Cyber Crime Junkies

The Story Behind the Sony Data Breach 2014

Cyber Crime Junkies by David Mauro Season 4 Episode 49

This is the True Cyber Crime Story of “The Day the Lights Went Out at Sony Pictures” in 2014. Discussion about then events, what led to it, the formal findings and open questions remaining by experts. Hosts David Mauro and Mark Mosher explore their research with Special Guest, professional coach Rich Moore.

Summary

The conversation discusses the Sony Pictures cyberattack in 2014, exploring the various theories and implications of the breach. The hosts highlight the impact of the attack on Sony and the movie industry, as well as the broader implications for cybersecurity. They delve into the different theories surrounding the attack, including North Korea's involvement, insider activity, and stock manipulation. The conversation raises questions about the role of smaller organizations and the potential vulnerabilities they face. Overall, the discussion emphasizes the need for increased cybersecurity measures and awareness. The conversation explores different theories surrounding the Sony Pictures hack in 2014. The main theories discussed include: 1) North Korea as the sole perpetrator, 2) a disgruntled insider with connections to black hat hackers, 3) hacktivist groups like LulzSec and Anonymous, and 4) stock manipulation. The conversation highlights the inconsistencies and unanswered questions surrounding the official narrative that North Korea was solely responsible for the hack. The participants lean towards the theory that an insider with help from black hat hackers orchestrated the attack. They also discuss the possibility of stock manipulation and the involvement of hacktivist groups. The conversation concludes with the acknowledgment that there may be information that is not publicly available due to national security concerns.

Chapters

00:00 The Day the Lights Went Out at Sony Pictures

Send us a text

Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-446

Get peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 
Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That’s NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Dino Mauro (00:02.286)
You know, we all have a lot of data and it has to positively, absolutely stay safe. It can't get into the wrong hands. And the biggest challenge we have is how to transfer it from here to there. We all know as leaders that legacy tools that transfer our important files and sensitive data are mostly outdated and fall short on security, especially with the demands of today's remote workforce. Relying on outdated technology puts our organization's brand at risk. And that is unacceptable. So we are excited to invite you to step into the future of completely secured,

managed file transfer from our friends at Kiteworks. Kiteworks is absolutely positively the most secure managed file platform on the market today. They've been FedRAMP moderate authorized by the Department of Defense since 2017. And unlike traditional legacy systems with limited functionality, Kiteworks has unmatched software security with ongoing bounty programs and regular pen testing to minimize vulnerabilities. And the coolest part, they have easy to use one -click appliance updates you will love.

Step into the future of secure managed file transfer with Kiteworks. Visit kiteworks .com to get started. That's kiteworks .com to get started today. And now the show.

Hello everyone, this is David Morrow. I'm the creator and host of this podcast, which we aptly named Cybercrime Junkies. My co -host Mark Moser and I are both true crime fans.

and have been in the cybersecurity industry as professionals for decades. All of our information is available at our website cybercrimejunkies .com. Our goal is to create a podcast that is fun and interesting as well as one that serves a greater cause. Our cause here is simple. It's to protect you. Unlike 20 years ago when there were two versions of our lives, with one online and one in physical reality, today there's very little aspect of our personal and professional lives that is not digitized.

Dino Mauro (01:52.654)
Because of that, we have to think a little differently. All of us do. Every time we get online, we don't enter our neighborhood, our town, our state, or our country. When online, it is automatically global. So our aim in protecting you is to help you understand in common, normal terms what it means to keep security in our minds.

This podcast is for you individually, your family, as well as the organization and brands that we serve. It's a big playground. And when entering online in a global community, there are a lot of people that unfortunately and sadly want to do us harm. We can't change that, but we can change how we defend ourselves against it.

It's going to take a lot of us working together in a collaborative way to raise awareness. And like any other playground, when we level the playing field, the game is fun. So we hope you listen and hope you download our episodes. The download is really the key. It allows us to keep this podcast going. So in our episodes, you'll find interviews with leaders who protect and build great brands, some comedic relief from time to time, since laughter after all is what it's all about and makes it more fun for all of us.

and then some true cybercrime stories so that we can all relate about what this really means in real life. In addition to our regular episodes, which we will release on Monday mornings, we will also have additional premium content available for those who want to subscribe. There you can gain access to exclusive videos, interviews, security awareness training lessons, ridiculous outtakes, and some more fun member only things, which we'll make available.

If you become a fan of the show, one thing we would love and appreciate is if you simply bought us a coffee. There's a link in the show notes and on our websites. Again, please enjoy the show. Give us feedback right on our website, cybercrimejunkies .com. Thank you so much for listening. And now the show.

Dino Mauro (04:01.006)
It was the Monday before Thanksgiving, a cool Los Angeles day about 63 degrees and not a cloud in the sky. As Jan, as we will call her, her name has been changed, drove her Honda Pilot and entered the Sony lot a little bit before 8 a .m. just like she had done years before and days before. When she pulled into the lot, the guard usually greets her with a smile. Today the guard wasn't there and the gate was open. Strange, she thought, but she went on like any other Monday, looking forward to the Thanksgiving break that was starting that Thursday.

She parked in the Sony lot in the employee section, grabbed her bag, proceeded to walk in. When she strolled through the lobby, up the elevator, people smiled, and things seemed normal. But they weren't. What was about to happen changed the trajectory of the company and of cybersecurity and the cybersecurity industry forever. It changed the way, in fact, that we behave online even today. This is the true cybercrime story of the day the lights went out at Sony Pictures.

Lucky to work for a great group of people you really believe in. Find yourself making an impact. Technology is a river that flows through every aspect of an organization and today is different. We put ourselves and our organizations literally at risk of complete destruction every single time we get online. One click, one distraction is all it takes. Hi, Sabrocrime Junkies. This is your host, David Morrow, along with co -host Mark Mosher.

Come join us as we explore our research into these blockbuster true crime stories. Along with interviews of leaders who built and protect great brands.

Dino Mauro (05:45.998)
Joining me today, I'm David Morrow, your host. I've got Mark Mosher, my illustrious co -host, who is a IT consultant and security consultant. We have Rich Moore, who's one of the leaders in our organization, who is a professional coach and marketing social media expert. So welcome, gentlemen. How are you? Good morning. Good morning. How are you guys ready to discuss the day the lights went out? Absolutely. More than ready.

Yeah, I think you've been short -sighted this, David, because this is such an exciting case, right? This reads like a James Bond movie premiere. We've got everything from a UN involvement to a sitting president, to Russians, to North Korea, to hacking groups. I mean, this is really a special story. If people aren't familiar with it, you're in for a real ride. Yeah, absolutely. And when we looked into this, we are true crime fans, and then we also are cybersecurity people. And so when we started looking into,

some of the data breaches, it's not the boring aspect of the technology and the taking of passwords and credentials and things like that. There's actual like, there's so many mysteries involved. There's so much like planning and execution and deep, deep dark web things that go on. Cybercrime today is organized crime. It's international. It's very well funded, really, really interesting stuff. And so we're excited. When we think about the Sony data breach, why this one matters.

When we do a Google search on the Sony data breach from 2014, 6 .95 million returns come in. That's huge. That is just astronomical. It wound up with, what was it? How many computers were wiped out, Mark? What was it? 8 ,000 PCs were bricked. Yeah. 8 ,000 PCs. That's a lot, right? And it leads into some of the open questions, and we're going to get to that in just a minute. And how much data was taken? What is it, 100 terabytes?

Yeah, 100 terabytes, terabytes. That's a lot. That is massive. It wound up the hackers involved, whoever they are. Right. There's several theories. I think we know some of them, but there's a lot that we don't know. That's the sense that we're getting. Four movies got released pre, you know, before they were supposed to be public. And that's really critical. That is the revenue generator for Motion Picture.

Dino Mauro (08:13.23)
and they blew out four big ones like right before the holidays. I mean, it was catastrophic to Sony at the time. There was public humiliation of actors. There were public humiliation of executives and then specific targeting of individual employees at Sony. I mean, just publicly humiliating them, publicly releasing confidential private health information. This attack got...

really, really personal and very, very public. All the way up through government, through the president involving the United Nations. This was a shocking, shocking matter. And then one of the side things that happened is the elements that didn't happen, right? And the way that they went about doing this, we're gonna get into this. It was like comical, right? There's five main theories. One is that the country of North Korea, the state government is the sole one that drove this whole thing. And tensions were

extremely high between the US and North Korea back in 2014. And that was the conclusion of the FBI and the Federal Security Council. And that makes a lot of sense, but it still leaves so many unanswered questions if that's the only answer. Right? There's so many other questions that that that having that theory alone doesn't answer. Right? There's the fact that how did they have and gain such access to

for so long when they allegedly could have only done it for weeks, right? Why did they attack certain people? Why did they not attack certain people? What was the manner that they did it? And then there's other cyber crime groups that came forward and said, this isn't right. Like we're able to access that. We're still doing it today. And so there's a lot that we're gonna get into. Today, as we sit here today, there've been two federal indictments of an individual computer programmer.

over in North Korea, they're still wanted. North Korea denies that they even exist and they're still at large, even today. They wound up paying what was at market, at least over $35 million. They paid several million dollars, there were class action lawsuits brought by Sony employees. Rich is going to share with us what it was like to be an insider and actually go through this data breach. And top IT cybersecurity firms at the time disagreed. They disagreed.

Dino Mauro (10:36.27)
with what the government concluded. They disagreed with each other. There was so much information here. We're going to boil it down and kind of walk it through. And the bottom line is we want people that are watching this or listening to this to chime in and to tell us what you guys think. Right. What are your thoughts about this? Ask questions. That's what this is all about. So let's let's get right into it. Let's get together. Let's talk about the day. Right.

So Rich, walk us through this. I feel like I'm the on -scene reporter or I ought to have Keith Morrison narrating what I'm talking about here. Because what happened was on Thursday, Thanksgiving Day 2014, it ended up being a day for Sony like no other they'd ever seen before. And in fact, three days earlier on the 24th, Sony Pictures Entertainment in the world's largest and most prominent movie studio, all the employees were just going into work like a normal every single day.

What happened was when they got in there and they fired up their computers, it changed really the trajectory of the movie industry and the way that companies prepare and address cybersecurity. It had an impact that we're still feeling now and will continue to feel for years to come. And as you were talking about this in the beginning, David, one of the things I was thinking about is not just a big studio like Sony and Actors and Hollywood and yeah, yeah, yeah. So what? But what about the average law firm? What about the average HR department? How much impact can that have? You know,

Okay, all the actors will recover, but man, all those private citizens. So what greeted them, they fired up their computer and it changed things. Now, here's the bad part of it, is three days prior to this, they'd received a warning demand to Chairman Amy Pascoe and Michael Linton, who is the CEO. That something was going to happen. Now, the really interesting part about this is they both claimed that they had never received these emails. And we talk so much about human firewalls. Man, there's a big.

human firewall thing there. It was a nice cool LA morning, man. 60 degrees, not a cloud in the sky. Employees were parking their cars, they were coming in, they're getting their coffee, they're going to their offices. Beautiful complex, right? Beautiful complex. Yeah. Like, you know, all the amenities are in there. They know the guards when they park their cars. Yeah. That day, like, things were different, right? Yeah, everybody's like, I'm just gonna turn on my computer and it's gonna be another boring day here at work. And then all of a sudden, boom, they opened their computers and they were greeted by this anonymous screen.

Dino Mauro (12:56.59)
Yeah, this is an actual screenshot of what they saw. And I mean, that would freak me right out if that popped up on my... It's like the old things we used to do where you get somebody to look close into their computer screen and then the monster jumped up. But the digital break -in had happened early that morning. And when this skull with the fingers, this whole thing popped up at the same time, it was accompanied by a threatening message warning that this is just the beginning. The hackers also said that we've obtained all of your internal data and warned that if Sony doesn't obey their demands...

they're going to release the company's top secrets. Now, back to the inside of what's going on. At 1050 that day, Mike Fleming from Deadline broke the news that Sony had been hacked. And think about this, all right? You're at work and you're hearing from other people that, hey, you know what? Things have come to a standstill at Sony today. Their computers in New York and around the world were infiltrated by hackers. And as a precaution, the computers in Los Angeles were shut down while the corporation deals with the breach. It basically brought the whole global corporation to an electronic

stand still. Imagine that. You're coming in, your day is going to be great, everything's working well, and all of a sudden. Yeah, and then the Sony team then, like, issued globally, everybody turn off your computers, right? And they reached out to IT firms, and they really kind of got federal law enforcement and just following, you know, incident remediation protocol, etc. Right? What's interesting,

is it affected almost every aspect of the studio, including their digital parking cards. They had a separate production, a separate system for their movie daily, so that was kind of unaffected. But the insiders said at that point in time that the studio basically was 100 % shut down, and the staff was using whiteboards to try to figure out what they've lost, what they need to try to do to bring themselves back online, and how to just be able to function at all. Yeah. And when they look at their screen, it says, we've already warned you, this is just the beginning.

Well, they never really said what they warned about. Right. And later on, what everybody said, if you if you guys remember this back in 2014, the general consensus was this was about the movie. This was about the movie called The Interview, right. Which was this comedy where James Franco and Seth went in, allegedly tried to kill the leader of North Korea. Right. Right. So but they don't mention that at all. Yeah. I mean, that that all in the beginning.

Dino Mauro (15:19.694)
The three days before or or here right? That's not what they're asking for yeah, and and let's get into The timeline and kind of what all happened mark you want to walk us through this Yeah, so it's interesting. There's some really pre story before the breach that I think is really impactful So as you see on the timeline in 2011 there were other breaches. There's evidence that the Russians had reached Sony Years prior to this yeah, there were some known vulnerabilities. There were some known weaknesses there was

motivated bad actors looking to penetrate Sony and make a name for themselves. Right. And let me ask you about that. Prior breach in 2011, there was like a lulzac and an affiliation or a group that is associated with Anonymous. They claim that they were involved in the 2011 attack, given something about the way that they handled some Nintendo system platform. Right. Yeah. And so Nintendo because they said they love Nintendo. Right.

but they wanted to really gain access and humiliate, which is kind of their MO there. So that wasn't, the bottom line is back in 2011 when Sony was breached and paid a lot of money and had all these audits and had a lot of issues, North Korea wasn't involved, was it? Right, right. It also brings up a very interesting point when you mention Lulzac and Anonymous, because you'll see some very clear, visible ties between some of this ransom drop that they used,

and what Lulzac and what Anonymous has used in the past and we can kind of tie those together which brings up another one of the theories of who may have been involved. Right. So then shortly after that there was the timeline. I didn't mean to send you off track. Right. Right. So then there was a restructure within Sony. There was a lot of attrition. There was a lot of movement. There was a lot of people that were unfortunately let go. So when was that? Was that the spring? This happened in November. Right. So was that the same year? Yes. And that was the restructure was in May of 2014.

Okay, so about a few months before this whole thing comes down, a lot of people met. So which brings us to the next point that they were fished in September. Part of that fish that was never really released until the investigation was completed is there were specific demands for employees to be brought back, very specific in name and request that they were indicating that certain employees needed to be brought back and also compensated for being let go.

Dino Mauro (17:46.702)
Which brings up another theory, was this possibly some insider activity that triggered the lights out? Right, that's one of the five main theories, right? There's North Korea alone, there's a global cybercrime group, right, called Lazarus Group, right? There's hacktivist groups or affiliations, right, like Anonymous, Lozac, et cetera. There's the insider theory, right, meaning was this, you know, helped or driven by somebody inside?

