The Sony Pictures Entertainment Hack: A Look at the Evidence We Have
21 Jan 2019
Note: Much of this information comes from an official affidavit, The United States of America vs. Park Jin Hyok, also known as (“aka”) “Jin Hyok Park,” aka “Pak Jin Hek,” (United States District Court for the Central District of Caliornia June 8, 2018). If you want to review the entire 179-page document, it’s available [here].
THE SONY PICTURES ENTERTAINMENT HACK
This week, the U.S. Department of Justice announced charges against a North Korean spy, Park Jin Hyok, in violation of the following:
18 U.S.C. § 371 (Conspiracy), for conspiring to commit the following offenses: 18 U.S.C. §§ 1030(a)(2)(c), 1030(a)(4), (a)(5)(A)-(C) (Unauthorized Access to Computer and Obtaining Information, with Intent to Defraud, and Causing Damage, and Extortion Related to Computer Intrusion); and,
18 U.S.C. § 1349 (Conspiracy), for conspiring to commit the following offense: 18 U.S.C. § 1343 (Wire Fraud).
Park goes by several aliases, so he is commonly just referred to as “Park” in the official affidavit. These charges originate from a multi-year conspiracy to conduct computer intrusions and commit wire fraud by co-conspirators working on behalf of the government of the Democratic People’s Republic of Korea (DPRK) while located there and in China, among other places. The intrusions targeted various entertainment companies, like AMC Theaters and Mammoth Screen. It also included financial institutions, and even defense contractors like Lockheed Martin. These intrusions were all done for malicious purposes, including the collection of confidential information and theft of money. However, the investigation primarily focuses on Park and his involvement in the intrusions, particularly due to the evidence collected against him. According to the affidavit, Park was hired by Chosun Expo, a company that is a front for the DPRK.
Park’s particular involvement in the November 2014 Sony Pictures Entertainment hack garnered special attention to investigators. The intrusion was supposedly a retaliatory response to a comedic film, The Interview, which was to be released later that same month. The hackers escaped with company confidential information that ultimately embarrassed Sony executives and produced major financial loss. The hack on Sony rose questions regarding First Amendment protections, U.S. government safeguards and responsibility, and the likelihood of more attacks in cyberspace.
In February 2016, Park and other co-conspirators also fraudulently transferred $81 million from Bangladesh Bank, the central bank of Bangladesh. They also engaged in similar financial heists that accumulated monetary losses into the billions and included several financial services in the United States. To this day, the conspirators continue to target U.S. defense contractors, university faculty, technology companies, virtual currency exchanges, and U.S. electric utilities. They’ve also been accused of authoring “WannaCry 2.0,” which was the ransomware that infected systems on a global scale last year.
Of course, North Korean officials denied any involvement in the Sony intrusions despite making many public statements expressing their disapproval of the film. In fact, North Korea’s news agency called for a ban on the film, calling it “reckless U.S. provocative insanity” and even threatened a “resolute and merciless response.” The DPRK even sent a letter to the U.S. government, stating:
The trailer of “The Interview” newly edited by the “Harlem Studio” of the United States has still impolite contents of deriding and plotting to make harm to our Supreme Leadership. We remind you once again that the production of such kind of movie defaming the supreme dignity that our Army and people sanctify is itself the evilest deed unavoidable of the punishment of the Heaven. . . Once our just demand is not put into effect, the destiny of those chief criminals of the movie production is sure to be fatal and the wire-pullers will get due retaliation.
Several days after the attack, file-sharing hubs were used to release confidential Sony information to the public, such as embarrassing e-mail messages, future Sony film scripts, employee medical and financial information, personal information on celebrities, social security numbers, and film contracts. In early December, Sony employees turned on their company computers to discover a threatening note warning Sony not to release The Interview. Otherwise, the release of the movie would invoke a retaliation “similar to September 11, 2001.”
Share this link: