Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,669 --> 00:00:03,168
BEN: It was one of the most devastating attacks
2
00:00:03,270 --> 00:00:04,236
in corporate history.
3
00:00:04,338 --> 00:00:06,538
VOICE: This is voice of Korea.
4
00:00:06,640 --> 00:00:08,741
We've never seen an
attack like this before.
5
00:00:08,843 --> 00:00:10,809
BEN: It forced a major Hollywood studio
6
00:00:10,911 --> 00:00:12,411
to shut its networks down.
7
00:00:12,513 --> 00:00:13,679
Security hands you a memo,
8
00:00:13,781 --> 00:00:15,814
and it says there was
a system disruption.
9
00:00:15,916 --> 00:00:18,751
The US government was quick to blame North Korea.
10
00:00:18,853 --> 00:00:23,922
And we can confirm that North
Korea engaged in this attack.
11
00:00:24,025 --> 00:00:26,925
But hackers and computer experts questioned the narrative.
12
00:00:27,028 --> 00:00:29,328
It's not even a warm gun.
13
00:00:29,430 --> 00:00:31,063
It's barely a gun.
14
00:00:31,165 --> 00:00:33,132
Was it really North Korea, or was it someone else?
15
00:00:34,402 --> 00:00:44,410
♪
16
00:00:54,388 --> 00:00:56,955
It all started on November 21st, 2014,
17
00:00:57,058 --> 00:00:59,691
when Sony executives got an extortion email
18
00:00:59,794 --> 00:01:02,027
from an unknown group ,
the so-called God'sApstls.
19
00:01:03,531 --> 00:01:05,264
Sony reported it to the FBI.
20
00:01:05,366 --> 00:01:07,866
But three days later, all hell broke loose
21
00:01:08,002 --> 00:01:10,202
when a group calling themselves the Guardians of Peace
22
00:01:10,304 --> 00:01:12,304
appeared on Sony Computers.
23
00:01:13,574 --> 00:01:16,408
Sony Pictures co-chairs Amy Pascal and Michael Lynton
24
00:01:16,510 --> 00:01:20,245
scrambled to contain the damage, but it was too late.
25
00:01:20,347 --> 00:01:22,514
Over the next three weeks, a mountain of data
26
00:01:22,583 --> 00:01:25,317
including movies, salaries, and private corporate information
27
00:01:25,419 --> 00:01:27,953
was dumped onto the internet.
28
00:01:28,055 --> 00:01:29,922
But what really captured everyone's imagination
29
00:01:30,024 --> 00:01:32,591
were the private emails of Sony top dogs.
30
00:01:32,693 --> 00:01:34,827
Everybody is suddenly
reading Amy Pascal's
31
00:01:34,929 --> 00:01:36,995
personal emails and
professional emails,
32
00:01:37,098 --> 00:01:40,265
which were also in many
instances very embarrassing.
33
00:01:40,334 --> 00:01:43,001
As the editor-at-large of The Hollywood Reporter,
34
00:01:43,104 --> 00:01:46,004
Kim Masters remembers the cringe across Tinseltown.
35
00:01:46,107 --> 00:01:48,941
There was a sense of instant
fear throughout Hollywood
36
00:01:49,043 --> 00:01:51,443
because everybody
knew, first of all,
37
00:01:51,545 --> 00:01:53,245
that they were
probably vulnerable.
38
00:01:53,347 --> 00:01:55,681
I think simultaneously
a lot of executives
39
00:01:55,783 --> 00:01:57,483
in the industry thought,
"Yeah, but I don't know
40
00:01:57,585 --> 00:01:59,284
if I put some of this
stuff in an email."
41
00:01:59,386 --> 00:02:01,653
Producer Scott Rudin called out Angelina Jolie
42
00:02:01,755 --> 00:02:03,789
for being a spoiled brat.
43
00:02:03,891 --> 00:02:07,126
Sony exec Clint Culpepper bad-mouthed Kevin Hart.
44
00:02:07,194 --> 00:02:10,929
Worst of all, Pascal and Rudin gossiped about what flicks
45
00:02:11,031 --> 00:02:14,333
the first black president ofthe United States might be into.
46
00:02:14,435 --> 00:02:16,502
It was so extreme
and so emotional,
47
00:02:16,604 --> 00:02:19,037
and sometimes in some
cases so inappropriate.
48
00:02:19,140 --> 00:02:22,007
But the breach went beyond salacious emails.
49
00:02:22,109 --> 00:02:23,976
Sony employees watched helplessly
50
00:02:24,078 --> 00:02:26,345
as their social security numbers, medical records
51
00:02:26,447 --> 00:02:28,847
and more were released online for everyone to see.
52
00:02:30,951 --> 00:02:32,484
I met someone who was on Sony's lot
53
00:02:32,586 --> 00:02:34,153
the day the attack went down.
54
00:02:34,255 --> 00:02:36,522
She was a senior coordinator for the studio's digital TV
55
00:02:36,624 --> 00:02:39,658
department, and eventually quit because of the hack.
56
00:02:39,760 --> 00:02:42,327
Celina was the only Sony employee I spoke to
57
00:02:42,429 --> 00:02:44,663
who was willing to go on camera.
58
00:02:44,765 --> 00:02:46,298
When did you find out
your personal information
59
00:02:46,400 --> 00:02:47,533
was actualy leaked though?
60
00:02:47,635 --> 00:02:50,002
We got a memo saying
that unfortunately
61
00:02:50,104 --> 00:02:52,804
a cyber hack attack happened,
and they got everybody's
62
00:02:52,907 --> 00:02:55,007
information, and-- but
they didn't specify who.
63
00:02:55,109 --> 00:02:56,742
They just basically--
anybody that ever worked
64
00:02:56,844 --> 00:02:59,044
for Sony at anytime in
their lifetime possibly
65
00:02:59,146 --> 00:03:01,480
had a chance of their
stuff being hacked.
66
00:03:01,582 --> 00:03:03,582
So if you could just break
down specifically how
67
00:03:03,684 --> 00:03:05,918
you went about finding your
name and finding out that
68
00:03:06,020 --> 00:03:08,086
you were, you know,
personally affected by it.
69
00:03:08,189 --> 00:03:11,590
I literally went to Google
and searched "Sony hack 2014",
70
00:03:11,692 --> 00:03:13,926
and then I saw just
like a tree directory,
71
00:03:14,028 --> 00:03:15,494
like old school style DOS,
72
00:03:15,596 --> 00:03:17,396
and you saw just
different file names.
73
00:03:17,498 --> 00:03:20,566
And they named the files
like "Celina's offer letter",
74
00:03:20,668 --> 00:03:24,369
and they were named specifically
what that document was.
75
00:03:24,471 --> 00:03:26,605
So it wasn't hard to
find out your information
76
00:03:26,707 --> 00:03:28,073
was put out there.
77
00:03:28,175 --> 00:03:29,441
What were some of the things
that were going down?
78
00:03:29,543 --> 00:03:31,276
Like, 'cause obviously
you can't use computers.
79
00:03:31,378 --> 00:03:32,911
That's everything.
80
00:03:33,013 --> 00:03:34,513
Did everything just revert
to like the stone age?
81
00:03:34,615 --> 00:03:35,781
Like what happened?
82
00:03:35,883 --> 00:03:37,416
We started saying
we're working "analog".
83
00:03:37,518 --> 00:03:39,117
You literally had
to write stuff out.
84
00:03:39,220 --> 00:03:42,120
But yeah, there was a lot
of drinking and partying
85
00:03:42,223 --> 00:03:44,289
and eating, 'cause
that's all you could do.
86
00:03:44,391 --> 00:03:46,558
And I mean, Sony already
paid for their Christmas party,
87
00:03:46,660 --> 00:03:48,961
so we had it, and it was huge,
and it was awesome.
88
00:03:49,063 --> 00:03:52,130
And then Michael Lynton
and Amy Pascal stood up
89
00:03:52,233 --> 00:03:55,133
and gave a speech, and
then Amy Pascal kinda
90
00:03:55,236 --> 00:03:56,602
challenged the hackers.
91
00:03:56,704 --> 00:03:58,303
Challenged the hackers? How?
92
00:03:58,405 --> 00:04:01,607
In her speech, she was like oh,
this wasn't gonna get us down.
93
00:04:01,709 --> 00:04:04,142
Like, "We're gonna beat
you guys," and all that stuff.
94
00:04:04,245 --> 00:04:06,545
Pascal's defiance didn't save her,
95
00:04:06,647 --> 00:04:08,547
and she was eventually forced to resign.
96
00:04:08,649 --> 00:04:11,083
But from early on, the real question everyone asked
97
00:04:11,185 --> 00:04:14,219
was why would hackers target Sony Pictures?
98
00:04:14,321 --> 00:04:16,154
The media had an answer...
99
00:04:16,257 --> 00:04:18,090
You want us to kill the
leader of North Korea?
100
00:04:18,158 --> 00:04:19,057
Yes.
101
00:04:19,159 --> 00:04:20,659
Wha?
102
00:04:20,761 --> 00:04:22,327
...a movie starring Seth Rogan and James Franco with a plot
103
00:04:22,429 --> 00:04:25,631
hinging on assassinating thereal life leader of North Korea.
104
00:04:25,733 --> 00:04:27,899
President Kim Jong-un!
105
00:04:28,002 --> 00:04:30,802
The Interview was, you know,
just a raunchy stoner comedy.
106
00:04:30,904 --> 00:04:32,804
I don't think anybody
would argue it was high art
107
00:04:32,906 --> 00:04:34,806
or Oscar material.
108
00:04:34,908 --> 00:04:37,009
With The Interview set for a Christmas release,
109
00:04:37,111 --> 00:04:39,745
a rambling message posted online threatened
110
00:04:39,847 --> 00:04:41,847
terrorist attacks on the movie's premiere
111
00:04:41,949 --> 00:04:44,983
in any theatres daring to screen the film.
112
00:04:45,052 --> 00:04:46,918
Sony Pictures pulled the movie.
113
00:04:47,021 --> 00:04:50,656
We had no alternative
but to not proceed
114
00:04:50,758 --> 00:04:53,925
with the theatrical release
on the 25th of December.
115
00:04:54,028 --> 00:04:57,195
And then, out of nowhere,President Obama named the perp.
116
00:04:57,298 --> 00:05:00,198
The FBI announced today that...
and we can confirm that
117
00:05:00,301 --> 00:05:04,369
North Korea engaged
in this attack.
118
00:05:04,471 --> 00:05:06,204
It was the first time a president has blamed
119
00:05:06,307 --> 00:05:08,940
a nation state for a major cyber attack on American soil.
120
00:05:10,244 --> 00:05:12,210
The US retaliated with sanctions.
121
00:05:12,313 --> 00:05:14,212
The White House didn't discuss the evidence,
122
00:05:14,315 --> 00:05:17,549
but the FBI came forward with some details.
