Sony Under Siege: Cyber Crisis Leaves Hollywood Reeling

Hollywood is reeling from the entertainment industry equivalent of WikiLeaks — leaving the entire town on high alert.

For the past two weeks, Sony Pictures Entertainment has been battered by a treacherous cyber-attack that has exposed the studio’s and its workforce’s most closely guarded secrets.

Top executive and star salaries, production costs, current and former employee Social Security numbers and home addresses, as well as other confidential documents have been laid bare, fueling a public relations nightmare that continues to metastasize as daily revelations leak.

The situation escalated significantly Dec. 5 from an embarrassing misfortune to a dangerous act of personal terrorism after employees at the Japanese-owned studio were sent an email by a group calling itself the Guardians of Peace that threatened staff and their families. Three days later, another missive came from the GOP that denied having sent the first email and demanded that Sony “Stop immediately showing the movie of terrorism which can break the regional peace and cause the War!”

The movie is almost certainly Sony’s upcoming comedy “The Interview,” about two tabloid TV journalists recruited to assassinate North Korea’s supreme leader, Kim Jong-un. The nation’s officials have sharply criticized the movie, and the Dec. 8 email from the GOP said that it had demanded Sony spike the film from the start, an ultimatum studio insiders deny having received.

Insiders say the studio might alter the film’s release plan if the company determines that the threats are credible or people are in danger.

The sophistication and depth of the assault has sent waves of panic across every sector of an industry that prides itself on Kremlin-like control of its internal information. These digital attackers have transformed an iron curtain into one made of gossamer, leaving all of Hollywood’s top brass as well as rank-and-file feeling angry, fearful and vulnerable.

“It’s an aggressive attack — as aggressive as any I’ve ever seen, short of a bombing,” says veteran producer Doug Wick. “If show business is high school with money, then this is the ultimate Facebook thing of someone trying to malign and destroy.”

The culprit behind this wave of hack attacks has yet to be unmasked, and though North Korea has denied involvement, there is speculation the attack could be linked to supporters of that government — or even that it could yet be an inside job by a disgruntled Sony employee, though that prospect seems to be getting more distant by the day.

Tom Kellerman, chief cybersecurity officer for Trend Micro, says he’ll wait for the results of an FBI investigation, but argues that many elements of the attack suggest North Korea is involved in some capacity. “This adversary had been hunting them for a while,” he says.

On Dec. 7, Bloomberg reported that the attacks were launched in Thailand from the St. Regis Bangkok hotel and from a Thai university and are connected to a hacking group called DarkSeoul with suspected links to North Korea.

No matter the source, the GOP has released information on the compensation packages of Sony’s senior management team, including Sony Entertainment CEO Michael Lynton and Sony Pictures Entertainment co-chairman Amy Pascal.

They’ve revealed the line-by-line cost of “The Interview” along with the salaries of its stars, Seth Rogen and James Franco. And they’ve disseminated pirated copies online of five studio films: “Annie,” “Still Alice,” “To Write Love on Her Arms” and “Mr. Turner,” which have yet to be released, and “Fury,” which is in the market.

Preventing any future security breach is of paramount importance to Sony and its rivals. The amount of personal data being shared and stored by entertainment companies continues to increase, putting not only employees at risk, but also the actors, directors and production teams with whom they do business.

“There are no quick fixes,” notes Ron Gula, CEO of cybersecurity firm Tenable Network Security. “There’s no self-destruct button for the data that’s leaked out.”

“The price of technology and the development of technological magic is that we don’t often think of all the downsides,” says Sidney Sheinberg, former president of MCA/Universal. “I don’t get the feeling that there’s any protective methodology being developed just around the corner.”

The attack will end up costing Sony tens of millions to shore up security, pay for identity protection and legally pursue the culprits. In the wake of the attack, Sony hired security consulting firm Mandiant, and began working closely with the FBI. The studio did have insurance, which will help pay for some of the cleanup, according to an individual close to Sony, but the forensic investigation into who is behind the attack could take six months or longer to complete, experts say.

“You basically have to perform a crime scene investigation on every single device at the studio,” explains Joe Loomis, CEO of online security firm CyberSponse.

Loomis adds that not only will Sony have to rebuild and strengthen its security system — something that could take months — it also will need to educate its employees to be more attuned to phishing and other threats. “One employee making one mistake can take down an entire company,” he cautions.

