You will be redirected back to your article in seconds

Sony Should Have Seen the Hack Coming: Report

Fortune magazine, in a detailed examination of the cyber-hack that crippled Sony Pictures, is asserting that the studio was poorly prepared for the attack and should have seen it coming.

The studio has told the magazine that the assertions are untrue.

The magazine released on Thursday the first installment of a three-part story on the Nov. 24 hack. Fortune’s Peter Elkind spent six months reporting on the story and interviewed more than 50 current and former Sony executives, cyber-security experts and law enforcement officials for the article, “Inside the Hack of the Century: What Really Happened. Why Sony Should Have Seen It Coming. And Why It Should Terrify Corporate America.”

“Looking back, it’s hard to understand how Sony Pictures could have been so ill-prepared for an electronic invasion,” Elkind wrote. “It was part of a tech company that sells digital products — films, TV shows, videogames, and ­music — readily subject to online theft. Angered by Sony Corp.’s heavy-handed tactics to protect intellectual property, hackers have long targeted the company’s various divisions.”

The article also asserted that the Sony Information Security Department was not secure at the time of the attack. Fortune spoke with Tommy Stiansen, chief technology officer of threat-intelligence firm Norse Corp., which met with Sony three weeks prior to the attack to pitch their services. “Their Info Sec (information security department) was empty, and all their screens were logged in. Basically the janitor can walk straight into their Info Sec department,” he told the magazine.

Elkind also wrote, “While there is no way to know whether Sony’s attackers would have prevailed over even impeccable cyberdefenses, it’s clear that Sony, which failed to employ several basic safeguards, didn’t put up much of a fight. The company had ample reason to have bolstered its defenses: For years, culminating with its release of ‘The Interview,’ Sony Corp.’s business decisions have made it a virtual piñata for cyberassailants. And North Korea had been blamed for high-profile devastating electronic attacks in the past. Despite that, the company’s leadership failed repeatedly to take greater precautions.”

Sony spokesperson Robert Lawson told the magazine that such assertions are untrue, citing findings by the FBI and by the studio’s security consultant, Kevin Mandia.

“Any suggestion Sony Pictures Entertainment should have been able to defend itself against this attack is deeply flawed and ignores essential findings and comments made by the FBI and Kevin Mandia — the two parties most knowledgeable of the nation state threat and the evidence in this investigation.”

“Joseph Demarest, then assistant director of the FBI’s cyber-division, could not have been clearer when he told a U.S. Senate hearing that ‘the malware that was used would have slipped, probably would have gotten past 90% of the net defenses that are out there today in private industry, and I would challenge to even say government,’” Lawson wrote.

The article noted that Sony Pictures CEO Michael Lynton has insisted the studio was well prepared for a conventional cyber-attack and has repeatedly characterized the hack as “highly sophisticated.”

In a written statement on behalf of Lynton, Sony spokesman Lawson insists that the “extremely knowledgeable” experts who consulted with Lynton “gave no hint or warning of the possibility of a cyberattack.”

The article noted that Lynton spoke with Daniel Russel, assistant secretary of state for East Asian and Pacific affairs, and that conversation included no mention of hacking risk, according to a note Lynton prepared. But it also noted that Bruce Bennett, a North Korea specialist with the Rand Corp. — where Lynton serves on the board—  warned Lynton of the “possibility” of a cyber-attack.

After watching “The Interview,” Bennett sent Lynton a three-page memo assessing the situation even before the Koreans began protesting the film, then had several follow-up exchanges with Lynton. Bennett advised Lynton that the North Koreans frequently made empty threats, and there probably wasn’t much to fear, but he also noted that North Korea would probe Sony’s computer systems.

“Even if North Korea doesn’t know about the film yet, as soon as they do find out about it, they will likely explore Sony’s computer systems to see if Sony is ready to deal with North Korean criticism,” according to passage that Bennett read to Fortune.

Bennett also told the magazine that he also told Lynton the Kim Jong-un regime employed hackers “who could potentially cause damage,” described the 2013 DarkSeoul hacking episode in South Korea and warned, “You need to realize something could happen in that area.”

Lawson denied that Bennett had warned Lynton: “If (Lynton) had received any kind of warning, his next call would have been to a cyberexpert to ask about it … In their many phone conversations, Bennett never mentioned the possibility of a cyberattack on the studio.”

