Sony Pictures Hires Cybersecurity Firm to Fight Hack, Investigates Piracy

Forensic security consultancy Mandiant has been drafted in to get the company's systems back online

As the Thanksgiving holiday weekend came to an end, Sony Pictures Entertainment was still dealing with the effects of cyberattacks that have hit the Culver City-based studio on at least two fronts.

At the beginning of the week, on Nov. 24, hackers calling themselves Guardian of Peace took over computers at the studio, forcing it to shut down its email and other systems. The studio has hired FireEye Inc.’s Mandiant forensics unit to restore service, Reuters reported Sunday evening, with hopes of bringing its systems back online by Monday. Throughout the weekend, though, at least some of the emails sent to studio addresses continued to bounce back, with the message that the studio’s email system was “currently experiencing a disruption,” and studio execs took to using private emails to disseminate the weekend grosses.

Read more Several Sony Films Leak Online After Hack Attack

At the same time, at least five of the studio’s current and upcoming releases, including the Brad Pitt war movie Fury and the upcoming musical Annie, which opens Dec. 19, have been pirated and were circulating widely on file-sharing sites. According to the website Torrentfreak, the films were uploaded to the torrent site 1337x on Wednesday or Thursday, where they were identified as having been ripped from DVDs, suggesting that they may have been copied from awards season screeners, although one film, a drama about a drug addict called To Write Love on Her Arms, a Sony Pictures Worldwide Acquisitions title, is not scheduled for release until 2015.

Sony did not respond to requests for comment on the latest developments beyond issuing a statement saying, “The theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it.” The FBI refused to either confirm or deny whether it is currently part of the investigation.

It also was not clear whether the two attacks are related. During the initial attack on Monday, the group using the hashtag #GOP left a message on studio computers threatening to release sensitive data, “your secrets and top secrets,” unless unspecified demands were met. On Wednesday, a listing of names of files that purportedly belong to the studio, although that has not been independently verified, were posted on Reddit. They included files that were identified as media budgets, passwords and PDFs of copies of passports belonging to stars like Angelina Jolie and Cameron Diaz.

The attack immediately led to speculation, which the studio is said to be investigating, that the hackers were retaliating in response to Sony’s upcoming comedy The Interview, starring James Franco and Seth Rogen. The movie, in which Franco and Rogen play a TV tabloid show interviewer and his producer who are recruited by the CIA to assassinate North Korea leader Kim Jong-un, is scheduled to open Christmas Day and has already drawn fire from North Korea. In its latest condemnation on Friday, Uriminzokkiri, a website run by the North Korean government, called The Interview an “evil act of provocation” that deserved “stern punishment.” Rogen had already joked earlier in a tweet on Wednesday, “People don’t usually want to kill me for any of my movies until after they’ve paid 12 bucks for it. Hiyooooo!!”

Read more Sony Pictures Targeted by Widespread Hack

There have been suggestions that Chinese hackers may have been involved, given the wide prevalence of hacked screeners online, the huge piracy market, and Beijing’s close links to its ideological ally North Korea.

In May this year, the Department of Justice filed charges against several individuals in China’s People’s Liberation Army, accusing them of stealing trade secrets from American companies, the first time the United States has charged state actors with economic espionage. In October, China-based hackers were blamed for hacking into Apple’s iCloud storage service in China trying to steal user credentials in an attack that was similar to previous attacks on Google, Yahoo and Microsoft Hotmail. The Chinese government has repeatedly denied reports that it is involved in cyberespionage or cybercrime, saying it, too, is a victim of hacking and that it cooperates with agencies to stop cyber infiltration.

Others have suggested a domestic source, present or former Sony employees, could be responsible. On Nov. 25, the website TheVerge reported receiving an email from a hacker identified only as “lena,” who wrote, “We Want equality [sic]. Sony doesn’t. It’s an upward battle.” The email continued, “Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in. Im sorry I can’t say more, safety for our team is important [sic].”

— Clifford Coonan in Beijing contributed to this report.