Timeline of the Sony Pictures Entertainment hack

By The Associated Press It’s been four weeks since hackers calling themselves Guardians of Peace began their cyberterrorism campaign against Sony Pictures...

By The Associated Press

It’s been four weeks since hackers calling themselves Guardians of Peace began their cyberterrorism campaign against Sony Pictures Entertainment. In that time thousands of executive emails and other documents have been posted online, employees and their families were threatened, and unreleased films were stolen and made available for illegal download. The hackers then escalated this week to threatening 9/11-like attacks against movie theaters scheduled to show the Sony film “The Interview.” That fanned security fears nationwide and resulted in the four top U.S. theater chains pulling the film from their screens, ultimately driving Sony to cancel the film’s release.

Here’s a look at key developments in the hack:

Nov. 24: Workers at Sony Pictures Entertainment in Culver City, California log on to their computers to find a screen message saying they had been hacked by a group calling itself Guardians of Peace. Their network is crippled. Personal information, including emails, Social Security numbers and salary details for nearly 50,000 current and former Sony workers are leaked online. Screeners of unreleased movies, including “Annie,” are uploaded to the Internet and are quickly downloaded illegally.

Some speculate that North Korea is behind the attack as retaliation for the upcoming movie “The Interview,” the Seth Rogen and James Franco comedy that depicts an assassination attempt on North Korean leader Kim Jong Un. Over the summer, North Korea had warned that the film’s release would be an “act of war that we will never tolerate.” It said the U.S. will face “merciless” retaliation.

Dec. 1: The Federal Bureau of Investigation confirms that it is investigating the cyberattack but declines to comment on whether North Korea or another country is behind the attack.

Dec. 3: Some cybersecurity experts say they’ve found striking similarities between the code used in the hack of Sony Pictures Entertainment and attacks blamed on North Korea which targeted South Korean companies and government agencies last year.

Dec. 5: The FBI says it is investigating emails that were sent to some Sony Pictures employees threatening them and their families.

Dec. 7: North Korea denies that it is behind the attack, but the country also condemns “The Interview” and relishes the attack as possibly “a righteous deed of the supporters and sympathizers” of the North’s call for the world to turn out in a “just struggle” against U.S. imperialism.

Dec. 8: Sony Computer Entertainment says its online PlayStation store was inaccessible to users for a couple of hours. The company did not link the outage to the Sony Pictures hack.

Dec. 11: Hollywood producer Scott Rudin and Sony Pictures co-chairman Amy Pascal apologize for embarrassing private emails that were leaked. The two exchanged emails in which they made racially offensive jokes about President Barack Obama and Rudin made disparaging remarks about actress Angelina Jolie.

Dec. 13: Leaks appear to include an early version of the screenplay for the new James Bond movie “SPECTRE.” Producers at Britain’s EON productions say they are concerned that third parties who received the screenplay might seek to publish it, and warn the material is subject to copyright protection around the world.

Dec. 15: A lawyer representing Sony Pictures warns news organizations not to publish details of company files that were leaked, saying the studio could sue for damages or financial losses.

A lawsuit is filed by two former Sony Pictures in a California federal court, seeking class-action status on behalf of other current and former studio workers affected by the data breach. The suit alleges that emails and other information leaked by the hackers show that Sony’s information-technology department and its top lawyer believed its security system was vulnerable to attack, but that company did not act on those warnings. The plaintiffs ask for compensation for fixing credit reports, monitoring bank account and other costs as well as damages.

Dec. 16: The hackers release another trove of data files, this time 32,000 emails to and from Sony Entertainment CEO Michael Lynton. Along with what they call the first part of “a Christmas gift,” the group threatens violence reminiscent of the September 11th, 2001 terrorist attacks, targeting movie theaters that plan to show “The Interview.” It warns people who live near such theaters to leave home.

Carmike Cinemas is the first chain to announce it will not show “The Interview” at its 278 theaters across the country. Sony Pictures cancels the New York City premiere of the movie at the Landmark Sunshine in Manhattan’s Lower East Side, scheduled for Thursday Dec 18th.

A second lawsuit is filed by two other former Sony Pictures employees who say the studio did not do enough to prevent hackers from stealing social security numbers and other personal information about current and former workers. It also seeks class-action status.

Dec. 17: The top theater chains in the country, Regal Cinemas, AMC and Cinemark, pull the “The Interview,” forcing Sony to cancel the film’s Christmas Day release. Seemingly putting to rest any hope of a delayed theatrical release or a video-on-demand viewing, Sony announces it has “no further release plans for the film.”

“We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees, and the American public,” the studio says in a statement. “We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome.”

Shortly thereafter, a U.S. official says federal investigators believe there is a link between the cyberattack and North Korea.

Stars, politicians and pundits light up Twitter and the air waves weighing in on Sony’s decision to capitulate. Many decry the move as setting a dangerous precedent in the war against hackers.

Dec. 18: The White House says evidence shows the hack against Sony Pictures was carried out by a “sophisticated actor” with “malicious intent.” But spokesman Josh Earnest declines to blame North Korea. Earnest says he doesn’t want to get ahead of investigations by the Justice Department and the FBI.

A third lawsuit seeking class-action status is filed against Sony Pictures. The suit filed by two other former Sony workers seeks damages and restitution for those affected by the breach, including $1,000 for each person whose medical information was stolen. One plaintiff claims Sony allowed her medical information to remain on its servers for too long; she left the company in 2009. The suit also alleges that Sony prioritized damage control over embarrassing details included in the emails of its top executives, rather than properly informing its current and former workers about the breach.

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Copyright © 2024 The Associated Press. All rights reserved. This website is not intended for users located within the European Economic Area.

    Stacy Bostjanick and Jennifer Henderson

    Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

    Read more
    Amelia Brust/Federal News Networkcybersecurity

    How should software producers be held accountable for shoddy cybersecurity products?

    Read more