Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,467 --> 00:00:03,469
Ben: It was one of the most
devastating attacks
2
00:00:03,471 --> 00:00:04,536
In corporate history.
3
00:00:04,538 --> 00:00:06,772
Voice: This is voice of korea.
4
00:00:06,774 --> 00:00:09,141
We've never seen an
attack like this before.
5
00:00:09,143 --> 00:00:11,176
Ben: It forced a major
hollywood studio
6
00:00:11,178 --> 00:00:12,678
To shut its networks down.
7
00:00:12,680 --> 00:00:14,079
Security hands you a memo,
8
00:00:14,081 --> 00:00:16,181
And it says there was
a system disruption.
9
00:00:16,183 --> 00:00:19,151
The us government was
quick to blame north korea.
10
00:00:19,153 --> 00:00:24,289
And we can confirm that north
korea engaged in this attack.
11
00:00:24,291 --> 00:00:27,292
But hackers and computer experts
questioned the narrative.
12
00:00:27,294 --> 00:00:29,595
It's not even a warm gun.
13
00:00:29,597 --> 00:00:31,397
It's barely a gun.
14
00:00:31,399 --> 00:00:33,465
Was it really north korea,
or was it someone else?
15
00:00:34,601 --> 00:00:44,676
♪
16
00:00:54,587 --> 00:00:57,322
It all started on
November 21st, 2014,
17
00:00:57,324 --> 00:01:00,092
When sony executives
got an extortion email
18
00:01:00,094 --> 00:01:02,394
From an unknown group,
the so-called god'sapstls.
19
00:01:03,696 --> 00:01:05,564
Sony reported it to the fbi.
20
00:01:05,566 --> 00:01:08,233
But three days later,
all hell broke loose
21
00:01:08,235 --> 00:01:10,502
When a group calling themselves
the guardians of peace
22
00:01:10,504 --> 00:01:12,604
Appeared on sony computers.
23
00:01:13,740 --> 00:01:16,675
Sony pictures co-chairs
amy pascal and michael lynton
24
00:01:16,677 --> 00:01:20,546
Scrambled to contain the
damage, but it was too late.
25
00:01:20,548 --> 00:01:22,748
Over the next three weeks,
a mountain of data
26
00:01:22,750 --> 00:01:25,617
Including movies, salaries, and
private corporate information
27
00:01:25,619 --> 00:01:28,320
Was dumped onto the internet.
28
00:01:28,322 --> 00:01:30,289
But what really captured
everyone's imagination
29
00:01:30,291 --> 00:01:32,825
Were the private emails
of sony top dogs.
30
00:01:32,827 --> 00:01:35,227
Everybody is suddenly
reading amy pascal's
31
00:01:35,229 --> 00:01:37,362
Personal emails and
professional emails,
32
00:01:37,364 --> 00:01:40,532
Which were also in many
instances very embarrassing.
33
00:01:40,534 --> 00:01:43,368
As the editor-at-large of
the hollywood reporter,
34
00:01:43,370 --> 00:01:46,371
Kim masters remembers
the cringe across tinseltown.
35
00:01:46,373 --> 00:01:49,308
There was a sense of instant
fear throughout hollywood
36
00:01:49,310 --> 00:01:51,710
Because everybody
knew, first of all,
37
00:01:51,712 --> 00:01:53,545
That they were
probably vulnerable.
38
00:01:53,547 --> 00:01:56,115
I think simultaneously
a lot of executives
39
00:01:56,117 --> 00:01:57,749
In the industry thought,
"yeah, but I don't know
40
00:01:57,751 --> 00:01:59,585
If I put some of this
stuff in an email."
41
00:01:59,587 --> 00:02:01,887
Producer scott rudin
called out angelina jolie
42
00:02:01,889 --> 00:02:04,189
For being a spoiled brat.
43
00:02:04,191 --> 00:02:07,426
Sony exec clint culpepper
bad-mouthed kevin hart.
44
00:02:07,428 --> 00:02:11,296
Worst of all, pascal and rudin
gossiped about what flicks
45
00:02:11,298 --> 00:02:14,633
The first black president of
the United States might be into.
46
00:02:14,635 --> 00:02:16,768
It was so extreme
and so emotional,
47
00:02:16,770 --> 00:02:19,404
And sometimes in some
cases so inappropriate.
48
00:02:19,406 --> 00:02:22,374
But the breach went
beyond salacious emails.
49
00:02:22,376 --> 00:02:24,343
Sony employees
watched helplessly
50
00:02:24,345 --> 00:02:26,645
As their social security
numbers, medical records
51
00:02:26,647 --> 00:02:29,248
And more were released
online for everyone to see.
52
00:02:31,251 --> 00:02:32,751
I met someone who
was on sony's lot
53
00:02:32,753 --> 00:02:34,486
The day the attack went down.
54
00:02:34,488 --> 00:02:36,788
She was a senior coordinator
for the studio's digital tv
55
00:02:36,790 --> 00:02:39,892
Department, and eventually
quit because of the hack.
56
00:02:39,894 --> 00:02:42,628
Celina was the only
sony employee I spoke to
57
00:02:42,630 --> 00:02:44,897
Who was willing to go on camera.
