The Christmas holiday is a time for booze and presents and bizarre credulous rituals involving an old elf-man and his pack of flying caribou. It's also a time to cuddle up by the crackling fire and begrudgingly explain the latest technology news to your relatives. This week's edition: The Sony hack.
Lucky for everyone, the tech involved in Sony's woes (as we currently understand it) is easily shorthanded as "hacked," and from there it's a fascinating yarn of a Steve Jobs movie gone bad, threats of terrorism, North Korean intrigue, and the staggering and unremitting cowardice of multinational, publicly held corporations.
So I heard that North Korea invaded Sony and now James Flacco is bankrupt?
Whatever your vector into the story, there's a good chance Uncle Nigel will have at least some part of it wrong. Which is understandable! The Sony hack involves a lot of different players, some of which are subsidiaries of others and some of which have really stupid names.
Quick recap: a hacker group that identifies as the Guardians of Peace (GOP) broke into the internal network at Sony Pictures (a US based subsidiary of the Japan-based parent company, Sony) and stole everything they could find. Everything. The GOP claims to have 100TB of data of emails, movies, passwords, payroll info, what have you. They started leaked some movies and emails, then got all hot and bothered about The Interview—an (unreleased) movie where Seth Rogen and James Franco assassinate North Korean leader Kim Jong-Un—and started making explicit terrorist threats against any cinemas showing it.
As a result, The Interview got canceled, and the United States is officially blaming North Korea for the hack. Now that the hackers got what they wanted, they've promised to stop, but they definitely have tons more data to leak if they get in the mood.
It's a lot to process, but to explain it all to your, try:
A couple of months ago, some hackers broke into the computers at Sony Pictures and took everything. They leaked out a bunch of private emails before they started making more overt terrorist threats and did everything they could to get a dumb movie called "The Interview" cancelled. Sony panicked after having been hacked so hard so they totally gave in and the hackers won.
What's so bad about a couple of emails?
If you get this reaction, it's important to point out it isn't just "some" emails; it is "all of the email, and everything else, too". And as for what's so bad, there are plenty of examples.
So far, the emails have unearthed some really crazy drama surrounding Aaron Sorkin's biopic about Steve Jobs, the one that was supposed to be better than that lame Ashton Kutcher one. It also outed Channing Tatum as... eccentric. You know, juicy gossip.
But it gets so much worse than that. The hackers have also been releasing personal data for thousands of current and former employees, payroll data, and Social Security numbers [like National Insurance number in UK]. It's not an understatement to say the hackers have everything. Former employees are already suing for damages because there's no telling where that data could go from here, and even if the hackers never leak it, you can't put a genie back in the bottle.
Spin it like this:
It's like if someone broke into your house but instead of stealing whatever they saw lying around they just stole... the whole house. Like if someone ran off with your messy basement, they'd have access to things you didn't even realise are there. That's what's so concerning: the hackers not only have all kind of important personal info like social security numbers, but also stuff even they probably don't know about yet.
What's The Interview? Why'd it make such a mess? Also let's go see it.
The movie that's supposedly at the heart of all this has a plot that centres around a cheesy talk show host and his producer going to North Korea to kill a sitting head of state. By all accounts it's probably not very good, but that's besides the point because nobody can see it.
Last week, the GOP threatened violence on any cinema showing The Interview. In response, Sony made screenings optional; it put the onus on individual theatres and chains to make the call. The five major cinema chains used that freedom so say "OK! FUCK THIS!" and bolted, at which point Sony cancelled the release altogether. Also, somewhere in there Paramount felt left out and cancelled screenings of Team America: World Police, which some ballsier theatres had planned to show instead of The Interview.
The obvious alternative to letting the terrorists win (well, after having let them win) would be to put this sucker online. While Sony Pictures CEO Michael Lynton says he still wants people to see the movie, the company also steadfastly has no current plans to release it, despite sharing a parent company with a streaming service called Crackle, and another called Sony Video Unlimited. It's got options!
The GOP almost certainly has a copy, although they're pretty obviously not going to leak it. You can watch a GIF where Kim Jong-Un's head explodes though.
Nope. Not right now. The hackers probably have it but they haven't put it out, and Sony got scared into not releasing it at all. There are rumours they might release it online so that cinemas don't have to be involved, but so far that doesn't seem to be happening. It seems inevitable that it'll come out somehow, but by then you probably won't care anymore. Also, again, it's probably a pretty terrible flick.
So, North Korea did it, right?
Ehhhhhh. The official story is "yes" but there's pretty much no way it's that simple.
When the hacks first started, the was zero mention of The Interview or North Korea or anything like that. There were just some leaked movies, and assorted leaked emails. Standard stuff.
It wasn't until about a week into the leak, after bystanders started making the "Sony Pictures pictures is putting out The Interview!" connection, that the hackers started railing against it, threatening the little cyber-punks off until the movie got pulled.
The FBI has officially said North Korea is behind the attack, citing sparse (and probably confidential) evidence linking the code used in the attack to code North Korean hackers have used before. North Korea, and the as-yet-unimplicated China, both deny it, which means absolutely nothing. Lots of smart folks also think it was someone else entirely, so...
Looks like it? The FBI and the NSA investigated and said the weapons these hackers used look a lot like ones we know are North Korean. That's the best explanation for now but there's pretty much no way it's that simple. Maybe China is involved, or some other group no one knows about it. It's probably not just North Korea. And if you're into conspiracy theories, North Korea might just be a smokescreen.
So what now?
The Sony hack is easily the biggest and most widely reported corporate hack in history, so it only makes sense to wonder what the ramifications will be. The only certainty is that they won't be good.
The Sony hackers may have called a ceasefire for now, but they still have a massive load of Sony data on their hands. The FBI's investigation of the hack is still ongoing, and while all signs point to North Korea right now, there's no telling what more they might find. In a statement on the hacks, Obama said the US will respond to North Korea's cyberattack, though there's also no word on what that'll look like yet. Basically a whole slew of activity is poised to happen, but who knows when it'll all pop off. Or how much of it we'll even see unfold.
But the effects of this hack will be way more wide-reaching than any one movie or studio or corporation or hacker group. The hack will doubtlessly spur terrified companies into being more secure, but that's about where the good news ends. The successful hack against Sony was bad, but Sony's capitulation was worse. Hackers with capable data-stealing tools on their hands now have an effective blueprint to turn to whenever they want to bring a company to its knees.
Try tying it all up like this:
Yeah, there's no way this is over but it's impossible to guess at what's coming next. You can just be sure that every business out there is going to be more worried about hackers than ever. That means they'll be safer on the security side, but also safer about what they do and say for fear they'll piss off an unpredictable and powerful army of hackers. It's kind of a mess!
But I'll be damned if I worry about this any more on Christmas. Pass me that brandy so I can have a little more before I go take a nap.