Five Years Later, Who Really Hacked Sony?

November 25, 2019Media Mention
The Hollywood Reporter

On Jan. 23, 2015, a manager at Sony Pictures Entertainment shot off an email to a group of 12 in the studio's distribution department that offered intel about an upcoming film from rival Disney. "Midwest exhibitors went into McFARLAND USA expecting a boring track & field movie but came away pleasantly surprised," the manager noted about the sports drama that had been screened the day before. It was a mundane missive: a Hollywood executive sizing up the competition.

What is extraordinary about the email is what sources say it reveals about the 2014 Sony Pictures hack — and the official FBI narrative that pins it on North Korea. The email was drafted nearly nine weeks after the now-infamous cyberattack ostensibly had been contained. It was passed along to a U.S. cyber researcher in February 2015 by a Ukrainian hacker as alleged proof that his Russian associate had breached Sony and could still do so at will. Despite FBI director James Comey's "very high confidence" that Kim Jong Un was to blame, the Ukrainian source was maintaining that hackers were still accessing Sony's system — and they weren't North Korean.

The studio has never assigned a final dollar figure to losses from the attack, but in a 2015 earnings report, Sony said it would cost $35 million for the "investigation and remediation" for the full fiscal year (that tally did not include lawsuits). SPE's Japanese parent company finally seems to have gotten its groove back (the stock is now triple what it was at the time of the hack, trading at $62.13). But in an increasingly data-driven industry, the attack provided a wake-up call for the rest of Hollywood. Timothy Toohey, who heads up Greenberg Glusker's cybersecurity practice, says the studios all the way down to the smallest vendors have strengthened their firewalls in response to the Sony fallout.