58
00:02:44,899 --> 00:02:46,598
When did you find out
your personal information
59
00:02:46,600 --> 00:02:47,799
Was actualy leaked though?
60
00:02:47,801 --> 00:02:50,369
We got a memo saying
that unfortunately
61
00:02:50,371 --> 00:02:53,205
A cyber hack attack happened,
and they got everybody's
62
00:02:53,207 --> 00:02:55,374
Information, and... but
they didn't specify who.
63
00:02:55,376 --> 00:02:57,176
They just basically...
anybody that ever worked
64
00:02:57,178 --> 00:02:59,411
For sony at anytime in
their lifetime possibly
65
00:02:59,413 --> 00:03:01,747
Had a chance of their
stuff being hacked.
66
00:03:01,749 --> 00:03:03,849
So if you could just break
down specifically how
67
00:03:03,851 --> 00:03:06,318
You went about finding your
name and finding out that
68
00:03:06,320 --> 00:03:08,453
You were, you know,
personally affected by it.
69
00:03:08,455 --> 00:03:11,857
I literally went to google
and searched "sony hack 2014",
70
00:03:11,859 --> 00:03:14,326
And then I saw just
like a tree directory,
71
00:03:14,328 --> 00:03:15,761
Like old school style dos,
72
00:03:15,763 --> 00:03:17,696
And you saw just
different file names.
73
00:03:17,698 --> 00:03:20,832
And they named the files
like "celina's offer letter",
74
00:03:20,834 --> 00:03:24,670
And they were named specifically
what that document was.
75
00:03:24,672 --> 00:03:26,872
So it wasn't hard to
find out your information
76
00:03:26,874 --> 00:03:28,440
Was put out there.
77
00:03:28,442 --> 00:03:29,741
What were some of the things
that were going down?
78
00:03:29,743 --> 00:03:31,610
Like, 'cause obviously
you can't use computers.
79
00:03:31,612 --> 00:03:33,312
That's everything.
80
00:03:33,314 --> 00:03:34,780
Did everything just revert
to like the stone age?
81
00:03:34,782 --> 00:03:36,215
Like what happened?
82
00:03:36,217 --> 00:03:37,716
We started saying
we're working "analog".
83
00:03:37,718 --> 00:03:39,484
You literally had
to write stuff out.
84
00:03:39,486 --> 00:03:42,487
But yeah, there was a lot
of drinking and partying
85
00:03:42,489 --> 00:03:44,623
And eating, 'cause
that's all you could do.
86
00:03:44,625 --> 00:03:46,825
And I mean, sony already
paid for their christmas party,
87
00:03:46,827 --> 00:03:49,361
So we had it, and it was huge,
and it was awesome.
88
00:03:49,363 --> 00:03:52,497
And then michael lynton
and amy pascal stood up
89
00:03:52,499 --> 00:03:55,500
And gave a speech, and
then amy pascal kinda
90
00:03:55,502 --> 00:03:56,868
Challenged the hackers.
91
00:03:56,870 --> 00:03:58,637
Challenged the hackers? How?
92
00:03:58,639 --> 00:04:01,873
In her speech, she was like oh,
this wasn't gonna get us down.
93
00:04:01,875 --> 00:04:04,509
Like, "we're gonna beat
you guys," and all that stuff.
94
00:04:04,511 --> 00:04:06,812
Pascal's defiance
didn't save her,
95
00:04:06,814 --> 00:04:08,814
And she was eventually
forced to resign.
96
00:04:08,816 --> 00:04:11,450
But from early on, the real
question everyone asked
97
00:04:11,452 --> 00:04:14,553
Was why would hackers
target sony pictures?
98
00:04:14,555 --> 00:04:16,521
The media had an answer...
99
00:04:16,523 --> 00:04:18,423
You want us to kill the
leader of north korea?
100
00:04:18,425 --> 00:04:19,424
Yes.
101
00:04:19,426 --> 00:04:22,661
...A movie starring seth rogan
and james franco with a plot
102
00:04:22,663 --> 00:04:25,897
Ng on assassinating the
life leader of north korea.
103
00:04:25,899 --> 00:04:28,300
President kim jong-un!
104
00:04:28,302 --> 00:04:31,036
The interview was, you know,
just a raunchy stoner comedy.
105
00:04:31,038 --> 00:04:33,038
I don't think anybody
would argue it was high art
106
00:04:33,040 --> 00:04:35,040
Or oscar material.
107
00:04:35,042 --> 00:04:37,409
With the interview set
for a christmas release,
108
00:04:37,411 --> 00:04:39,978
A rambling message
posted online threatened
109
00:04:39,980 --> 00:04:42,281
Terrorist attacks on
the movie's premiere
110
00:04:42,283 --> 00:04:45,350
In any theatres daring
to screen the film.
111
00:04:45,352 --> 00:04:47,319
Sony pictures
pulled the movie.
112
00:04:47,321 --> 00:04:50,922
We had no alternative
but to not proceed
113
00:04:50,924 --> 00:04:54,326
With the theatrical release
on the 25th of December.
114
00:04:54,328 --> 00:04:57,562
And then, out of nowhere,
president obama named the perp.
115
00:04:57,564 --> 00:05:00,565
The fbi announced today that...
And we can confirm that
116
00:05:00,567 --> 00:05:04,703
North korea engaged
in this attack.
