Hacked

Sony issued a memo to all of its current and former employees and dependents:

Sony Pictures Entertainment (SPE) experienced a significant system disruption on Monday, November 24, 2014. SPE has determined that the cause of the disruption was a brazen cyber attack. After identifying the disruption, SPE took prompt action to contain the cyber attack, engaged recognized security consultants and contacted law enforcement.

SPE learned on December 1, 2014, that the security of certain personally identifiable information about its current and former employees, and their dependents that participated in SPE health plans and other benefits, may have been compromised. Also on December 1, 2014, SPE began the process of notifying employees that it would be providing identity theft protection services to them and to their dependents. SPE has continued to engage in an effort to reach out to potentially impacted individuals with notification about this situation, to offer identity protection services and to provide them with information about how to protect themselves from identity theft and other potential loss.

On the surface, it seemed to be another all too familiar security breach. And then it became evident that there is a far darker side to this story.

Kevin Mandria’s memo to Sony Pictures CEO, Michael Lynton, starts to paint that picture:

Dear Michael,

As our team continues to aid Sony Pictures”™ response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.

This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.

In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.

We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.

Sincerely,
Kevin Mandia

Kevin is the CEO of Mandiant, a cybersecurity firm.

The security incident suggests an unparalleled and well planned crime. And here is where things start to get dark.

A group calling itself the Guardians of Peace issued this “peaceful” email:

Warning

We will clearly show it to you at the very time and places “The Interview” be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time. (If your house is nearby, you”™d better leave.) Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. All the world will denounce the SONY.

And, predictably, there has been a reaction. Although the Department of Homeland Security says it has not yet discovered evidence of an active plot against U.S. theaters planning to show The Interview, a number of cancellations took hold.

The New York premiere of The Interview was canceled although the The West Coast premiere of the movie took place without incident in Los Angeles on Dec. 11.

Seth Rogen and James Franco, the stars of the move, canceled all upcoming media appearances leading up to the release of the film.

Cineplex Canada removed showtimes from its website. And two chains in the States have removed the movie from their lineups.

FireEye maintains a Cyber Threat Map. These threats are a constant danger with an untold number taking place every single day. That said, few of them attain this level of profile: sufficient to create enough fear to stop showing a comedy film.

Cyber-terrorism or retaliation for making a movie about Kim Jong-un?