123
00:05:17,651 --> 00:05:20,652
Brett Leatherman is an agent in the FBI's cyber division.
124
00:05:20,754 --> 00:05:22,788
Based on what's publically known,
125
00:05:22,890 --> 00:05:24,890
the hack seems to have gone down in four phases.
126
00:05:24,992 --> 00:05:27,993
First: spear phishing, which the FBI said
127
00:05:28,095 --> 00:05:30,195
was likely how the hackers got into Sony.
128
00:05:30,297 --> 00:05:32,831
Somebody within a company or
organization would receive
129
00:05:32,933 --> 00:05:36,134
an email that looks like
it's a legitimate email
130
00:05:36,236 --> 00:05:39,304
that might contain an attachment
or a link to a website.
131
00:05:39,406 --> 00:05:41,573
Once you click on that link,
132
00:05:41,675 --> 00:05:43,475
it would take you
then to a website,
133
00:05:43,577 --> 00:05:46,345
or it would launch malware on
your computer that would allow
134
00:05:46,447 --> 00:05:48,747
somebody to then
compromise your system.
135
00:05:48,849 --> 00:05:50,749
Next, the hackers gained broader access
136
00:05:50,851 --> 00:05:52,250
to Sony's networks.
137
00:05:52,353 --> 00:05:55,354
So they're looking for a user
with escalated privileges,
138
00:05:55,456 --> 00:05:59,091
and it could be an admin,
or it could be a CEO or CFO
139
00:05:59,193 --> 00:06:03,362
who needs access to your network
in an administrative capacity.
140
00:06:03,430 --> 00:06:06,098
So admin credentials are key
141
00:06:06,200 --> 00:06:08,500
in going laterally
through a network.
142
00:06:08,602 --> 00:06:11,103
With their almost god-like access to Sony,
143
00:06:11,205 --> 00:06:13,772
the hackers moved to phase 3: data theft.
144
00:06:13,874 --> 00:06:16,274
It probably took them months to steal everything
145
00:06:16,377 --> 00:06:18,443
they eventually released online.
146
00:06:18,545 --> 00:06:21,346
And then came the grand finale: data destruction.
147
00:06:21,448 --> 00:06:23,915
The unique thing
about the Sony attack
148
00:06:24,017 --> 00:06:26,284
was the destructive
nature of the malware.
149
00:06:26,387 --> 00:06:28,854
The hackers launched malware, or malicious software,
150
00:06:28,956 --> 00:06:30,922
that destroyed Sony computers from within,
151
00:06:31,024 --> 00:06:34,059
wiping data off its systems.
152
00:06:34,161 --> 00:06:35,527
But that still doesn't explain how the government
153
00:06:35,629 --> 00:06:37,829
attributed the attack to North Korea.
154
00:06:41,835 --> 00:06:43,268
BEN: Whoever hacked Sony Pictures' networks
155
00:06:43,370 --> 00:06:45,203
stole sensitive data, then smashed whatever they could
156
00:06:45,305 --> 00:06:46,938
on the way out.
157
00:06:47,040 --> 00:06:49,741
But to this day, one question remains:
158
00:06:49,843 --> 00:06:52,577
How was the US government so sure it was North Korea?
159
00:06:52,679 --> 00:06:55,814
So I can't comment on
ongoing FBI investigations.
160
00:06:55,916 --> 00:06:58,483
So why is the
investigation ongoing?
161
00:06:58,585 --> 00:07:01,953
A cyber investigation
is a long-term effort
162
00:07:02,055 --> 00:07:04,890
to just not only attribute...
163
00:07:04,992 --> 00:07:08,226
if there's a particular country
involved, not just attribute
164
00:07:08,328 --> 00:07:11,396
who that country might be,
but also to attribute
165
00:07:11,498 --> 00:07:14,332
threat actors behind
the actual compromise.
166
00:07:14,435 --> 00:07:17,068
Because there's other
groups that are involved
167
00:07:17,171 --> 00:07:19,104
in these kind of attacks.
168
00:07:19,206 --> 00:07:21,773
So there are other groups who
kinda jump on the bandwagon
169
00:07:21,875 --> 00:07:23,108
for their own benefit.
170
00:07:23,210 --> 00:07:24,476
And that was the case with Sony.
171
00:07:24,578 --> 00:07:25,811
Possibly.
172
00:07:25,913 --> 00:07:27,345
That may have been
the case with Sony,
173
00:07:27,448 --> 00:07:29,848
but in general I think
we frequently see that
174
00:07:29,950 --> 00:07:31,383
with major cyber events.
175
00:07:33,187 --> 00:07:35,353
Beyond the FBI, the National Security Agency,
176
00:07:35,456 --> 00:07:37,923
one of America's spy powers, was reported to have evidence
177
00:07:38,025 --> 00:07:40,091
it was North Korea.
178
00:07:40,194 --> 00:07:42,527
But the NSA won't confirm or deny anything.
179
00:07:42,629 --> 00:07:45,363
Well actually, I think the
government was more forthcoming
180
00:07:45,466 --> 00:07:47,866
in the Sony hack than
is usually the case.
181
00:07:47,968 --> 00:07:50,101
You know, historically the
government wouldn't really
182
00:07:50,204 --> 00:07:52,204
attribute it at all
to a nation state.
183
00:07:53,106 --> 00:07:55,173
Michael Chertoff was the secretary of Homeland Security
184
00:07:55,275 --> 00:07:57,342
under President George W. Bush.
