Sony Pictures Entertainment is reeling in the aftermath of an unprecedented hack in late November, one that reportedly caused so much disruption to the company’s internal systems that it was temporarily forced to revert to pen and paper in order to function.
In the aftermath, vast quantities of highly confidential company data have been leaked online—and while everything from the identity of the hackers to the exact details of what has been released remains uncertain, details are slowly coming together.
Here’s what we know so far.
It’s big. Really big.
The last few years been punctuated by relatively small-scale hacks on companies and news outlets by the Free Syrian Army—websites defaced, social media accounts compromised. The attack on Sony is in an entirely different league.
The amount of data released is so large—in the tens of terabytes—that it’s a logistical challenge to even download it, much less analyze it. As media organisations and researchers continue to sift through it, dozens of stories are likely to emerge, but for now we know it includes:
- Screeners for upcoming films Fury, Annie, Still Alice, Mr. Turner, and To Write Love On Her Arms
- Names, salaries, social security numbers and birth dates of thousands employees (Fusion reports 3,803, security expert Brian Krebs says in excess of 6,800). Total salaries as of May 2014 are $454,224,070
- Data on employee layoffs in 2014
- Performance reviews for hundreds of Sony employees
Fusion, which uncovered some of the details listed above, is already characterizing the attack as “one of the largest corporate hacks in history.”
A look at the file tree of the leaked documents reveals the sheer scale of the hack, with other files including:
- Internship program details
- -Internal harassment procedures
- -Countless scripts
- -Travel expenses
- -Medical benefits
- -Email addresses
The file tree reveals 4,864 directories and 33,880 files in total.
There’s also data from a PriceWaterhouse Coopers audit that “includes screenshots of dozens of employee federal tax records and other compensation data,” according to the International Business Times.
North Korea might have had a hand in it
The hackers identify as part of the “Guardians of Peace”, or #GOP. While it sounds bizarre, many suspect that North Korea, the authoritarian and highly secretive Asian peninsula state, may have been behind the hack.
North Korea is known to be absolutely furious with Sony over its forthcoming film The Interview, which revolves around a fictional attempted assassination of the country’s leader, Kim Jong Un. North Korea previously swore to “mercilessly destroy” those involved, and re/code reported on Dec. 3 that Sony was preparing to “officially” name North Korea as the source of the hack.
Sony has told the AP that the re/code story is “not accurate,” and that “the investigation continues into this very sophisticated cyberattack.”
North Korean state officials previously refused to deny involvement in the attack, telling the BBC to “wait and see”—although North Korea has now told Voice Of America that it isn’t involved. “Linking the DPRK (Democratic People’s Republic of Korea) to the Sony hacking is a fabrication targeting the country,” a spokesperson said. “My country publicly declared that it would follow international norms banning hacking and piracy.”
This is the message left for Sony employees after their system was hacked:
— passnbyhere (@passnbyhere) December 3, 2014
An anonymous figure alleging to speak on behalf of #GOP told CSO that the group is “an international organization including famous figures in the politics and society from several nations such as United States, United Kingdom and France,” and that they “are not under direction of any state.” Their authenticity has not been confirmed.
It’s also worth noting that the software behind the hack is written in Korean.
The stars of The Interview were paid handsomely
Whether or not North Korea is behind the attack, the accusations have shined a spotlight on The Interview, and leaked documents provide an insight into the film’s budget. Actor Seth Rogen was paid in excess of $8.4 million for his part on the film, reports Bloomberg, and James Franco earned $6.5 million. A (presumably prop) “tablet of weed, coke, pills and panties” for the film cost $250.
Top Sony executives Michael Lynton and Amy Pascal are each paid $3 million per year.
Lynton’s credit card number was also reportedly released.
Sony isn’t the only company compromised
While the hack targeted Sony, other companies with links to the organization have also been affected. One of these is professional services firm Deloitte. Employee data from 2005 is included in the leaked info, courtesy of a former Deloitte HR employee who didn’t delete the information after moving to Sony.
Interestingly, the Deloitte data reveals a significant gender pay gap at the company. Deloitte issued a statement saying that it has “not confirmed the veracity of this information at this time,” and—regarding the pay disparity—that it “has long been recognised as a leader in its commitment to pay equality and all forms of inclusion.”
The consequences will be felt beyond Sony
Even ignoring the Deloitte data for a moment (which, as the New York Times points out, is excruciatingly embarrassing for a company that “aggressively [markets] its digital threat intelligence services”), the hack will have broader reverberations, most notably in the visual-effects industry.
The blog VFX Soldier reports that pay rates in the visual-effects industry are fiercely guarded by companies to avoid giving employees the upper hand in negotiations—so much so that there is an “ongoing and expanding class action lawsuit of wage-fixing and collusion with some of the biggest animation and VFX companies here in the US.”
This secrecy is about to change: The Sony file dump contains data for the Croner survey, “an authoritative industry-wide survey on compensation information,” which is now available for anyone to download.
“The game has changed as far as salary negotiations in the VFX industry starting today,” concludes VFX Solider. “Going forward nobody will go into negotiations without having reputable information concerning wages.”
Sony employees really don’t like Adam Sandler
Gawker has unearthed a 25-page document listing employee complaints dating from 2012. Grievances including constant reboots and the lack of “fresh ideas,” a “general ‘blah-ness” to the films we produce,” the “next level of management below the CIO needs some work,” and “we continue to be saddled with mundane, formulaic Adam Sandler films.”
The blog also reports that the documents contain “details of sexual harassment,” company expense reports, and unreleased scripts.
The hack is a “watershed event”
The FBI is warning American businesses to brace themselves ahead of potential further attacks, issuing a “flash” report on Monday that called the attack on Sony “a watershed event.”
“Geopolitics,” the flash said, “now serve as harbingers for destructive cyberattacks.”
Photo via Karlis Dambrans/Flickr (CC BY 2.0) | Remix by Rob Price