×
You will be redirected back to your article in seconds

Sony Should Have Seen the Hack Coming: Report

Fortune magazine, in a detailed examination of the cyber-hack that crippled Sony Pictures, is asserting that the studio was poorly prepared for the attack and should have seen it coming.

The studio has told the magazine that the assertions are untrue.

The magazine released on Thursday the first installment of a three-part story on the Nov. 24 hack. Fortune’s Peter Elkind spent six months reporting on the story and interviewed more than 50 current and former Sony executives, cyber-security experts and law enforcement officials for the article, “Inside the Hack of the Century: What Really Happened. Why Sony Should Have Seen It Coming. And Why It Should Terrify Corporate America.”

“Looking back, it’s hard to understand how Sony Pictures could have been so ill-prepared for an electronic invasion,” Elkind wrote. “It was part of a tech company that sells digital products — films, TV shows, videogames, and ­music — readily subject to online theft. Angered by Sony Corp.’s heavy-handed tactics to protect intellectual property, hackers have long targeted the company’s various divisions.”

The article also asserted that the Sony Information Security Department was not secure at the time of the attack. Fortune spoke with Tommy Stiansen, chief technology officer of threat-intelligence firm Norse Corp., which met with Sony three weeks prior to the attack to pitch their services. “Their Info Sec (information security department) was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department,” he told the magazine.

Elkind also wrote, “While there is no way to know whether Sony’s attackers would have prevailed over even impeccable cyberdefenses, it’s clear that Sony, which failed to employ several basic safeguards, didn’t put up much of a fight. The company had ample reason to have bolstered its defenses: For years, culminating with its release of ‘The Interview,’ Sony Corp.’s business decisions have made it a virtual piñata for cyberassailants. And North Korea had been blamed for high-profile devastating electronic attacks in the past. Despite that, the company’s leadership failed repeatedly to take greater precautions.”

Sony spokesperson Robert Lawson told the magazine that such assertions are untrue, citing findings by the FBI and by the studio’s security consultant, Kevin Mandia.

“Any suggestion Sony Pictures Entertainment should have been able to defend itself against this attack is deeply flawed and ignores essential findings and comments made by the FBI and Kevin Mandia — the two parties most knowledgeable of the nation state threat and the evidence in this investigation.”

“Joseph Demarest, then assistant director of the FBI’s cyber-division, could not have been clearer when he told a U.S. Senate hearing that ‘the malware that was used would have slipped, probably would have gotten past 90% of the net defenses that are out there today in private industry, and I would challenge to even say government,’” Lawson wrote.

The article noted that Sony Pictures CEO Michael Lynton has insisted the studio was well prepared for a conventional cyber-attack and has repeatedly characterized the hack as “highly sophisticated.”

In a written statement on behalf of Lynton, Sony spokesman Lawson insists that the “extremely knowledgeable” experts who consulted with Lynton “gave no hint or warning of the possibility of a cyberattack.”

The article noted that Lynton spoke with Daniel Russel, assistant secretary of state for East Asian and Pacific affairs, and that conversation included no mention of hacking risk, according to a note Lynton prepared. But it also noted that Bruce Bennett, a North Korea specialist with the Rand Corp. — where Lynton serves on the board—  warned Lynton of the “possibility” of a cyber-attack.

After watching “The Interview,” Bennett sent Lynton a three-page memo assessing the situation even before the Koreans began protesting the film, then had several follow-up exchanges with Lynton. Bennett advised Lynton that the North Koreans frequently made empty threats, and there probably wasn’t much to fear, but he also noted that North Korea would probe Sony’s computer systems.

“Even if North Korea doesn’t know about the film yet, as soon as they do find out about it, they will likely explore Sony’s computer systems to see if Sony is ready to deal with North Korean criticism,” according to passage that Bennett read to Fortune.

Bennett also told the magazine that he also told Lynton the Kim Jong-un regime employed hackers “who could potentially cause damage,” described the 2013 DarkSeoul hacking episode in South Korea and warned, “You need to realize something could happen in that area.”

Lawson denied that Bennett had warned Lynton: “If (Lynton) had received any kind of warning, his next call would have been to a cyberexpert to ask about it … In their many phone conversations, Bennett never mentioned the possibility of a cyberattack on the studio.”

