Question
Case Two: Sonys Response to North Koreas Cyberattack On November 24, 2014, employees of Sony Pictures Entertainment booted up their computers to find an image
Case Two: Sonys Response to North Koreas Cyberattack On November 24, 2014, employees of Sony Pictures Entertainment booted up their computers to find an image of a skull along with a message from a group calling itself the Guardians of Peace. The message read: Weve already warned you and this is just the beginning. Weve obtained all your internal data including your secrets and top secrets [which will be released] if you dont obey us. As Sony would eventually discover, the hackers had stolen reams of sensitive data, including the Social Security numbers of 47,000 current and former employees, system passwords, salary lists, contracts, and even copies of some Sony employees passports. The hackers accessed hundreds of Outlook mailboxes as well as Sony IT audit documents. They also stole media files and placed pirated copies of five of Sonys movies on illegal file-sharing servers. Sony was forced to completely shut down its information systems in an attempt to stem the data breach. Ultimately, Sony would determine that the damage done by the hackers was far more extensive than it first believed. Not only had data been stolen, but 75 percent of the companys servers had been destroyed and several internal data centers had been wiped clean. Contacted within hours of the event, the FBI soon identified the culprit. In June, several months before the hack, North Koreas Ministry of Foreign Affairs had declared that it would take a decisive and merciless countermeasure if the U.S. government did not prevent the planned release of Sonys motion picture The Interview, which features two reporters who venture to North Korea to interview and assassinate the countrys dictator, Kim Jong-un. In the film, the main character, initially won over by the dictators apparent kindness, discovers that the tyrant is lying about the countrys prosperity and freedoms. The plot, along with the movies unflattering portrayal of the dictator as ruthless and childish, had caught the attention of the North Korean government. The U.S. government disclosed that it had proof that the North Koreans had made good on their threat. The U.S. National Security Agency (NSA) had reportedly penetrated the North Korean cyberwarfare unit four years prior to the attack and had been monitoring its capabilities since then. After Sony alerted the FBI of the attack, the NSA was able to trace the attack back to North Korea, using a digital fingerprint the hackers had left in the malware. Several weeks after the attack, FBI Director James Comey, revealed in a speech that the Sony hackers had been sloppy. We could see that the IP [Internet protocol] addresses that were being used to post and to send the emails were coming fromIPs that were exclusively used by the North Koreans. The hackers warned Sony not to release The Interview, and then on December 16, the group issued a message threatening large terrorist attacks on theaters that showed the film. The National Organization of Theatre Owners contacted the Department of Homeland Security for information and advice. The FBI and NSA released a bulletin explaining that they had no credible information about a plan to attack theaters, but they could neither confirm nor deny whether the hackers had the ability to launch such an attack. Shortly after the bulletin was released, the four largest U.S. theater chains withdrew their requests to show the movieCarmike Cinemas first, followed by Regal Entertainment, AMC Entertainment, and Cinemark. Within hours, Sony announced that it had canceled the films release. White House officials, Hollywood personalities, and the media were aghast. Comedian Jimmy Kimmel tweeted that the decision by the major theater chains to refuse to screen The Interview was an un-American act of cowardice that validates terrorist actions and sets a terrifying precedent. On December 19, President Obama addressed the issue publicly: Sony is a corporation. It suffered significant damage. There were threats against its employees. Im sympathetic to the concerns that they faced. Having said all that, yes, I think they made a mistake. Obama explained, We cannot have a society in which some dictator in some place can start imposing censorship in the United States. The presidents remarks highlighted the seriousness of the incident to the American public, many of whom came to view the incident as an attack on the freedom of expression. In response to Obamas comments, Sony officials released a statement later the same day: Let us be clearthe only decision that we have made with respect to release of the film was not to release it on Christmas Day in theaters, after the theater owners declined to show it.... After that decision, we immediately began actively surveying alternatives to enable us to release the movie on a different platform. It is still our hope that anyone who wants to see this movie will get the opportunity to do so. In fact, on Christmas Day, the planned release day in the theater, The Interview became available through video on- demand outlets such as Amazon.com, and within less than a month, the movie had brought in over $40 million in revenue. Approximately 6 million viewers had rented or purchased the movie in this way. Several hundred movie theaters that opted to screen the movie generated another $6 million. Over the next two months, Sony also released the movie on Netflix, on DVD and Blu-Ray, and in theaters in other countries. Meanwhile, Sony has worked to recover from the damage done to the company itself by the hack. Sony Pictures parent company, which is based in Japan, asked regulators there for an extension to file its third-quarter financial results. It also fired executive Amy Pascal whose leaked emails contained derogatory remarks about Hollywood producers and the U.S. presidents movie preferences. The company also provided one year of free credit protection services to current and former employees. In February 2015, President Obama held the first-ever White House summit on cyber security issues in Silicon Valley. The summit was billed as an attempt to deal with the increasing vulnerability of U.S. companies to cyberattacks including those backed by foreign governments. However, the chief executives of Microsoft, Google, Facebook, and Yahoo all refused to attend the summit. Those companies have long advocated for the government to stop its practice of collecting and using private data to track terrorist and criminal activities and have worked to find better ways to encrypt the data of their customers. However, U.S. security agencies have continually pressured the IT giants to keep the data as unencrypted as possible to facilitate the governments law enforcement work. Ultimately, both the government and private businesses will need to find a way to work together to meet two contradictory needsthe countrys need to make itself less vulnerable to cyberattacks while at the same time protecting itself from potential real-world violence. Use the following format to write your case study analysis:
- Provide a brief summary listing the key facts in the case.
- Identify key issues and identify one problem you wish to resolve in your analysis. The problem statement should be clear and concise. A problem statement is typically no more than one sentence in length.
- List recommended solutions or strategies to resolve the problem. Be sure to include the who, what, why, when, where and how of each solution or strategy you propose.
- Analyze each recommended solution or strategy by linking information from course materials and outside research sources. List the pros and cons of each solution. Choose the best solution or strategy and list an explanation why it is the best choice. The reasons for your choice should be clearly linked to your analysis.
- Write a conclusion to your analysis. Use the questions posed a
Critical Thinking Questions: 1. Do you think that Sonys response to the attack was appropriate? Why or why not? 2. What might Sony and the U.S. government done differently to discourage future such attacks on other U.S. organizations? 3. Are there measures that organizations and the U.S. government can take together to prevent both real-world terrorist violence and cyberattacks?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started