“The 1st day of Christmas gift: This is the beginning” said the Pastebin post purportedly from the Guardians of Peace.
There has been a lot of speculation about the GOP being connected to North Korea and hacking Sony because of the comedy, The Interview. The hatred for Sony seems real enough as stolen scripts, emails, personal information, unreleased movies and passwords have been dumped online. The newest leak was different, not because it was labeled the first Christmas gift, or even that it mentioned The Interview by name, but because the hackers threatened a 9/11-type attack on movie theaters that show The Interview. Here is the dire warning:
The FBI is aware of the threat, as is the Department of Homeland Security. In fact, a DHS official told ABC News, “We are still analyzing the credibility of these statements, but at this time there is no credible intelligence to indicate an active plot against movie theaters within the United States.”
Two former G-Men “also downplayed the threat.” They told ABC News:
“Somebody is playing mind games with [SONY],” said Richard Clarke, cyber security expert and former White House counter-terrorism advisor. “I think North Korea has little or no capability to do any physical attacks, commando activity, or terrorism in the U.S. By saying it’s coming, however, they hope to keep people from the theaters and, thereby, hurt Sony’s revenue.”
Matt Olsen, former Director of the National Counterterrorism Center and like Clarke an ABC News consultant, said the threat sounded more like “hooliganism” than anything really serious. “You have to take these types of threats seriously up to a point, but this sounds more like a hoax,” Olsen said.
Another cyber security expert told ABC News that Sony can’t rule out cyber-attacks on the locations where the movie will be played, but short of the group having a team on the ground bent on violence, said the wording of the note “sounds like hyperbole.”
However, Seth Rogen and James Granco, the actors staring in the comedy about assassinating Kim Jong-un, have canceled all previously scheduled media appearances. Before the threat of attacks on theaters and the premiere, Sony had already planned to “scale down” the New York premiere set for Thursday, Dec. 18. At first Landmark Theatres said the premiere was still scheduled, unless Sony canceled. After the threat of a 9/11-style attack, Sony told movie theater chains that it was still releasing the movie, but it gave theaters the option of pulling out. Hours after Carmike Cinemas, which has 238 theaters in 41 states, announced it won’t be showing The Interview due to the threat, Landmark Theatres also canceled the premiere. Although security was beefed up for the LA premiere last week, it went off without incident.
“Christmas gift 1st” might imply there is more than one; the latest (leak 9) referenced Sony Pictures Entertainment CEO Michael Lynton. Some speculate The Interview will be released on torrent sites to steal Sony’s thunder…and profits. Some publications have run the so-called money shot, showing the ending for North Korean leader Kim Jong Un. Although this was the first time the GOP mentioned The Interview by name, some security folks say the Sony hack may have nothing to do with North Korea at all; the film could be serving as cover for the true but unknown motive.
Here come the lawsuits
Two former Sony employees are suing Sony on behalf of themselves and about 15,000 other Sony employees, as their sensitive information such as Social Security numbers, salaries, and medical information was leaked to the public and “may even be in the hands of criminals.” The suit blames Sony for not fixing security flaws.
The complaint, according to The Hollywood Reporter:
At its core, the story of 'what went wrong' at Sony boils down to two inexcusable problems," says the complaint. "(1) Sony failed to secure its computer systems, servers, and databases ('Network'), despite weaknesses that it has known about for years, because Sony made a 'business decision to accept the risk' of losses associated with being hacked; and (2) Sony subsequently failed to timely protect confidential information of its current and former employees from law-breaking hackers who (a) found these security weaknesses; (b) obtained confidential information of Sony's current and former employees stored on Sony's Network, (c) warned Sony that it would publicly disseminate this information, and (d) repeatedly followed through by publicly disseminating portions of the information that they claim to have obtained from Sony's Network through dumps of internal data from Sony's Network.
The second lawsuit also points out Sony’s security flaws, but goes further by blaming the hack and stolen information on Sony for going ahead with making The Interview movie. The lawsuit states, “Upon information and belief, Sony knew it was reasonably foreseeable that producing a script about North Korea's leader Kim Jon Un would cause a backlash.” THR added, "Such a negligence claim might be unprecedented, but the lawsuit will attempt to examine whether the release of The Interview 'created an unreasonable risk that Plaintiffs' and Class Members' PII [personally identifiable information] would be exposed'."
On Dec. 15, Sony issued a notification (pdf) to current and former Sony Pictures employees, warning them that crooks might try to use their stolen and leaked personal information. The company also held a town hall meeting, during which CEO Lynton told employees, “This will not take us down. You should not be worried about the future of this studio.”
Meanwhile, after Sony’s attorney issued a takedown notice to sites that posted 'stolen information,' Reddit complied. Reddit told Business Insider that it complied with Sony’s DMCA takedown requests, removing leaked content and banning the SonyGOP subreddit. "'Discussions and news stories' about the hack were unaffected by the bans."