Sony Pictures hack was a long time coming, say former employees — Fusion

http://fusion.net/story/31469/sony-pictures-hack-was-a-long-time-coming-say-former-employees/

Posted from WordPress for Android

105 Comments

  1. Tomi Engdahl says:

    Revisiting the Infamous Sony BMG Rootkit Scandal 10 Years Later
    http://it.slashdot.org/story/15/10/28/1829203/revisiting-the-infamous-sony-bmg-rootkit-scandal-10-years-later?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot%2Fto+%28%28Title%29Slashdot+%28rdf%29%29

    Hackers really have had their way with Sony over the past year, taking down its Playstation Network last Christmas Day and creating an international incident by exposing confidential data from Sony Pictures Entertainment in response to The Interview. Some say all this is karmic payback for what’s become known as a seminal moment in malware history: Sony BMG sneaking rootkits into music CDs 10 years ago in the name of digital rights management. ‘In a sense, it was the first thing Sony did that made hackers love to hate them,’

    Sony BMG Rootkit Scandal: 10 Years Later
    http://www.networkworld.com/article/2998251/malware-cybercrime/sony-bmg-rootkit-scandal-10-years-later.html

    Object lessons from infamous 2005 Sony BMG rootkit security/privacy incident are many — and Sony’s still paying a price for its ham-handed DRM overreach today.

    Reply
  2. Tomi Engdahl says:

    A short history of Sony hacks
    http://www.networkworld.com/article/2998859/security/a-short-history-of-sony-hacks.html

    The giant Japanese electronics company dazzled us with its Walkman and Discman in the late 70s/early 80s, as well as with its TVs, cameras and game consoles over the years. But things took a bad turn in 2005…

    Reply
  3. Tomi Engdahl says:

    Amanda Hess / Slate:
    Sony employees on the hack, one year later — What it was like to be a rank-and-file Sony employee as the unprecedented cyberattack tore the company apart. — Every morning, like so many of her colleagues, a television writer would drive from her Hollywood apartment to the Culver City, California, lot of Sony Pictures Entertainment.

    Inside the Sony Hack
    http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.single.html

    What it was like to be a rank-and-file Sony employee as the unprecedented cyberattack tore the company apart.

    Every morning, like so many of her colleagues, a television writer would drive from her Hollywood apartment to the Culver City, California, lot of Sony Pictures Entertainment. Greeting her at the gate most days was “this really, really nice woman who said, ‘Happy Monday! Happy Tuesday! Happy Wednesday!’ ” she says. “Like, welcome to the fake small town that you work in!”

    One year ago, on Nov. 24, 2014, there was no “Happy Monday” when the screenwriter approached the Sony lot. Instead the guard told her to pull out her badge and swipe it to unlock the gate herself.

    Across the lot, select company computers were playing a movie Sony hadn’t produced. I

    It was signed, “Hacked by #GOP.”

    Early reviews were lukewarm. “It felt like getting hacked in the early ’90s,” says one Sony employee

    “The message looked like something out of Hackers, the movie. Like, You’ve been hacked, bitch! It was a throwback. Almost cute.” Nobody knew that “it was the beginning of this terrible, awful experience that would stretch on forever and ever.”

    Outside Sony, it would eventually seem as if all the studio’s info had been exposed for everyone to see. But inside the studio, nobody could access anything. “Everything was so completely destroyed. It was surreal. Everything was down,” one ex-employee told me. “It wasn’t just one system or one part of the lot or one building. The network was completely chewed up by the virus.”

    “It was like a bomb went off,” one staffer says. “We looked around. We were still alive. So we started doing triage.”

    The telephone directory vanished. Voicemail was offline. Computers became bricks. Internet access on the lot was shuttered. The cafeteria went cash-only. Contracts—and the templates those contracts were based on—disappeared. Sony’s online database of stock footage was unsearchable. It was near impossible for Sony to communicate directly with its employees—much less ex-employees, who were also gravely affected by the hack—to inform them of what was even happening and what to do about it. “It was like moving back into an earlier time,” one employee says. The only way to reach other Sony staffers was to dial their number directly—if you could figure out what it was—or hunt them down and talk face to face.

    At first, staffers were told that Sony was “working on an IT issue” and that systems should be online again soon. Instructions were relayed “like a game of telephone,” one employee says.

    When workers first arrived on the lot that Monday morning, they got a message through a security guard or a colleague or a handwritten sign taped up to the wall: Don’t turn on your computer. Later, someone might pop in and deliver the latest directive fourth-hand: “Unplug your computer from the wall.“ Which plug? The network cable? The power cord? Who knows? Just unplug everything. Says one worker: “It was all the hysteria of not knowing.”

    In the days after the hack, Sony set up a hotline for employees to call with questions about identity theft. It made psychological counselors available on campus. It had the FBI—whose agents were camped out on the lot for weeks, investigating the hack—host employee seminars on data security. Once email was back online, Sony sent staffers an internal memo nearly every day, most of them signed by Lynton himself. Lynton ate alone in the lot cafeteria and invited employees to come and chat. But company communications were often lacking in specifics—an “IT issue,” huh?—so workers hit their phones in search of answers, texting with colleagues, searching Twitter for the hackers’ hashtag, and passing around cellphone pictures of the spooky pink skeleton to staffers who hadn’t seen it yet. Rumors raced across the lot. Maybe it was North Korea. Or maybe it was that old PR guy who left on bad terms.

    Some employees—among them lawyers, HR reps, tech and finance people—had jobs so integrated in Sony’s systems that their regular work ground to a halt. Many were instantly shifted to new duties, working to get systems back online.

    “It was an Earth-shattering change,” an ex-employee says. “There was no ability to reference anything else that had happened before the hack.” One Sony contractor told me that, when he failed to receive his regular check a month after the hack, he called the company and was told: “Sorry, how much do we pay you?” Systems that got back online quickly were just a “rough draft,” a “weird middle ground,” and “built on sand,” various workers said—totally temporary and not customized to the actual work.

    Reply
  4. Tomi Engdahl says:

    The leak of information threatened their personal financial futures, and the destruction of property threatened their livelihoods.

    Source: http://www.slate.com/articles/technology/users/2015/11/sony_employees_on_the_hack_one_year_later.single.html

    Reply
  5. Tomi Engdahl says:

    Damian Dovarganes / Associated Press:
    Judge gives final approval to multimillion dollar settlement in Sony Pictures class-action lawsuit filed by former employees after 2014 data breach

    Judge approves settlement in Sony Pictures hacking case
    http://hosted.ap.org/dynamic/stories/U/US_SONY_HACK_SETTLEMENT?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2016-04-06-16-23-13

    A judge on Wednesday approved a multimillion dollar settlement in a class-action lawsuit filed by former Sony Pictures Entertainment employees whose private information was stolen in a massive data breach.

    The U.S. government blamed the hack on North Korea in an attempt to derail the release of the North Korean-focused comedy “The Interview.”

    U.S. District Judge R. Gary Klausner approved the agreement that gives roughly 437,000 people impacted by the breach identity theft protection from the time of the 2014 hack through 2017.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*