The unprecedented hack of Sony Pictures which a U.S. official says is linked to North Korea may be the most damaging cyberattack ever inflicted on an American business. The hackers, who call themselves Guardians of Peace, had made threats of violence reminiscent of September 11th, 2001 if movie theaters showed the film.
The fallout from the hack that exposed a trove of sensitive documents, and this week escalated to threats of terrorism, forced Sony to cancel release of the North Korean spoof movie “The Interview.” The attack is possibly the costliest ever for a U.S. company, said Avivah Litan, a cybersecurity analyst at research firm Gartner. “This attack went to the heart and core of Sony’s business and succeeded,” she said. “We haven’t seen any attack like this in the annals of U.S. breach history.”
The studio’s reputation is in tatters as embarrassing revelations spill from tens of thousands of leaked emails and other company materials. A besieged Sony on Wednesday cancelled the Christmas Day release of the film, citing threats of violence by the hackers and decisions by the largest multiplex chains in North America to pull screenings.
How much the cyberattack will ultimately cost Sony is unclear. Sony faces trouble on several fronts after nearly four weeks since the hackers first crippled its computer systems and started dumping thousands of emails and private documents online.
In addition to vanishing box-office revenue from “The Interview,” leaked documents could muck up production schedules, experts say. There will be the cost of defending the studio against lawsuits by ex-employees angry over leaked Social Security numbers and other personal information. And then there are actors who might decide to work at another studio.
North Korea has denounced the “The Interview” but earlier this month said the hack might have been carried out by sympathizers. The movie features a pair of journalists played by James Franco and Seth Rogen who are asked by the CIA to assassinate North Korea’s leader Kim Jong Un.
Federal investigators believe there is a connection between the Sony hack and the isolated communist nation, according to an official who spoke on condition of anonymity. The official was not authorized to openly discuss an ongoing criminal case.
Sony said it has “no further release plans for the film.”
John McCain, a Republican senator from Arizona, called Sony’s decision to cancel the movie a “troubling precedent that will only empower and embolden bad actors to use cyber as an offensive weapon even more aggressively in the future.”
National Security Council spokeswoman Bernadette Meehan said the U.S. government had no involvement in Sony’s decision. She said artists and entertainers have the right to produce and distribute whatever content they want in the U.S.
Beyond the financial blow, some say the attack and Sony’s capitulation has raised troubling questions about self-censorship and whether other studios and U.S. companies are now also vulnerable.
“Artistic freedom is at risk,” said Efraim Levy, a senior financial analyst at research firm S&P Capital IQ. “Are we not going to put out movies that offend some constituencies?”
With a relatively modest budget of about $40 million, “The Interview” had been predicted to gross around $30 million in its opening weekend. Sony was expected to gross $120 million in U.S. and foreign box office revenue from the film. It has already spent over $30 million on marketing.
A leaked script of the Sony’s upcoming James Bond film “Spectre” led to an online frenzy of articles warning readers of “major spoilers,” expected to impact the box office of that release.
Seth Shapiro, a professor at the University of Southern California’s School of Cinematic Arts, thinks the potential damage from a hit to the blockbuster franchise is big.
“How can they proceed if everyone in the audience has already read the script?” he said. “You basically need to start over and see how much you can salvage.”
It’s not yet clear if the leaks of sensitive emails will cause agents and top actors to think twice about working with Sony.
In the short term, some think it may hurt, not only because of the insults directed at stars such as Angelina Jolie, but because the massive leak hurts prestige and indicates Sony is not being run as well as it should, said Shapiro.
“Is Sony going to be the place of first resort for Hollywood A-List? No. Not tomorrow.”
Earlier this week, four former employees sued Sony for not protecting their private information from hackers. The lawsuits seek class-action status on behalf of the nearly 50,000 Sony Pictures employees whose Social Security numbers and other private data was exposed.
Legal experts said the cases are likely just two of many that will be filed over the data breach. A review of 32,000 emails from the inbox of Sony Entertainment CEO Michael Lynton that were dumped by the hackers on Monday showed the studio suffered significant technology outages it blamed on software flaws and incompetent technical staffers. Hackers targeted executives to trick them into revealing their online credentials.
The files expose lax Internet security practices inside Sony such as pasting passwords into emails, using easy-to-guess passwords and failing to encrypt especially sensitive materials such as salary and revenue figures, strategic plans and medical information about some employees. Experts say such haphazard practices are common across corporate America.
Sony potentially faces tens of millions of dollars in damages from a class-action lawsuit.
AP and Reuters