Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,467 --> 00:00:03,469 Ben: It was one of the most devastating attacks 2 00:00:03,471 --> 00:00:04,536 In corporate history. 3 00:00:04,538 --> 00:00:06,772 Voice: This is voice of korea. 4 00:00:06,774 --> 00:00:09,141 We've never seen an attack like this before. 5 00:00:09,143 --> 00:00:11,176 Ben: It forced a major hollywood studio 6 00:00:11,178 --> 00:00:12,678 To shut its networks down. 7 00:00:12,680 --> 00:00:14,079 Security hands you a memo, 8 00:00:14,081 --> 00:00:16,181 And it says there was a system disruption. 9 00:00:16,183 --> 00:00:19,151 The us government was quick to blame north korea. 10 00:00:19,153 --> 00:00:24,289 And we can confirm that north korea engaged in this attack. 11 00:00:24,291 --> 00:00:27,292 But hackers and computer experts questioned the narrative. 12 00:00:27,294 --> 00:00:29,595 It's not even a warm gun. 13 00:00:29,597 --> 00:00:31,397 It's barely a gun. 14 00:00:31,399 --> 00:00:33,465 Was it really north korea, or was it someone else? 15 00:00:34,601 --> 00:00:44,676 ♪ 16 00:00:54,587 --> 00:00:57,322 It all started on November 21st, 2014, 17 00:00:57,324 --> 00:01:00,092 When sony executives got an extortion email 18 00:01:00,094 --> 00:01:02,394 From an unknown group, the so-called god'sapstls. 19 00:01:03,696 --> 00:01:05,564 Sony reported it to the fbi. 20 00:01:05,566 --> 00:01:08,233 But three days later, all hell broke loose 21 00:01:08,235 --> 00:01:10,502 When a group calling themselves the guardians of peace 22 00:01:10,504 --> 00:01:12,604 Appeared on sony computers. 23 00:01:13,740 --> 00:01:16,675 Sony pictures co-chairs amy pascal and michael lynton 24 00:01:16,677 --> 00:01:20,546 Scrambled to contain the damage, but it was too late. 25 00:01:20,548 --> 00:01:22,748 Over the next three weeks, a mountain of data 26 00:01:22,750 --> 00:01:25,617 Including movies, salaries, and private corporate information 27 00:01:25,619 --> 00:01:28,320 Was dumped onto the internet. 28 00:01:28,322 --> 00:01:30,289 But what really captured everyone's imagination 29 00:01:30,291 --> 00:01:32,825 Were the private emails of sony top dogs. 30 00:01:32,827 --> 00:01:35,227 Everybody is suddenly reading amy pascal's 31 00:01:35,229 --> 00:01:37,362 Personal emails and professional emails, 32 00:01:37,364 --> 00:01:40,532 Which were also in many instances very embarrassing. 33 00:01:40,534 --> 00:01:43,368 As the editor-at-large of the hollywood reporter, 34 00:01:43,370 --> 00:01:46,371 Kim masters remembers the cringe across tinseltown. 35 00:01:46,373 --> 00:01:49,308 There was a sense of instant fear throughout hollywood 36 00:01:49,310 --> 00:01:51,710 Because everybody knew, first of all, 37 00:01:51,712 --> 00:01:53,545 That they were probably vulnerable. 38 00:01:53,547 --> 00:01:56,115 I think simultaneously a lot of executives 39 00:01:56,117 --> 00:01:57,749 In the industry thought, "yeah, but I don't know 40 00:01:57,751 --> 00:01:59,585 If I put some of this stuff in an email." 41 00:01:59,587 --> 00:02:01,887 Producer scott rudin called out angelina jolie 42 00:02:01,889 --> 00:02:04,189 For being a spoiled brat. 43 00:02:04,191 --> 00:02:07,426 Sony exec clint culpepper bad-mouthed kevin hart. 44 00:02:07,428 --> 00:02:11,296 Worst of all, pascal and rudin gossiped about what flicks 45 00:02:11,298 --> 00:02:14,633 The first black president of the United States might be into. 46 00:02:14,635 --> 00:02:16,768 It was so extreme and so emotional, 47 00:02:16,770 --> 00:02:19,404 And sometimes in some cases so inappropriate. 48 00:02:19,406 --> 00:02:22,374 But the breach went beyond salacious emails. 49 00:02:22,376 --> 00:02:24,343 Sony employees watched helplessly 50 00:02:24,345 --> 00:02:26,645 As their social security numbers, medical records 51 00:02:26,647 --> 00:02:29,248 And more were released online for everyone to see. 52 00:02:31,251 --> 00:02:32,751 I met someone who was on sony's lot 53 00:02:32,753 --> 00:02:34,486 The day the attack went down. 54 00:02:34,488 --> 00:02:36,788 She was a senior coordinator for the studio's digital tv 55 00:02:36,790 --> 00:02:39,892 Department, and eventually quit because of the hack. 56 00:02:39,894 --> 00:02:42,628 Celina was the only sony employee I spoke to 57 00:02:42,630 --> 00:02:44,897 Who was willing to go on camera. 58 00:02:44,899 --> 00:02:46,598 When did you find out your personal information 59 00:02:46,600 --> 00:02:47,799 Was actualy leaked though? 60 00:02:47,801 --> 00:02:50,369 We got a memo saying that unfortunately 61 00:02:50,371 --> 00:02:53,205 A cyber hack attack happened, and they got everybody's 62 00:02:53,207 --> 00:02:55,374 Information, and... but they didn't specify who. 63 00:02:55,376 --> 00:02:57,176 They just basically... anybody that ever worked 64 00:02:57,178 --> 00:02:59,411 For sony at anytime in their lifetime possibly 65 00:02:59,413 --> 00:03:01,747 Had a chance of their stuff being hacked. 66 00:03:01,749 --> 00:03:03,849 So if you could just break down specifically how 67 00:03:03,851 --> 00:03:06,318 You went about finding your name and finding out that 68 00:03:06,320 --> 00:03:08,453 You were, you know, personally affected by it. 69 00:03:08,455 --> 00:03:11,857 I literally went to google and searched "sony hack 2014", 70 00:03:11,859 --> 00:03:14,326 And then I saw just like a tree directory, 71 00:03:14,328 --> 00:03:15,761 Like old school style dos, 72 00:03:15,763 --> 00:03:17,696 And you saw just different file names. 73 00:03:17,698 --> 00:03:20,832 And they named the files like "celina's offer letter", 74 00:03:20,834 --> 00:03:24,670 And they were named specifically what that document was. 75 00:03:24,672 --> 00:03:26,872 So it wasn't hard to find out your information 76 00:03:26,874 --> 00:03:28,440 Was put out there. 77 00:03:28,442 --> 00:03:29,741 What were some of the things that were going down? 78 00:03:29,743 --> 00:03:31,610 Like, 'cause obviously you can't use computers. 79 00:03:31,612 --> 00:03:33,312 That's everything. 80 00:03:33,314 --> 00:03:34,780 Did everything just revert to like the stone age? 81 00:03:34,782 --> 00:03:36,215 Like what happened? 82 00:03:36,217 --> 00:03:37,716 We started saying we're working "analog". 83 00:03:37,718 --> 00:03:39,484 You literally had to write stuff out. 84 00:03:39,486 --> 00:03:42,487 But yeah, there was a lot of drinking and partying 85 00:03:42,489 --> 00:03:44,623 And eating, 'cause that's all you could do. 86 00:03:44,625 --> 00:03:46,825 And I mean, sony already paid for their christmas party, 87 00:03:46,827 --> 00:03:49,361 So we had it, and it was huge, and it was awesome. 88 00:03:49,363 --> 00:03:52,497 And then michael lynton and amy pascal stood up 89 00:03:52,499 --> 00:03:55,500 And gave a speech, and then amy pascal kinda 90 00:03:55,502 --> 00:03:56,868 Challenged the hackers. 91 00:03:56,870 --> 00:03:58,637 Challenged the hackers? How? 92 00:03:58,639 --> 00:04:01,873 In her speech, she was like oh, this wasn't gonna get us down. 93 00:04:01,875 --> 00:04:04,509 Like, "we're gonna beat you guys," and all that stuff. 94 00:04:04,511 --> 00:04:06,812 Pascal's defiance didn't save her, 95 00:04:06,814 --> 00:04:08,814 And she was eventually forced to resign. 96 00:04:08,816 --> 00:04:11,450 But from early on, the real question everyone asked 97 00:04:11,452 --> 00:04:14,553 Was why would hackers target sony pictures? 98 00:04:14,555 --> 00:04:16,521 The media had an answer... 99 00:04:16,523 --> 00:04:18,423 You want us to kill the leader of north korea? 100 00:04:18,425 --> 00:04:19,424 Yes. 101 00:04:19,426 --> 00:04:22,661 ...A movie starring seth rogan and james franco with a plot 102 00:04:22,663 --> 00:04:25,897 Ng on assassinating the life leader of north korea. 103 00:04:25,899 --> 00:04:28,300 President kim jong-un! 104 00:04:28,302 --> 00:04:31,036 The interview was, you know, just a raunchy stoner comedy. 105 00:04:31,038 --> 00:04:33,038 I don't think anybody would argue it was high art 106 00:04:33,040 --> 00:04:35,040 Or oscar material. 107 00:04:35,042 --> 00:04:37,409 With the interview set for a christmas release, 108 00:04:37,411 --> 00:04:39,978 A rambling message posted online threatened 109 00:04:39,980 --> 00:04:42,281 Terrorist attacks on the movie's premiere 110 00:04:42,283 --> 00:04:45,350 In any theatres daring to screen the film. 111 00:04:45,352 --> 00:04:47,319 Sony pictures pulled the movie. 112 00:04:47,321 --> 00:04:50,922 We had no alternative but to not proceed 113 00:04:50,924 --> 00:04:54,326 With the theatrical release on the 25th of December. 114 00:04:54,328 --> 00:04:57,562 And then, out of nowhere, president obama named the perp. 115 00:04:57,564 --> 00:05:00,565 The fbi announced today that... And we can confirm that 116 00:05:00,567 --> 00:05:04,703 North korea engaged in this attack. 117 00:05:04,705 --> 00:05:06,571 It was the first time a president has blamed 118 00:05:06,573 --> 00:05:09,374 A nation state for a major cyber attack on american soil. 119 00:05:10,510 --> 00:05:12,577 The us retaliated with sanctions. 120 00:05:12,579 --> 00:05:14,579 The white house didn't discuss the evidence, 121 00:05:14,581 --> 00:05:17,849 But the fbi came forward with some details. 122 00:05:17,851 --> 00:05:20,919 Brett leatherman is an agent in the fbi's cyber division. 123 00:05:20,921 --> 00:05:23,021 Based on what's publically known, 124 00:05:23,023 --> 00:05:25,324 The hack seems to have gone down in four phases. 125 00:05:25,326 --> 00:05:28,393 First: Spear phishing, which the fbi said 126 00:05:28,395 --> 00:05:30,562 Was likely how the hackers got into sony. 127 00:05:30,564 --> 00:05:33,065 Somebody within a company or organization would receive 128 00:05:33,067 --> 00:05:36,501 An email that looks like it's a legitimate email 129 00:05:36,503 --> 00:05:39,638 That might contain an attachment or a link to a website. 130 00:05:39,640 --> 00:05:41,873 Once you click on that link, 131 00:05:41,875 --> 00:05:43,775 It would take you then to a website, 132 00:05:43,777 --> 00:05:46,678 Or it would launch malware on your computer that would allow 133 00:05:46,680 --> 00:05:49,014 Somebody to then compromise your system. 134 00:05:49,016 --> 00:05:51,016 Next, the hackers gained broader access 135 00:05:51,018 --> 00:05:55,687 So they're looking for a user with escalated privileges, 136 00:05:55,689 --> 00:05:59,491 And it could be an admin, or it could be a ceo or cfo 137 00:05:59,493 --> 00:06:03,662 Who needs access to your network in an administrative capacity. 138 00:06:03,664 --> 00:06:06,498 So admin credentials are key 139 00:06:06,500 --> 00:06:08,800 In going laterally through a network. 140 00:06:08,802 --> 00:06:11,503 With their almost god-like access to sony, 141 00:06:11,505 --> 00:06:14,039 The hackers moved to phase 3: Data theft. 142 00:06:14,041 --> 00:06:16,641 It probably took them months to steal everything 143 00:06:16,643 --> 00:06:18,777 Y eventually released online. 144 00:06:18,779 --> 00:06:21,680 And then came the grand finale: Data destruction. 145 00:06:21,682 --> 00:06:24,149 The unique thing about the sony attack 146 00:06:24,151 --> 00:06:26,651 Was the destructive nature of the malware. 147 00:06:26,653 --> 00:06:29,087 The hackers launched malware, or malicious software, 148 00:06:29,089 --> 00:06:31,156 That destroyed sony computers from within, 149 00:06:31,158 --> 00:06:34,459 Wiping data off its systems. 150 00:06:34,461 --> 00:06:35,861 But that still doesn't explain how the government 151 00:06:35,863 --> 00:06:38,063 Attributed the attack to north korea. 152 00:06:43,003 --> 00:06:46,571 Stole sensitive data, then smashed whatever they could 153 00:06:46,573 --> 00:06:48,173 On the way out. 154 00:06:48,175 --> 00:06:51,009 But to this day, one question remains: 155 00:06:51,011 --> 00:06:53,879 How was the us government so sure it was north korea? 156 00:06:53,881 --> 00:06:57,082 So I can't comment on ongoing fbi investigations. 157 00:06:57,084 --> 00:06:59,818 So why is the investigation ongoing? 158 00:06:59,820 --> 00:07:03,188 A cyber investigation is a long-term effort 159 00:07:03,190 --> 00:07:06,124 To just not only attribute... 160 00:07:06,126 --> 00:07:09,594 If there's a particular country involved, not just attribute 161 00:07:09,596 --> 00:07:12,731 Who that country might be, but also to attribute 162 00:07:12,733 --> 00:07:15,700 Threat actors behind the actual compromise. 163 00:07:15,702 --> 00:07:18,470 Because there's other groups that are involved 164 00:07:18,472 --> 00:07:20,505 In these kind of attacks. 165 00:07:20,507 --> 00:07:23,041 So there are other groups who kinda jump on the bandwagon 166 00:07:23,043 --> 00:07:24,509 For their own benefit. 167 00:07:24,511 --> 00:07:25,811 And that was the case with sony. 168 00:07:25,813 --> 00:07:27,078 Possibly. 169 00:07:27,080 --> 00:07:28,713 That may have been the case with sony, 170 00:07:28,715 --> 00:07:31,116 But in general I think we frequently see that 171 00:07:34,487 --> 00:07:36,721 Beyond the fbi, the national security agency, 172 00:07:36,723 --> 00:07:39,157 One of america's spy powers, was reported to have evidence 173 00:07:39,159 --> 00:07:41,493 It was north korea. 174 00:07:41,495 --> 00:07:43,862 But the nsa won't confirm or deny anything. 175 00:07:43,864 --> 00:07:46,731 Well actually, I think the government was more forthcoming 176 00:07:46,733 --> 00:07:49,134 In the sony hack than is usually the case. 177 00:07:49,136 --> 00:07:51,503 You know, historically the government wouldn't really 178 00:07:51,505 --> 00:07:53,605 Attribute it at all to a nation state. 179 00:07:54,240 --> 00:07:56,575 Michael chertoff was the secretary of homeland security 180 00:07:56,577 --> 00:07:58,710 Under president george w. Bush. 181 00:07:58,712 --> 00:08:01,246 He and former nsa and cia director michael hayden 182 00:08:01,248 --> 00:08:04,249 Now run a private consulting firm. 183 00:08:04,251 --> 00:08:06,718 And then you have the government pretty clearly saying 184 00:08:06,720 --> 00:08:09,154 North korea was responsible for the sony hack. 185 00:08:09,156 --> 00:08:13,592 And I think that was a decision that the risk of revealing 186 00:08:13,594 --> 00:08:16,194 A little bit about sources and methods was outweighed 187 00:08:16,196 --> 00:08:18,697 By the importance of saying to the bad actors, 188 00:08:18,699 --> 00:08:21,566 "we know it's you, and there's a limit 189 00:08:21,568 --> 00:08:23,034 To our willingness to tolerate this." 190 00:08:23,036 --> 00:08:24,736 So in your expert opinion, 191 00:08:24,738 --> 00:08:26,204 Do you think that was a good decision? 192 00:08:26,206 --> 00:08:30,275 I think if you look at actually the way north korea operates, 193 00:08:30,277 --> 00:08:34,145 There is a small group of privileged individuals, 194 00:08:34,147 --> 00:08:37,516 Which include people who are... have technical skills that are 195 00:08:37,518 --> 00:08:40,252 Useful to the regime, that are well resourced, 196 00:08:40,254 --> 00:08:42,554 And are quite capable. 197 00:08:42,556 --> 00:08:45,557 I mean, they may not be the a team, but they're the b team, 198 00:08:45,559 --> 00:08:47,559 And the b team can do a lot of damage. 199 00:08:47,561 --> 00:08:50,662 I had an idea who chertoff's b team could be: 200 00:08:50,664 --> 00:08:53,999 A north korean military agency known as bureau 121. 201 00:08:54,001 --> 00:08:56,568 But north korea can barely keep the lights on, 202 00:08:56,570 --> 00:08:59,104 So could they really have an elite hacking unit? 203 00:09:01,774 --> 00:09:03,875 - Martyn. - Hi. 204 00:09:03,877 --> 00:09:05,744 - How're you doing? - I'm good, how are you? 205 00:09:05,746 --> 00:09:07,178 Good. 206 00:09:07,180 --> 00:09:08,747 Sounds like you're calling... 207 00:09:08,749 --> 00:09:10,882 You're trying to access some aliens or something. 208 00:09:10,884 --> 00:09:13,084 - Almost, north korea. - Almost. 209 00:09:13,653 --> 00:09:15,787 Martyn williams is a reporter who's been to north korea, 210 00:09:15,789 --> 00:09:18,590 And has written extensively on their tech capabilities. 211 00:09:18,592 --> 00:09:20,926 What do we know about bureau 121, the actual 212 00:09:20,928 --> 00:09:23,862 Hacking collective of the cyber warriors of kim jong-un? 213 00:09:23,864 --> 00:09:25,263 Like what do we know about them? 214 00:09:25,265 --> 00:09:26,298 Because nobody seems to know anything, 215 00:09:26,300 --> 00:09:28,633 Like who they are, what they do. 216 00:09:28,635 --> 00:09:30,835 I mean, welcome to the world of looking at north korea. 217 00:09:30,837 --> 00:09:33,605 Nobody knows anything about anything in the country. 218 00:09:33,607 --> 00:09:35,874 Very little information gets out, 219 00:09:35,876 --> 00:09:38,310 Except what you can hear on the radio. 220 00:09:38,312 --> 00:09:40,779 There are snippets that come out through defectors. 221 00:09:40,781 --> 00:09:44,316 It seems that what they're doing is taking the... 222 00:09:44,318 --> 00:09:46,117 The kids that are really good at science 223 00:09:46,119 --> 00:09:48,987 And really good at mathematics from the... 224 00:09:48,989 --> 00:09:51,856 From high school, putting them into good universities, 225 00:09:51,858 --> 00:09:53,992 And then after universities, training them. 226 00:09:53,994 --> 00:09:56,895 Some of that training apparently takes place in pyongyang. 227 00:09:56,897 --> 00:09:59,598 A lot of it we see taking place overseas. 228 00:09:59,600 --> 00:10:02,334 We've heard that hacking and hackers 229 00:10:02,336 --> 00:10:04,769 Are obviously a new focus. 230 00:10:04,771 --> 00:10:06,938 Why do you think that is? 231 00:10:06,940 --> 00:10:08,707 It's much cheaper. 