Sony Pictures is recovering from a massive hack, which forced the company to shut down its computer system last Monday. Now everyone, from the US Federal Bureau of Investigation to Sony to the international media, is trying to figure out who is behind the attack.
Following suggestions that North Korea was involved in the hack as part of retaliation for a coming (fictional) movie about two American journalists who attempt to kill Kim Jong-un, Re/code reported Wednesday night that Sony was ready to confirm that allegation.
News of the Sony Pictures hack first emerged on Reddit when a former employee shared a photo taken by a current Sony worker. That worker said the image was showing up on computer screens at Sony Pictures offices around the world. It shows a scary skull illustration, along with a threatening message from the hacking group “#GOP.” GOP stands for Guardians of Peace.
Hackers found documents on Sony Pictures’ servers that contained passwords to a range of other services. It looks as if they used those documents to gain access to Twitter accounts controlled by Sony.
Here’s one of the tweets posted by the hackers, showing a new illustration:
That image is significant because it gives us a clue about the motives of Guardians of Peace. It accuses Sony Pictures of being “criminals,” with Sony’s logo Photoshopped onto a gravestone, and a photo of Sony Entertainment Inc. CEO Michael Lynton has been modified to make him look like Dracula. Guardians of Peace seem to be saying that Sony is killing the entertainment industry and that its corporate practises are “criminal.”
The images posted by Guardians of Peace suggest a similar motivation to the anti-capitalist ethos of groups like Anonymous and LulzSec. LulzSec famously hacked into Sony Pictures in 2011, a revenge attack for Sony’s legal action against a man who hacked into and modified the PlayStation 3 video game console.
Another similarity between Guardians of Peace and LulzSec is that they both target the CEOs of the companies they hacked. In 2011 LulzSec hacked into the website of the Sun newspaper, publishing a fake news report that said Rupert Murdoch, CEO of the company that owns the Sun, had died.
It’s not just Photoshopped images that have been posted by the Guardians of Peace hackers, though. They have also talked via email to a small number of journalists. Salted Hash spoke to someone who claimed to represent Guardians of Peace and who made a bizarre claim that alluded to “The Interview,” the Sony movie that has angered North Korea:
We are an international organisation including famous figures in the politics and society from several nations such as United States, United Kingdom and France. We are not under direction of any state.
Our aim is not at the film The Interview as Sony Pictures suggests. But it is widely reported as if our activity is related to The Interview. This shows how dangerous film The Interview is. The Interview is very dangerous enough to cause a massive hack attack. Sony Pictures produced the film harming the regional peace and security and violating human rights for money.
The news with The Interview fully acquaints us with the crimes of Sony Pictures. Like this, their activity is contrary to our philosophy. We struggle to fight against such greed of Sony Pictures.
Speaking to The Verge, someone claiming to represent Guardians of Peace shed some light on how the group gained access to Sony’s computer network: “Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in. Im sorry I can’t say more, safety for our team is important.”
There are two theories emerging about the Sony Pictures hack. The first is that Guardians of Peace was given access to Sony’s servers by a disgruntled employee. The group’s public statements seem to lead to this explanation.
A comment posted on Reddit by a former Sony Pictures employee who says he have friends within the company says that it “100% makes sense” that an unhappy employee let hackers into Guardians of Peace. He also says that “in the last year they have cleaned house, and not in a way most employees are happy about … everyone has been on edge there, morale is terrible, and good people were getting fired left and right.”
The other theory is that Guardians of Peace is actually a group of hackers working for North Korea’s Unit 121, the collection of skilled hackers who regularly hack into networks in South Korea and the US. There’s no proven link here, but security researchers have examined malware that could have been used by Guardians of Peace, and there are similarities with North Korean hacking tactics.