Sony Cancels Film Over Suspected N. Korea Hack
The company said it had no choice but to cancel the movie's Christmas release and pull it from theaters due to a credible threat.
Sony Pictures cancelled the release of a madcap comedy about North Korea that triggered chilling threats from hackers, as US investigators reportedly blamed Pyongyang for a damaging cyber-raid on the movie giant.
The Hollywood studio announced the move after US theater chains said they would not screen "The Interview," about a fictional plot to assassinate North Korean dictator Kim Jong-Un.
The dramatic action came as several US media outlets reported that investigators now believe North Korea was behind the devastating cyber-attack that saw hackers gain access to a trove of internal Sony documents and unreleased movies.
Representatives for several agencies including the FBI declined to comment on the reports.
"In light of the decision by the majority of our (theater) exhibitors not to show the film 'The Interview,' we have decided not to move forward with the planned December 25 theatrical release," Sony said in a statement.
"Sony Pictures has no further release plans for the film," a spokesman added to AFP, suggesting -- though not confirming -- the film will not even be released on DVD or in other formats.
Skittishness about attending the movie followed threats by the so-called GOP (Guardians of Peace) hacking group, which invoked the September 11, 2001 attacks in an ominous warning to any movie-goers planning to see the film.
North Korea has denied involvement in the brazen November 24 cyber-attack, which some experts said could possibly have been carried out by disgruntled workers or by supporters of North Korea furious over the movie.
James Lewis, a former State Department official, said that "of the characters who are out there, the most likely suspect is North Korea."
A unnamed Sony source told AFP that the suggestion that North Korea was behind it "sounds right," declining further comment.
The US State Department meanwhile sought to distance itself from the film, while defending the right to free expression.
"We're not in the business of signing off on the content of movies or things along those lines," spokeswoman Jen Psaki said.
President Barack Obama said there was "no credible evidence" of any threats linked to movie theaters.
"For now, my recommendation would be: Go to the movies," Obama told ABC News.
The National Security Council said the US government had offered Sony "support and assistance" in response to the attack.
Experts said Sony's decision sets a dangerous precedent.
"I am sympathetic with Sony and I am sympathetic with any theater that worries about damage and injury and worse involving its staff and its customers," Richard Walter of the UCLA Film School told AFP.
"But on the other hand I have to say there is something, for an American and for anybody who loves freedom, that viscerally rebels against surrendering to terror this way," he added.
"The single most disturbing aspect of this whole case is the notion that studios might cave, might surrender to lunatics of the political fringe in terms of what movies they make and what movies they release."
Actor Rob Lowe, among a number of stars who have small cameo roles in the movie, did not disguise his indignation at the Sony decision.
"Wow. Everyone caved. The hackers won. An utter and complete victory for them. Wow," he said.
"Hollywood has done Neville Chamberlain proud today," he added, in reference to the British leader's infamous appeasement of Hitler before World War II.
In addition to the threats, Sony has seen the release of a trove of embarrassing emails, scripts and other internal communications, including information about salaries, employee health records and other personal data.
On Monday, Sony Pictures boss Michael Lynton sought to reassure employees that the studio would not be destroyed by the leaks.
"This will not take us down," Lynton told employees, adding: "You should not be worried about the future of this studio."
On Tuesday, lawyers filed two class action lawsuits against Sony Pictures in Los Angeles.
One of the suits alleged that "Sony failed to secure and protect its computer systems, servers, and databases, resulting in the release of the named plaintiffs and other class members'" personal data.
"An epic nightmare, much better suited to a cinematic thriller than to real life, is unfolding in slow motion for Sony's current and former employees," the 45-page lawsuit said.
Workers remove a poster for The Interview from a billboard in Hollywood, Calif.
Once relegated to the shadows of the digital underground, hacking has gone mainstream. Hardly a day goes by without the announcement of a major cybersecurity breach, sometimes conducted by groups, such as Anonymous and LulzSec, that are virtually becoming household names. Hacking has become so prevalent that it has even been allegedly used by major news organizations in the United Kingdom for news gathering. This year alone, there have been a number of high-profile attacks on major companies, such as Sony; international organizations, such as NATO; and even entire governments, as was the case most recently with Syria. Although the major players are becoming more familiar, to many, their methods are as opaque as they've always been. In this slideshow, explore some of the techniques used by hackers to exploit and overcome cybersecurity vulnerabilities.
Eavesdropping and Other Passive Attacks With a passive attack, computer systems and networks are monitored in order for a hacker to gain some information. One technique involves eavesdropping, where a hacker listens in on a network. The point isn't to cause damage to the computer system itself, but to harvest information as it's transmitted. This technique is also known as sniffing or snooping. Eavesdropping is not only a concern for computers, but also mobile devices as they become ubiquitous.
Viruses, Worms and Other Active Attacks Active attacks, such as viruses and trojans, are techniques where a hacker manipulates or deletes data to create the desired result. Computer viruses were first seen in the late 1980s just as home computers were growing more popular. As its name suggests, a virus is a piece of code attached to a seemingly innocuous program and passed between computers. Once inside a system, the virus spreads and can bring down a computer. Like a virus, a Trojan horse is simply a computer program. As the name implies, a Trojan horse fools the user into thinking it's another kind of program, and once installed, releases a malicious code. Another cousin of the virus is the computer worm. Worms burrow into network security holes to pass and install malicious code from user to user. One of the most severe cyber-attacks of all time was through the accidental use of a worm by a graduate student in 1988, who was looking to determine the size of the Internet. Software used for a variety of functions from disrupting a system to gaining access to a network is often called malware. Spyware serves to collect information on users and may or may not be malicious. Not all spyware is malware and vice versa. There are also more niche subcategories of malware, such as ransomware, a term used for an attack meant to scare the user into paying what is essentially a form of blackmail, or scareware, a product falsely sold under the premise that it will protect your computer from outside threats.
Denial of Service A denial of service attack is a technique intended to impede normal operations of a website or network. The basic idea is to overrun a computer or server with requests from outside a network to overwhelm the system's available resources. By flooding the intended target with requests, hackers incapacitate the site. These attacks often employ botnets, also known as zombie computers, which are systems that are taken over, sometimes unknowingly though occasionally voluntarily, by a hacker. This technique was most notably employed by the hacking group known as Anonymous against various websites, including Mastercard, Visa, Paypal and others, in the wake of the controversy surrounding the online whistleblower Wikileaks.
Going In The Back Door Earlier this year, hackers shut down Sony's PlayStation Network and stole the personal information, including some credit card data, from nearly 100 millions users. According to a letter by Sony following a Congressional inquiry into the matter, the company asserted that the heist was the result of two groups of hackers: the first launched a denial of service attack while the second stole the data. Before this series of attacks took place, however, Sony itself was accused of slipping malicious code -- a rootkit -- into one of its firmware updates for the PlayStation 3. A rootkit, also known as a back door, is software that gives a hacker access to a computer or network, often without an administrator's knowledge. Gaming security experts, however, dismissed the rumors as false.
Phishing and Sidejacking Behind almost all secure data both online and off is a username and password. If a hacker can gain user information and crack a password, that attacker can access a network and create, modify or delete data maliciously. Different techniques, however, are used to steal a user's password. One of the most popular methods is known as phishing. It starts when a hacker sends an electronic communication to an unsuspecting user under the illusion that the message is from a trusted institution. The user is duped into supplying his information, which may not only include a username and password but also a social security number and bank account information. Another method, known as sidejacking, session IDs, which can be unencrypted data in a URL or cookie, to gain access to an account. Other automated attacks simply guess passwords using predetermined dictionaries and often exploits systems without lockout policies for successive login failures.
Keylogging Keylogging is a technique that could be used for password cracking, but goes a step further. It allows hackers to monitor every stroke of the key entered by a user, which could include other information besides passwords, such as social security numbers, credit card data and much more.
Spoofing With spoofing attacks, hackers pretend to be a user designated to access a particular system or network by mimicking that person's IP address. Once a hacker is inside the system, that attacker can steal or delete data, or access other resources within a particular network.