The 2014 Sony hacks, explained

In late November, 2014, Sony Pictures Entertainment was hacked by a group calling itself the Guardians of Peace.

In late November 2014, Sony Pictures Entertainment was hacked by a group calling itself the Guardians of Peace. The hackers, who are widely believed to be working in at least some capacity with North Korea, stole huge amounts of information off of Sony's network. They leaked the information to journalists, who wrote about embarrassing things Sony employees had said to each other.

Then the hackers, using one of their near-daily communiqués via the website Pastebin, threatened to commit acts of terrorism against movie theaters, demanding that Sony cancel the planned release of The Interview, a comedy about two Americans who assassinate North Korean leader Kim Jong Un.

Initially, Sony reacted by shelving the movie. Critics, including President Obama, warned that capitulating in the face of terrorist threats would set a bad precedent. Then the studio reversed itself, releasing the movie in select theaters and online.

The US government says it has strong evidence that North Korea was responsible for the attack, though the North Korean regime has denied it. Security experts have criticized the weak evidence the FBI has released so far, but the National Security Agency reported it has stronger evidence that it hasn't released for security reasons. The attack could have far-reaching consequences not only for the movie industry but also for American foreign policy and the future of warfare.

In the spring of 2015, all of the hacked emails were released to the internet at large by WikiLeaks.

When Sony Pictures employees got into the office on Monday, November 24, 2014, they discovered that their corporate network had been hacked. The attackers had taken terabytes of private data, deleted the original copies from Sony computers, and left messages threatening to release the information if Sony didn't comply with the attackers' demands.

According to a former Sony employee who posted to Reddit, this is the message Sony employees saw on their screens that Monday morning:

The hackers called themselves the Guardians of Peace. No one has yet been able to ascertain exactly why they called themselves that.

Sony's network was down for days as administrators struggled to repair the damage. Staffers were reportedly forced to work on whiteboards to do their jobs.

Then the leaks started. Over the course of several weeks, the hackers posted several waves of files stolen from Sony's computers. The hackers posted five Sony movies (four unreleased) to file-sharing networks. They also leaked thousands of confidential documents — everything from private correspondence among Sony executives to salary and performance data about Sony employees. The password-protected files were sent to journalists.

By mid-December, the attackers seemed increasingly obsessed with The Interview, a comedy about a pair of journalists who travel to North Korea to assassinate leader Kim Jong Un. A December 8 message demanded that Sony "stop immediately showing the movie of terrorism." A week later, another message obliquely referenced a "bitter fate" for those who saw The Interview, adding, "Remember the 11th of September of 2001." It was widely taken as a threat of terrorist attack.

The Interview is a comedy, produced by Sony, about a pair of journalists, played by Seth Rogen and James Franco, who score an interview with North Korean leader Kim Jong Un. Before the trip, they are contacted by the Central Intelligence Agency, which asks them to not just interview Kim but kill him. The movie includes a graphic, slow-motion sequence where Kim is killed when his helicopter explodes, engulfing his body in a fireball. An earlier cut of the scene showed his head exploding, though this was mostly edited out later.

North Korea has been complaining about the movie for months. Back in June, the government sent a letter to the United Nations arguing that by allowing the movie to be produced, the United States was sponsoring terrorism.

The scene showing Kim's death caused jitters among Sony Pictures brass. Pressure to tone down the scene came from the studio's corporate parent in Japan, where North Korea is viewed as a serious security threat.

In a September email exchange, studio executives pressured Rogen to tone down the sequence. Rogen responded: "We will make it less gory. There are currently four burn marks on his face. We will take out three of them, leaving only one. We reduce the flaming hair by 50%." But he said further changes would ruin the joke.

Critics' reviews of the film have been mixed. The film has a mediocre 52 percent rating on Metacritic.

The hackers emailed reporters on December 16 with a link to a statement on Pastebin. While somewhat oblique, it was widely interpreted as a threat of terrorist violence:

We will clearly show it to you at the very time and places The Interview be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to. Soon all the world will see what an awful movie Sony Pictures Entertainment has made. The world will be full of fear. Remember the 11th of September 2001. We recommend you to keep yourself distant from the places at that time.

In response to the threat, the Department of Homeland Security said there was "no credible intelligence to indicate an active plot against movie theaters within the United States."

But the statement still spooked stars Seth Rogen and James Franco into canceling the remainder of their promotional tour for the film.

Movie theater chains also became concerned. Most had already committed to showing The Interview on its December 25 launch day, but theater owners began pressuring Sony for permission to drop the film.

Late on December 16, Sony announced that theaters would be permitted to pull The Interview from their Christmas Day lineup. Over the next 24 hours, several major chains announced that they would do just that. With support from theater chains crumbling, Sony decided to shelve the movie altogether on December 17.

But the decision caused a backlash from critics who argued that by canceling the film, Sony was rewarding terrorist threats and setting a bad precedent. President Obama endorsed this view on December 19. "Imagine if producers and distributors and others start engaging in self-censorship because they don't want to offend the sensibilities of somebody whose sensibilities probably need to be offended," Obama said. "That's not who we are."

During its long opening weekend, the film made $15 million online and another $3 million in theaters. It has grossed at least $36 million overall. Sony spent $44 million producing the film.

There's a fair amount of circumstantial evidence linking the North Korean regime to the attacks. But the best evidence that Pyongyang is responsible may not be publicly available — it's reportedly in the hands of the National Security Agency.

North Korea's anger over The Interview gives the Hermit Kingdom a clear motive for the attacks. This summer, it vowed a "resolute and merciless" response if the film was released as planned, though it frequently issues such threats with little consequence.

There's also circumstantial evidence linking the attacks to the North Koreans. Some of the malware used in the attack seems to have been written in Korean. The attacks also use tactics similar to those used against targets in South Korea in 2013 and Saudi Arabia in 2012.

On December 19, the FBI announced that it "has enough information to conclude that the North Korean government is responsible for these actions." But security experts were unimpressed with the information the FBI released publicly.

In January, the New York Times reported, based on information from anonymous sources, that the National Security Agency has been monitoring North Korean networks for years. According to these sources, the NSA was able to directly observe North Korea's hacking activities and confirm that they were responsible for the Sony attacks.

Of course, releasing the full details of this evidence could compromise the NSA's access to North Korea's network. To some extent, Americans are forced to take the NSA's word for it (or not) that North Korea is responsible.

Can North Korea — one of the poorest, most isolated countries in the world, a place where personal computers are banned and the internet does not officially exist — possibly be that good at hacking? Even some in the hacking community have been asking this question.

The answer is, yes, North Korea really is that good at hacking. North Korean government hackers have launched a number of successful, high-profile attacks in recent years — as well as an unknown number of lower-profile ones. The attacks have been growing in scale and sophistication as North Korea ratchets up its largely military-run cyber warfare program.

The first known attacks came in 2009 against South Korean and US websites. While those attacks did little damage, they did alert US officials to the growing problem of cyber warfare. Since then, North Korea has launched increasingly sophisticated hacks against South Korea, including an attack in 2014 that seeded thousands of cellphones with an Angry Birds–style game containing malware that eventually gave the hackers control of those phones.

North Korea keeps its own population offline, but its hackers are thought to be trained in China and Russia and are given higher status and better lifestyles within the country. According to defectors who have fled the country, one of the main reasons for the country's focus on cyber warfare is that it's much less expensive than traditional military weapons like planes, tanks, and bombs. And as the world grows ever more interconnected, those hackers can have a more devastating effect.

On December 19, President Obama addressed the attacks at a press conference. He argued that Sony made a mistake when it canceled the movie's release.

"If somebody is able to intimidate folks out of releasing a satirical movie, imagine what they start doing when they see a documentary they don't like, or news reports they don't like," Obama said. He vowed a "proportional" response, but he didn't elaborate on the specific measures the US government might take.

In early January, the United States announced sanctions against the North Korean regime as part of its response to the Sony attack. According to the Associated Press, the sanctions "will affect three North Korean entities, including a government intelligence agency and a North Korean arms dealer. The U.S. is also sanctioning 10 individuals who work for those entities or the North Korean government."

Before the Sony hack became primarily a story about North Korea launching a cyberattack against a foreign company, it was mostly a story about what had been found amid the reams of hacked data that the hackers had released to reporters.

These hacks were sent out via occasional email blasts to a variety of media insiders, who were directed to the site Pastebin — a way to anonymously send text documents. The files were password-protected and could be downloaded from a variety of file-sharing services. They have since been made available to the general public on WikiLeaks.

Though most of the gossip actually shared by reporters was salacious, the vast majority of documents released in the Sony hack were about the humdrum, day-to-day realities of running a media corporation — things like squeezing more money out of films most people have forgotten, such as the low-grossing 2001 comedy Saving Silverman. Combing through the massive trove of files released by hackers took time and effort precisely because so many of them were so banal.

The leaked information raised questions about whether it was even ethical for reporters to comb through the stolen data. Was it fair game as news, as with past, WikiLeaks-style revelations, or did it cross a line?

Slate's Jacob Weisberg was particularly insightful on this point. He wrote:

News outlets should obviously cover the story of the hack itself, the effect on Sony, the question of how it happened, and who's responsible. This is a big and legitimate news story. But when it comes to exploiting the fruits of the digital break-in, journalists should voluntarily withhold publication. They shouldn't hold back because they're legally obligated to-I don't believe they are-but because there's no ethical justification for publishing this damaging, stolen material.

Weisberg made an argument that several people who opposed publication of stories gleaned from the hacked data made — that they were functionally similar (though less invasive) to the release of hacked nude photos of many female celebrities from earlier in the year.

Screenwriter Aaron Sorkin (who later attempted to argue that the Sony hack was worse than the photo hack) also made this argument in the New York Times, writing:

But most journalists ultimately decided there were valid reasons to write about what was found in the stolen information and that much of it was newsworthy, beyond even gossip value. Here's Emily Yoshida, of Vox's sister site The Verge:

The revelation that Sony and the MPAA are engaged in a years-long secret campaign to essentially resurrect SOPA, this time with better PR: worth it?

On that last one, ultimately, yeah, I think so. It's not a matter of whether Sony now "deserves" to be cyberterrorized or not, but rather whether the value of what we have learned outweighs how we learned it. We decided that it was important for you to know how the MPAA plans to influence how you experience the internet, and by extension, how they intend to shape the future of the information marketplace; we could all agree that it had more impact on our world and our lives than top-secret internal intelligence that Scott Rudin is a meanie.

Legally speaking, these reporters were on firm ground, thanks to a 2001 Supreme Court decision. The court ruled that a radio station couldn't be held responsible for broadcasting the contents of newsworthy audio recordings — even if the recordings were originally made in violation of wiretapping laws.

The same principle seems to apply to the leaked documents. As long as a news organization didn't participate in the Sony attack itself, it has a First Amendment right to report on newsworthy information it finds in the documents.

But the situation surrounding The Interview goes above and beyond even that. While the movie did better than could have been anticipated in its unlikely release, box office analyst David Poland still estimates that it ended up a net loss for Sony.

Maybe this case is unique and unrepeatable. Or maybe it's a harbinger of things to come, of the messy world that results when show business, the internet, and foreign policy collide.