Sony Pictures hack: Ex-employees to be paid up to $8m in damages

Sony Pictures movie studio hacked on 24 November 2014 by group known as #GOP or Guardians of Peace, who threatened to leak sensitive company data. Several future film releases are published online in the wake of the hack, along with social security details, salary information, contact numbers and the addresses of a number of celebrities. Hackers demanded Sony pull the release of the forthcoming Seth Rogen comedy The Interview, which centres on an assassination attempt on North Korean leader Kim-Jong Un. GOP refers to to 9/11 Twin Towers attack in their threat, prompting cinemas to cancel movie premiere and thousands of showings. Sony cancelled the planned Christmas Day US release of the film, but later relented. North Korea cited as source of the attack, but denies it's to blame. However, says it could be the work of those sympathetic to its cause. Sony has threatened to sue Twitter if it does not suspend users who share stolen data. Sony agree to pay up to $8 million to employees whose personal data was lost due to the hack.

Sony Pictures has agreed to pay employees affected by last year's hacking scandal up to $8 million, after staff said they had suffered 'economic harm' when their data was stolen.

As reported by BBC News, the breach was described as an "epic nightmare" by former employees who filed a lawsuit against Sony citing negligence and claiming they had needed to spend money on credit monitoring following the hacks.

The hacks were most likely carried out using the Apple IDs of employees, according to security experts.

The $8 million settlement still has to be approved by a judge at the US District Court in Los Angeles, with an estimated $3.5 million allotted for each person's legal fees alone.

Speaking at a technology conference in California, Sony chief executive Kazuo Hirai said: "I think that there was not that much impact from a business perspective. There was an impact for a very short time on the morale of the employees, but I think they have come around.

"We did learn some lessons with becoming more robust in terms of security, and we have done that. We have come out being a stronger and more resilient business."

Hackers used spear phishing to target employees with high-level access to the studio's network, Stuart McClure, founder and CEO of Cylance, and formerly the CTO of McAfee, claims.

His conclusions are based on an analysis of the malware used in the attack and the files the hackers made available on the internet.

These emails sent by the hackers appeared to be from Apple, asking employees to verify their credentials because unauthorised activity had been detected on their accounts.

When a target clicked the link to reset their account, the employees were redirected to an official-looking account verification page.

In an interview with Politico, McClure said: "We started to realise that there was constant email around Apple ID email verification, and it was in a number of inboxes. It was clear to us that this was the likely scenario.

"There were multiple attempts at spear phishing from the Oct. 3 to Nov. 3 timeline that were getting incredibly more sophisticated as they went on."

When the hackers received the verification details, they were able to guess internal passwords used by the employees for their internal communications.

In some cases, the account verification screen requested that targets used their alternative email credentials to verify their account, which the criminals hoped would be their Sony account details.

"A number of these users whose credentials had been captured and then hard-coded into the malware were folks who had significant access to the network," McClure concluded.

The news comes as Sony Pictures co-chair Amy Pascal prepares to launch her own production company, funded by Sony for at least four years as part of a severance deal.

Sony lost 10 terabytes of data to hackers in November 2014, including sensitive executive emails, entire feature films and personnel files.

Among the leaked information was a series of emails exchanged between Pascal and film producer Scott Rudin, which contained derogatory assertions about President Obama's favourite films and movie stars.

Both parties apologised after details of the emails first came to light in December.

Is North Korea to blame?

US has blamed North Korea for the Sony Pictures hack because the NSA witnessed the first attack emanate from the country's computer systems, it is claimed.

The spy agency installed an "early warning radar" on North Korean hackers' IT systems back in 2010, as it grew concerned over the country's increasing cyber credentials, the New York Times reports.

Citing anonymous sources, the publication added that this sneak software monitored North Korea's cybercrime movements, and led directly to President Barack Obama accusing the country of ordering the Sony hack, initiating a "proportional" response from the US.

The hack later led Sony to cancel the cinema release of Seth Rogen comedy The Interview, about two journalists hired to assassinate North Korea leader Kim Jong-un, before later changing its mind.

The claims are supported by a leaked NSA document cited by Der Spiegel.

The NY Times report suggests the NSA saw the attack come from North Korean hackers targeting Sony, but the agency failed to warn the film studio because it did not recognise the significance of the first spear-phishing malware.

The news today comes after commentators voiced scepticism over US claims the hack originated in North Korea.

Initially the hackers made no demands about pulling the release of The Interview, and instead wanted "monetary compensation".

The hackers only mentioned The Interview when it had already been linked to the attack by the media.

Cyber security expert Graham Cluley wrote in a blog post in January: "If the claims are true, it would certainly help explain why the White House so quickly and definitively blamed North Korea for the attack even in the apparent absence of convincing evidence.

"But it doesn't explain why in the earliest communications between the hackers and Sony Pictures, there was no mention of "The Interview" and the hackers' demands were not for a movie to be withdrawn, but for Sony Pictures to stump up a ransom."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.