And there's a lot of support for that theory and open debate. And then the other one involves the stock manipulation, which we're going to get to. There were there was. Yeah, there was shorting of the stock. Yeah. So then that brings us to a new player, the Guardians of Peace, GOP. Who are who are these guys? So this is another underground hacking group. But they appear to have different motivation motivated for what they're looking for. But this one on the 21st was it was a very specific request for a certain dollar amount.

and to bring back certain employees. So now you can almost make the tie between Guardians of Peace and some insider activity motivating GOP to make this request. So when they made this extortion request, it had nothing to do with the release of the movie, right? Which is the - Yeah, that's the thing that blew me away when we were looking into this and the three of us were doing all that research of the 6 .9 million returns that Google gave us. Right. Looking into like the federal indictments were 200 pages long each and we're like looking through, like it was ridiculous. But -

When we saw the Guardians of Peace, so in cybersecurity, right, everybody knows who the players are. Everybody knows who the IT firms are, right? They're all published on lists, they win awards, right? Everybody knows the FBI, Department of Homeland Security, National Security, all of those, the Interpol, all of the international groups, right? They know who the state actors are. Who the heck are the Guardians of Peace? Like, they've never been for, ever been heard of. And then where do they come from? Mark, do we know?

Where are they around today? No, no, so here's here's the interesting thing So after after they made the extortion request again nothing to do with the movie and they told them you have been warned three days later That's when the lights got turned out at Sony so has to do with some movie from North Korea when they make Actions right nobody mentions the movie. So Sony at this point has no clue that this is about a movie, right? Exactly

Dino Mauro (20:05.934)
Now the FBI steps in and starts their investigation and very quickly thereafter determines it's North Korea that's solely responsible for all of this. Right. Again, another one of the five main theories, but were they by themselves in doing this? You know, there's a lot of theory around that as well. Yeah. So very shortly after that, after North Korea's blame, GOP makes a threat and they literally said this will be a 9 -11 type attack on Sony Pictures and any affiliate of this film. The film gets released 28 days later.

nothing happened GOP has never heard from again, which is really interesting. Then the stocks plunge, the stocks plunge all the information comes out on Wiki links. These were communications between Sony executives that were not nice in nature that had some some rather choice language and topics that they use. And I won't go into any of that, but it was so bad in nature that that the top executives were forced out like they that was it. They were gone.

So shortly after that, I'd mentioned earlier that the UN had gotten involved because we had reached out to them. Sony had reached out to them. Obama was the sitting president at the time and he issued US sanctions against North Korea. So this has now got a global impact in nature. Really late 2018 and into 2020 that the indictments were issued. There was one individual taken into custody, but you know, again, it raises my question of.

in theory is one of the five main theories can one individual from North Korea actually do all this on their own? And that's where the questions remain.

Dino Mauro (21:45.134)
Stay with us. We'll be right back.

You know, we all have a lot of data and it has to positively, absolutely stay safe. It can't get into the wrong hands. And the biggest challenge we have is how to transfer it from here to there. We all know as leaders that legacy tools that transfer our important files and sensitive data are mostly outdated and fall short on security, especially with the demands of today's remote workforce. Relying on outdated technology puts our organization's brand at risk. And that is unacceptable. So we are excited to invite you to step into the future of completely secured,

managed file transfer from our friends at Kiteworks. Kiteworks is absolutely positively the most secure managed file platform on the market today. They've been FedRAMP moderate authorized by the Department of Defense since 2017. And unlike traditional legacy systems with limited functionality, Kiteworks has unmatched software security with ongoing bounty programs and regular pen testing to minimize vulnerabilities. And the coolest part, they have easy to use one click appliance updates you will love.

Step into the future of secure managed file transfer with Kiteworks. Visit kiteworks .com to get started. That's kiteworks .com to get started today. And now the show.

Dino Mauro (23:01.87)
That is an interesting question when you stop and think about it. It's like, hmm, I don't know. As much as I know about hacking, something's odd here. Yeah, add up quite yet. So that does. There's a lot of questions that still remain to this day. And this was in 2014. You do. But when you stop and think about this, OK, this is one group, GOP going after Sony. And when you stop and think about the implications beyond...

just the hugeness of what's going on with a big corporation like Sony and let's bring it back down. What are the implications for smaller companies? What are the implications for mom and pop corporations? What are the implications for non -Fortune 500 companies when you get just one single black hack hacker in there who is really an ex -employee who's mad? I mean, they did this to a major corporation. How much easier do you think it would be to do it to a smaller organization? You know, that's a great point, Rich. If one individual with just maleficent intent

can do this to an organization of that size, what could they do to a manufacturing company of 50 people in the Midwest? All right, good. So let's talk about this movie. And we've kind of addressed the disappearance. But this movie, Rich, why don't you tell us about the movie and how that's related to this overall. So what's interesting is Sony had created the movie, The Interview. And it dealt with two guys, James Franco and Seth. Is it Rogan or Seth?

Yeah, Joe Rogan's the podcast, Seth Rogan's the actor, there we go. And a plot to assassinate the leader of North Korea. And it was designed as a kind of a comedy mystery whodunit. And all of a sudden, they're getting this idea that from the hackers that they're going to threaten terror. And you mentioned it earlier, Mark, the what was it? The world will be full of fear. Remember the 11th of September 2001. Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. Right.

And they're like, oh my gosh, if we release this movie, what could happen? So under the threat of all that terror. Yeah. And just to mention something too, is like a couple months before when North Korea heard about this movie coming out, right? They went to the United Nations and they said, we consider this an act of terrorism, right? They said, we don't want this movie to be released. And several other studios had passed on the movie from what we.

Dino Mauro (25:23.31)
Yeah, and here's, you know, this is this certainly seems plausible as a reason that North Korea would be upset with them. So absolutely. But here's where it gets a little bit squirrely. All right. So Sony released the movie. They pulled the movie. The FBI tied the hack officially to North Korea. And then the day after that happened, the entire Internet of the entire country of North Korea went down. Sony re -released the movie. All right. So we released the movie and nothing happened. Yeah. So really, which really gets to the whole controversy.

Yeah, I mean, is it really tied to the movie? Who did it? Right? When we really start to think who did it, there's so many open questions, right? This is the official position. So let's talk about the official position. There were what we have. We have two federal indictments, one mainly for this Park Hyun Hyuk from North. He's a North Korean citizen. He's still wanted. He's on the FBI most wanted list.

This is the tracking down of the emails that were used in the phishing campaigns and the IP addresses and how they were used in other major breaches like a Bangladesh bank and several other ones, right? Which there clearly is evidence that this group that he's tied to that has some sponsorship in some way from North Korea as well as an involvement from what they call

the hacker hotel over in China, right? There's all this involvement there. So there is evidence clearly that this was part of it, right? But it doesn't answer all the other questions, does it? Not even remotely. Right. And so they got a lot of the IT companies that got involved, they started looking into this. One of them was the Nobeta group of IT security people, and they called this huge report that they did, Operation Blockbuster, right? I always loved this.

But it was like Operation Blockbuster and they went and they found they didn't specifically name the state of North Korea. They blamed it all on these actors involved in the criminal organization, cybercrime group called Lazarus. They have several different names. It's basically known as Lazarus. Mark, what are they behind? Aren't they behind the WannaCry? Yeah, that was for those familiar with the WannaCry when that first came out and how much of an impact that had. This is that same group associated with WannaCry. Right.

Dino Mauro (27:48.014)
Right. So that's the main theory, right? But it leaves a lot of open questions. One of the main open questions is why was this attack so personal? Walk us through this. Yeah. So again, as I mentioned, even early on in the beginning of the timeline, a lot of this was directed very specifically and targeted at like Pascal and Linton. There were some other executives as well. But the releasing of the emails that were not so kind in nature, you don't typically see that from a persistent threat actor like these guys.

Because there's no end game for them, right? Other than just, you know, ruining someone's reputation. So the motivation behind it seemed different from the beginning. And as you can see, just the visuals that they use are almost, I want to say, juvenile in nature. Yeah, they're honest. A lot of the articles and reports that we read raise that question. They're like, state actors don't come up with cool names for themselves and create memes and then attack personal

people. No actor has ever done that right. I've ever done that before and has never done that since. Well, here's a caveat to that piece. North Korea never took never took credit for it. Well, they were wanting to take down capitalism and take down Sony and they were able to do that and stop the release of the movie. Don't you think they would probably say, hey, yeah, we did that. We did that. And why did they target? Here's the thing that just boggles my mind. If this was just about the movie, the interview, right? Why did they target specific?

and humiliate specific Sony employees, but not the people involved in the movie. They released information, really embarrassing information about certain actors, but not the actors in the movie. They attacked certain Sony employees, but not the ones involved in creating the movie. Right? That makes no sense. It doesn't make any sense. Me thinks this may have a more personal edge to it than what the media and the government wanted to lead on because it's like, okay,

Even if you're a state hacker, I can see maybe going after Pascal and Linton, but they went down to average run of the mill normal Sony employees and started threatening some of them. And it's like, okay, that's not a state doing that. It's a state wants to bother our country, not individual people. Right, exactly. Yeah, hey, one of our listeners, Clay, who we know is a very well skilled engineer and a security researcher as well.

Dino Mauro (30:14.446)
He said, a good podcast called the Lazarus Effect on BBC. So that is something that people can look into too. Yeah. Yeah. Thanks, Clay. Good stuff. That's good. Yeah. So and when we're talking about things being clownish, right? Look at this. Like, not only did they show that they took over all the Twitter accounts, deleted all of the Sony information and then posted like personal memes that had like, you know, they're really rudimentary, right? They're almost childish with like the heads of the leaders of Sony, right?

in there, which doesn't look like state actors have been involved. And then there's this. So when this is what Rich was mentioning, they said they threatened 9 -11 type attacks if you release this movie. So after they'd never mentioned the movie, FBI blames North Korea, the federal government blames North Korea. Then after that, they said, if you release this movie, we're going to do 9 -11 attacks on this place. As soon as the US government blames North Korea, that very day, this group...

released a ridiculous video that says, you are an idiot, you are an idiot, you are an idiot. It just repeats that with all these little memes and house music playing in the background. And then they said, you know, the result of the investigation by the FBI is so excellent that you might have seen. We congratulate your success. The FBI is the best in the world. Here's a gift. And they send that video. Is that a state actor? Right. Does that sound like something like that? And when you when you look at that piece of it, too, it's like the whole, OK, 9 -11 style terror. Why would you?

9 -eleven style terror towards Sony pictures. Okay, 9 -eleven style terror towards the United States, towards our government, pick our senators, our presidents, somebody like that. Yeah, that makes sense, but this is just, it sounds to me like, you know, the bully in the schoolyard going, ha ha ha ha ha ha. Right, right. And so we had another great comment from one of the listeners. I can't seem to open it, David, if you could say that. He said, that's a very interesting question. Why only Sony employees? Sony employees. That's the question. Like you can't get over it. It's a hundred pound gorilla in the room. Right.

And again, if you go to personal attacks, okay, I get it. Let's shift from Sony and let's do personal attacks on senators. Let's do personal attacks on governors, on people of power, Bill Gates and what's his name, Elon Musk and all those people. Why Sony employees? I love that. Right. Really good. And then the other element, right, there's two other theories that have been involved here that we haven't gotten into. One is what about hacktivist groups? So everybody knows Anonymous and there's

Dino Mauro (32:41.294)
a group that was formed that was from some former members of Anonymous and it's called Mulsac, right? And there's other ones. There's other ones. They're loose affiliations. They're global, right? And what was interesting is during this time, right? Anonymous was posting on Twitter. There's a picture of it in the upper left corner there. They were posting on Twitter that you guys say that, you know, this was North Korea and that the all of the servers are down. We're in their server right now and they post it.

Right, they post the screenshot. We're on the server right now. What are you guys talking about? Right? Raises a really good question. Right? And they said, they posted this comment then, they said, reason for attacks. Sony Pictures lied to the public about being hacked by North Korea. This was a publicity stunt for their latest movie, The Intervene. We don't like being lied to. We want them to tell the truth. Anonymous never fights against you. They'll always fight for the truth and in this case, uncover it. Until they speak, Anonymous will continue to attack. Pretty interesting theory.

And that's a big piece there, because if you stop and think about all the hacktivist groups and things like that, they, man, when they do something, they claim it. Right. And they get out there and they almost dare the FBI and everybody, yeah, we did it. Come find us. You can't get it done. And that the whole Sony thing just didn't wreak of, you know, we did it, we're proud of it and try to find us. Right. Now, I had another great question from one of the listeners. Do you feel like North Korea even had the capacity back in 2014?

great question. They couldn't even keep the Internet on in the whole country, but yet they're able to hack Sony pictures. Right, which is a really, really interesting point. When we talk about this, the hacktivist group, it's not just anonymous, too. There's LulzSack, right, which several of the members eventually got indicted. They caught several of them for other data breaches, but they had hacked and been involved in a hack of Sony and Nintendo back in 2011, right? They also did hacks that were really, really similar to this, right? You know how they kind of went and made fun of

Michael Linton and Amy Pascal to the point where Amy Pascal, based on the data that was released and the emails that were exposed, she eventually resigned. Yeah, she had to quit. Yeah, she had to quit. I read some of those. They were pretty nasty in nature. Yeah, they had like allegedly like racist comments and real derogatory comments and stuff like that. We don't know the context or anything. But what was interesting about the LulzSec group is they had not only done that to Nintendo and Sony back in 2011, but they had done something similar to they had attacked.

Dino Mauro (35:03.886)
Fox News, they had attacked The Sun newspaper and the Times, and they had gone on and published a report from the, looking like it was from the inside, that the newspaper's owner, Rupert Murdoch, had died. If you guys recall. He made international news that this leader had actually passed away. And they had also, whenever they do their tax, they do memes. They list memes, they deface websites. It's very almost comical, right?

the name of their group is LulzSec, which is for LOL. Like they do it for fun. They do it to create mayhem. They don't do it for a monetary reason. And in this breach, there wasn't a monetary, right? There wasn't a specific demand for this money. There wasn't a specific demand in the beginning about not releasing the movie. And there was a bunch of memes and the facing of websites and things like that, right? Taking over the social media. So when you look at that and it's like, okay, no demand for money.

the Sony released and then pulled the picture and nothing happened there. This almost just makes a big shift to somebody personal inside Sony is mad. It's a really open discussion about that, right? Well, is it possible that an upset Sony employee could have enlisted low grade hackers or a not well known hacktivist group to help them do this so that they didn't get caught? Right. Yeah. And then maybe and then possibly even

taken some of that data and filtered it up to North Korea, or the group, or the Lazarus group. We're not saying that what the federal government found was wrong. They have evidence that they're involved at some point in this breach, but it still remains so many more open questions. What's interesting in these hacktivist groups don't think just because they do memes and things that they don't have the skills to do it. They issue videos.

Right? Like, Lulzac and Anonymous, when they do things, they issue videos, just like what's done here. They issue meme videos and things like that. That was also done here. Nation states don't do that. And nation states don't disappear. And that gets into that question that Mark mentioned earlier. Right? And that was, let me get to that slide. We'll get, we'll come back to the IT security firms. But this is the real big question, right? If this was just North Korea involved, and only North Korea, and it had nothing to do with...

Dino Mauro (37:28.59)
any insider, any activist group or whatever, why in the beginning did they not say this is about the movie that they had just previously complained about to the UN, to the United Nations, right? Months before they said this is an act of terrorism, right? And then the demands, the first couple of communications, they don't even mention the movie. They don't talk about the movie. That makes no sense. And then this is the bottom line, right, Mark? Like, why didn't they take credit for it? Yeah.

Yeah, it just doesn't make sense. My question is, wouldn't they be justified in doing it? Wouldn't they feel like we were just defending ourselves? We complained to the United Nations. We felt it was an act of war or an act of terrorism. We took down this movie. We stopped them from releasing the movie, right? Like, that's why we did this, in our attempt to make them stop releasing the movie, right? And if you think, well, they wouldn't want to get in trouble or they wouldn't want to say that they did something. Oh, yeah, they would. They brag about their cyber warfare abilities.

