Hackers may have achieved what they wanted

Dec 21, 2014 18:58 GMT  ·  By

Better known as Guardians of Peace (GoP), the hackers that attacked Sony Pictures Entertainment (SPE) this year did what probably few executives at top companies in the world would imagine as the worst nightmare for the business.

Not only did they expose highly confidential information about future projects of the company but also leaked private email exchanges between top executives, which burned the bridges of many future collaborations, adding to a more difficult recovery, if possible.

More than this, sensitive details about employees have been dumped online, and large quantities of information from the human resources department, even copies of unreleased movies, were included in the leaks.

Money seemed to be the motivation at first

From the data leaked by the hackers, it appears that they contacted Sony before the devastating attack on November 24, making known the fact that they had compromising information, and they demanded monetary compensation in exchange of not making it public.

That email was signed by God’sApstls, not by Guardians of Peace, but subsequent communication established the latter moniker for reference to the group. This could mean that there are multiple parties involved in the incident, although there is no solid evidence to support this theory.

On the other hand, it is clear that messages bearing the signature of GoP have been sent by different entities, some of them having nothing to do with the SPE hack.

The initial email demanded money for not releasing the data stolen from the computers of the company, but later on, it seems that the hackers changed their tune and stopping the roll out of the comedy “The Interview” became their primary objective.

Hackers release Kim Jong-un death scene

A very weird shift, considering that GoP also made public email conversations between Seth Rogen, Amy Pascal, co-chairman of SPE, and Kazuo Hirai, CEO of Sony Corporation, where the scene of the fictitious death of North Korean leader, Kim Jong-un, was discussed, to make it less gory to the public.

On top of this, the scene at the root of the talks between the three was included in one of the emails, as an attachment. If GoP wanted the public not to see footage depicting harmful action aimed at Kim Jong-un, they would have filtered this detail.

Sony did not appear to comply with the demands of the hackers, despite hundreds of gigabytes having been dumped online and exposing company secrets.

Empty threats or not, Sony listened

However, when GoP (an ironic moniker in this case) threatened with physical attacks on the theaters that would play the movie, the company slightly changed its stance, saying that it would leave it on the shoulders of the cinemas to take the decision of showing “The Interview” or not.

The Department of Homeland Security said that there was no credibility to this threat, which announced 9/11-style attacks. President Obama also shared this with the Americans and recommended them to go to the movies. Sony, on the other hand, cancelled the release of the comedy, globally.

Hackers involved in physical attacks make a very rare picture, and it could be that a larger entity, with divisions specialized for certain types of tasks, is responsible for all this.

Motivation changes, so does the threat

Even with the release of the movie cancelled, the hackers took it a step further and asked Sony to remove all official content related to “The Interview,” a demand the company complied with almost immediately; the Twitter account no longer loads the tweets, the Facebook profile no longer exists, nor does the website of the movie.

So, what appeared to be a breach motivated by financial reasons turned into a campaign aimed at stopping the release of a movie.

From dumping internal company information online, the hackers moved to making terrorist attack threats in order to get what they wanted.

As such, the perpetrators managed to create confusion among those trying to comment on their activity. Their identity still remains unknown, although this week the FBI pointed the finger at the North Korean government, the most obvious culprit since it formulated a complaint against the movie to the United Nations back in July 2014.

FBI does not offer solid evidence for their accusation

The comedy is about two American reporters who obtain an interview with Kim Jong-un and are tasked by the CIA to assassinate him.

Implication in the attack was denied by the Hermit Kingdom both unofficially and officially.

Important to note is that the evidence provided by the FBI is only partial and is far from representing proof beyond doubt that North Korea was indeed the orchestrator of the incident, as many attackers include false leads in the malware code, specifically to throw investigators off track; they could have done the same with their requests.

The bottom line is that, from the publicly available information, there are no hints about the identity of the Guardians of Peace or if multiple actors are behind the attack against Sony Pictures Entertainment.

Stopping the movie release seems to have been the purpose of the attack

Leads indeed point to North Korea, but unless unequivocal proof is presented, these could very well be red herrings planted by the attackers themselves.

What is known is that the hackers have good command of English and appear to be familiar with the American culture.

Although financial compensation seemed to be the objective at the beginning, they managed to cancel the release and distribution of a parody about the assassination of Kim Jong-un, and to pull from the Internet all official materials related to the movie. Of course, content will still be available at third-party locations.

The question that remains is whether their purpose has been achieved with shutting down “The Interview” or the entire ploy was just a smoke-screen for a different goal that remains undisclosed to the public.