Business & Economy

Sony hack: Was it an inside job? Attention turns to employee's email

Pedestrians cross a street in front of the Sony Pictures Entertainment headquarters in Culver City, Calif. on Tuesday, Dec. 2, 2014. The FBI has confirmed it is investigating a recent hacking attack at Sony Pictures Entertainment, which caused major internal computer problems at the film studio last week.
Pedestrians cross a street in front of the Sony Pictures Entertainment headquarters in Culver City, Calif. on Tuesday, Dec. 2, 2014. The FBI has confirmed it is investigating a recent hacking attack at Sony Pictures Entertainment, which caused major internal computer problems at the film studio last week.
Nick Ut/AP

As the fallout continues for Sony Pictures Entertainment following a massive cyberattack, the speculation over who was behind it continued Wednesday.

Following the attack, at least five of the studio’s feature films — including some not yet released, including “Annie” — were leaked to file-sharing sites, where they were reportedly downloaded millions of times.

The attack also forced Sony to shut down its email and other systems, and it appears to have left exposed the names, birth dates and social security numbers of nearly 4,000 Sony Pictures employees, according to Fusion.

The hackers have identified themselves only as the “Guardians of Peace,” but, as The Hollywood Reporter notes, emails pointing journalists to the allegedly stolen files, which were posted online, have come from a sender named Nicole Basile:

A woman by that name is credited on IMDb as an accountant on the studio's 2012 hit film The Amazing Spider-Man, and her LinkedIn page says she worked at Sony for one year in 2011. Basile couldn't be reached for comment and the studio declined to confirm if she works or has worked there.

While the THR report suggests a possible inside job, it's far too soon to tell. Hackers can with relative ease spoof an email address to make it appear an email is coming from someone else, making it difficult to determine whether someone named Basile was in fact the sender.

The FBI confirmed Monday it opened an investigation into the hack. Some experts say it's the first major attack on a U.S. company to use a special class of malicious software that is designed to make computer networks unable to operate, according to Business Insider.

Speculation has been rampant that it was North Korea that sponsored the attack in retaliation for the movie “The Interview,” which stars Seth Rogen and James Franco as entertainment journalists recruited to assassinate Kim Jong Un.

But according to the Associated Press, cybersecurity experts are saying that’s unlikely.

"State-sponsored attackers don't create cool names for themselves like 'Guardians of Peace' and promote their activity to the public," said cybersecurity expert Lucas Zaichkowsky.

He said the details he has seen point instead to hacktivists, who break into computers to make a political point, often one involving the free exchange of information on the Internet. Hacktivists targeted Sony in the past.

Studio co-chiefs Michael Lynton and Amy Pascal acknowledged in a memo that "a large amount of confidential Sony Pictures Entertainment data,” including personnel information, was stolen in the attack.

The Hollywood Reporter posted the full memo, which you can read below:

It is now apparent that a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyber attackers, including personnel information and business documents. This is the result of a brazen attack on our company, our employees and our business partners. This theft of Sony materials and the release of employee and other information are malicious criminal acts, and we are working closely with law enforcement.

The privacy and security of our employees are of real concern to us, and we are deeply saddened at this concerted effort to do damage to our company, undermine our morale, and discourage us. We are enormously proud of the resilience you have all shown in the face of this attack. The company is as busy as ever, and our business continues to move forward, thanks to your great efforts.

While we are not yet sure of the full scope of information that the attackers have or might release, we unfortunately have to ask you to assume that information about you in the possession of the company might be in their possession. While we would hope that common decency might prevent disclosure, we of course cannot assume that.

Yesterday, we told you that we are offering all employees identity protection services with a third-party service provider, AllClear ID, and that you would receive an email tomorrow outlining steps to sign up. If you sign up, the AllClear ID investigators would be available to answer your questions about how to handle disclosures of your confidential information.