The article also said that “The Interview” star Seth Rogen and director Evan Goldberg also received warnings of a possible cyber-attack, according to their spokesman, Matt Labov.

Even before they began shooting the film, Rogen and Goldberg sought the advice of Rich Klein of the consulting firm McLarty. Klein told Fortune that after reading their script, he advised the filmmakers to expect North Korean “blowback,” possibly in the form of an electronic assault, urged them to change their banking and email passwords and closely monitor their Internet accounts, and passed on the name of a cyber-security adviser.

Klein also said he feared that North Korea might unleash a cyber-assault on the studio to try to block the release of “The Interview” and that Rogen and Goldberg relayed that message to Sony executives.

“We felt that everybody involved in this had to protect themselves – the studio and the filmmakers,” Klein said. “The North Koreans are pretty aggressive cyberwarriors … It’s just surprising to me that there wasn’t a more robust sense of alarm and caution.”

Elkind concluded the segment by asserting that the events at Sony should be a warning for the rest of corporate America.

“What happened at Sony stands as a landmark event,” he wrote. “It struck terror in boardrooms throughout corporate America, and for all the unique elements in Sony’s situation, the lessons apply to every company… The peril for corporate America seems to be growing even faster than the immense resources now mobilized to combat electronic crime. This one hit home because it showed how attackers could steal even executives’ most precious secrets – and bring a company to its knees.”

Popular on Variety

More Film

  • The Lighthouse, with Willem Dafoe, FICM.

    Willem Dafoe on Robert Pattinson, Choosing Roles, Acting as Adventure

    MORELIA, Mexico – Mindful of how his words could “turn into click-bait,” Willem Dafoe, in Morelia to present his latest film “The Lighthouse,” declined to comment about the looming advent of more streaming giants in the market. “It’s a complex question; we’re still forming ideas on how people see films and how films are being [...]

  • Motherless Brooklyn BTS Edward Norton

    Edward Norton Hails His 'Motherless Brooklyn' Crew for Their 'Career-Best' Work

    Edward Norton wrote, directed, produced and stars in Warner Bros.’ “Motherless Brooklyn,” but he’s quick to give credit to his behind-the-camera collaborators. Norton told Variety: “I think this is career-best work for some of these people.” The film is set in 1950s New York, and the team accomplished a lot on a budget of $26 million [...]

  • Jo Jo Rabbit Once Upon a

    Why Younger Actors Could Be Crashing the Oscar Nominations

    Tatum O’Neal was only 10 years old when she became the youngest actor to win an Oscar in 1974 for her work alongside her father, Ryan O’Neal, in “Paper Moon.”  Besides O’Neal, the only other young Oscar winners have been Anna Paquin, who at age 11 went home with the supporting actress Oscar for “The Piano” [...]

  • Marona's Fantastic Tale

    Tokyo Film Review: 'Marona's Fantastic Tale'

    “Everyone had the right to love and a bone.” That’s just one of the many canine insights served up by “Marona’s Fantastic Tale,” a dazzling expressionistic view of the world through the eyes of a stray dog who wants nothing more than those two comforts. Actually, the unassuming narrator (Lizzie Brochere) — who looks like [...]

  • Brad Pitt Once Upon a Time

    Quentin Tarantino's 'Once Upon a Time in Hollywood' to Be Re-Released With New Footage

    Quentin Tarantino’s “Once Upon a Time in Hollywood” is heading back to the silver screen. Sony Pictures, the studio behind Tarantino’s latest feature, announced the movie will be re-released with 10 minutes of additional footage, including four new scenes. The lengthier version of “Once Upon a Time in Hollywood,” which already clocked in at two [...]

  • Roadside Attractions co-presidents Howard Cohen and

    How Roadside Attractions Fights to Give Indies a Theatrical Path to Success

    In January, work and life partners Howard Cohen and Eric d’Arbeloff went to war. Their 15-year-old film distribution and production company, Roadside Attractions, engaged in heated rounds of bidding for four titles playing at the Sundance Film Festival — the Cinderella story “Brittany Runs a Marathon,” the Mindy Kaling comedy “Late Night,” the political documentary [...]

More From Our Brands

Access exclusive content