Yeah, it's your internet in their country is like the internet doesn't technically exist there and people it's illegal to own PCs there, right? But even so they advertise their cyber warriors. They claim to have over 7000 of them and they stated in 2013 right around this time, right? Cyber warfare is an all purpose sword that guarantees the North Korean people's armed forces ruthless striking capability along with nuclear weapons and missiles. So why would they not say yes, it was us?

All right. Yes, it was us. We did it. What are you guys going to do about it? And let's just add one more little piece to that. If you stop and think about the leaders involved, all right, Kim Jong Un, you know, any pick any of our presidents, you know, Trump, Ford, Carter, any of them, China's leader, Putin, any of those guys, they've all got such big egos that if they did something like this, they'd be standing on the world stage going, look at me. You think I'm a little backwards country up here and I don't have any Internet?

watch this. Yeah. So we had one of the listeners great question like this could be like number six, publicity stunt gone awry. They put the information out there and some light mischief to gin up interest in the movie got into the wrong hands, including North Korea, someone with a grudge took it next level with the personal attacks. That might be theory number six right there. From David, our friend out East. Yeah, that is a great point. Yeah, yeah. I don't think we talked about that. Yeah, really large.

Dino Mauro (39:54.03)
You know, when we think about like some of the hacktivist groups like Lulzac, Anonymous, you know, Mark and I are part of InfraGuard, right? It's that public -private coalition with federal law enforcement in the private sector about homeland security and security and things. And, you know, Lulzac and these guys, they breached InfraGuard. They went after InfraGuard. They issued a proclamation after they attacked the InfraGuard sites.

Right. They said, it's come to our unfortunate attention that NATO and our good friend, Barack Osama, llama, 24th century Obama. That's their joke for him has recently upped the stakes with regard to hacking. They now treat hacking as an act of war. Right. Because in light of this breach, we the president got involved, sanctions were issued, et cetera. Right. In response to that, Lulz second hacktivists made that claim. And they said, so we just hacked an FBI affiliate website, InfraGard.

specifically the Atlanta chapter, right, and leaked its entire user base. We also took complete control over the site and defaced it. Doesn't that, that's like the same MO that was done here. Right? So I'm not saying they're the sole ones involved, right? But there's a lot that doesn't really make sense without addressing it. So there's a couple other avenues, right, that we just haven't talked and let's explore those. The IT companies that were involved.

Right. There was a lot of security leaders that got involved. Cybersecurity expert Kurt Stamberger from the firm Nors. Remember Nors? Back in the day, Mark, they had this phenomenal heat map that showed all the data. It was really cool. It was really, really cool. They, Kurt Stamberger with Nors, DEF CON organizer and cloud fair researcher, Mark Rogers, Hector Monsiger, a person that had previously hacked Sony. They said it was insight.

They said that they didn't believe that it was just North Korea. Norse actually identified six insiders, disgruntled former employees based on their past skill sets and their access to the servers and their knowledge of them. So that's really interesting, right? And Hector Monsegar, who had previously hacked Sony, said, he's like, what I love about his quote is, and this is also the security expert, Lucas Ezekielski, said, state -sponsored attackers,

Dino Mauro (42:14.574)
don't create cool names for themselves like Guardians of Peace and promote their activity to the public. The Hector Guide pointed out that 100 terabytes of data being taken, if you're not physically on site, 100 terabytes of taken being exfiltrated online without anybody noticing would take years to do. It's not something that would be done in just a matter of weeks after a couple of phishing emails. It's pretty interesting stuff.

Yeah, the last you know, let's the the the last angle that we want to really address is the This one right here This the the stock aspect because it's just something that has happened in the past, right? If you don't think somebody would go through this much damage just to Manipulate the stock and to sell short first of all There's there's allegedly a lot of evidence that that happened here and also it's happened in the past. There have been attempted

bombings of a publicly traded German football team, right, that everybody originally said was terrorism, when in fact it was later on they took that all back and they said, no, this was a stock manipulation. They did that because of insider trading. Here, there's evidence or allegedly evidence, right, that investors sold large chunks of Sony stock in 2014, between September, when these phishing emails started happening and the date of the breach.

And then there was a huge spike in short selling of Sony right before the breach. Now, naturally, the stock went down after the breach. Right. But people were making were trading futures that were going to become much greater in value once things got publicized that they had been breached. Right. And that is something that, you know, Mark, you and I see that a lot in in in Cyberspace. Oh, it's very reminiscent of the Equifax breach. And I mean, there's multiple other ones as well.

Yeah, which always which always seems to point back to insider trading. Obviously, that's that's where the whole manipulation comes from, right? Yeah, exactly. So let me just let me wrap it up and ask everybody to kind of tell me what your thoughts are. Rich, what are your thoughts? What do you think? Well, and this is something that just came up. And even when we were rehearsing and talking about this, this one just came came to my mind. And that is once this was all over and done with, OK, it seems like as a group, we pretty much believe it probably wasn't North Korea. So why didn't Sony?

