Sony is having a rough start to the holiday season. The tech giant’s movie division, Sony Pictures, is the victim of an ongoing cyberattack that has resulted in upcoming movies being leaked, communication systems going offline and Twitter accounts being hijacked.
The timing of the attack has led to increasing speculation that North Korea may have orchestrated it, possibly as retribution for an upcoming comedy in which Seth Rogen and James Franco are tasked with assassinating North Korean leader Kim Jong-un.
Investigators have found hacking tools similar to those used by North Korea in previous attacks on South Korea, according to Reuters.
Here’s everything we know so far about the incident:
The attacks began with an ominous photo
On the Monday before Thanksgiving, Sony Pictures employees turned on their computers and were greeted with an ominous picture of red skull and a warning that the company’s “top secrets” would be released if unstated demands were not met.
“We’ve already warned you, and this is just a beginning,” the image reads. “If you don’t obey us, we’ll release data shown the world.”
Another image depicting Sony Pictures CEO Michael Lynton in hell was posted on Sony Twitter accounts, a sure sign the accounts were compromised. According to a Reddit thread, the hackers claim to have obtained a trove of data that includes passwords, internal financial documents and even copies of celebrities’ passports.
Sony’s communication systems went down for a week
Sony Pictures took down its email and messaging systems for a week as it tried to contain the cyberattack. Employees reportedly had to use phone calls, handwritten notes and fax machines to carry out their work. Multiple reports indicate that Sony’s email system was expected to return Monday, though Sony hasn’t confirmed that yet.
Sony’s big upcoming movies leaked
So far the biggest tangible result of the hack seems to be the leak of five Sony films. DVD-quality versions of Fury, Annie, Still Alice, Mr. Turner and To Write Love on Her Arms are all now available on file-sharing sites.
All of the movies except for Fury have yet to be widely released, so piracy could be a huge blow to their box office take. Over the summer, The Expendables 3 bombed at the box office because a high-quality version of the movie leaked online weeks before it premiered. And a 2011 Carnegie Mellon study found that such pre-release leaks can reduce a movie’s box office take by as much as 19%.
So that’s what we know for sure. But the hack took on a new dimension on Friday, when Re/code reported Sony is investigating North Korea’s possible involvement in the cyberattack, potentially staging the attack from China.
Here’s what we know that actually makes that claim seem plausible:
North Korea hates Sony’s upcoming movie The Interview
Sony’s big Christmas movie this year is The Interview, which stars James Franco and Seth Rogen as TV journalists tasked by the CIA with assassinating Kim Jong-un. North Korean officials are, unsurprisingly, not pleased about a movie that centers on trying to kill their supreme leader for laughs. A government official told North Korean state media in June that releasing the film would constitute “a blatant act of terrorism and war” and would lead to “merciless” retaliation from the country. The government also denounced the film as “undisguised sponsoring of terrorism, as well as an act of war” in a letter to U.N. Secretary-General Ban Ki-moon in June.
Rogen shrugged off the warning on Twitter at the time, but The Interview was delayed from its original October release date shortly afterward. (Sony has said the delay was unrelated to North Korea’s statements.)
North Korea’s cyberattack capabilities are increasing fast
Residents of North Korea are known to be isolated from the rest of the world, deprived of basic Internet access and other modes of global communication. However, the country is growing increasingly comfortable weaponizing the Internet. In November 2013, South Korean media reported that Kim Jong-un called cyberattacks a “magic weapon” that could help North Korea launch “ruthless strikes” against its southern foe.
A secretive North Korean bureau called Unit 121 is tasked with infiltrating computer networks, planting viruses and carrying out cyberattacks, according to a Hewlett-Packard report on North Korea’s cyber capabilities. The division carries out attacks both from within North Korea and in Shenyang, China, near the North Korean border. South Korean media have claimed that Unit 121 is the third-largest cyber intelligence unit in the world, behind the U.S. and Russia, though China is also up there.
The U.S. government is taking claims of North Korean involvement seriously
Claims of North Korean involvement are credible enough that the U.S. government is reportedly looking into them. NBC News reports that several government agencies are considering North Korea as a possible suspect in the hack. The FBI is among the U.S. agencies now looking into the hack, according to Reuters.
A North Korean diplomat in New York has denied that his country was involved in hacking. “Linking [North Korea] to the Sony hacking is another fabrication targeting the country,” the official, who asked to remain anonymous, told Voice of America. “My country publicly declared that it would follow international norms banning hacking and piracy.”