Cyber Nightmare: Sony's Halloween Horror

BY OnSecurity Team / ON Oct 30, 2020

It was October 2014. As the employees at Sony Pictures got ready for the release of their latest political satire, The Interview, strange emails started appearing in their inboxes.

There have been reports of unauthorized activity on your Apple account. Verify your Apple ID to secure your account.

“I better sort this out,” one employee thought to himself. “I don’t want anyone getting their hands on my details.”

All throughout October, employees at Sony were asked to verify their Apple ID accounts. Even Michael Lynton, CEO of Sony Pictures, was asked to confirm his credentials.

“Don’t you think it’s odd that we’re all receiving these emails?” one employee asked another over a cup of coffee. “I hope it’s nothing serious.”

As the month wore on, however, the mysterious emails were forgotten about. Halloween was fast approaching, and thoughts soon turned to costume parties, jack-o’-lanterns, and scary movies.

As October turned into November, employees at Sony Pictures were leaving the ghosts of Halloween behind and were now gearing up for Thanksgiving. The cobwebs had been cleared, tricks had been played, and the skeletons were back in the closet for another year.

But the Halloween nightmare was far from over.

What started out as any other morning turned into the workday from hell. On 24th November 2014, employees at Sony Pictures turned on their computers to find a spine-tingling message: the Guardians of Peace had taken over their network.

The Guardians of Peace – a notorious group of cybercriminals, assumed to have links with North Korea – were threatening to leak Sony’s confidential data to the world if their list of demands were not met by the end of the day.

How had this happened? How had the Guardians of Peace managed to get their hands on Sony’s secrets?

Soon after the frightening message popped up on their screens, the hackers followed through on their threats. Unreleased Sony movies were leaked to file-sharing networks and thousands of password-protected documents were sent to journalists: private conversations between employees were now available for the whole world to see.

Things went from bad to worse as the year wore on. The Guardians of Peace were still making threats and, in particular, seemed to fixate their terror on Sony Pictures’ latest comedy, The Interview.

They demanded that Sony “stop immediately showing the movie of terrorism” and threatened cinema-goers with a “bitter fate”. No one knew for sure whether the terrifying threats were real or fake, but Sony still decided to pull The Interview before its release.

Eventually, Sony decided to release The Interview to on-demand platforms and a limited number of independent cinemas after critics argued that pulling the film was bending to the hacker’s will. But it was too late: a film set to make Sony 10’s if not 100’s of millions – after all, it took $44 million to make – grossed only $12.3 million in box office sales worldwide.

So how did the Guardians of Peace manage to infiltrate Sony’s network?

Spear-phishing.

Remember those emails from Apple? Fake.

The cybercriminals behind the Guardians of Peace had tailored fake emails to employees at Sony, prompting them to follow a link and complete a fake verification form. Once the hackers had these details, they used that information – as well as any other information they found online through social media – to hack into their Sony accounts.

Once they had access to these accounts, the Guardians of Peace were able to cripple Sony’s network with a strain of malware called ‘Wiper’.

The attack on Sony Pictures has been identified as one of the most horrific cyber-attacks against an American organisation to date, costing the company around $35 million to recover.

This Halloween, while you ward off ghosts, ghouls and evil spirits with jack-o’-lanterns and fancy dress, remember that, sometimes, there is something much more sinister lurking in the shadows.

Share: