Who Caused the Sony Pictures Data Breach

Who Caused the Sony Pictures Data Breach

True Cyber Crime Story of who caused the Sony pictures data breach. Exploring our investigation, media and behind the scenes. Topics covered:  who caused the Sony pictures data breach, what really happened in Sony data breach, what we learned from the Sony data breach, shocking truth about the Sony data breach, unanswered questions from the Sony data breach, unanswered questions from Sony data breach, who caused the biggest Sony data breach, truth behind the Sony data breach, what really happened in Sony pictures data breach, who really cuased the Sony data breach, who really cuased the Sony data breach, who caused the Sony data breach, 

Please consider subscribing to our YouTube Channel for ALL Video episodes. It's FREE. It helps us help others @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg
 
Don't Miss The VIDEO Episode: 

Audio Podcast (available everywhere): https://cybercrimejunkies.buzzsprout.com

Want more true cyber crime? More interviews with global leaders? Career help? Check out Https://cybercrimejunkies.com

[00:00:00] It was the Monday before Thanksgiving, a cool Los Angeles day, about 63 degrees and not a cloud in the sky. As Jan, as we will call her, her name has been changed, drove her Honda pilot and entered the Sony lot a little bit before 8:00 AM just like she had done years before and days before when she pulled into the lot, the guard usually greets her with a smile.

Today the guard wasn't there and the gate was open. Strange she thought, but she went on like any other Monday. Looking forward to the Thanksgiving break that was starting that Thursday. She parked in the Sony lot in the employee section, grabbed her bag, proceeded to walk in. When she strolled through the lobby, up the elevator, people smiled and things seemed normal, but they weren't.

What was about to happen changed the trajectory of the company and of cybersecurity in the cybersecurity industry forever. It changed the way in fact that we behave online even today. This is the true cybercrime story of the day the lights went out at [00:01:00] Sony Pictures. 

 I'm David Mauro your host. I've got Mark Moser my illustrious co-host who is a, IT consultant and security consultant. We have Rich Moore, who's one of the leaders in our organization who is a professional coach and marketing, social media, expert. So, welcome gentlemen.

How are you? Good morning. Good morning. How are you guys? Ready to, discuss, , the, day the lights went out? Absolutely. Yeah. More than ready. Yeah. I think even shortsighted this David, cuz this is such an exciting case, right? This reads like a James Bond, you know, movie premiere. We've got everything from the UN involvement to a sitting president, to Russians, to North Korea, to hacking groups.

I mean, this is really a special story. If, if people aren't familiar with it, you're in for a real ride. Yeah, absolutely. And when we, when we looked into this, when we started looking into some of the data breaches, it's not the boring aspect of the technology and the taking of passwords and credentials and things like that.

There's actual, there's so many mysteries involved. There's so much like planning [00:02:00] and execution and deep, deep, dark web things that go on. Cyber crime today is organized crime. It's international, it's very well funded. Really, really interesting stuff. And so we're, we're excited when we think about the Sony Data breach.

Why this one matters when we do a Google search on the Sony data breach from 20 14, 6 0.95 million returns covered, that's huge, right? That is just astronomical. You know, it wound up with, what, what was it? How many computers were wiped out, mark? What was it? Eight 8,000 PCs were Brit, yeah. 8,000 PCs.

That's a lot, right? Like the, and, and it leads into some of the open questions that we're gonna get to that in just a minute. And what about how much data was taken? What is it? A hundred terabytes? Yeah, you got hundred terabytes. Terabytes. That's a lot. That is massive. It wound up the packers involved, whoever they are.

Right? There's several theories. I think we know some of them, but there's a lot that we don't know. That's, that's the sense that we're [00:03:00] getting. Four movies got released pre, you know, be before they were supposed to be public. And that's really critical. That is the revenue generator for motion pictures.

And they blew out four big ones like right before the holidays. I mean, it was, it was catastrophic to Sony at the time. There was public humiliation. Of actors, they were public, humiliation of executives. And then specific targeting of individual employees at Sony. I mean, just publicly humiliating them, publicly releasing confidential private health information.

It, this attack got really, really personal and very, very public all the way up through government, through the president involving the United Nations. This was a shocking, shocking matter. And then one of the side things that happened is the elements that didn't happen, right? And the way that they went about doing this, we're gonna get into this.

It was like comical, right? There's five main theories. One is that the country of North Korea, the state government, is the [00:04:00] sole one that drove this whole thing. And tensions were extremely high between the US and North Korea back in 2014. And that was the conclusion of the FBI and the federal security counsel.

And that makes a lot of sense. But it still leaves so many unanswered questions if that's the only answer. Right? There's so many other questions that, that, that having that theory alone doesn't answer. Right? There's the fact that how did they have and gained such access for so long when they allegedly could have only done it for a week?

Right. Why did they attack certain people? Why did they not attack certain people? What was the manner that they did it? And then there's other cyber crime groups that came forward and said, this isn't right. Like, we are able to access that. We're still doing it today. And so there's a lot that we're gonna get into.

Today as we sit here today, the there've been two federal indictments of a a, an individual computer programmer over in North Korea. [00:05:00] They're still wanted. They've, the North Korea denies that they even exist, and they're still at large even today. They wound up paying, what was it, mark, at least over 35 million.

Yep. They paid several million. There were class action and lawsuits brought by Sony employees. Rich is gonna share with us what it was like to to be an insider and actually go through this data breach and top set, top it. Cybersecurity firms at the time disagreed. They disagreed with. Yep. What the government concluded, they disagreed with each other.

There was so much information here, we're gonna boil it down and kind of walk it through. And the bottom line is we want people that are watching this or listening to this to chime in and to tell us what you guys think. Right? What are your thoughts about this? Ask questions. That's what this is all about.

So let's, let's get right into it. Let's, yeah, let's talk about the day, right. So Rich, walk us through this. It was, so, I, I, I feel like I, I'm the on scene reporter, or I have Keith Morris and you know, me narrating what I'm talking about here because what happened was on Thursday, right, Thanksgiving Day [00:06:00] 2014, it ended up being a day for Sony like no other they'd ever seen before.

And in fact, three days earlier on the 24th, Sony Pictures Entertainment in the world's largest and most prominent movie studio, all the employees were just going into work like a normal every single day. What happened was when they got in there and they fired up their computers, it changed really the trajectory of the movie industry and the way that companies prepare and address cybersecurity.

It had the impact that we're still feeling now and will continue to feel for years to come. And as you were talking about this beginning, in the beginning, David, one of the things I was thinking about is not just the big studio, big studio like Sony and Actors and Hollywood and Yeah, yeah, yeah. So what, but what about the average law firm?

What about the average HR department? How much impact can that have? You know, okay, all the actors will recover, but man, all us private citizens, so what, what greeted them? They fired up their computer and it changed things. Now, here's the bad part of it is three days prior to this, they'd received a warning demand to Chairman [00:07:00] Amy Pasco and Michael Linton, who is the ceo, E O at the time, that something was going to happen.

Now, the really interesting part about it is they both claimed that they had never received these emails. Yeah, and we talked so much about human firewalls, man, there's a big human firewall thing there. It was a nice cool LA morning, man, 60 degrees, not a cloud in the sky. The employees were parking their cars, they're coming in, they're getting their coffee, they're going to their office.

This is complex, right? Beautiful complex. Yeah. Like, you know, all the amenities are in there. They know the guards when they park their cars. Yeah. That day, like things were different. Right. Like, yeah. Everybody's like, I'm just gonna turn on my computer and it's gonna be another boring day here at work. And then all of a sudden, boom, they opened their computers and they were greeted by this anonymous screen tape.

Yeah, this is an actual screenshot of what they saw. I mean, I don't know about you, but that would freak me right out if that popped up on my, so it's like the old things we used to do where you get somebody to look close into their computer screen and then the monster jumped up. But the digital break-in had happened early that morning, and when this skull with the fingers, this whole thing popped up at the same [00:08:00] time.

It was accompanied by a, a threatening message warning that this is just the beginning. The hackers also said that we've obtained all of your internal data and warned that if Sony doesn't obey their demands, they're gonna release the company's top secrets now. Back to the inside of what's going on at 10 50 that day, Mike Fleming from Deadline broke the news that Sony had been hacked.

And think about this. All right. You're at work and you're hearing from other people that, Hey, you know what? Things have come to to a standstill at Sony today. Their computers in New York and around the world were infiltrated by hackers, and as a precaution, the computers in Los Angeles were shut down.

While the corporation deals with the breach, it basically brought the whole global corporation to an electronic standstill. Imagine that you're coming in, your day's gonna be great, everything's working well, and all of a sudden, yeah. Yeah. And then, and then what, what did the, the Sony team then like issued globally.

Everybody turned off your computers, right, and they got, they reached out to IT firms and they really kind of got federal law enforcement and [00:09:00] just following, you know, incident remediation protocol, et cetera. Right. And what's interesting is it affected almost every aspect of the studio, including their digital parking cards.

They had a separate production or separate system for their movie daily, so that was kind of unaffected. But. The insiders said at that point in time that the studio basically was a hundred percent shut down and the staff was using whiteboards to try to figure out what they've lost, what they need to try to do to bring themselves back at line, back online, and how to just be able to function at all.

Yeah. And, and then when, when they look at their screen, it says, what we've already warned you, this is just a beginning. Well, they never really said what they warned about, right? Mm-hmm. And later on, what everybody said, if you, if you guys remember this back in 2014, The general consensus was, this was about the movie.

This was about the movie called The Interview. Right. Which was this comedy where James Franco and Seth go went and allegedly tried to kill the leader of North Korea. Right, right. So, but they don't mention that at all. Yeah, and I mean that, that all in the [00:10:00] beginning of the three days before or, or here.

Right. That's not what they're asking for. Yeah. And and let's get into the timeline and kind of what all happened. Mark, you wanna walk us through this? Yeah, so it's interesting. There's some really pre-story before the breach that I think is really impactful. So as you see on the timeline in 2011, there were other breaches.

There's evidence that the Russians had breached Sony years prior to this. Yeah, there were some known vulnerabilities, there were some known weaknesses. There was. Absolutely motivated bad actors looking to penetrate Sony and, and make a name for themselves. Right. And, and lemme ask you about that prior breach in 2011.

There was like lsac and an affiliation or a, a group that is associated with anonymous. They claimed that they were involved in the 2011 attack given something about the way that they handled some Nintendo system platform. Right. Yes. Yes. Not Nintendo, cuz they said they love Nintendo.

Right. But they, but they wanted to really gain access and humiliate which is kind of their, their [00:11:00] mo there. So that wasn't the bottom line is back in 2011 when Sony was breached and paid a lot of money and had all these audits and had a lot of, a lot of issues, North Korea wasn't involved, was it?

Right. Right. It also brings up a very interesting point when you mentioned LSAC and anonymous, because you'll see some very clear, visible. Ties between some of this ransom drop that they used and what lsac and what anonymous has used in the past, and we can kind of tie those together, which brings up another one of the theories of who may have been involved.

Right. So then shortly after that there was, through the timeline, I didn't mean to send you off track. Right, right. So then there, there was a restructure within Sony. There was a lot of attrition, there was a lot of movement. There was a lot of people that were unfortunately let go. So when was that?

When was that? Was that the spring? This happened in November. Right. So was that the same year? Yes. And that, that was the, well, the restructure was in May of 2014. Okay. So about, okay. A few months before this whole thing comes down. Right, right. They made a lot of people mad. So, which brings us to the next point that they were phished in September.

[00:12:00] Part of that fish that was never really released until the investigation was completed is there were specific demands For employees to be brought back, very specific in name and request that they were indicating that certain employees needed to be brought back and also compensated for being let go.

Which brings up another theory, was this possibly some insider activity that triggered the lights out. Right. That's one of the five main theories, right? There's North Korea alone. Yep. There's a global cybercrime group, right. Called Lazarus group, right? There's hacktivist groups or affiliations, right?

Like anonymous, lsac, et cetera. There's the insider theory, right? Meaning was this, you know, helped or driven by somebody inside, and there's a lot of support for, for that theory and open debate. And then the other one involves the stock manipulation, which we get. Yes, there were, there was, yeah, there was shorting of the stock.

Yeah. So then that brings us to a new player, the Guardians of Peace, g o p, who are, who are these guys who, so this, this is another underground hacking group. [00:13:00] But they appear to have different motivation motivated for what they're looking for. But this one on the 21st was, it was a very specific request for a certain dollar amount and to bring back certain employees.

So now you can almost make the tie between guardians of peace and some insider activity. Motivating G O P to make this request. So when they made this extortion request, it had nothing to do with the release of the moving. Right. Which is the Yeah. That's the thing that blew me away when we were looking into this and, and the three of us were doing all that research of the 6.9 million returns that Google gave us.

Right. They're looking into like the federal indictments were 200 pages long each, and we're like looking through like, it was ridiculous, but. When we saw the Guardians of Peace, so in cybersecurity, right? Everybody knows who the players are. Everybody knows who the IT firms are, right? They're all published on list, they win awards, right?

Everybody knows the fbi, department of Homeland Security, national Security all, all of those, the, the Interpol, all of the, the international groups, right? They know who the state actors are. Who the heck are the guardians of peace? Yeah. Like they've [00:14:00] never been for, ever been heard of. And then where do they come from?

Mark? Do we know? Like, where are they? Around a day? No. No. So here's, here's the interesting thing. So after, after they made the extortion request again, nothing to do with the movie, and they told 'em, you have been warned three days later, that's when the lights got turned out at Sony. So, so this all has to do with some movie from North Korea when they make you do all the acts, actions, right?

Nobody mentions the movie. So Sony at this point has no clue that this is about a movie. Right, exactly. Now the FBI steps in and starts their investigation and very quickly thereafter determines it's North Korea that's solely responsible for all of this. Right. Again, another one of the five main theories, but where they by themselves in doing this, you know, there's a lot of theory around that as well.

Yeah. So very shortly after that, after North Korea's blamed, g o P makes a threat, and they literally said, this will be a nine 11 type attack on Sony pictures in any affiliate of this film. The film gets released 28 days later. [00:15:00] Nothing happened, g o p has never heard from again, which is really interesting.

Then the stocks plunge. The stocks plunge, all the information comes out on Wiki links. These were indications between Sony executives that were not nice in nature that had some, some rather choice language and topics that they used, and I won't go into any of that. But it was so bad in nature that, that the top executives were forced out.

Like they, that was it. They were gone. So shortly after that, I had mentioned earlier that the UN had gotten involved because we had reached out to them. Sony had reached out to them. Obama was the sitting president at the time, and he issued US sanctions against North Korea. So this has now got a global impact in nature.

Really late 2018 and into 2020 that the indictments were issued. There was one individual taken into custody, but. You know, again, it raises my question of, in, in theory, as one of the five main theories, can one individual from North Korea actually do all this on their own? Right. And [00:16:00] that's where their questions remain.

That and that, that is an interesting question. When you stop and think about it, it's like, hmm, this, this, I don't know as much as I know about hacking this, this is something's odd here. Yeah. Add up quite yet. So that does, there's a lot of questions that still remain to this day. I. And this was in 2014. Me too.

But when you stop and think about this, okay, this is one group, g o p, going after Sony. And when you stop and think about the implications beyond just the hugeness of what's going on with a big corporation like Sony, and let's bring it back down. What are the implications for smaller companies? What are the implications for mom and pop corporations?

What are the implications for non Fortune 500 companies when you get just one single black hack hacker in there who is really. An ex-employee who's mad, I mean they did this to a major corporation. How much easier do you think it would be to do it to a smaller organization? You know, that's a great point, rich.

If, if one individual with just [00:17:00] Maleficent intent can do this to an organization of that size, what could they do to, you know, A manufacturing company of 50 people in the Midwest. Mm-hmm. Alright, good. So let's talk about this movie and, and we've kind of addressed the, the disappearance, but th this movie, rich, why don't you tell us about the, the, the movie and Sure.

Kinda what the, how that's related to this overall. So what, what's interesting is Sony had created the movie, the Interview. Mm-hmm. And it dealt with two guys trying, James, Franco and Seth. Is it Rogan or Seth? Yeah. Joe Rogan, the podcast, Seth Rogan's, the actor. There we go. And a plot to assassinate the leader of North Korea.

And it was designed as a kind of a, a comedy mystery who done it and. All of a sudden they're getting this idea that from the hackers, that they're gonna threaten terror. And, and you mentioned it earlier, mark, the, what was it? The, the world will be full of fear. Remember the 11th of September, 2001? Yep.

Yeah. Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. Right? And they're like, oh my gosh, if we release this movie, what [00:18:00] could happen? Right. So, Under the threat of all volunteer. Right. Yeah. And, and, and just to mention something too is like a couple months before when North Korea heard about this movie coming out, right?

They went to the United Nations Yep. And they said, this is consi. We consider this an act of, of, of terrorism. Right? Mm-hmm. They, they, they said, we don't want this movie to be released. And several other studios had passed on the movie from what we've read. Yeah. And here's, here's where it's, you know, this is, this certainly seems plausible as a reason that North Korea would be upset with them.

Sony. Absolutely. But, but here's, here's where it gets a little bit squirrely. All right. So Sony released the movie. They pulled the movie. Yeah. The FBI tied the hack officially to North Korea. Yeah. And then the day after that happened, the entire internet of the entire country of North Korea went down.

Exactly. Sony re-released the movie, right? Yeah. Sony re-released the movie and nothing happened. Yeah. Which really, which really gets to the whole controversy, right? Yeah. I mean, is it really tied to the movie who did it? Right? When we really start to think who did it?[00:19:00] It, it, there's so many open questions, right?

This is the official position. So let's talk about the official position. There were, what, what, what do we have? We have two federal indictments. One mainly for this park. He and Koke from North. He's a North Korea citizen. He's still wanted, he's on the FBI most wanted list. This is the the tracking down of the emails that were used in the phishing campaigns and the IP addresses.

And how they were used in other major breaches, like a Bangladesh bank and several other ones, right? Which they, there, there, there clearly is evidence that. The, that this group that he's tied to that has some sponsorship in some way from North Korea as well as an involvement from what, what they call the Hacker Hotel over in China.

Right. There's, there's all this involvement there. So there is evidence clearly that, that this was part of it, right? But it doesn't answer all the other questions, does it? Not even remotely. No. Right. No. And so [00:20:00] they, they got a lot of the IT companies that got involved, they started looking into this. One of 'em was the novetta group of, of it security people, and they called this huge report that they did operation Blockbuster.

Right? I always love those things. But it was like Operation Blockbuster. And they went and they found they didn't specifically name the state of North Korea. They blamed it all on these actors involved in the criminal organization, cybercrime group called Lazar. They have several different names that's basically known as Lazarus.

Mark, what are they behind? Aren't they behind the WannaCry? Yeah. That was for those familiar with the WannaCry when that first came out, and how much of an impact that had. This is that same group associated with WannaCry. Right? Right. So that's the main theory. Right. But it leaves a lot of open questions.

One of the main open questions is why was this attack so personal? Like, walk us through this mark. Yeah. So again, as I mentioned, even early on in the beginning of the timeline, a lot of this was directed very specifically and targeted at like Pascal and Linton. There was some other [00:21:00] executives as well but the releasing of the emails that were, you know, not so kind in nature.

You don't typically see that from persistent threat actor like these guys. Because there's, there's no endgame for them, right? Other than just, you know, ruining someone's Someone's reputation. So the, the motivation behind it seemed different from the beginning. And as you can see, just the visuals that they use are almost, I wanna say juvenile in nature.

Yeah. They're honor A lot of the articles and reports that we read raised that question. They're like, state actors don't come up with cool names for themselves and like create memes and then attack personal people. Those actor has ever done that. Right. Ever done that before and has never done that since.

Well, and here's the caveat to that piece. North Korea never took, never took credit for it. Well, that if they were wanting to take down capitalism and take down Sony and they were able to do that and stop the release of the movie, don't you think they would probably say, Hey, yeah, we did that. We did that.

They didn't. They didn't do that. Yeah. And why did they target, here's the thing that just boggles my [00:22:00] mind, if this was just about the movie, the interview, right? Why did they target specific and humiliate specific Sony employees, but not the people involved in the movie? They, they released information really embarrassing information about certain actors, but not the actors in the movie.

Right. They attacked certain Sony employees, but not the ones involved in creating the movie. Right. That makes no sense. It doesn't make any sense. Me thinks this may have a more personal edge to it than what the, doesn't the media and the government wanted to lead on, because it's like, okay, even if you're a state hacker, I can, I can see maybe going after Pascal and Linton.

But Right. They went down to average run of the mill, normal Sony employees and started, you know, threatening some of them. And it's like, okay, that's not a state doing that. The state wants to bother our com our country, not individual people. Right. Exactly. Yeah. Hey, one of our, one of our listeners, clay, who we we know is a, a very well skilled engineer.

[00:23:00] And, and a, and a security researcher as well. He said good podcast called the Lazarus Effect. On bbc, so that is something that people can look into too. Yeah. Yeah. Thanks, clay. Good stuff. Yeah, that's good. Yeah. So, and when we're talking about things being clownish, right? Look at this, like, not only did they show that they, they took over all the Twitter accounts, deleted all of the Sony information, and then posted like personal memes that had like, you know they're really rudimentary, right?

They're almost childish with like the heads of the the leaders of, of Sony, right? In there. Right. Which doesn't look like state actors involved. Right. And then there's this, so when, this is what Rich was mentioning, they said they threatened nine 11 type attacks if you release this movie. Right. So after they'd never mentioned the movie, FBI blames North Korea.

The federal government blames North Korea. Then after that, they said, if you release this movie, we are gonna do nine 11 attacks on this place. Right? As soon as the, the, the US government blames North Korea that very day, this group. [00:24:00] Released a ridiculous video that says, you are an idiot. You are an idiot.

You are an idiot. It just repeats that with all these little memes and house music playing in the background. And then they said, you know, the result of the f investigation by the FBI is so excellent that you might have seen, we congratulate your success. The FBI is the best in the world. Here's a gift.

And they send that, that video, is that a state actor? Right? Does that sound like, something like that? And when you, when you look at that piece of it too, it's like the whole, okay, nine 11 style terror. Why would you nine 11 style terror towards Sony Pictures. Okay. Nine 11 style terror towards the United States, towards our government, pick our senators, our president, somebody like that.

Yeah, that makes sense. But this is just, it sounds to me like, you know, the bully in the schoolyard going, ha ha ha ha ha ha ha. Right, right. And so we have another another great comment from one of the listeners. I can't seem to open it, David, if you could say that. He said, that's a very interesting question.

Why only so many employees? Yeah. Why only so many employees? That's the question. Like you can't get over it's a hundred pound gorilla in the room. Right. And you, and again, if you go to personal attacks, okay, I [00:25:00] get it. Let's shift from Sony and let's do personal attacks on senators. Let's do personal attacks on governors, on, you know, people of power, bill Gates and, and what's his name?

Elon Musk and all those people. Why Sony employees? I love that. Right? Really good. And then the other EL element, right? There's two other theories that have been involved here that we haven't gotten into. One is what about hack. Groups so everybody knows Anonymous. And there's a group that was formed that was from some former group members of Anonymous and it's called lsac, right?

And there's other ones. There's other ones. They're loose affiliations, they're global, right? And what was interesting is during this time, right, anonymous was posting on Twitter. There's a picture of it in the upper left corner there. They were posting on Twitter that you guys say that, you know, this was North Korea and that the all of the servers are down we're in their server right now.

And they posted, right? They post the screenshot. We're in the server right now. What are you guys talking about? Right? Raise is a really good question. Right? And they said they posted this, [00:26:00] this comment then they said recent for a Sony pictures lied to the public about being hacked by North Korea. This was a publicity stunt for their latest movie, the interview.

If we don't like being lied to, we want them to tell the truth. Anonymous never fights against you. They'll always fight for the truth and in this case, uncover it until they speak anonymous, we'll continue to attack. Pretty interesting theory. Right? And David, that's, that's a big piece there cuz if you stop and think about all the hacktivist groups and things like that, they man, when they do something, they claim it.

Right. And, and they get out there and they almost dare the FBI and everybody, yeah, we did it. Come find us. You can't get it done. And that the, the. The whole Sony thing just didn't wreak of, you know, we did it. We're proud of it and try to find us. Right, exactly. I had another, another great question from one of the listeners.

Do you feel like North Korea even had the capacity back in 2014? Great question. They couldn't even keep the internet on in the whole country, but yet they're able to hack Sony pictures. Right. Which is a really, really interesting point. When, when we talk about this, the Hacktivist group, it's not just anonymous too, there's lsac, right?

Which several of the members [00:27:00] eventually got indicted. They caught several of them for other data breaches, but they had hacked and been involved in a hack of Sony and Nintendo back in 2011. Right. They also did hacks that were really, really similar to this. Right? They, you know, how they kind of went and made fun of.

Michael Linton and Amy Pascal to the point where Amy Pascal, based on the, the data that was released and the emails that were exposed, she eventually resigned. Yeah. She had to quit. Yeah, she had to quit. I read some of those. They were pretty nasty in nature. Yeah. They, they had like allegedly like racist comments and real derogatory comments and stuff like that.

And we don't know the context or anything, but it, what was interesting about the LSAC group is they had not only done that to Nintendo and Sony back in 2011, but they'd done something similar to, they, they had attacked. Fox News, they had attacked the sun newspaper and the Times, and they had gone on and published a report from the looking like it was from the inside that the newspaper's owner, Rupert Murdoch had died, if you guys recall.

Mm-hmm. Made international news that this, that this leader had, [00:28:00] had, had actually passed away. And they had also, whenever they do their tax, they do mean. They list means they deface websites. It's very almost comical, right? The name of their group is lsac, which is for lol, like they do it for fun.

They do it to create mayhem. They don't do it for a monetary reason, and in this breach, there wasn't a monetary. Right there. There, there was wasn't a specific demand for this money. There wasn't a specific demand in the beginning about not releasing the movie, and there was a bunch of memes and defacing of websites and things like that.

Right. Taking over the social media accounts. So when you look at, when you look at that and it's like, okay, no demand for money. The Sony released and then pulled the the picture, and nothing happened there. This almost just makes a big shift to somebody's personal inside. Sony is mad. It's a really, it's a really open discussion about that.

Right. Well, and is, is it possible that, that an upset Sony employee could have enlisted low grade [00:29:00] hackers or a, a not well known hacktivist group to help them do this so that they didn't get caught? Right. Yeah. And then maybe, and then possibly even taken some of that data and filtered it up to North Korea.

Like, or, or the, or the group or the Lazarus group. Right, right. Like, we're not saying that, like what the. Federal government found was wrong. Like they have evidence that they're involved at some point in this breach, but it still remains so many more open questions. You know what's, what's interesting in like these hacktivist groups don't think just cuz they do memes and things, that they don't have the skills to do it.

Like they issue videos, right? Like LSAC and anonymous. When they do things, they issue videos just like was done here. They issue meme videos and things like that. That was also done here. Nation states don't do that. And nation states don't disappear. And that gets into that question that Mark mentioned earlier, right?

And that was, let me get to that slide. We'll get, we'll come back to the IT security firms. But this is the real big question, right? If this was [00:30:00] just North Korea involved and only North Korea and it had nothing to do with any inside or any Hacktivist group or whatever, why in the beginning did they not say this is about the movie that they had just previously complained about to the un, to the United Nations?

Right. Months before they said this is an act of terrorism. Right. And then the demands, the first couple of communications, they don't even mention the movie. They don't talk about the movie. That makes no sense. And then this is the bottom line, right, mark? Like, why didn't they take credit for it? Yeah.

Right. Yeah. Just doesn't make sense. Guess my question is, wouldn't they be justified in doing it? Wouldn't they feel like we were just defending ourselves? We complained to the United Nations. We felt it was an act of war or an act of terrorism. We took down this movie, we stopped them from releasing the movie.

Right. Like, that's why we did this to, in, in our attempt to make them stop releasing the movie. Right. And if you think well, they wouldn't wanna get in trouble or they wouldn't wanna say that they did something. Oh yeah. They would, they brag about their, their cyber warfare [00:31:00] abilities. Yes. If it's your internet in their country is like, The internet doesn't technically exist there and people, it's illegal to own PCs there, right?

Yeah. But even so, they advertise, they're cyber warriors. They claim to have over 7,000 of them, and they stated in 2013, right around this time. Right? Cyber warfare is an all purpose soar that guarantees the North Korean people's armed forces ruthless, striking capability along with nuclear weapons and missiles.

So why would they not say yes, it was us. Right? Yes. It was us. We did it. What are you, what are you guys gonna do about it? And let's just add one more little piece to that if you stop and think about the leaders involved. All right. Kim Jong-Un. You know Any, pick any of our presidents, you know, Trump, Ford, Carter, any of them China's leader, Putin, any of those guys.

They've all got such big egos that if they did something like this, they'd be standing on the world stage going, look at me. You think I'm a little backwards country up here, and I don't have any internet. Watch this. Yeah. Hey, so we had one of the listeners [00:32:00] brought up a great question. Like this could be like number six.

Publicity stunt gone awry. They put the information out there and some light mischief to gin up interest in the movie, got into the wrong hands, including North Korea. Someone with a grudge took it next level with the personal attacks. I, that might be theory number six right there. That's from David Kirkley our, our, our friend out east.

Yeah, that is that's a great point. Yeah. Yeah. I don't think we'd even talked about that. Yeah. Really logical. You know, and when we think about like some of the activist groups like LSAC Anonymous, you know, mark, mark and I are part of InfoGard, right? It's that it's that public private coalition with federal law enforcement in the private sector about homeland security and security and things.

Yep. And, you know, lsac and, and these guys, they breached InfoGard. They went after InfraGard. They, they said you know they, they issued a proclamation after they, they attacked the InfraGard sites, right? They said, it's come to our unfortunate attention that NATO and our good friend Barack Osama llama, 24th century Obama, that's their joke for him, [00:33:00] has recently upped the stakes with regard to hacking.

They now treat hacking as an act of war, right? Because in light of this breach, We, the, the president got involved, sanctions were issued, et cetera. Right. In response to that, lsac, hacktivists made that claim and they said, so we just hacked an FBI affiliate website in info guard, specifically the Atlanta chapter, right.

And leaked its entire user base. We also took complete control over the site and defaced it. Doesn't that, that's like the same, same MO that was done here. Yep. Right. So I'm not saying they're the sole ones involved. Right. But there's a lot that doesn't really make sense without, without addressing that.

So there's, there's a couple other avenues, right, that we just haven't talked and let's, let's explore those, the IT companies that were involved, right? The, there was a lot of security leaders that got involved. Cybersecurity expert, Kurt Stanberger from the firm, Norse. Remember Norse. Yep. Back in the day, mark, they had this phenomenal heat map that showed all the data.

Yep. It was really [00:34:00] cool actually. Yeah, it was really, really cool. They they, Kurt Stanberger with Norse Defcon organizer and CloudFare researcher, Mark Rogers, Hector Monger a person that had previously hacked Sony. They said it was insiders. They said that they didn't believe that it was just North Korea.

Norse actually identified six insiders disgruntled former employees based on their past skill sets and their access to the servers and their knowledge of them. So that's really interesting. Right. And Hector Monger, who had previously hacked Sony said, He's like, what, what I love about his quote is and this is also the security expert, Lucas Zekowski said, state sponsored attackers don't create cool names for them for themselves, like Guardians of Peace and promote their activity to the public.

Right? The Hector Guide pointed out that 100 terabytes of data being taken, if you're not right, if you're not physically on site, a hundred terabytes of taken being exfiltrated. Online without anybody noticing would take [00:35:00] years to do. It's not something that would be done in just a matter of weeks after a couple phishing emails.

Right. It's pretty interesting stuff. Yep. The last, you know, let's, the, the, the last angle that we wanna really address is the this one right here. This, the, the stock aspect, because it's just something that has happened in the past. Right. If you don't think somebody would go through this much.

Damage just to manipulate the stock and to sell short. First of all, there's, there's allegedly a lot of evidence that that happened here. And also it's happened in the past. There have been attempted bombings of a publicly traded German football team, right? That everybody originally said was terrorism, when in fact it was later on they took that all back and they said, no, this was a stock manipulation.

They did that because of insider trading here. There's evidence, or allegedly evidence, right that investors sold large chunks of Sony stock in 2014 between September when these phishing emails started [00:36:00] happening and the date of the breach. And then there was a huge spike in short selling of Sony right before the breach.

Now, naturally the stock went down after the breach, right? But people were. We're making, we're trading futures that were gonna become much greater in value once things got publicized that they had been breached. Right. And that is something that, you know, mark, you and I see that a lot in in, in, in cybersecurity.

Oh. It's very reminisce of the Equifax breach and I mean, there's multiple other ones as well. Yeah. Which always, which always seems to point back to insider trading, obviously. That's, that's where the whole manipulation comes from, right? Yeah, exactly. So let me just, let me. Wrap it up and, and, and ask everybody to kind of tell me what your thoughts are, rich.

What, what, what are your thoughts? What do you think? Well, and so this is something that just came up and even when we were rehearsing and talking about this, this one just came, came to my mind, and that is once this was all over and done with. Okay. It, it seems like as a group, we pretty much believe it probably wasn't North Korea, so why didn't Sony.[00:37:00] 

Take legal action against any of the people that they found out the Hacktivist groups or, or some of the other folks for what happened. I mean, it's, it's interesting that Sony didn't pursue other legal matters. Now they, and they were, they were represented. They didn't do that, but that's a great point.

But they were represented by David Boyce. Phenomenal litigator, right? Ruthless. And he was going after a lot of the newspapers. Right. For, because what, what, what the, what the group did is they posted all this. Data they posted, the movies, they posted the private information, they posted all this intellectual property of Sony on a public site.

They sent the password protection, like they sent the credentials to the reporters, right? And then the reporters would go in and then report on it. And then it opened up an issue of, well, can reporters do that? Are they not contributing? Is there not an issue or legal, legal ramifications for doing that?

The case law kind of goes protecting the free speech and the, and the reporters generally. Generally there's some exception, but still the point is, is. They were going, they were going after everybody to stop. [00:38:00] Why didn't they do that? Great point, rich. Yeah. So my, my overall thinking of the thing is, I, I'm going with the disgruntled insider.

I. Who had connection to some sort of black hat hackers and they dreamed up the scheme of, okay, let's try to point it at North Korea. There's just, there's just too many things that don't add up for it to have been a state actor getting involved in doing this and, and just the simple fact that North Korea never jumped up and down and, and we know that he likes publicity as much as anybody does.

He didn't do any of that kind of stuff. I'm, I'm going with it was somebody who was upset and did it from the inside. Interesting. So you're, you're aligning yours with Norse? Yeah. Which, which, yeah. And he apparently brought that to the fbi. Interesting story about that, from what I read, is he apparently brought that to the fbi.

They met with him, but they completely dismissed it. In fact, when he got on television before bringing his findings about the six employees, the insiders before bringing that to the fbi, he spoke to either CNN or CBS or somebody. And the reporter said, you know, just so that you know the FBI said they reviewed all this and they don't, they don't believe your [00:39:00] story at all.

And the head of Norse was like, that's interesting. We haven't shared it. Yeah. Didn't he? He hadn't released the report at that time. They already turned it down so that they had been to the point is, is this confirmation bias? Meaning did they make up their mind cuz they, they blamed North Korea within three weeks, shortly after three weeks of doing this, this very complex web.

They said they had their target, they. Did they close their mind and then point to facts that supported their conclusion and ignored facts that could have changed their conclusion compilation. And then the one other little twist, and this is kind of at the end too late to put this in to, to think about, but having spent time in the military and dealing with the intelligence community, there are things that our government, other governments, aren't gonna release to the general public because they have a bigger impact on national and world security.

So there's always that. Okay. Yeah, we didn't even mention that. The, the bottom line is it very well could be, right? And all there could be answers to all of this, and we just don't have that access, right? Because of national security. And that very well may be the truth [00:40:00] or it may not. We don't know. And because we don't have that access and because we don't know if there actually is anything there.

A lot of this seems very logical and very believable. So, mark, how about you as, as we're wrapping up, tell us about Yeah. You know, I gotta think this was, I, I, I think I'm with Rich on this. I think this was inside. It comes right on the heels of the restructure, personal in nature, the attacks, it was very directed.

There was no ransom upfront. This would be something I would classify as like a, a breach as a service. Like we have ransomware as a service. This could have been breach as a service. It's very easy. You gather the right actors and yeah, do I think North Korea was maybe involved at some point or maybe the IPS pointed that direction?

I don't know. I think it made a very convenient scapegoat and fall guy for the whole package just to be wrapped up and put a bow on it. Yeah. But yeah, I gotta, I feel like this is something that came from the inside. Yeah. And as a qualifier for any any legal aspects of watching this. These are our personal opinions.

It's just based on the 6.9 million returns that Google has. So these are personal opinions, right? Not the opinions of all covered tele Minolta nor [00:41:00] any other entities. Right. It's just us three people talking. So I, yeah, I kind of fall in between where you guys are. I think there is some. Tie at some point.

Maybe it's the, the implementation of it or some aspect of it that did involve the group, the Lazarus group. Right. I don't see the state government of North Korea actually being involved in this one. I know that they're active and they've been, they've, they've advanced since 14th. It's easier to say they were involved today because their capabilities are much higher.

Right. I don't know about their, their ability to even launch a rocket more than 30 seconds back in Now. It's, now it's up there. Right. But. I still believe that at some point, whether in combination with them or somebody else, that some element of a hacktivist group and some element of insiders had to be involved.

Yeah. Like the intricate knowledge of the industry, of how the Sony physical building worked and stuff like that. And if they had only been in as this claims for a few weeks, having access to computers and [00:42:00] things, there's only so much you can gain from the other side of the world by, by seeing what's, what's in the data.

They had in, they, they had so much so much information to digest and then execute on it. It's, they either, either that or they had to be in years before, right? They had to be in long, long before, but after the 2011 attack, you'd think that they would've cleaned everything out. Right? Yep. And they would've found everything and locked everybody out.

One other thing is there was one, one of the IT companies had brought in other state sponsors that were still claiming to still have access, kind of like anonymous. And so who knows? But good discussion. Thank you gentlemen. We appreciate it. Lots of fun. Yeah. Good stuff. And, and it really, because of this, there's so many new best practices and we'll, we'll, we'll talk about other true crime.

True cybercrime stories. There's so many good ones out there. We will, we will talk soon.

And thanks everybody for, for, for attending.