FYI.

This story is over 5 years old.

Tech

Bruce Schneier: Sony Hackers 'Completely Owned This Company'

Execs will be prosecuted over what's still to be revealed, the security expert says.
​Image: Ken Wolter/Shutterstock.com

​The Sony hack is "every CEO's worst nightmare" and the leaked data is probably going to send someone to jail, security expert Bruce Schneier says. That, not any threat of violence, is the real power of this hack.

The "Guardians of Peace," as the group behind the attack has called itself, posted a new dump of emails today, this time from CEO Michael Lynton. The hackers also issued a warning implying that any theater screening the political comedy The Interview, which is about the assassination of North Korean leader Kim Jong-un, could be the target of a physical attack as well.

Advertisement

"Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear," a message posted on PasteBin alongside links to Lynton's leaked emails said. "Remember the 11th of September 2001."

THE FACT THAT THEY SENT THAT LETTER TELLS ME THERE IS STUFF STILL TO BE FOUND THAT SONY IS TERRIFIED OF

At this point, the group's tactics—releasing massive quantities of damaging information as intimidation and threatening Sony employees and their families—are starting to look like data terrorism.

So who is behind this mess? These threats of physical violence, and the fact that the hackers seem particularly peeved about The Interview, have led many to speculate that North Korea is behind the attack. Sony itself has speculated as much. For its part, North Korea has denied playing a role in the hack, but called it a "righteous deed." There's nothing, really, beyond hatred of The Interview, to tie Guardians of Peace to North Korea, but it's still a narrative that has played out in the media.

And it's a narrative that both sides are happy to embrace, Schneier speculated in an interview with me. Sony execs can say they've been targeted by a dictatorship, and the hackers get to have some fun.

"It's really a phenomenally awesome hack—they completely owned this company," Schneier, who is regularly consulted by the federal government on security issues, said. "But, I think this is just a regular hack. All the talk, it's hyperbole and a joke. They're [threatening violence] because it's fun for them—why the hell not? They're doing it because they actually hit Sony, because they're acting like they're 12, they're doing it for the lulz, no one knows why."

Advertisement

"Everyone at Sony right now is trying not to get fired," he added. "There are going to be a lot of firings for Sony at the end of this."

this is like Snowden, only with Sony

So far, unreleased movies, gigabytes worth of emails from execs and lower-level employees, celebrity aliases, movie scripts, and more have been leaked—"this is like Snowden, only with Sony." He said that releases from the hack could go on for months.

In recent days, an entity purporting to be the same Guardians of Peace has posted multiple messages via anonymous bulletin boards promising a "Christmas gift" of "larger quantities of data." The collective also made the 9/11 reference and said to "keep yourself distant" from movie theaters screening The Interview. That's horrifying, and appears to be an attempt by the hackers to scare the bejeezus out of everyone.

It's a threat, to be sure, but we should probably pay closer attention to the last line of the hackers' note: "Whatever comes in the coming days is called by the greed of Sony Pictures Entertainment. All the world will denounce the SONY."

That seems to suggest that the hackers will soon leak something that will look very, very bad for the company, Schneier says. To think otherwise would mean that the world will denounce Sony based on a hypothetical physical terrorist attack that the company played no part in. In other words, the real power of the hackers is the information they have, not any ability they have to commit violence.

Advertisement

Earlier this week, Sony sent a letter to news outlets reporting on the leaks, saying that they could face prosecution for downloading stolen information. That letter, Schneier said, was a signal that the worst is still to come.

"This is every CEO's worst nightmare. This is what it looks like. It's not credit card numbers stolen, it's this. Our correspondence, our secrets, our lawsuits, it's that huge," Schneier said.

"The fact that they sent that letter tells me there is stuff still to be found that Sony is terrified of. There's some really bad stuff in there—stuff they did, stuff they said, stuff that's illegal. Someone [from Sony] is going to jail for this."

"They'll play the victim card, they'll say 'I'm victim because [the hackers] told you about illegal acts that no one was supposed to know about. This is their defense?" he added. "Well, maybe don't make racist jokes about Obama. Don't do illegal things. That should be your defense."

An email request for comment sent to Sony and to its lawyer, David Boies, were not immediately returned.

Clarification: The first pull quote in this story has been changed to make the context clearer.