117
00:05:04,705 --> 00:05:06,571
It was the first time
a president has blamed
118
00:05:06,573 --> 00:05:09,374
A nation state for a major
cyber attack on american soil.
119
00:05:10,510 --> 00:05:12,577
The us retaliated
with sanctions.
120
00:05:12,579 --> 00:05:14,579
The white house didn't
discuss the evidence,
121
00:05:14,581 --> 00:05:17,849
But the fbi came forward
with some details.
122
00:05:17,851 --> 00:05:20,919
Brett leatherman is an agent
in the fbi's cyber division.
123
00:05:20,921 --> 00:05:23,021
Based on what's
publically known,
124
00:05:23,023 --> 00:05:25,324
The hack seems to have
gone down in four phases.
125
00:05:25,326 --> 00:05:28,393
First: Spear phishing,
which the fbi said
126
00:05:28,395 --> 00:05:30,562
Was likely how the
hackers got into sony.
127
00:05:30,564 --> 00:05:33,065
Somebody within a company or
organization would receive
128
00:05:33,067 --> 00:05:36,501
An email that looks like
it's a legitimate email
129
00:05:36,503 --> 00:05:39,638
That might contain an attachment
or a link to a website.
130
00:05:39,640 --> 00:05:41,873
Once you click on that link,
131
00:05:41,875 --> 00:05:43,775
It would take you
then to a website,
132
00:05:43,777 --> 00:05:46,678
Or it would launch malware on
your computer that would allow
133
00:05:46,680 --> 00:05:49,014
Somebody to then
compromise your system.
134
00:05:49,016 --> 00:05:51,016
Next, the hackers
gained broader access
135
00:05:51,018 --> 00:05:55,687
So they're looking for a user
with escalated privileges,
136
00:05:55,689 --> 00:05:59,491
And it could be an admin,
or it could be a ceo or cfo
137
00:05:59,493 --> 00:06:03,662
Who needs access to your network
in an administrative capacity.
138
00:06:03,664 --> 00:06:06,498
So admin credentials are key
139
00:06:06,500 --> 00:06:08,800
In going laterally
through a network.
140
00:06:08,802 --> 00:06:11,503
With their almost
god-like access to sony,
141
00:06:11,505 --> 00:06:14,039
The hackers moved to
phase 3: Data theft.
142
00:06:14,041 --> 00:06:16,641
It probably took them months
to steal everything
143
00:06:16,643 --> 00:06:18,777
Y eventually released online.
144
00:06:18,779 --> 00:06:21,680
And then came the grand
finale: Data destruction.
145
00:06:21,682 --> 00:06:24,149
The unique thing
about the sony attack
146
00:06:24,151 --> 00:06:26,651
Was the destructive
nature of the malware.
147
00:06:26,653 --> 00:06:29,087
The hackers launched malware,
or malicious software,
148
00:06:29,089 --> 00:06:31,156
That destroyed sony
computers from within,
149
00:06:31,158 --> 00:06:34,459
Wiping data off its systems.
150
00:06:34,461 --> 00:06:35,861
But that still doesn't
explain how the government
151
00:06:35,863 --> 00:06:38,063
Attributed the attack
to north korea.
152
00:06:43,003 --> 00:06:46,571
Stole sensitive data, then
smashed whatever they could
153
00:06:46,573 --> 00:06:48,173
On the way out.
154
00:06:48,175 --> 00:06:51,009
But to this day,
one question remains:
155
00:06:51,011 --> 00:06:53,879
How was the us government
so sure it was north korea?
156
00:06:53,881 --> 00:06:57,082
So I can't comment on
ongoing fbi investigations.
157
00:06:57,084 --> 00:06:59,818
So why is the
investigation ongoing?
158
00:06:59,820 --> 00:07:03,188
A cyber investigation
is a long-term effort
159
00:07:03,190 --> 00:07:06,124
To just not only attribute...
160
00:07:06,126 --> 00:07:09,594
If there's a particular country
involved, not just attribute
161
00:07:09,596 --> 00:07:12,731
Who that country might be,
but also to attribute
162
00:07:12,733 --> 00:07:15,700
Threat actors behind
the actual compromise.
163
00:07:15,702 --> 00:07:18,470
Because there's other
groups that are involved
164
00:07:18,472 --> 00:07:20,505
In these kind of attacks.
165
00:07:20,507 --> 00:07:23,041
So there are other groups who
kinda jump on the bandwagon
166
00:07:23,043 --> 00:07:24,509
For their own benefit.
167
00:07:24,511 --> 00:07:25,811
And that was the case with sony.
168
00:07:25,813 --> 00:07:27,078
Possibly.
169
00:07:27,080 --> 00:07:28,713
That may have been
the case with sony,
170
00:07:28,715 --> 00:07:31,116
But in general I think
we frequently see that
171
00:07:34,487 --> 00:07:36,721
Beyond the fbi, the
national security agency,
172
00:07:36,723 --> 00:07:39,157
One of america's spy powers,
was reported to have evidence
173
00:07:39,159 --> 00:07:41,493
It was north korea.
174
00:07:41,495 --> 00:07:43,862
But the nsa won't
confirm or deny anything.
175
00:07:43,864 --> 00:07:46,731
Well actually, I think the
government was more forthcoming
176
00:07:46,733 --> 00:07:49,134
In the sony hack than
is usually the case.
177
00:07:49,136 --> 00:07:51,503
You know, historically the
government wouldn't really
178
00:07:51,505 --> 00:07:53,605
Attribute it at all
to a nation state.
179
00:07:54,240 --> 00:07:56,575
Michael chertoff was the
secretary of homeland security
180
00:07:56,577 --> 00:07:58,710
Under president george w. Bush.
181
00:07:58,712 --> 00:08:01,246
He and former nsa and cia
director michael hayden
182
00:08:01,248 --> 00:08:04,249
Now run a private
consulting firm.
183
00:08:04,251 --> 00:08:06,718
And then you have the government
pretty clearly saying
184
00:08:06,720 --> 00:08:09,154
North korea was responsible
for the sony hack.
185
00:08:09,156 --> 00:08:13,592
And I think that was a decision
that the risk of revealing
186
00:08:13,594 --> 00:08:16,194
A little bit about sources
and methods was outweighed
187
00:08:16,196 --> 00:08:18,697
By the importance of
saying to the bad actors,
188
00:08:18,699 --> 00:08:21,566
"we know it's you,
and there's a limit
189
00:08:21,568 --> 00:08:23,034
To our willingness
to tolerate this."
190
00:08:23,036 --> 00:08:24,736
So in your expert opinion,
191
00:08:24,738 --> 00:08:26,204
Do you think that was
a good decision?
192
00:08:26,206 --> 00:08:30,275
I think if you look at actually
the way north korea operates,
193
00:08:30,277 --> 00:08:34,145
There is a small group
of privileged individuals,
194
00:08:34,147 --> 00:08:37,516
Which include people who are...
have technical skills that are
195
00:08:37,518 --> 00:08:40,252
Useful to the regime,
that are well resourced,
196
00:08:40,254 --> 00:08:42,554
And are quite capable.
197
00:08:42,556 --> 00:08:45,557
I mean, they may not be the
a team, but they're the b team,
198
00:08:45,559 --> 00:08:47,559
And the b team can do
a lot of damage.
199
00:08:47,561 --> 00:08:50,662
I had an idea who
chertoff's b team could be:
200
00:08:50,664 --> 00:08:53,999
A north korean military agency
known as bureau 121.
201
00:08:54,001 --> 00:08:56,568
But north korea can
barely keep the lights on,
202
00:08:56,570 --> 00:08:59,104
So could they really
have an elite hacking unit?
203
00:09:01,774 --> 00:09:03,875
- Martyn.
- Hi.
204
00:09:03,877 --> 00:09:05,744
- How're you doing?
- I'm good, how are you?
205
00:09:05,746 --> 00:09:07,178
Good.
206
00:09:07,180 --> 00:09:08,747
Sounds like you're calling...
207
00:09:08,749 --> 00:09:10,882
You're trying to access
some aliens or something.
208
00:09:10,884 --> 00:09:13,084
- Almost, north korea.
- Almost.
209
00:09:13,653 --> 00:09:15,787
Martyn williams is a reporter
who's been to north korea,
210
00:09:15,789 --> 00:09:18,590
And has written extensively
on their tech capabilities.
211
00:09:18,592 --> 00:09:20,926
What do we know about
bureau 121, the actual
212
00:09:20,928 --> 00:09:23,862
Hacking collective of the
cyber warriors of kim jong-un?
213
00:09:23,864 --> 00:09:25,263
Like what do we know about them?
214
00:09:25,265 --> 00:09:26,298
Because nobody seems
to know anything,
215
00:09:26,300 --> 00:09:28,633
Like who they are, what they do.
216
00:09:28,635 --> 00:09:30,835
I mean, welcome to the world
of looking at north korea.
217
00:09:30,837 --> 00:09:33,605
Nobody knows anything about
anything in the country.
218
00:09:33,607 --> 00:09:35,874
Very little
information gets out,
219
00:09:35,876 --> 00:09:38,310
Except what you can
hear on the radio.
220
00:09:38,312 --> 00:09:40,779
There are snippets that
come out through defectors.
221
00:09:40,781 --> 00:09:44,316
It seems that what they're
doing is taking the...
222
00:09:44,318 --> 00:09:46,117
The kids that are
really good at science
223
00:09:46,119 --> 00:09:48,987
And really good at
mathematics from the...
224
00:09:48,989 --> 00:09:51,856
From high school, putting
them into good universities,
225
00:09:51,858 --> 00:09:53,992
And then after universities,
training them.
226
00:09:53,994 --> 00:09:56,895
Some of that training apparently
takes place in pyongyang.
227
00:09:56,897 --> 00:09:59,598
A lot of it we see
taking place overseas.
228
00:09:59,600 --> 00:10:02,334
We've heard that
hacking and hackers
229
00:10:02,336 --> 00:10:04,769
Are obviously a new focus.
230
00:10:04,771 --> 00:10:06,938
Why do you think that is?
231
00:10:06,940 --> 00:10:08,707
It's much cheaper.
232
00:10:08,709 --> 00:10:12,377
A room full of hackers is way
cheaper than a jet aircraft,
233
00:10:12,379 --> 00:10:15,146
Or keeping tanks in
operation, or submarines,
234
00:10:15,148 --> 00:10:20,251
So if they can start being a
power on the internet, then
235
00:10:20,253 --> 00:10:23,989
It's a cheap way of projecting
their power across the world.
236
00:10:23,991 --> 00:10:25,924
I wondered what bureau 121,
237
00:10:25,926 --> 00:10:29,027
The hermit kingdom's military
hacking unit, is really like.
238
00:10:29,029 --> 00:10:31,363
With the help of an
rpreter, I made contact with
239
00:10:31,365 --> 00:10:34,299
Defector who claims he was
north korean army lieutenant.
240
00:10:35,701 --> 00:10:38,970
Jang se yul defected to south
korea almost a decade ago,
241
00:10:38,972 --> 00:10:41,373
But still keeps tabs
on old friends.
242
00:10:41,375 --> 00:10:45,010
You were working with and
you were training with hackers?
243
00:10:52,018 --> 00:10:54,252
Do you know anyone
in bureau 121,
244
00:10:54,254 --> 00:10:56,221
And are you in
contact with them?
245
00:11:30,956 --> 00:11:33,191
What's the worst thing
that north korea could do
246
00:11:33,193 --> 00:11:34,926
To the us in the cyber realm?
247
00:12:10,763 --> 00:12:13,398
Mr. Jang said the sony
hack might be a sign
248
00:12:13,400 --> 00:12:15,900
North korea is
preparing for war.
249
00:12:15,902 --> 00:12:17,802
But as I dug into the
case, I discovered that
250
00:12:17,804 --> 00:12:20,071
Many highly regarded hackers
and security experts
251
00:12:20,073 --> 00:12:22,440
Doubt north korea was
behind the attack at all.
252
00:12:27,747 --> 00:12:30,348
Ben: Just weeks after
sony pictures was hacked,
253
00:12:30,350 --> 00:12:33,451
The fbi released vague evidence
pointing to north korea.
254
00:12:33,453 --> 00:12:36,387
Hackers and computer experts
st immediately poked holes
255
00:12:36,389 --> 00:12:38,389
In the fbi's case.
256
00:12:38,391 --> 00:12:40,091
Do I think the north
koreans started it?
257
00:12:40,093 --> 00:12:44,429
One of the most vocal doubters
is marc rogers, a malware expert
258
00:12:44,431 --> 00:12:47,232
And self-described
former black hat hacker.
259
00:12:47,234 --> 00:12:50,034
First of all, the agenda
changed substantially
260
00:12:50,036 --> 00:12:51,870
At several points
throughout the hack.
261
00:12:51,872 --> 00:12:54,806
That kind of implies
multiple different actors to me.
262
00:12:54,808 --> 00:12:56,407
They started out
trying to extort money.
263
00:12:56,409 --> 00:12:58,176
I can't see any reason
why north korean hackers
264
00:12:58,178 --> 00:13:03,481
Then they had kind of a
ramble about unemployment
265
00:13:03,483 --> 00:13:06,117
And job losses in sony.
266
00:13:06,119 --> 00:13:09,087
I don't see how that benefits
the north korean regime.
267
00:13:09,089 --> 00:13:12,423
I think they were
attacked by an opportunist,
268
00:13:12,425 --> 00:13:14,392
And then I think that evolved.
269
00:13:14,394 --> 00:13:18,263
You ended up with other groups
piling in and exploiting it.
270
00:13:18,265 --> 00:13:22,433
And then as the media started to
suggest maybe a potential link
271
00:13:22,435 --> 00:13:25,436
Between this hack
and the interview,
272
00:13:25,438 --> 00:13:27,839
I think the hackers
latched onto that.
273
00:13:27,841 --> 00:13:30,475
And they ran with it
because it was both
274
00:13:30,477 --> 00:13:33,478
A convenient cover for them,
and, well, you know,
275
00:13:33,480 --> 00:13:35,380
A lot of hackers like to do
things for the amusement.
276
00:13:35,382 --> 00:13:36,848
"for the lulz," as they say.
277
00:13:36,850 --> 00:13:39,517
That's probably what
brought north korea in,
278
00:13:39,519 --> 00:13:42,020
And it was much later on
I think that north korea
279
00:13:42,022 --> 00:13:44,255
Actually was involved,
if they were at all.
280
00:13:45,424 --> 00:13:48,459
Marc was right, his theoy
t what the fbi had hinted.
281
00:13:48,461 --> 00:13:50,929
Sony might have been the
victim of a hacking party.
282
00:13:50,931 --> 00:13:53,164
But who could've been involved?
283
00:13:53,166 --> 00:13:56,034
In 2011, the notorious
acktivist collective anonymous
284
00:13:56,036 --> 00:13:58,369
Attacked sony websites.
285
00:13:58,371 --> 00:14:00,505
They said they were
defending george hotz,
286
00:14:00,507 --> 00:14:03,374
Aka geohot, the first guy
to jailbreak an iphone
287
00:14:03,376 --> 00:14:06,010
When he was just 17.
288
00:14:06,012 --> 00:14:08,513
This is the world's
first unlocked iphone.
289
00:14:08,515 --> 00:14:10,181
Ben: George.
290
00:14:10,183 --> 00:14:12,517
A few years later, he
jailbroke a playstation 3.
291
00:14:12,519 --> 00:14:14,886
That didn't sit well with sony.
292
00:14:14,888 --> 00:14:17,155
Yo, it's geohot!
293
00:14:17,157 --> 00:14:21,259
And for those that don't know,
I'm getting sued by sony!
294
00:14:24,064 --> 00:14:26,197
Hi, sony!
How are you doing?
295
00:14:26,199 --> 00:14:28,266
I haven't seen you in a while.
296
00:14:28,268 --> 00:14:31,302
Uh, you know, suing me
was kinda... Kinda dick,
297
00:14:31,304 --> 00:14:33,905
But it all worked out
in the end, so yeah.
298
00:14:33,907 --> 00:14:36,007
That's what I think of sony.
299
00:14:36,009 --> 00:14:39,611
The main reason that I got into
the iphone and playstation:
300
00:14:39,613 --> 00:14:41,412
It was a cool puzzle.
301
00:14:41,414 --> 00:14:44,282
These companies are
spending millions of dollars
302
00:14:44,284 --> 00:14:47,485
To build really cool puzzles
for me, and it's real!
303
00:14:47,487 --> 00:14:48,653
This isn't some puzzle
304
00:14:48,655 --> 00:14:50,922
Constructed by
somebody to solve.
305
00:14:50,924 --> 00:14:53,625
This is a puzzle constructed
by somebody to not solve,
306
00:14:53,627 --> 00:14:55,526
And that's why
it was so alluring.
307
00:14:55,528 --> 00:14:56,628
That's why it still is.
308
00:14:56,630 --> 00:15:01,432
A lot of hackers angry,
including anonymous.
309
00:15:01,434 --> 00:15:03,234
Voice: We do not forget.
310
00:15:03,236 --> 00:15:05,036
Ben: They launched a
denial-of-service attack,
311
00:15:05,038 --> 00:15:07,538
Sending so much traffic to
sony's websites they crashed.
312
00:15:07,540 --> 00:15:11,309
Ben: And then someone hacked
into the playstation network
313
00:15:11,311 --> 00:15:14,178
Itself, gaining access to
the credit card information
314
00:15:14,180 --> 00:15:16,614
Of 77 million users.
315
00:15:16,616 --> 00:15:18,983
Sony was forced to apologize,
316
00:15:18,985 --> 00:15:21,653
But no one has ever been
formally accused of the breach.
317
00:15:21,655 --> 00:15:23,221
It wasn't even about
the breach, right?
318
00:15:23,223 --> 00:15:24,656
Companies get
breached all the time.
319
00:15:24,658 --> 00:15:27,225
It was really about how
sony responded to it.
320
00:15:27,227 --> 00:15:30,528
Sony responded by taking the
playstation network offline,
321
00:15:30,530 --> 00:15:32,263
And it was down for a month.
322
00:15:32,265 --> 00:15:34,165
So now you have
77 million people
323
00:15:34,167 --> 00:15:35,566
Who were trying to
play call of duty,
324
00:15:35,568 --> 00:15:38,603
And being like, "what's
going on here, man?" right?
325
00:15:38,605 --> 00:15:40,972
So do I think that the lawsuit
326
00:15:40,974 --> 00:15:42,707
And what happened with me
made them a target?
327
00:15:42,709 --> 00:15:47,512
Do I think that what happened
in the fallout with anonymous
328
00:15:47,514 --> 00:15:49,647
And them taking the
network offline for...
329
00:15:49,649 --> 00:15:51,249
Maybe, you know.
330
00:15:51,251 --> 00:15:52,583
That's more plausible.
331
00:15:54,119 --> 00:15:55,653
The playstation saga
isn't the only event
332
00:15:55,655 --> 00:15:57,355
That might've
pissed hackers off.
333
00:15:57,357 --> 00:16:00,725
In 2005, security experts
found suspicious software
334
00:16:00,727 --> 00:16:04,362
On cds produced by sony bmg,
the company's music division.
335
00:16:06,365 --> 00:16:09,600
I went to see dan kaminsky,
a legend among hackers.
336
00:16:09,602 --> 00:16:12,470
He's famous for finding
and helping fix a major flaw
337
00:16:12,472 --> 00:16:14,372
In the internet's backbone.
338
00:16:14,374 --> 00:16:17,175
He also played a pivotal role
in uncovering the bmg fiasco.
339
00:16:18,344 --> 00:16:21,012
So if you took that disk that
was just supposed to be music,
340
00:16:21,014 --> 00:16:23,314
It would install a little
program on your computer,
341
00:16:23,316 --> 00:16:25,283
And that program did two things.
342
00:16:25,285 --> 00:16:28,286
First, it made it so your
computer could no longer
343
00:16:28,288 --> 00:16:33,624
Copy music, and second it hid,
'cause it was pretty sure
344
00:16:33,626 --> 00:16:36,327
That this was not what
the user wanted.
345
00:16:36,329 --> 00:16:38,463
And so once it was in, it
sure didn't want the user
346
00:16:38,465 --> 00:16:40,231
To hit the uninstall button.
347
00:16:40,233 --> 00:16:42,133
And somebody figured out,
348
00:16:42,135 --> 00:16:44,135
"hey, wait a second, what
is this software on this,
349
00:16:44,137 --> 00:16:46,170
What's supposed to
be an audio cd?"
350
00:16:46,172 --> 00:16:48,773
They looked at it,
and like this is malware!
351
00:16:48,775 --> 00:16:54,045
What is sony doing putting
out custom malware on cds?
352
00:16:54,047 --> 00:16:57,448
So what I did was a trick
called dns cache snooping.
353
00:16:57,450 --> 00:16:59,417
I do this scan, and like
354
00:16:59,419 --> 00:17:02,653
A half million networks
had seen this thing.
355
00:17:02,655 --> 00:17:04,789
And so I took that information,
356
00:17:04,791 --> 00:17:07,492
Got flown out to sony bmg
headquarters, and I'm like,
357
00:17:07,494 --> 00:17:10,361
"hey guys, so
here's what you did,
358
00:17:10,363 --> 00:17:12,397
And here's it
all over the world."
359
00:17:12,399 --> 00:17:14,032
Is it that kind of
behaviour though
360
00:17:14,034 --> 00:17:15,400
That has made them a target?
361
00:17:15,402 --> 00:17:18,403
It certainly didn't
make them any friends.
362
00:17:18,405 --> 00:17:21,406
Given sony's history as
a major hacking target,
363
00:17:21,408 --> 00:17:23,608
Did north korea really
attack sony pictures?
364
00:17:23,610 --> 00:17:25,777
Or was it just a
freelance hacker?
365
00:17:30,215 --> 00:17:32,517
Ben: Some of the smartest
hackers in america
366
00:17:32,519 --> 00:17:34,519
Were telling me they didn't
believe north korea
367
00:17:34,521 --> 00:17:36,554
Attacked sony, and that
lot of people might've hd
368
00:17:36,556 --> 00:17:38,423
The motive to do it.
369
00:17:38,425 --> 00:17:41,692
But kurt baumgartner thinks
north korea really is to blame.
370
00:17:41,694 --> 00:17:44,195
Kurt analyzes malicious code
and comes up with defensive
371
00:17:44,197 --> 00:17:47,598
Solutions for one of the world's
biggest security companies.
372
00:17:47,600 --> 00:17:50,201
He showed me how the sony hack
bears a striking resemblance
373
00:17:50,203 --> 00:17:54,205
To darkseoul, a 2013 cyber
attack on south korean banks
374
00:17:54,207 --> 00:17:56,307
Which was widely blamed
on north korea.
375
00:17:56,309 --> 00:18:00,812
So what we've got here are
two different html pages
376
00:18:00,814 --> 00:18:04,615
That are basically threats
from the attackers.
377
00:18:04,617 --> 00:18:09,554
So on one side, this is
the 2013 darkseoul attack,
378
00:18:09,556 --> 00:18:11,856
And the audio from their video.
379
00:18:17,097 --> 00:18:20,364
And then over here, we have
basically the sony hack.
380
00:18:26,873 --> 00:18:29,507
Right, really sophisticated.
381
00:18:29,509 --> 00:18:33,311
It does seem like the graphic
arts team of a hermit nation.
382
00:18:33,313 --> 00:18:36,280
It's pretty low...
Pretty low tech.
383
00:18:36,282 --> 00:18:37,582
There were other similarities
384
00:18:37,584 --> 00:18:39,450
Between darkseoul
and the sony hack.
385
00:18:39,452 --> 00:18:42,487
The word "security" is actually
misspelled in the exact same way
386
00:18:42,489 --> 00:18:45,189
In the code used
in both attacks.
387
00:18:45,191 --> 00:18:47,892
In this case, it was
pretty clear to us
388
00:18:47,894 --> 00:18:52,597
That the same shared code base
has been used in both events.
389
00:18:53,665 --> 00:18:56,334
And both the sony and darkseoul
attacks were wiper events;
390
00:18:56,336 --> 00:18:59,504
They wiped or destroyed data
from their victim's systems.
391
00:18:59,506 --> 00:19:02,273
These types of attacks
are extremely rare.
392
00:19:02,275 --> 00:19:03,841
They just don't happen.
393
00:19:03,843 --> 00:19:07,812
There might be five
major wiper attacks in...
394
00:19:07,814 --> 00:19:11,315
But the skeptics say the
similarities kurt showed me
395
00:19:11,317 --> 00:19:12,884
Don't actually add up.
396
00:19:12,886 --> 00:19:15,353
When we talk about the
similarities here, darkseoul,
397
00:19:15,355 --> 00:19:17,522
That was attributed to a group
of south korean hackers
398
00:19:17,524 --> 00:19:19,390
Which they called
the darkseoul gang,
399
00:19:19,392 --> 00:19:21,459
And was never formally
linked to north korea.
400
00:19:21,461 --> 00:19:24,762
The reality is it boils down to
just a few fragments of code
401
00:19:24,764 --> 00:19:26,297
In each of the
pieces of malware.
402
00:19:26,299 --> 00:19:30,701
It's not nothing that
the software is related.
403
00:19:30,703 --> 00:19:34,272
It's just not wildly compelling.
404
00:19:34,274 --> 00:19:35,606
It's not a smoking gun.
405
00:19:35,608 --> 00:19:38,309
It's not even a warm gun.
