Bluster, bravado and breaches: Today's 'terrorist' players in cybersecurity
An emailed threat can send companies to their knees and propel individuals without so much as a parking ticket straight to a holding cell. The problem is, today's puffed-up chest hacktivists know it, and Sony has borne the brunt. [Analysis]
For good or ill, technology has evolved and has become part of our daily lives in the West. With the correct skill set, a hacker can launch their political agenda onto the global stage by selecting targets based on maximum impact.
Our identities are no longer purely physical; instead, our digital footprint and behavior online is now connected to the world around us. Political movements can be organized online, ideas shared, and communication networks are more based more on digital networks than ever before.
When it comes to threats against a person or company, the days of letters and irate phone calls are past. Now, an email or public message on a social network holds just as much weight -- and companies, law enforcement, and governments have begun to respond in kind.
There have been cases of digital threats impacting on the physical world. A bomb threat sent via Twitter to one of Sony's executives ground the plane he was traveling on in August this year, Twitter abusers have been sent to the slammer for hate campaigns on social networks, and the problem has gone far enough that the UK is considering strict jail terms for those who conduct themselves poorly online.
Acts of aggression are taken seriously, and in Sony's case, a threat to theatergoers has resulted in cinemas pulling out of showing controversial film 'The Interview' -- laying additional costs against a firm already grappling with a painful security breach, likely to result in a flood of lawsuits.
Sony Pictures suffered a data breach several weeks ago which has managed to eclipse even the high-profile attack on Sony's PlayStation network in 2011. The compromisation of Sony Picture's internal networks resulted in thousands of employee and actor records being leaked online, as well as staff health data, Social Security numbers and personal emails between board members and other companies.
In the latest 'Christmas gift' sent to Sony by hackers -- and posted on Friendpaste and Pastebin -- thousands of emails sent to and from Sony Entertainment CEO Michael Lynton were revealed.
While many of the emails mention travel plans, functions, press articles and social media, there are several snippets held within which shed light on a number of acquisitions and deals made behind the scenes.
Rumors in which Snapchat rejected bids of over $3 billion for acquisition by Facebook last year appear to have been confirmed, as well as two quiet acquisitions made by Snapchat -- $15 million for eyewear frame maker Vergence Labs, and the "super secret" acquisition of Scan.me, with a $50 million purchase price.
In the wake of the cyberattack, former employees of the media giant have filed two class-action lawsuits against the firm, alleging that Sony failed to adequately protect their data. The two employees claim their personal information was contained within files dumped online by GOP.
Leaked emails which reveal business deals, an executive's true thoughts on actors and staff, as well as stolen employee records entering the public domain, is mortifying enough for any corporation. But when the scales tip over from embarrassing a company to threatening the general public, the situation become serious.
Sony executives now have a fresh headache to cope with -- the decision of cinemas across the United States to cancel showings of The Interview, thanks to an online threat issued by the hacking group.
According to reports, the New York premiere of the controversial film due to take place at Landmark's Sunshine Cinema on Thursday has been canceled, and one theater chain, believed to be Carmike Cinemas, has withdrawn plans to show the movie at all across hundreds of theaters in the United States. Others are expected to follow suit.
The film follows the tale of a CIA plot to assassinate the leader of North Korea Kim Jong-Un. Actors Seth Rogen and James Franco, playing lead roles, have also canceled public events in the run-up to the screening.
It is likely that the data breach is linked to the upcoming film, and the latest message sent by GOP appears to support this claim. The Guardians of Peace have previously called the motion picture a "terrorist film," and now have threatened to show viewers at the premiere and beyond "how bitter fate those who seek fun in terror should be doomed to."
The FBI is investigating the Sony Pictures breach and is aware of the threats. FBI director James Comey said last week that the agency is still working out who is responsible for the attack, and the FBI says it will "work collaboratively with our partners to investigate this matter."
Los Angeles Police Chief Charlie Beck said security will be tightened at theaters over the holiday season, and the department takes these kinds of threats "very seriously."
Eyes have turned towards North Korea as the source of the hack. After a bid to have the film barred from public review was rejected earlier this year, North Korea promised "merciless retaliation" against the "wanton act of terror" of releasing the film to the general public.
However, North Korea has denied that it is responsible for the attacks, although the country's officials have praised the attack on Sony as a "righteous deed."
However, this denial is a moot point. No matter who is behind GOP, the impact of such words is profound.
Looking at North Korea's state press, threats and promises of war bounce together with the daily news calling South Korea "puppets" of the US and reams of propaganda. These sort of threats aren't taken seriously internationally, but an unknown entity such as GOP is a different matter.
Law enforcement must take action -- especially when the attacks on New York City's twin towers in 2001 are referenced.
Within the latest file dump, in broken English, GOP writes:
Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear.
Remember the 11th of September 2001.
We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you'd better leave.)
Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. All the world will denounce the SONY.
Therein lies the true reward. Grab the media spotlight through a high-profile attack, push out a well-reported threat of terrorism, throw a reference to 9/11 in the mix and you disrupt the film being viewed in the physical world -- potentially without even stepping foot in the United States.
All the while, the publicity stunt degrades a well-known company, costs the firm potentially millions in lost revenue and damage control, and the political message is sent into the world with a bang.
There is no concrete evidence that any physical attacks on buildings will take place, but the hint of it -- especially when linked to the terrorist attacks of 2001 -- is enough to generate fear and anger, to force police agencies to spend additional time and money on security, and to see viewings of the film cancelled.
While the hack has given The Interview publicity -- and may encourage torrent users to illegally download the film out of curiosity even if no cinema shows the movie -- for the general public, the concept of threat combined with cancelled screenings may be enough to limit exposure to the film, which is what the hacking group aimed for in the first place.
Sadly for Sony, the company may end up as collateral damage.
ZDNet has reached out to Sony and will update if we hear back.