232 00:10:08,709 --> 00:10:12,377 A room full of hackers is way cheaper than a jet aircraft, 233 00:10:12,379 --> 00:10:15,146 Or keeping tanks in operation, or submarines, 234 00:10:15,148 --> 00:10:20,251 So if they can start being a power on the internet, then 235 00:10:20,253 --> 00:10:23,989 It's a cheap way of projecting their power across the world. 236 00:10:23,991 --> 00:10:25,924 I wondered what bureau 121, 237 00:10:25,926 --> 00:10:29,027 The hermit kingdom's military hacking unit, is really like. 238 00:10:29,029 --> 00:10:31,363 With the help of an rpreter, I made contact with 239 00:10:31,365 --> 00:10:34,299 Defector who claims he was north korean army lieutenant. 240 00:10:35,701 --> 00:10:38,970 Jang se yul defected to south korea almost a decade ago, 241 00:10:38,972 --> 00:10:41,373 But still keeps tabs on old friends. 242 00:10:41,375 --> 00:10:45,010 You were working with and you were training with hackers? 243 00:10:52,018 --> 00:10:54,252 Do you know anyone in bureau 121, 244 00:10:54,254 --> 00:10:56,221 And are you in contact with them? 245 00:11:30,956 --> 00:11:33,191 What's the worst thing that north korea could do 246 00:11:33,193 --> 00:11:34,926 To the us in the cyber realm? 247 00:12:10,763 --> 00:12:13,398 Mr. Jang said the sony hack might be a sign 248 00:12:13,400 --> 00:12:15,900 North korea is preparing for war. 249 00:12:15,902 --> 00:12:17,802 But as I dug into the case, I discovered that 250 00:12:17,804 --> 00:12:20,071 Many highly regarded hackers and security experts 251 00:12:20,073 --> 00:12:22,440 Doubt north korea was behind the attack at all. 252 00:12:27,747 --> 00:12:30,348 Ben: Just weeks after sony pictures was hacked, 253 00:12:30,350 --> 00:12:33,451 The fbi released vague evidence pointing to north korea. 254 00:12:33,453 --> 00:12:36,387 Hackers and computer experts st immediately poked holes 255 00:12:36,389 --> 00:12:38,389 In the fbi's case. 256 00:12:38,391 --> 00:12:40,091 Do I think the north koreans started it? 257 00:12:40,093 --> 00:12:44,429 One of the most vocal doubters is marc rogers, a malware expert 258 00:12:44,431 --> 00:12:47,232 And self-described former black hat hacker. 259 00:12:47,234 --> 00:12:50,034 First of all, the agenda changed substantially 260 00:12:50,036 --> 00:12:51,870 At several points throughout the hack. 261 00:12:51,872 --> 00:12:54,806 That kind of implies multiple different actors to me. 262 00:12:54,808 --> 00:12:56,407 They started out trying to extort money. 263 00:12:56,409 --> 00:12:58,176 I can't see any reason why north korean hackers 264 00:12:58,178 --> 00:13:03,481 Then they had kind of a ramble about unemployment 265 00:13:03,483 --> 00:13:06,117 And job losses in sony. 266 00:13:06,119 --> 00:13:09,087 I don't see how that benefits the north korean regime. 267 00:13:09,089 --> 00:13:12,423 I think they were attacked by an opportunist, 268 00:13:12,425 --> 00:13:14,392 And then I think that evolved. 269 00:13:14,394 --> 00:13:18,263 You ended up with other groups piling in and exploiting it. 270 00:13:18,265 --> 00:13:22,433 And then as the media started to suggest maybe a potential link 271 00:13:22,435 --> 00:13:25,436 Between this hack and the interview, 272 00:13:25,438 --> 00:13:27,839 I think the hackers latched onto that. 273 00:13:27,841 --> 00:13:30,475 And they ran with it because it was both 274 00:13:30,477 --> 00:13:33,478 A convenient cover for them, and, well, you know, 275 00:13:33,480 --> 00:13:35,380 A lot of hackers like to do things for the amusement. 276 00:13:35,382 --> 00:13:36,848 "for the lulz," as they say. 277 00:13:36,850 --> 00:13:39,517 That's probably what brought north korea in, 278 00:13:39,519 --> 00:13:42,020 And it was much later on I think that north korea 279 00:13:42,022 --> 00:13:44,255 Actually was involved, if they were at all. 280 00:13:45,424 --> 00:13:48,459 Marc was right, his theoy t what the fbi had hinted. 281 00:13:48,461 --> 00:13:50,929 Sony might have been the victim of a hacking party. 282 00:13:50,931 --> 00:13:53,164 But who could've been involved? 283 00:13:53,166 --> 00:13:56,034 In 2011, the notorious acktivist collective anonymous 284 00:13:56,036 --> 00:13:58,369 Attacked sony websites. 285 00:13:58,371 --> 00:14:00,505 They said they were defending george hotz, 286 00:14:00,507 --> 00:14:03,374 Aka geohot, the first guy to jailbreak an iphone 287 00:14:03,376 --> 00:14:06,010 When he was just 17. 288 00:14:06,012 --> 00:14:08,513 This is the world's first unlocked iphone. 289 00:14:08,515 --> 00:14:10,181 Ben: George. 290 00:14:10,183 --> 00:14:12,517 A few years later, he jailbroke a playstation 3. 291 00:14:12,519 --> 00:14:14,886 That didn't sit well with sony. 292 00:14:14,888 --> 00:14:17,155 Yo, it's geohot! 293 00:14:17,157 --> 00:14:21,259 And for those that don't know, I'm getting sued by sony! 294 00:14:24,064 --> 00:14:26,197 Hi, sony! How are you doing? 295 00:14:26,199 --> 00:14:28,266 I haven't seen you in a while. 296 00:14:28,268 --> 00:14:31,302 Uh, you know, suing me was kinda... Kinda dick, 297 00:14:31,304 --> 00:14:33,905 But it all worked out in the end, so yeah. 298 00:14:33,907 --> 00:14:36,007 That's what I think of sony. 299 00:14:36,009 --> 00:14:39,611 The main reason that I got into the iphone and playstation: 300 00:14:39,613 --> 00:14:41,412 It was a cool puzzle. 301 00:14:41,414 --> 00:14:44,282 These companies are spending millions of dollars 302 00:14:44,284 --> 00:14:47,485 To build really cool puzzles for me, and it's real! 303 00:14:47,487 --> 00:14:48,653 This isn't some puzzle 304 00:14:48,655 --> 00:14:50,922 Constructed by somebody to solve. 305 00:14:50,924 --> 00:14:53,625 This is a puzzle constructed by somebody to not solve, 306 00:14:53,627 --> 00:14:55,526 And that's why it was so alluring. 307 00:14:55,528 --> 00:14:56,628 That's why it still is. 308 00:14:56,630 --> 00:15:01,432 A lot of hackers angry, including anonymous. 309 00:15:01,434 --> 00:15:03,234 Voice: We do not forget. 310 00:15:03,236 --> 00:15:05,036 Ben: They launched a denial-of-service attack, 311 00:15:05,038 --> 00:15:07,538 Sending so much traffic to sony's websites they crashed. 312 00:15:07,540 --> 00:15:11,309 Ben: And then someone hacked into the playstation network 313 00:15:11,311 --> 00:15:14,178 Itself, gaining access to the credit card information 314 00:15:14,180 --> 00:15:16,614 Of 77 million users. 315 00:15:16,616 --> 00:15:18,983 Sony was forced to apologize, 316 00:15:18,985 --> 00:15:21,653 But no one has ever been formally accused of the breach. 317 00:15:21,655 --> 00:15:23,221 It wasn't even about the breach, right? 318 00:15:23,223 --> 00:15:24,656 Companies get breached all the time. 319 00:15:24,658 --> 00:15:27,225 It was really about how sony responded to it. 320 00:15:27,227 --> 00:15:30,528 Sony responded by taking the playstation network offline, 321 00:15:30,530 --> 00:15:32,263 And it was down for a month. 322 00:15:32,265 --> 00:15:34,165 So now you have 77 million people 323 00:15:34,167 --> 00:15:35,566 Who were trying to play call of duty, 324 00:15:35,568 --> 00:15:38,603 And being like, "what's going on here, man?" right? 325 00:15:38,605 --> 00:15:40,972 So do I think that the lawsuit 326 00:15:40,974 --> 00:15:42,707 And what happened with me made them a target? 327 00:15:42,709 --> 00:15:47,512 Do I think that what happened in the fallout with anonymous 328 00:15:47,514 --> 00:15:49,647 And them taking the network offline for... 329 00:15:49,649 --> 00:15:51,249 Maybe, you know. 330 00:15:51,251 --> 00:15:52,583 That's more plausible. 331 00:15:54,119 --> 00:15:55,653 The playstation saga isn't the only event 332 00:15:55,655 --> 00:15:57,355 That might've pissed hackers off. 333 00:15:57,357 --> 00:16:00,725 In 2005, security experts found suspicious software 334 00:16:00,727 --> 00:16:04,362 On cds produced by sony bmg, the company's music division. 335 00:16:06,365 --> 00:16:09,600 I went to see dan kaminsky, a legend among hackers. 336 00:16:09,602 --> 00:16:12,470 He's famous for finding and helping fix a major flaw 337 00:16:12,472 --> 00:16:14,372 In the internet's backbone. 338 00:16:14,374 --> 00:16:17,175 He also played a pivotal role in uncovering the bmg fiasco. 339 00:16:18,344 --> 00:16:21,012 So if you took that disk that was just supposed to be music, 340 00:16:21,014 --> 00:16:23,314 It would install a little program on your computer, 341 00:16:23,316 --> 00:16:25,283 And that program did two things. 342 00:16:25,285 --> 00:16:28,286 First, it made it so your computer could no longer 343 00:16:28,288 --> 00:16:33,624 Copy music, and second it hid, 'cause it was pretty sure 344 00:16:33,626 --> 00:16:36,327 That this was not what the user wanted. 345 00:16:36,329 --> 00:16:38,463 And so once it was in, it sure didn't want the user 346 00:16:38,465 --> 00:16:40,231 To hit the uninstall button. 347 00:16:40,233 --> 00:16:42,133 And somebody figured out, 348 00:16:42,135 --> 00:16:44,135 "hey, wait a second, what is this software on this, 349 00:16:44,137 --> 00:16:46,170 What's supposed to be an audio cd?" 350 00:16:46,172 --> 00:16:48,773 They looked at it, and like this is malware! 