406
00:19:38,311 --> 00:19:40,178
It's not... it's barely a gun.
407
00:19:40,180 --> 00:19:42,213
A tube-shaped object!
408
00:19:42,215 --> 00:19:45,483
Malware has a
history of being shared.
409
00:19:45,485 --> 00:19:47,618
And once that
code gets out there,
410
00:19:47,620 --> 00:19:50,388
You will end up
with multiple variants
411
00:19:50,390 --> 00:19:52,223
That all have the
same parentage.
412
00:19:52,225 --> 00:19:53,691
They all look very similar,
413
00:19:53,693 --> 00:19:55,826
But they're being run
by different people.
414
00:19:55,828 --> 00:19:58,262
The malware's code did
contain ip addresses,
415
00:19:58,264 --> 00:20:00,264
Which indicate a
computer's location.
416
00:20:00,266 --> 00:20:02,567
The fbi says they were
linked to north korea,
417
00:20:02,569 --> 00:20:04,435
But that's not
conclusive either.
418
00:20:04,437 --> 00:20:06,737
Could you fake your ip
being in north korea?
419
00:20:06,739 --> 00:20:08,773
Break into a machine
in north korea.
420
00:20:08,775 --> 00:20:10,474
Break into a machine in russia
421
00:20:10,476 --> 00:20:12,443
Breaking into a machine
in north korea.
422
00:20:12,445 --> 00:20:15,346
Breaking into russia
breaking into north korea.
423
00:20:15,348 --> 00:20:18,416
These are all things
you totally can do!
424
00:20:18,418 --> 00:20:21,852
Bouncing around the world
happens in milliseconds.
425
00:20:21,854 --> 00:20:26,457
And so people ask, "is it
north korea that did this?"
426
00:20:26,459 --> 00:20:28,926
This is a thing that
four people could do.
427
00:20:28,928 --> 00:20:30,861
Four out of 7 billion.
428
00:20:30,863 --> 00:20:35,733
This isn't an attack that
requires nation state intent.
429
00:20:35,735 --> 00:20:39,937
It's an attack that requires
a couple of guys being bored.
430
00:20:42,374 --> 00:20:44,809
My sources were telling me
that the attack on sony pictures
431
00:20:44,811 --> 00:20:48,913
So maybe the company
hould've had better security.
432
00:20:49,781 --> 00:20:51,582
Ultimately it doesn't matter
whether the hackers came from
433
00:20:51,584 --> 00:20:53,317
North korea or north dakota.
434
00:20:53,319 --> 00:20:55,853
What matters is that sony
could see this attack coming,
435
00:20:55,855 --> 00:21:00,491
Tthew preusch is an attorney
o represented sony employees
436
00:21:00,493 --> 00:21:03,327
In a class action lawsuit
against the studio.
437
00:21:03,329 --> 00:21:05,363
Sony just didn't do what a
reasonable company should've
438
00:21:05,365 --> 00:21:08,466
Done to protect the private
information on its system.
439
00:21:08,468 --> 00:21:10,468
It should've been stored in
a way that was encrypted,
440
00:21:10,470 --> 00:21:13,304
And that was segregated
from other information
441
00:21:13,306 --> 00:21:16,807
So it was much, much harder
for the hackers to find.
442
00:21:16,809 --> 00:21:19,744
Sony pictures declined to
comment on these allegations,
443
00:21:19,746 --> 00:21:22,480
And settled the lawsuit
out of court.
444
00:21:22,482 --> 00:21:24,448
But it's undeniable
that employees' private
445
00:21:24,450 --> 00:21:27,018
And exploitable data will
live online forever.
446
00:21:27,020 --> 00:21:28,719
Have you ever received
an apology from sony?
447
00:21:28,721 --> 00:21:34,392
That you weren't protecting
yourself already to begin with.
448
00:21:34,394 --> 00:21:37,061
So I mean, I didn't do anything
wrong but show up to do my job,
449
00:21:37,063 --> 00:21:39,497
Thinking this corporation knew
exactly what they were doing.
450
00:21:39,499 --> 00:21:42,400
And then finding out that
they don't is really...
451
00:21:42,402 --> 00:21:48,339
I mean, it sucks that we're
collateral damage, but...
452
00:21:48,341 --> 00:21:50,975
I mean, that's how war is, and
so this is basically what it is.
453
00:21:50,977 --> 00:21:52,677
It's like a nerd war now.
454
00:21:54,714 --> 00:21:58,349
The sony hack claimed
the job of an executive,
455
00:21:58,351 --> 00:22:01,085
And a stoner flick lost
its christmas release.
456
00:22:01,087 --> 00:22:04,488
But the real victims
are sony's employees.
457
00:22:04,490 --> 00:22:06,891
Whether it was north koreans
or bored hackers,
458
00:22:06,893 --> 00:22:09,927
All the competing theories about
who did it prove one thing:
459
00:22:09,929 --> 00:22:12,430
Definitively attributing
a cyber attack
460
00:22:12,432 --> 00:22:14,398
Can be almost impossible.
461
00:22:14,400 --> 00:22:16,834
And in a world where it's not
only easy to hack a corporation
462
00:22:16,836 --> 00:22:20,504
But easy to hide,
all of us are vulnerable.
37284
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.