185
00:07:57,444 --> 00:08:00,011
He and former NSA and CIA director Michael Hayden
186
00:08:00,113 --> 00:08:03,014
now run a private consulting firm.
187
00:08:03,116 --> 00:08:05,350
And then you have the government
pretty clearly saying
188
00:08:05,452 --> 00:08:07,886
North Korea was responsible
for the Sony hack.
189
00:08:07,988 --> 00:08:12,190
And I think that was a decision
that the risk of revealing
190
00:08:12,292 --> 00:08:14,960
a little bit about sources
and methods was outweighed
191
00:08:15,062 --> 00:08:17,329
by the importance of
saying to the bad actors,
192
00:08:17,431 --> 00:08:20,165
"We know it's you,
and there's a limit
193
00:08:20,267 --> 00:08:21,733
to our willingness
to tolerate this."
194
00:08:21,835 --> 00:08:23,368
So in your expert opinion,
195
00:08:23,470 --> 00:08:24,970
do you think that was
a good decision?
196
00:08:25,072 --> 00:08:26,538
I think it probably
did make sense.
197
00:08:26,640 --> 00:08:29,040
I think if you look at actually
the way North Korea operates,
198
00:08:29,142 --> 00:08:32,878
there is a small group
of privileged individuals,
199
00:08:32,980 --> 00:08:36,081
which include people who are--
have technical skills that are
200
00:08:36,183 --> 00:08:39,017
useful to the regime,
that are well resourced,
201
00:08:39,119 --> 00:08:41,152
and are quite capable.
202
00:08:41,255 --> 00:08:44,155
I mean, they may not be the
A Team, but they're the B Team,
203
00:08:44,258 --> 00:08:46,157
and the B Team can do
a lot of damage.
204
00:08:46,260 --> 00:08:49,261
I had an idea who Chertoff's B Team could be:
205
00:08:49,363 --> 00:08:52,697
a North Korean military agency known as Bureau 121.
206
00:08:52,799 --> 00:08:55,133
But North Korea can barely keep the lights on,
207
00:08:55,235 --> 00:08:57,802
so could they really have an elite hacking unit?
208
00:09:00,507 --> 00:09:02,541
- Martyn.
- Hi.
209
00:09:02,643 --> 00:09:04,376
- How're you doing?
- I'm good, how are you?
210
00:09:04,478 --> 00:09:05,911
Good.
(Radio distortion)
211
00:09:06,013 --> 00:09:07,379
Sounds like you're calling...
212
00:09:07,481 --> 00:09:09,548
You're trying to access
some aliens or something.
213
00:09:09,650 --> 00:09:11,783
- Almost, North Korea.
- Almost.
214
00:09:12,352 --> 00:09:14,419
Martyn Williams is a reporter who's been to North Korea,
215
00:09:14,521 --> 00:09:17,188
and has written extensively on their tech capabilities.
216
00:09:17,291 --> 00:09:19,591
What do we know about
Bureau 121, the actual
217
00:09:19,693 --> 00:09:22,527
hacking collective of the
cyber warriors of Kim Jong-un?
218
00:09:22,629 --> 00:09:24,029
Like what do we know about them?
219
00:09:24,131 --> 00:09:25,063
Because nobody seems
to know anything,
220
00:09:25,165 --> 00:09:27,232
like who they are, what they do.
221
00:09:27,334 --> 00:09:29,501
I mean, welcome to the world
of looking at North Korea.
222
00:09:29,570 --> 00:09:32,203
Nobody knows anything about
anything in the country.
223
00:09:32,306 --> 00:09:34,539
Very little
information gets out,
224
00:09:34,641 --> 00:09:37,075
except what you can
hear on the radio.
225
00:09:37,177 --> 00:09:39,411
There are snippets that
come out through defectors.
226
00:09:39,513 --> 00:09:43,081
It seems that what they're
doing is taking the...
227
00:09:43,183 --> 00:09:44,816
the kids that are
really good at science
228
00:09:44,918 --> 00:09:47,652
and really good at
mathematics from the...
229
00:09:47,754 --> 00:09:50,488
from high school, putting
them into good universities,
230
00:09:50,591 --> 00:09:52,657
and then after universities,
training them.
231
00:09:52,759 --> 00:09:55,560
Some of that training apparently
takes place in Pyongyang.
232
00:09:55,662 --> 00:09:58,163
A lot of it we see
taking place overseas.
233
00:09:58,265 --> 00:10:01,099
We've heard that
hacking and hackers
234
00:10:01,201 --> 00:10:03,401
are obviously a new focus.
235
00:10:03,503 --> 00:10:05,604
Why do you think that is?
236
00:10:05,706 --> 00:10:07,305
It's much cheaper.
237
00:10:07,407 --> 00:10:11,142
A room full of hackers is way
cheaper than a jet aircraft,
238
00:10:11,244 --> 00:10:13,845
or keeping tanks in
operation, or submarines,
239
00:10:13,947 --> 00:10:15,347
or things like that.
240
00:10:15,449 --> 00:10:18,984
So if they can start being a
power on the internet, then
241
00:10:19,086 --> 00:10:22,654
it's a cheap way of projecting
their power across the world.
242
00:10:22,756 --> 00:10:24,589
I wondered what Bureau 121,
243
00:10:24,691 --> 00:10:27,692
the hermit kingdom's military hacking unit, is really like.