351 00:16:48,775 --> 00:16:54,045 What is sony doing putting out custom malware on cds? 352 00:16:54,047 --> 00:16:57,448 So what I did was a trick called dns cache snooping. 353 00:16:57,450 --> 00:16:59,417 I do this scan, and like 354 00:16:59,419 --> 00:17:02,653 A half million networks had seen this thing. 355 00:17:02,655 --> 00:17:04,789 And so I took that information, 356 00:17:04,791 --> 00:17:07,492 Got flown out to sony bmg headquarters, and I'm like, 357 00:17:07,494 --> 00:17:10,361 "hey guys, so here's what you did, 358 00:17:10,363 --> 00:17:12,397 And here's it all over the world." 359 00:17:12,399 --> 00:17:14,032 Is it that kind of behaviour though 360 00:17:14,034 --> 00:17:15,400 That has made them a target? 361 00:17:15,402 --> 00:17:18,403 It certainly didn't make them any friends. 362 00:17:18,405 --> 00:17:21,406 Given sony's history as a major hacking target, 363 00:17:21,408 --> 00:17:23,608 Did north korea really attack sony pictures? 364 00:17:23,610 --> 00:17:25,777 Or was it just a freelance hacker? 365 00:17:30,215 --> 00:17:32,517 Ben: Some of the smartest hackers in america 366 00:17:32,519 --> 00:17:34,519 Were telling me they didn't believe north korea 367 00:17:34,521 --> 00:17:36,554 Attacked sony, and that lot of people might've hd 368 00:17:36,556 --> 00:17:38,423 The motive to do it. 369 00:17:38,425 --> 00:17:41,692 But kurt baumgartner thinks north korea really is to blame. 370 00:17:41,694 --> 00:17:44,195 Kurt analyzes malicious code and comes up with defensive 371 00:17:44,197 --> 00:17:47,598 Solutions for one of the world's biggest security companies. 372 00:17:47,600 --> 00:17:50,201 He showed me how the sony hack bears a striking resemblance 373 00:17:50,203 --> 00:17:54,205 To darkseoul, a 2013 cyber attack on south korean banks 374 00:17:54,207 --> 00:17:56,307 Which was widely blamed on north korea. 375 00:17:56,309 --> 00:18:00,812 So what we've got here are two different html pages 376 00:18:00,814 --> 00:18:04,615 That are basically threats from the attackers. 377 00:18:04,617 --> 00:18:09,554 So on one side, this is the 2013 darkseoul attack, 378 00:18:09,556 --> 00:18:11,856 And the audio from their video. 379 00:18:17,097 --> 00:18:20,364 And then over here, we have basically the sony hack. 380 00:18:26,873 --> 00:18:29,507 Right, really sophisticated. 381 00:18:29,509 --> 00:18:33,311 It does seem like the graphic arts team of a hermit nation. 382 00:18:33,313 --> 00:18:36,280 It's pretty low... Pretty low tech. 383 00:18:36,282 --> 00:18:37,582 There were other similarities 384 00:18:37,584 --> 00:18:39,450 Between darkseoul and the sony hack. 385 00:18:39,452 --> 00:18:42,487 The word "security" is actually misspelled in the exact same way 386 00:18:42,489 --> 00:18:45,189 In the code used in both attacks. 387 00:18:45,191 --> 00:18:47,892 In this case, it was pretty clear to us 388 00:18:47,894 --> 00:18:52,597 That the same shared code base has been used in both events. 389 00:18:53,665 --> 00:18:56,334 And both the sony and darkseoul attacks were wiper events; 390 00:18:56,336 --> 00:18:59,504 They wiped or destroyed data from their victim's systems. 391 00:18:59,506 --> 00:19:02,273 These types of attacks are extremely rare. 392 00:19:02,275 --> 00:19:03,841 They just don't happen. 393 00:19:03,843 --> 00:19:07,812 There might be five major wiper attacks in... 394 00:19:07,814 --> 00:19:11,315 But the skeptics say the similarities kurt showed me 395 00:19:11,317 --> 00:19:12,884 Don't actually add up. 396 00:19:12,886 --> 00:19:15,353 When we talk about the similarities here, darkseoul, 397 00:19:15,355 --> 00:19:17,522 That was attributed to a group of south korean hackers 398 00:19:17,524 --> 00:19:19,390 Which they called the darkseoul gang, 399 00:19:19,392 --> 00:19:21,459 And was never formally linked to north korea. 400 00:19:21,461 --> 00:19:24,762 The reality is it boils down to just a few fragments of code 401 00:19:24,764 --> 00:19:26,297 In each of the pieces of malware. 402 00:19:26,299 --> 00:19:30,701 It's not nothing that the software is related. 403 00:19:30,703 --> 00:19:34,272 It's just not wildly compelling. 404 00:19:34,274 --> 00:19:35,606 It's not a smoking gun. 405 00:19:35,608 --> 00:19:38,309 It's not even a warm gun. 406 00:19:38,311 --> 00:19:40,178 It's not... it's barely a gun. 407 00:19:40,180 --> 00:19:42,213 A tube-shaped object! 