Dino Mauro (44:39.47)
take legal action against any of the people that they found out, the hacktivist groups or some of the other folks, for what happened. I mean, it's interesting that Sony didn't pursue other legal matters. Now... And they were, they were represented, they didn't do that, but that's a great point. But they were represented by David Boyes, phenomenal litigator, ruthless. And he was going after a lot of the newspapers. Because what the group did is they posted all this data. They posted the movies, they posted...

private information, they posted all this intellectual property of Sony on a public site. They sent the password protection, like they sent the credentials to the reporters. Right. And then the reporters would go in and then report on it. And then it opened up an issue of, well, can reporters do that? Are they not contributing? Is there not an issue or legal ramifications for doing that? The case law kind of goes protecting the free speech and the reporters generally. Generally, there's some exception. But still, the point is, is they were going, they were going after everybody.

to stop, why didn't they do that? Great point, Rich. So my overall thinking of the thing is I'm going with the disgruntled insider who had connection to some sort of black hat hackers and they dreamed up the scheme of, okay, let's try to point it at North Korea. There's just too many things that don't add up for it to have been a state actor getting involved in doing this. And just the simple fact that North Korea never jumped up and down and we know that he likes publicity as much as anybody does.

He didn't do any of that kind of stuff. I'm going with it was somebody who was upset and did it from the inside. Interesting. So you're aligning yours with Norse. Yeah. Which, yeah. And he apparently brought that to the FBI. Interesting story about that. And what I've read is he apparently brought that to the FBI. They met with them, but they completely dismissed it. In fact, when he got on television before bringing his findings about the six employees, the insiders, before bringing that to the FBI, he spoke to either CNN or CBS or somebody.

And the reporter said, you know, just so that you know, the FBI said they reviewed all this and they don't they don't believe your story at all. And the head of North was like, that's interesting. We haven't showed it. Yeah. He hadn't released the report at that time. They already turned it down. So they had been. The point is, is this confirmation bias? Meaning did they make up their mind because they blamed North Korea within three weeks, shortly after three weeks of doing this, this very complex web? They said they had their target. Did they close their mind?

Dino Mauro (47:02.734)
and then point to facts that supported their conclusion and ignored facts that could have changed the country. And then the one other little twist, and this is kind of at the end too late to put this into to think about, but having spent time in the military and dealing with the intelligence community, there are things that our government, other governments aren't going to release to the general public because they have a bigger impact on national and world security. So there's always that, OK. Yeah, we didn't even mention that. The bottom line is it very well could be right.

and all there could be answers to all of this and we just don't have that access, right? Because of national security and that very well may be the truth or may not. We don't know and because we don't have that access and because we don't know if there actually is anything there, a lot of this seems very logical and very believable. So Mark, how about you? As we're wrapping up, tell us. Yeah, you know, I got to think this was, I think I'm with Rich on this. I think this was in...

that it comes right on the heels of the restructure, personal in nature, the attacks, it was very directed. There was no ransom upfront. This would be something I would classify as like a breach as a service. Like we have ransomware as a service, this could have been breach as a service. It's very easy. You gather the right actors. And yeah, I think North Korea was maybe involved at some point or maybe the IPs pointed that direction. I don't know. I think it made it very convenient scapegoat and fall guy for the whole package just to be wrapped up and put a bow on it.

But yeah, I feel like this is something that came from the inside. Yeah, and as a qualifier for any legal aspects of watching us, these are our personal opinions. It's just based on the 6 .9 million returns that Google has. So these are personal opinions. They're not the opinions of all covered top Minolta nor any other entities, right? It's just us three people talking. So yeah, I kind of fall in between where you guys are. I think there is some tie at some point.

Maybe it's the implementation of it or some aspect of it that did involve the group, the Lazarus Group, right? I don't see the state government of North Korea actually being involved in this one. I know that they're active and they've been, they've advanced since 14. It's easier to say they were involved today because their capabilities are much higher. I don't know about their ability to even launch a rocket more than 30 seconds back in 2015. Now it's up there, right? But...

Dino Mauro (49:22.862)
I still believe that at some point, whether in combination with them or somebody else, that some element of a hack to this group and some element of insiders had to be involved. Like, intricate knowledge of the industry, of how the Sony physical building worked and stuff like that. And if they had only been in, as this claims, for a few weeks, having access to computers and things, there's only so much you can gain from the other side of the world by seeing what's in the data. They had so much...

So much information to digest and then execute on it. It's either either that or they had to be in years before. They had to be a long long before. But after the 2011 attack, you'd think that they would have cleaned everything out, right? And they would have found everything and locked everybody out. One other thing is there was one of the IT companies had brought in other state sponsors that were still claiming to still have access, kind of like anonymously. And so who knows? But good discussion. Thank you, gentlemen. We appreciate it.

Lots of fun. Yeah, good stuff. And it really because of this, there's so many new best practices and we'll talk about other true crime, true cybercrime stories. There's so many good ones out there. It's not boring stuff. It's like real interesting, like really cool, dramatic stories. So we're going to get into those in other discussions. So look forward to speaking with you guys then. All right. Sounds like a plan. We will talk soon. And thanks everybody for attending. Thanks.

Hi, Cybercrime Junkies. Thanks for listening. Got a question you want us to address on an episode? Reach out to us at cybercrimejunkies .com. We explore why cybercrime grows daily, how it is funded, productized, and organized, how to protect yourself, and where cybercrime goes to hide. And thanks for being a Cybercrime Junkie.


People on this episode