244
00:10:27,794 --> 00:10:30,128
So with the help of aninterpreter, I made contact with
245
00:10:30,230 --> 00:10:33,031
a defector who claims he wasa North Korean army lieutenant.
246
00:10:34,401 --> 00:10:37,636
Jang Se Yul defected to South Korea almost a decade ago,
247
00:10:37,738 --> 00:10:40,105
but still keeps tabs on old friends.
248
00:10:40,207 --> 00:10:43,675
You were working with and
you were training with hackers?
249
00:10:50,784 --> 00:10:52,951
Do you know anyone
in Bureau 121,
250
00:10:53,053 --> 00:10:54,919
and are you in
contact with them?
251
00:11:29,690 --> 00:11:31,856
What's the worst thing
that North Korea could do
252
00:11:31,958 --> 00:11:33,558
to the US in the cyber realm?
253
00:12:09,463 --> 00:12:12,130
Mr. Jang said the Sony hack might be a sign
254
00:12:12,232 --> 00:12:14,532
North Korea is preparing for war.
255
00:12:14,634 --> 00:12:16,401
But as I dug into the case, I discovered that
256
00:12:16,503 --> 00:12:18,703
many highly regarded hackers and security experts
257
00:12:18,805 --> 00:12:21,206
doubt North Korea was behind the attack at all.
258
00:12:25,412 --> 00:12:28,079
BEN: Just weeks after Sony Pictures was hacked,
259
00:12:28,181 --> 00:12:31,216
the FBI released vague evidence pointing to North Korea.
260
00:12:31,318 --> 00:12:34,119
But hackers and computer experts almost immediately poked holes
261
00:12:34,221 --> 00:12:36,121
in the FBI's case.
262
00:12:36,223 --> 00:12:37,756
Do I think the North
Koreans started it?
263
00:12:37,858 --> 00:12:39,390
No, I don't think so.
264
00:12:39,493 --> 00:12:42,160
One of the most vocal doubtersis Marc Rogers, a malware expert
265
00:12:42,262 --> 00:12:44,929
and self-described former black hat hacker.
266
00:12:45,031 --> 00:12:47,665
First of all, the agenda
changed substantially
267
00:12:47,768 --> 00:12:49,467
at several points
throughout the hack.
268
00:12:49,569 --> 00:12:52,403
That kind of implies
multiple different actors to me.
269
00:12:52,506 --> 00:12:54,139
They started out
trying to extort money.
270
00:12:54,241 --> 00:12:55,840
I can't see any reason
why North Korean hackers
271
00:12:55,942 --> 00:12:57,208
would try and do that.
272
00:12:57,310 --> 00:13:01,246
Then they had kind of a
ramble about unemployment
273
00:13:01,348 --> 00:13:03,782
and job losses in Sony.
274
00:13:03,884 --> 00:13:06,751
I don't see how that benefits
the North Korean regime.
275
00:13:06,853 --> 00:13:10,155
I think they were
attacked by an opportunist,
276
00:13:10,257 --> 00:13:12,123
and then I think that evolved.
277
00:13:12,225 --> 00:13:15,960
You ended up with other groups
piling in and exploiting it.
278
00:13:16,062 --> 00:13:20,165
And then as the media started to
suggest maybe a potential link
279
00:13:20,267 --> 00:13:23,168
between this hack
and The Interview,
280
00:13:23,270 --> 00:13:25,436
I think the hackers
latched onto that.
281
00:13:25,539 --> 00:13:28,206
And they ran with it
because it was both
282
00:13:28,308 --> 00:13:31,209
a convenient cover for them,
and, well, you know,
283
00:13:31,311 --> 00:13:33,111
a lot of hackers like to do
things for the amusement.
284
00:13:33,213 --> 00:13:34,445
"For the lulz," as they say.
285
00:13:34,548 --> 00:13:37,282
That's probably what
brought North Korea in,
286
00:13:37,384 --> 00:13:39,684
and it was much later on
I think that North Korea
287
00:13:39,753 --> 00:13:41,920
actually was involved,
if they were at all.
288
00:13:43,256 --> 00:13:46,191
If Marc was right, his theory fit what the FBI had hinted.
289
00:13:46,293 --> 00:13:48,526
Sony might have been the victim of a hacking party.
290
00:13:48,628 --> 00:13:50,829
But who could've been involved?
291
00:13:50,931 --> 00:13:53,665
In 2011, the notorioushacktivist collective Anonymous
292
00:13:53,767 --> 00:13:56,067
attacked Sony websites.
293
00:13:56,169 --> 00:13:58,236
They said they were defending George Hotz,
294
00:13:58,338 --> 00:14:01,072
AKA geohot, the first guy to jailbreak an iPhone
295
00:14:01,174 --> 00:14:03,641
when he was just 17.
296
00:14:03,743 --> 00:14:06,244
This is the world's
first unlocked iPhone.
297
00:14:06,346 --> 00:14:07,846
BEN: George.
298
00:14:07,948 --> 00:14:10,248
A few years later, he jailbroke a PlayStation 3.
299
00:14:10,350 --> 00:14:12,483
That didn't sit well with Sony.
300
00:14:12,586 --> 00:14:14,786
Yo, it's geohot!
301
00:14:14,888 --> 00:14:18,923
And for those that don't know,
I'm getting sued by Sony!
302
00:14:20,327 --> 00:14:21,693
(Rapping)
303
00:14:21,795 --> 00:14:23,862
Hi, Sony!
How are you doing?
304
00:14:23,964 --> 00:14:25,930
I haven't seen you in a while.
305
00:14:26,032 --> 00:14:29,000
Uh, you know, suing me
was kinda... kinda dick,
306
00:14:29,102 --> 00:14:31,502
but it all worked out
in the end, so yeah.
307
00:14:31,605 --> 00:14:33,605
That's what I think of Sony.
308
00:14:33,707 --> 00:14:37,375
The main reason that I got into
the iPhone and PlayStation:
309
00:14:37,477 --> 00:14:39,110
it was a cool puzzle.
310
00:14:39,212 --> 00:14:41,946
These companies are
spending millions of dollars
311
00:14:42,048 --> 00:14:45,216
to build really cool puzzles
for me, and it's real!
312
00:14:45,318 --> 00:14:46,417
This isn't some puzzle
313
00:14:46,519 --> 00:14:48,519
constructed by
somebody to solve.
314
00:14:48,622 --> 00:14:51,389
This is a puzzle constructed
by somebody to not solve,
315
00:14:51,491 --> 00:14:53,258
and that's why
it was so alluring.
316
00:14:53,360 --> 00:14:54,392
That's why it still is.
317
00:14:54,494 --> 00:14:55,760
VOICE: We are Anonymous.
318
00:14:55,862 --> 00:14:57,228
BEN: Sony's lawsuit against George made
319
00:14:57,330 --> 00:14:59,130
a lot of hackers angry, including Anonymous.
320
00:14:59,232 --> 00:15:00,899
VOICE: We do not forget.
321
00:15:01,001 --> 00:15:02,634
BEN: They launched a denial-of-service attack,
322
00:15:02,736 --> 00:15:05,270
sending so much traffic to Sony's websites they crashed.
323
00:15:05,372 --> 00:15:06,938
VOICE: You should have expected us.
324
00:15:07,040 --> 00:15:08,973
BEN: And then someone hacked into the PlayStation Network
325
00:15:09,075 --> 00:15:11,809
itself, gaining access to the credit card information
326
00:15:11,912 --> 00:15:14,379
of 77 million users.
327
00:15:14,481 --> 00:15:16,581
Sony was forced to apologize,
328
00:15:16,683 --> 00:15:19,417
but no one has ever beenformally accused of the breach.
329
00:15:19,519 --> 00:15:20,885
It wasn't even about
the breach, right?
330
00:15:20,987 --> 00:15:22,420
Companies get
breached all the time.
331
00:15:22,522 --> 00:15:24,889
It was really about how
Sony responded to it.
332
00:15:24,991 --> 00:15:28,259
Sony responded by taking the
PlayStation Network offline,
333
00:15:28,361 --> 00:15:29,928
and it was down for a month.
334
00:15:30,030 --> 00:15:31,796
So now you have
77 million people
335
00:15:31,898 --> 00:15:33,298
who were trying to
play Call of Duty,
336
00:15:33,400 --> 00:15:36,367
and being like, "What's
going on here, man?" right?
337
00:15:36,436 --> 00:15:38,569
So do I think that the lawsuit
338
00:15:38,672 --> 00:15:40,471
and what happened with me
made them a target?
339
00:15:40,573 --> 00:15:42,073
Probably not.
340
00:15:42,175 --> 00:15:45,243
Do I think that what happened
in the fallout with Anonymous
341
00:15:45,345 --> 00:15:47,412
and them taking the
network offline for...
342
00:15:47,514 --> 00:15:48,913
Maybe, you know.
343
00:15:49,015 --> 00:15:50,348
That's more plausible.
344
00:15:51,851 --> 00:15:53,418
The PlayStation saga isn't the only event
345
00:15:53,520 --> 00:15:55,019
that might've pissed hackers off.
346
00:15:56,222 --> 00:15:58,456
In 2005, security experts found suspicious software
347
00:15:58,558 --> 00:16:02,026
on CDs produced by Sony BMG, the company's music division.
348
00:16:04,130 --> 00:16:07,332
I went to see Dan Kaminsky, a legend among hackers.
349
00:16:07,434 --> 00:16:10,168
He's famous for finding and helping fix a major flaw
350
00:16:10,270 --> 00:16:12,036
in the internet's backbone.
351
00:16:12,138 --> 00:16:14,772
He also played a pivotal role in uncovering the BMG fiasco.
352
00:16:16,109 --> 00:16:18,609
So if you took that disk that
was just supposed to be music,
353
00:16:18,712 --> 00:16:20,979
it would install a little
program on your computer,
354
00:16:21,081 --> 00:16:22,947
and that program did two things.
355
00:16:23,049 --> 00:16:25,917
First, it made it so your
computer could no longer
356
00:16:26,019 --> 00:16:31,356
copy music, and second it hid,
'cause it was pretty sure
357
00:16:31,458 --> 00:16:33,992
that this was not what
the user wanted.
358
00:16:34,094 --> 00:16:36,160
And so once it was in, it
sure didn't want the user
359
00:16:36,262 --> 00:16:37,862
to hit the uninstall button.
360
00:16:37,964 --> 00:16:39,731
And somebody figured out,
361
00:16:39,833 --> 00:16:41,733
"Hey, wait a second, what
is this software on this,
362
00:16:41,835 --> 00:16:43,801
what's supposed to
be an audio CD?"
363
00:16:43,903 --> 00:16:46,537
They looked at it,
and like this is malware!
364
00:16:46,639 --> 00:16:51,642
What is Sony doing putting
out custom malware on CDs?
365
00:16:51,745 --> 00:16:55,146
So what I did was a trick
called DNS cache snooping.
366
00:16:55,248 --> 00:16:57,081
I do this scan, and like
367
00:16:57,183 --> 00:17:00,385
a half million networks
had seen this thing.
368
00:17:00,487 --> 00:17:02,587
And so I took that information,
369
00:17:02,655 --> 00:17:05,189
got flown out to Sony BMG
headquarters, and I'm like,
370
00:17:05,291 --> 00:17:08,026
"Hey guys, so
here's what you did,
371
00:17:08,128 --> 00:17:10,061
and here's it
all over the world."
372
00:17:10,163 --> 00:17:11,596
Is it that kind of
behaviour though
373
00:17:11,698 --> 00:17:13,064
that has made them a target?
374
00:17:13,166 --> 00:17:16,067
It certainly didn't
make them any friends.
375
00:17:16,169 --> 00:17:19,070
Given Sony's history as a major hacking target,
376
00:17:19,172 --> 00:17:21,305
did North Korea really attack Sony Pictures?
377
00:17:21,408 --> 00:17:23,541
Or was it just a freelance hacker?
378
00:17:26,946 --> 00:17:29,213
BEN: Some of the smartest hackers in America
379
00:17:29,315 --> 00:17:31,215
were telling me they didn't believe North Korea
380
00:17:31,317 --> 00:17:33,251
attacked Sony, and that a lot of people might've had
381
00:17:33,353 --> 00:17:35,086
the motive to do it.
382
00:17:35,188 --> 00:17:38,423
But Kurt Baumgartner thinksNorth Korea really is to blame.
383
00:17:38,525 --> 00:17:40,792
Kurt analyzes malicious code and comes up with defensive
384
00:17:40,894 --> 00:17:44,295
solutions for one of the world's biggest security companies.
385
00:17:44,397 --> 00:17:46,798
He showed me how the Sony hack bears a striking resemblance
386
00:17:46,900 --> 00:17:50,802
to DarkSeoul, a 2013 cyber attack on South Korean banks
387
00:17:50,904 --> 00:17:52,937
which was widely blamed on North Korea.
388
00:17:53,039 --> 00:17:57,575
So what we've got here are
two different HTML pages
389
00:17:57,677 --> 00:18:01,279
that are basically threats
from the attackers.
390
00:18:01,381 --> 00:18:06,250
So on one side, this is
the 2013 DarkSeoul attack,
391
00:18:06,352 --> 00:18:08,619
and the audio from their video.
392
00:18:08,721 --> 00:18:13,658
(Evil laughing)
393
00:18:13,760 --> 00:18:16,961
And then over here, we have
basically the Sony hack.
394
00:18:17,063 --> 00:18:20,565
(Gunshots)
395
00:18:21,935 --> 00:18:23,634
(Laughing)
396
00:18:23,736 --> 00:18:26,170
Right, really sophisticated.
397
00:18:26,272 --> 00:18:29,941
It does seem like the graphic
arts team of a hermit nation.
398
00:18:30,043 --> 00:18:32,910
It's pretty low...
pretty low tech.
399
00:18:33,012 --> 00:18:34,278
There were other similarities
400
00:18:34,380 --> 00:18:36,114
between DarkSeoul and the Sony hack.
401
00:18:36,216 --> 00:18:39,150
The word "security" is actuallymisspelled in the exact same way
402
00:18:39,252 --> 00:18:41,786
in the code used in both attacks.
403
00:18:41,888 --> 00:18:44,622
In this case, it was
pretty clear to us
404
00:18:44,724 --> 00:18:49,260
that the same shared code base
has been used in both events.
405
00:18:50,463 --> 00:18:52,964
And both the Sony and DarkSeoul attacks were wiper events;
406
00:18:53,066 --> 00:18:56,167
they wiped or destroyed data from their victim's systems.
407
00:18:56,269 --> 00:18:58,870
These types of attacks
are extremely rare.
408
00:18:58,972 --> 00:19:00,605
They just don't happen.
409
00:19:00,707 --> 00:19:04,542
There might be five
major wiper attacks in...
410
00:19:04,644 --> 00:19:06,010
that I know of.
411
00:19:06,112 --> 00:19:07,945
But the skeptics say the similarities Kurt showed me
412
00:19:08,047 --> 00:19:09,647
don't actually add up.
413
00:19:09,749 --> 00:19:11,983
When we talk about the
similarities here, DarkSeoul,
414
00:19:12,085 --> 00:19:14,185
that was attributed to a group
of South Korean hackers
415
00:19:14,287 --> 00:19:16,020
which they called
the DarkSeoul Gang,
416
00:19:16,122 --> 00:19:18,122
and was never formally
linked to North Korea.
417
00:19:18,224 --> 00:19:21,492
The reality is it boils down to
just a few fragments of code
418
00:19:21,594 --> 00:19:22,894
in each of the
pieces of malware.
419
00:19:22,996 --> 00:19:27,398
It's not nothing that
the software is related.
420
00:19:27,500 --> 00:19:30,868
It's just not wildly compelling.
421
00:19:30,970 --> 00:19:32,303
It's not a smoking gun.
422
00:19:32,405 --> 00:19:34,906
It's not even a warm gun.
423
00:19:35,008 --> 00:19:36,741
It's not-- It's barely a gun.
424
00:19:36,843 --> 00:19:38,809
A tube-shaped object!
425
00:19:38,912 --> 00:19:42,146
Malware has a
history of being shared.
