Leaked emails of studio folk labelling Angelina Jolie “seriously out of her mindâ€, private health details released online and hackers, probably linked to a foreign power, threatening to attack moviegoers in a way that echoes the terrorism of September 11.
If it wasn’t all true, the Sony hacking fiasco would make one hell of a movie.
THE TERRORISTS WON: Stars outraged as Sony caves
DEATH WISH: The scene that lead to the hack.
As the White House faces off against North Korea, political pundits seriously debate whether screening a R-rated comedy that most people would never have seen is worth risking a terrorist attack and Angelina Jolie continues to find out her colleagues thinks she’s nuts, the Sony hacking story is the Christmas gift that just keeps giving.
When news first broke two weeks ago that Sony had been hacked in an apparent backlash to the comedy The Interview, the initial reaction from some including the movie’s stars Seth Rogen and James Franco was to hit back with a punchline.
Rogen and Franco went on Saturday Night Live with jokes about their email passwords and “personal photosâ€, including one of the two near-naked actors hanging with Santa, who fortunately was not near naked.
But then, as they say in bad Hollywood movies, things got real with the hackers threatening terror attacks at cinemas when the movie was due for release on Christmas Day.
This time, there were no jokes from Rogen and Franco. Instead, they cancelled their scheduled press interviews promoting the movie.
The major US cinema chains dropped the film from their schedule and Sony cancelled its release. Sony says it has no plans to release the movie in any form - not in cinemas, not online or not on DVD.
While the cinema chains cited safety concerns, many such as director Judd Apatow took to Twitter to vent their rage. “I think it is disgraceful that these theatres are not showing The Interview. Will they pull any movie that gets an anonymous threat now?†he tweeted.
The latest threat came at the same time that the hackers, who call themselves the Guardians of Peace, reportedly released 32,000 emails from the inbox of Sony entertainment executive Michael Lynton.
That is just a drop in the bucket of what has been, and looks set to continue to be, a very embarrassing series of leaks that begin when every employee at Sony’s Los Angeles headquarters logged on to their computer on November 24 to see the image of a skull with a threat that “all your internal data†would be leaked if Sony did not obey their demands.
The demands were simple: don’t release The Interview in which Rogen and Franco play tabloid TV personalities who are recruited by the CIA to assassinate North Korean dictator Kim Jong-un.
North Korea denied being behind the attack but has endorsed it, calling the movie “an evil act of provocationâ€. The Wall Street Journal reports the US government thinks otherwise, privately blaming a North Korean government hacking team known as Unit 121 in the General Bureau of Reconnaissance.
And the amount of data the hackers have been able to obtain is almost inconceivable. Five Sony films, four of which are yet to be released, were dumped online. Details of executive salaries, the human resource files of more than 6000 Sony employees including their family medical records and aliases used by Hollywood stars have all been dumped online. An early draft of the script for the upcoming James Bond film Spectre has also been leaked.
It’s estimated that the hackers stole 10 terabytes of data, equivalent to 10 times the amount of printed material in the Library of Congress.
Two former Sony Employees of Sony Pictures Entertainment have filed a class-action against their former employer calling the hack an “epic nightmareâ€.
The problem for Sony is not just the size of the attack, it’s the salacious content.
One leaked email was George Clooney saying he couldn’t sleep because of the bad reviews of his movie Monuments Men. Other emails showed producer Scott Rudin first said Angelina Jolie was a “minimally talented spoiled brat†and then, in a leak released yesterday, said she was “seriously out of her mindâ€. Amy Pascal, the co-chair of Sony Pictures Entertainment, made racially insensitive jokes about President Obama.
Screen writer Aaron Sorkin, who was also involved in embarrassingly leaked emails, wrote an opinion piece in the New York Times attacking the media for reporting on the details of the stolen emails.
“Every news outlet that did the bidding of the Guardians of Peace is morally treasonous and spectacularly dishonourable,†he said.
It’s not the first time Sony has been the victim of a damaging hack. In the past three years, in two separate attacks, the details of 100 million Sony customers have been comprised in attacks on the PlayStation Network and Sony Online Entertainment.
In Sony’s defence, it is hardly the first major corporation to be embarrassed by hackers, with many major retailers, banks and government organisations likewise targeted.
FBI’s cyber division Joseph Demarest told a US Senate Banking committee hearing last week that “the malware that was used would have slipped or probably gotten past 90 per cent of Net defences that are out there today in private industry and [likely] challenged even state governmentâ€.
Not that Sony can boast of having done its best to repel attackers.
Sean Duca, Chief Technology Officer Asia Pacific at McAfee, said storing all passwords in an unencrypted file called “passwords†as Sony did “isn’t exactly considered best security practiceâ€.
Professor of Practice Mark Skilton, of the Warwick Business School in the UK, said the reports showed that there were 63,437 security incidents in more than 50 global organisations in 2013, and the rate of attacks was speeding up.
Mr Duca said it would be silly for any corporation to claim their security was foolproof.
“If any company was to state that, you would probably be painting a very large target on yourself,†he said. “Someone is always going to find a way.
“The other thing is that we need to start thinking about how do we actually lock this down altogether or at least identify when something like this is actually happening.
“We can’t just say don’t share information so that way if we are hacked they’ve got nothing to share around.
“The approach that a lot of government organisations have been taking for many years is they’ve got an `air gap’ environment. The most sensitive, the most critical environment are not connected to a public network such as the internet.â€