The article also said that “The Interview” star Seth Rogen and director Evan Goldberg also received warnings of a possible cyber-attack, according to their spokesman, Matt Labov.

Even before they began shooting the film, Rogen and Goldberg sought the advice of Rich Klein of the consulting firm McLarty. Klein told Fortune that after reading their script, he advised the filmmakers to expect North Korean “blowback,” possibly in the form of an electronic assault, urged them to change their banking and email passwords and closely monitor their Internet accounts, and passed on the name of a cyber-security adviser.

Klein also said he feared that North Korea might unleash a cyber-assault on the studio to try to block the release of “The Interview” and that Rogen and Goldberg relayed that message to Sony executives.

“We felt that everybody involved in this had to protect themselves – the studio and the filmmakers,” Klein said. “The North Koreans are pretty aggressive cyberwarriors … It’s just surprising to me that there wasn’t a more robust sense of alarm and caution.”

Elkind concluded the segment by asserting that the events at Sony should be a warning for the rest of corporate America.

“What happened at Sony stands as a landmark event,” he wrote. “It struck terror in boardrooms throughout corporate America, and for all the unique elements in Sony’s situation, the lessons apply to every company… The peril for corporate America seems to be growing even faster than the immense resources now mobilized to combat electronic crime. This one hit home because it showed how attackers could steal even executives’ most precious secrets – and bring a company to its knees.”

Popular on Variety

More Film

  • The Great Outdoor documentary series about

    Farm to Picture: Documentary Series 'The Great Outdoor' Chronicles a Life Gone to Pot

    Cannabis cultivation in the Emerald Triangle, the area in Northern California that has long been a go-to for growers, has a starring role in a new documentary series called “The Great Outdoor.” Funded by Flow Kana, one of the state’s leading cannabis flower brands, filmed by David Zlutnick, and executive-produced by Flow Kana co-founder Flavia [...]

  • 1982 El Gouna Festival

    Egypt's El Gouna Film Festival Puts Arab Helmers at Center Stage

    The upbeat state of Arab cinema will be on the screen and in the balmy air at Egypt’s El Gouna Film Festival (Sept. 19-27), which is steadily gaining traction in its stated ambition to become a key platform and solid driver for Middle-East producers. “This year was one the best for Arab cinema,” says Intishal [...]

  • Star Skipper Paramount Animation

    Meet Star Skipper, Paramount Animation's Magical New Trademark Logo Character

    Studio logos are powerful signals to audiences.  Multiple generations of moviegoers flipping through channels or scanning streaming titles have frozen at the sight of a desk lamp hopping across the screen, because it means a Pixar movie is about to play. Likewise, when a young boy lounging inside a crescent moon casts his fishing line into [...]

  • Sybil

    Cannes Competition Movie 'Sibyl' Finds North American Home With Music Box (EXCLUSIVE)

    Music Box Films has acquired the U.S. and Canadian rights to Justine Triet’s darkly comic drama “Sibyl,” which competed at Cannes and had its North American premiere at Toronto in the Special Presentation section. Represented in international markets by mk2, the film follows the ambiguous relationship between Sibyl, a jaded psychotherapist (Virginie Efira, “An Impossible [...]

  • Kent Jones Directs 'Diane'

    Kent Jones to Exit New York Film Festival (EXCLUSIVE)

    In a surprise move, New York Film Festival’s director and selection committee chair of seven years Kent Jones will step down following this year’s 57th edition, which runs Sept. 27-Oct. 13. The departure comes as Jones’ feature filmmaking career is taking off. Issues of potential conflicts of interest have arisen as his work has moved [...]

  • Ava-Mark-Split

    Ava DuVernay, Mark Ruffalo Selected for SAG-AFTRA Foundation Honors

    Ava DuVernay and Mark Ruffalo have been selected by the SAG-AFTRA Foundation for its fourth Annual Patron of the Artists Awards. The awards will be presented on Nov. 7 at the Wallis Annenberg Center for the Performing Arts in Beverly Hills. The show benefits the nonprofit SAG-AFTRA Foundation and is not televised. Previous SAG-AFTRA Foundation Patron of the [...]

More From Our Brands

Access exclusive content