426
00:19:42,248 --> 00:19:44,315
And once that
code gets out there,
427
00:19:44,417 --> 00:19:47,018
you will end up
with multiple variants
428
00:19:47,120 --> 00:19:48,819
that all have the
same parentage.
429
00:19:48,922 --> 00:19:50,388
They all look very similar,
430
00:19:50,490 --> 00:19:52,557
but they're being run
by different people.
431
00:19:52,659 --> 00:19:54,859
The malware's code did contain IP addresses,
432
00:19:54,961 --> 00:19:56,861
which indicate a computer's location.
433
00:19:56,963 --> 00:19:59,230
The FBI says they were linked to North Korea,
434
00:19:59,332 --> 00:20:01,065
but that's not conclusive either.
435
00:20:01,167 --> 00:20:03,434
Could you fake your IP
being in North Korea?
436
00:20:03,536 --> 00:20:05,503
Break into a machine
in North Korea.
437
00:20:05,605 --> 00:20:07,104
Break into a machine in Russia
438
00:20:07,207 --> 00:20:09,073
breaking into a machine
in North Korea.
439
00:20:09,175 --> 00:20:10,374
Break into a machine in China
440
00:20:10,476 --> 00:20:11,943
breaking into Russia
breaking into North Korea.
441
00:20:12,045 --> 00:20:15,046
These are all things
you totally can do!
442
00:20:15,148 --> 00:20:18,583
Bouncing around the world
happens in milliseconds.
443
00:20:18,685 --> 00:20:23,087
And so people ask, "Is it
North Korea that did this?"
444
00:20:23,189 --> 00:20:25,690
This is a thing that
four people could do.
445
00:20:25,792 --> 00:20:27,592
Four out of 7 billion.
446
00:20:27,694 --> 00:20:32,396
This isn't an attack that
requires nation state intent.
447
00:20:32,498 --> 00:20:36,667
It's an attack that requires
a couple of guys being bored.
448
00:20:39,072 --> 00:20:41,539
My sources were telling methat the attack on Sony Pictures
449
00:20:41,641 --> 00:20:43,107
wasn't even that sophisticated.
450
00:20:43,176 --> 00:20:45,643
So maybe the company should've had better security.
451
00:20:46,579 --> 00:20:48,246
Ultimately it doesn't matter
whether the hackers came from
452
00:20:48,348 --> 00:20:49,914
North Korea or North Dakota.
453
00:20:50,016 --> 00:20:52,583
What matters is that Sony
could see this attack coming,
454
00:20:52,685 --> 00:20:54,252
and it didn't do enough
to prepare for it.
455
00:20:54,354 --> 00:20:57,121
Matthew Preusch is an attorney who represented Sony employees
456
00:20:57,223 --> 00:20:59,924
in a class action lawsuit against the studio.
457
00:21:00,026 --> 00:21:01,959
Sony just didn't do what a
reasonable company should've
458
00:21:02,061 --> 00:21:05,096
done to protect the private
information on its system.
459
00:21:05,198 --> 00:21:07,098
It should've been stored in
a way that was encrypted,
460
00:21:07,200 --> 00:21:09,900
and that was segregated
from other information
461
00:21:10,003 --> 00:21:13,537
so it was much, much harder
for the hackers to find.
462
00:21:13,606 --> 00:21:16,440
Sony Pictures declined to comment on these allegations,
463
00:21:16,542 --> 00:21:19,110
and settled the lawsuit out of court.
464
00:21:19,212 --> 00:21:21,078
But it's undeniable that employees' private
465
00:21:21,180 --> 00:21:23,781
and exploitable data will live online forever.
466
00:21:23,883 --> 00:21:25,416
Have you ever received
an apology from Sony?
467
00:21:25,518 --> 00:21:26,651
No.
468
00:21:26,753 --> 00:21:28,185
They kinda made you feel
like it was your fault,
469
00:21:28,288 --> 00:21:30,988
that you weren't protecting
yourself already to begin with.
470
00:21:31,090 --> 00:21:33,824
So I mean, I didn't do anything
wrong but show up to do my job,
471
00:21:33,926 --> 00:21:36,127
thinking this corporation knew
exactly what they were doing.
472
00:21:36,229 --> 00:21:38,996
And then finding out that
they don't is really...
473
00:21:39,098 --> 00:21:40,464
it's really frustrating.
474
00:21:40,566 --> 00:21:44,935
I mean, it sucks that we're
collateral damage, but...
475
00:21:45,038 --> 00:21:47,705
I mean, that's how war is, and
so this is basically what it is.
476
00:21:47,807 --> 00:21:49,340
It's like a nerd war now.
477
00:21:51,477 --> 00:21:52,810
As the dust settled,
478
00:21:52,912 --> 00:21:54,945
the Sony hack claimed the job of an executive,
479
00:21:55,081 --> 00:21:57,848
and a stoner flick lost its Christmas release.
480
00:21:57,950 --> 00:22:01,118
But the real victims are Sony's employees.
481
00:22:01,220 --> 00:22:03,621
Whether it was North Koreans or bored hackers,
482
00:22:03,723 --> 00:22:06,691
all the competing theories about who did it prove one thing:
483
00:22:06,759 --> 00:22:09,026
definitively attributing a cyber attack
484
00:22:09,128 --> 00:22:10,995
can be almost impossible.
485
00:22:11,097 --> 00:22:13,497
And in a world where it's notonly easy to hack a corporation
486
00:22:13,599 --> 00:22:17,101
but easy to hide, all of us are vulnerable.
46546
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.