Sony’s Unprecedented Cyber Attack: Deep, Costly, Controversial

By Lucas Shaw | December 18, 2014

Sony Pictures’ decision to let Seth Rogen make a comedy about a plot to kill a head of state will potentially cost the studio hundreds of millions of dollars after a devastating cyber-attack linked to North Korea.

The Sony Corp. studio spent about $80 million to make and market the film, whose release was canceled Wednesday after threats of violence by hackers, according to Wade Holden, a researcher at SNL Kagan. On top of that, there’s the bill for rebuilding Sony’s computer network.

“The cost to Sony from new software and hardware, employee labor to clean up the mess, investigation, lost productivity, and reputational damage, just to name a few, is at least over a $100 million and growing daily,” said Hemanshu Nigam, who founded the cybersecurity firm SSP Blue and has worked with Microsoft Corp. and News Corp.

Sony Pictures executives wrestled with whether to make “The Interview,” Rogen’s comedy about a TV crew that tries to kill North Korean leader Kim Jong Un, and ultimately pushed ahead. The move backfired when hackers stole documents and threatened Sony employees and fans. North American theater chains, concerned about safety, pulled out.

Sony canceled the film’s release, an unprecedented step that will deprive the studio of its share of ticket sales from one of the holiday season’s biggest releases. Future release plans — for pay television, DVD and streaming — are on hold, the studio said in a statement. That means lost revenue in the home entertainment market.

Deep Attack

Sony officials had no comment beyond pulling “The Interview.” Through yesterday, Sony shares had declined 9 percent this month in Tokyo, more than double the drop in Japan’s Topix Index.

The company estimated in May 2011 that it may spend $170 million to clean up after the hacking of its PlayStation Network for playing games.

The people who took over Sony’s computers in November exposed the network address of thousands of computers and other devices. They found medical records, e-mails, salaries and Social Security numbers of thousands of employees, and released movies onto file-sharing websites.

The hack drove deeper into Sony’s system than the one that hit Target Corp. last year and has cost the retailer $157 million before taxes so far, after insurance reimbursements.

“This is almost impossible to quantify,” Daniel Hill, president of Ervin Hill, a crisis-public relations firm whose clients include Northrop Grumman Corp. and Lockheed Martin Corp., said in an interview. “I don’t think there is a case study that’s quite like this.”

Stolen Films

Macquarie Research said this month that Tokyo-based Sony may be forced to write off 10 billion yen ($82 million) in film assets after five movies, including “Annie,” set for release this week, and “Fury” were stolen and released by hackers.

In addition, former employees have filed two lawsuits claiming the entertainment unit of Tokyo-based Sony didn’t do enough to secure personal data.

Insurance will defray some of the expenses, according to Daniel Ernst, an analyst at Hudson Square Research.

E-mail released by the hackers show executives at the Culver City, California-based studio were worried about the film’s subject matter months before the planned release.

Sony Pictures Chief Executive Officer Michael Lynton asked both Rand Corp. and a U.S. State Department official to assess the potential risk, e-mails from the hackers show.

Rand senior defense analyst Bruce Bennett watched “The Interview” and wrote a note as a favor to Lynton, a trustee, said Warren Robak, a spokesman for the think tank. U.S. Under Secretary of State Dan Russel didn’t respond to a request for comment left at his office.

Hirai’s Role

Sony Corp.’s CEO Kazuo Hirai raised concerns about scenes depicting the death of Kim. He personally signed off on a toned- down version after directors Rogen and Evan Goldberg resisted the idea of replacing Kim with a fictitious leader.

The concerns were well-founded. The North Korean regime criticized “The Interview” in June, saying it would “mercilessly destroy” anyone associated with the film.

U.S. officials have concluded that North Korea is behind the cyber-attack and plan an announcement this week, according to a person briefed on the FBI probe. North Korea has denied involvement.

Fan interest in the picture spiked with international news reports last month that hackers had broken into Sony Pictures’ computers and were beginning to release sensitive data. More people viewed trailers and commented about the film on social media, indicators that often led to increased ticket sales.

‘Substantial Loss’

“It’s substantial loss for Sony if the film never makes it into theaters, and it’s possible that retailers may fear hacking if the film were to be released on home video,” SNL’s Holden said in an e-mail.

Major retailers are unlikely to to carry the movie, said Eric Wold, an analyst in San Francisco with B. Riley & Co. Stores, like movie theaters, could expose themselves to litigation if there were an attack, Wold said, calling that a needless risk.

In one lawsuit filed on Dec. 15 in U.S. District Court in Los Angeles, two former employees claim Sony knew its data security measures were inadequate and that the company suffered breaches twice before the November attack.

Former employees have expressed concerns about their safety on a Facebook message board called “Sony Ex-Employees Worried About the Info Breach.” More than 4,000 people belong to the group, where individuals have posted information about hotlines, the free protections the studio is now providing and the latest news.

ID Protection

Sony has offered current and former employees free identity and credit-theft protection through AllClearID, an identify protection service.

“There isn’t some cyberwar coming; it’s here,” Brian Knappenberger, director of two documentaries about Internet activists, said in an interview. Every studio will have to implement more rigorous protection, he said.

Damage to Sony’s reputation and industry relationships are tougher to assess. E-mails released by the hackers showed Sony Pictures Co-Chairman Amy Pascal and producer Scott Rudin making jokes at the expense of President Barack Obama.

The capitulation by Sony and the theaters raises new questions about Hollywood’s willingness to address risky subjects. Movie studios have altered movies to placate censors in China.

Sony’s decision to give in and pull the film was criticized by Frances Townsend, former homeland security and counterterrorism adviser to President George W. Bush, along with director Judd Apatow and comedian Jimmy Kimmel.

“This is a horrible — I think horrible precedent,” Townsend said at a forum sponsored by Atlantic Live. “This is not a one-off. The studios will face this again.”

Topics Cyber USA

Was this article valuable?

Here are more articles you may enjoy.