408 00:19:42,215 --> 00:19:45,483 Malware has a history of being shared. 409 00:19:45,485 --> 00:19:47,618 And once that code gets out there, 410 00:19:47,620 --> 00:19:50,388 You will end up with multiple variants 411 00:19:50,390 --> 00:19:52,223 That all have the same parentage. 412 00:19:52,225 --> 00:19:53,691 They all look very similar, 413 00:19:53,693 --> 00:19:55,826 But they're being run by different people. 414 00:19:55,828 --> 00:19:58,262 The malware's code did contain ip addresses, 415 00:19:58,264 --> 00:20:00,264 Which indicate a computer's location. 416 00:20:00,266 --> 00:20:02,567 The fbi says they were linked to north korea, 417 00:20:02,569 --> 00:20:04,435 But that's not conclusive either. 418 00:20:04,437 --> 00:20:06,737 Could you fake your ip being in north korea? 419 00:20:06,739 --> 00:20:08,773 Break into a machine in north korea. 420 00:20:08,775 --> 00:20:10,474 Break into a machine in russia 421 00:20:10,476 --> 00:20:12,443 Breaking into a machine in north korea. 422 00:20:12,445 --> 00:20:15,346 Breaking into russia breaking into north korea. 423 00:20:15,348 --> 00:20:18,416 These are all things you totally can do! 424 00:20:18,418 --> 00:20:21,852 Bouncing around the world happens in milliseconds. 425 00:20:21,854 --> 00:20:26,457 And so people ask, "is it north korea that did this?" 426 00:20:26,459 --> 00:20:28,926 This is a thing that four people could do. 427 00:20:28,928 --> 00:20:30,861 Four out of 7 billion. 428 00:20:30,863 --> 00:20:35,733 This isn't an attack that requires nation state intent. 429 00:20:35,735 --> 00:20:39,937 It's an attack that requires a couple of guys being bored. 430 00:20:42,374 --> 00:20:44,809 My sources were telling me that the attack on sony pictures 431 00:20:44,811 --> 00:20:48,913 So maybe the company hould've had better security. 432 00:20:49,781 --> 00:20:51,582 Ultimately it doesn't matter whether the hackers came from 433 00:20:51,584 --> 00:20:53,317 North korea or north dakota. 434 00:20:53,319 --> 00:20:55,853 What matters is that sony could see this attack coming, 435 00:20:55,855 --> 00:21:00,491 Tthew preusch is an attorney o represented sony employees 436 00:21:00,493 --> 00:21:03,327 In a class action lawsuit against the studio. 437 00:21:03,329 --> 00:21:05,363 Sony just didn't do what a reasonable company should've 438 00:21:05,365 --> 00:21:08,466 Done to protect the private information on its system. 439 00:21:08,468 --> 00:21:10,468 It should've been stored in a way that was encrypted, 440 00:21:10,470 --> 00:21:13,304 And that was segregated from other information 441 00:21:13,306 --> 00:21:16,807 So it was much, much harder for the hackers to find. 442 00:21:16,809 --> 00:21:19,744 Sony pictures declined to comment on these allegations, 443 00:21:19,746 --> 00:21:22,480 And settled the lawsuit out of court. 444 00:21:22,482 --> 00:21:24,448 But it's undeniable that employees' private 445 00:21:24,450 --> 00:21:27,018 And exploitable data will live online forever. 446 00:21:27,020 --> 00:21:28,719 Have you ever received an apology from sony? 447 00:21:28,721 --> 00:21:34,392 That you weren't protecting yourself already to begin with. 448 00:21:34,394 --> 00:21:37,061 So I mean, I didn't do anything wrong but show up to do my job, 449 00:21:37,063 --> 00:21:39,497 Thinking this corporation knew exactly what they were doing. 450 00:21:39,499 --> 00:21:42,400 And then finding out that they don't is really... 451 00:21:42,402 --> 00:21:48,339 I mean, it sucks that we're collateral damage, but... 452 00:21:48,341 --> 00:21:50,975 I mean, that's how war is, and so this is basically what it is. 453 00:21:50,977 --> 00:21:52,677 It's like a nerd war now. 454 00:21:54,714 --> 00:21:58,349 The sony hack claimed the job of an executive, 455 00:21:58,351 --> 00:22:01,085 And a stoner flick lost its christmas release. 456 00:22:01,087 --> 00:22:04,488 But the real victims are sony's employees. 457 00:22:04,490 --> 00:22:06,891 Whether it was north koreans or bored hackers, 458 00:22:06,893 --> 00:22:09,927 All the competing theories about who did it prove one thing: 459 00:22:09,929 --> 00:22:12,430 Definitively attributing a cyber attack 460 00:22:12,432 --> 00:22:14,398 Can be almost impossible. 461 00:22:14,400 --> 00:22:16,834 And in a world where it's not only easy to hack a corporation 462 00:22:16,836 --> 00:22:20,504 But easy to hide, all of us are vulnerable. 37284