed to North Korea as the culprit behind the hacking of Sony Pictures Entertainment — an incident that was allegedly connected with a now-pulled film called The Interview, about the assassination of North Korean dictator Kim Jong-Un.

Although recent days have seen several stories in which unnamed U.S. officials said North Korea was to blame, this is the first time the authorities have openly said as much. According to the FBI, the malware used in the attack “revealed links to other malware that the FBI knows North Korean actors previously developed,” including similarities in the code, encryption algorithms and data deletion methods.

The FBI also said that the malware included hard-coded IP addresses that had communicated with IP addresses “associated with known North Korean infrastructure.” The agency said that the “destructive nature of this attack” — apart from the movie’s planned release being cancelled following threats to theaters, loads of [company]Sony[/company] Pictures strategic and commercial information and employees’ personal information was dumped onto the web — set it apart from other types of online attacks.

“North Korea’s actions were intended to inflict serious harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said. “Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the economic and social prosperity of our citizens.”

The agency also praised Sony Pictures for reporting the incident “within hours”, which it said helped the FBI’s investigators to do their work.

However, North Korea has reportedly denied being behind the attack. It has denied involvement before, though it did call it “righteous”.

Also on Friday, CNN reported that the hackers, who had previously identified themselves only as the “Guardians Of Peace”, had emailed Sony Pictures after it pulled The Interview to say it had been a “wise decision”, and to urge the studio to pull its trailers and ensure the Seth Rogen comedy was never released. Sony has indeed taken down the film’s trailers from YouTube.

Cinemas have reversed plans to re-screen the decade-old, Kim-family-baiting film Team America, and studios have also been scrapping plans to release anything that might irk North Korea, with New Regency canceling a Steve Carell project called Pyongyang before filming even started.

Culture aside, defectors from North Korea told Reuters that the country ultimately wants to target infrastructure — a more serious kind of attack that was demonstrated by someone who, according to a German government report this week, damaged a German steel plant earlier this year.

Update at 11:35 AM PST: President Obama confirmed what the FBI detailed this morning during a press conference saying that the U.S. “will respond proportionally” to the hack against Sony, but he did not say what the U.S. government is planning to do and he did not give a timeframe as to when some sort of action will occur.

Obama indicated that he was upset with Sony’s decision to cave into the hackers’ demands by not releasing The Interview.

“I wish they had spoken to me first,” said Obama. “I would have told them do not get into a pattern in which you are intimated by these types of criminal attacks.”

This article was repeatedly updated to add further information.