Joseph Menn, an investigative reporter for the Financial Times and author of the book “Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet,” tells Variety that Sony should have gone to greater lengths to encrypt its most sensitive information.

That said, Sony’s not alone. Every other studio has begun to assess its own digital networks and to tap outside consultants, sources tell Variety.

Phoenix Pictures chief Mike Medavoy, who formerly ran Sony’s TriStar Pictures, says the hacking at Sony is a wake-up call in that it underlines how vulnerable studios, government installations such as the Pentagon and other companies are to losing control of their internal information.

“Welcome to the brave new world,” he says. “It’s pretty evident that all information is open to everybody.”

Another negative impact on Sony from the hack attack is the loss of competitive advantage incurred by having its otherwise confidential budgets, salaries and other information known by rival studios and TV networks, talent representatives, lawyers and executives. One former Sony executive told Variety that he was mortified when a news outlet divulged how much money he was making.

The leaks come as Sony had just been starting to recover from a bruising fight with activist shareholder Daniel Loeb, who flambeed the studio for its film flops. As a result, Sony underwent months of layoffs, and had just begun to get its confidence back, aligning itself with top talent such as former Warner Bros. film chief Jeff Robinov and former 20th Century Fox film topper Tom Rothman, when the attacks hit. The exposure of salaries and thousands of dollars in perks to stars like Rogen and Franco arrived as Sony had pledged to tighten its belt and keep stricter control of costs.

The information also has inspired articles and think pieces about the disparity in pay among men and women, and the lack of racial diversity in the executive suite, at Sony and across the industry.

“It’s an embarrassment for a studio under pressure, and it’s going to put a lot of executives on the defensive,” says industry biz consultant Seth Willenson.

There is a sense that no matter the hacker, the control that studios, movie stars and their scores of handlers once exerted may no longer be possible in an age of malware and phishing assaults.

“The Internet is fantastic in many ways, but this is the dark side of it,” suggests former Hollywood executive Joe Pichirallo, now chair of NYU’s undergraduate film and television program. “That level of privacy invasion is abhorrent.”

Dave McNary contributed to this report.

Read Variety’s full coverage of the Sony hack here.

More Film


    PMK-BNC Executive Joy Fehily Resigns, Will Consult and Manage Seth MacFarlane (EXCLUSIVE)

    Top Hollywood publicist and executive Joy Fehily has resigned from her post at public relations firm PMK-BNC, individuals familiar with the move told Variety. Fehily steps down in the midst of a five-year deal with the show business institution, insiders said, which reps A-list actors and below-the-line talent as well as huge brands like American [...]

  • Donald Trump Chucky Childs Play

    'Child's Play' Stars on New Chucky's 'Creepy' Resemblance to Donald Trump

    At Wednesday night’s world premiere of the “Child’s Play” remake, it was obvious that evil doll Chucky — the star of seven films over three decades — had a little work done. And now he bears a striking resemblance to Donald Trump. “Oh, you caught that?” Aubrey Plaza asked Variety on the black carpet outside [...]

  • Academy Museum of Motion Pictures Opening

    Academy Museum Opening Delayed Again to 2020

    The opening date of the Academy Museum of Motion Pictures has been delayed again, this time to an unspecified date in 2020. The museum, now under construction at the corner of Wilshire Boulevard and Fairfax Avenue, has long been beset by delays and cost overruns. In December 2018, the Academy announced that it would open [...]

  • Bradley Cooper speaks at the 30th

    Producers Guild Shifts 2020 Awards Show to Hollywood Palladium

    The Producers Guild of America will hold its 31st Annual Producers Guild Awards at the Hollywood Palladium, shifting the site from the Beverly Hilton Hotel. The PGA had already announced that the show would take place on Jan. 18. The organization, which represents more than 8,000 producers, announced Thursday that it has launched a new [...]

  • Adam Driver appears in The Report

    Amazon’s ‘The Report’ Gets U.K. Theatrical Release Ahead of Streaming Launch

    Amazon Studio’s “The Report” will be released theatrically in the U.K. three weeks before it lands on the Prime Video streaming service. The Scott Z. Burns film tells the story of Daniel J. Jones, a U.S. Senate staffer who worked to reveal that truth about an “enhanced interrogation” program run by the CIA in the [...]

More From Our Brands

Access exclusive content