North Korea Suspected in Sony Film Leaks (CDSA)

By Chris Tribbey

High-quality versions of five Sony Pictures films — four that have yet to be released in the United States — have been leaked online, following a Nov. 24 hack of the studio’s computer systems, and the studio is investigating whether North Korea is behind it all.

Brad Pitt’s war film “Fury,” which was released Oct. 17, is the biggest name among the leaked films, with “Annie” (Dec. 19), “Mr. Turner” (Dec. 19), “Still Alice” (Jan. 16) and “To Write Love on Her Arms” (March) the four films that have yet to be released.

The leak of the Sony films marks perhaps one of the biggest Hollywood piracy incidents ever, and certainly the biggest since the mid-July theft of Lionsgate’s “Expendables 3,” which hit BitTorrent sites about three weeks before theaters. On Nov. 25, London police announced the arrest of two men in that theft, which the film’s producers said cost them millions in lost revenue.

The leak followed the Nov. 24 hack of Sony Pictures Entertainment’s internal network, forcing the studio to shut down its worldwide network through the holiday weekend. A group calling itself Guardians of Peace (GOP) claimed responsibility for the hack, and had threatened to release information it had acquired if unspecified demands were not met.

“The theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it,” Sony told the Los Angeles Times. A Reuters report said Sony Pictures Entertainment has hired cyber security company FireEye Inc’s Mandiant forensics unit to mop up the damage, and that the FBI was investigating the incident.

Rob Enderle, principal analyst with San Jose, Calif.-based technology advisory firm The Enderle Group told the Media & Entertainment Services Alliance (MESA) that it’s all but certain that North Korea is behind the initial hack and subsequent leaks, with the isolated nation following through on its threats against Sony for the upcoming Seth Rogen and James Franco film “The Interview.”

The comedy, out Christmas Day from Sony, depicts an assassination plot against North Korean dictator Kim Jong-un.

Perhaps tellingly, “The Interview” was not among the films leaked, suggesting that whoever did the leaking may not have wanted it in circulation.

“Sony should have realized that if you’re going after a head of state who happens to have the largest standing army in the world, there are going to be repercussions,” Enderle said. “I don’t think Sony anticipated how this was going to hurt them. North Korea considers [the film] to be an act of war. And I don’t think this is over yet.”

Indeed, on Monday, a Reuters report quoted a spokesman for North Korea’s United Nation’s mission saying “wait and see” whether the country was behind the attacks. “The hostile forces are relating everything to the DPRK (North Korea). I kindly advise you to just wait and see,” the spokesman said.

Bryan Ellenburg, a content security consultant to MESA and former VP of global content security and technology for Paramount Pictures, said this could very well be a “first-of-a-kind politically motivated cyber attack against a motion picture studio,” considering North Korea’s warnings about the film and how the filmmakers have been “brazen” in promoting it. On Nov. 24, Seth Rogan Tweeted: “North Korea couldn’t stop us!!! Here’s the newest trailer for the Interview!!!”

“This is a tragic event for Sony Pictures, and the industry as a whole,” Ellenburg said. “There are many skilled and well intentioned people in place at Sony Pictures, and only time and investigation will reveal the complete vulnerabilities. The collateral damage impacts productions and vendors unrelated to Sony Pictures, those shooting on the lot, etc.

“This is a media and entertainment industry problem, and together all studios, vendors, and technology partners must escalate efforts to protect valuable content and information.”

He said the attack highlighted the security vulnerabilities of studios, and the systems that hold corporate documents, financial records, and confidential information about productions, development slates and release schedules. He said the studios need to include two-factor authentication to access networks and systems that hold sensitive content, and that intrusion detection systems should be in place and monitored.

Many of these technology issues related to content protection will be the subjects of panels and presentations at next week’s Content Protection Summit (CPS) on December 9 at the W. Hotel in Hollywood. For more program information visit:

“What is very interesting in the Sony situation, is whether or not the DVD screener leaks are related,” Ellenburg added. “It is extremely unlikely these watermarked DVDs would have been compromised by way of a network hack.”

BitTorrent news service reported that “Fury” had already become the No. 2-most downloaded movie among Pirate Bay users, while “Variety” reported the film had been downloaded by nearly 900,000 unique IP addresses by Nov. 29.

Sony Pictures’ computer system first went down last Monday, with employees encountering an ominous message on their computers when they logged in, reading: “We’ve already warned you, and this is just a beginning. We continue till our request be [sic] met. We’ve obtained all your Internal data, Including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.”

Users on have sifted through links provided by GOP, and have found that among the information stolen by the hackers are passport information for production cast and crew, accounting and research information, and Outlook inboxes. The Wrap reported that by Dec. 1, the studio was making progress in getting its systems back online, with business critical and other key systems up and running.

Sony’s been targeted by hackers before. In mid-2011, Sony’s PlayStation Network was shut down for more than three weeks after hackers compromised the personal information of nearly 25 million accounts.