Site   Web

December 15, 2014

Sony Pictures Was Warned of Flaws in its System Before Hack

The main entrance to the Sony Pictures Entertainment studio lot in Culver City. — Photo by Coolcaesar.

The massive cyber-attack that shut down Sony Pictures’ systems worldwide at the end of November should have come as no surprise to company executives.

According to a Recode report, a few months before the attack occurred, a security audit found the studio’s method of monitoring its network left the company vulnerable to hackers.

PriceWaterhouseCoopers, in its audit, discovered a firewall and “more than 100 devices” were not being monitored by Sony’s corporate security team but, rather, by the studio’s in-house team. PriceWaterhouseCoopers told Sony this could result in a slower response time in the event of an attack.

The audit, which also offered Sony tips on improving security, was leaked late last week.

The Nov. 24 attack forced the company to shut down its systems worldwide after a skull appeared on Sony computer screens along with a threat to release “internal data” and “top secrets” if undisclosed demands were not met. The hack was supposedly by a group calling itself the Guardians of Peace or #GOP, for short.

The attack garnered the U.S. Social Security numbers of more than 47,000 current and former employees as well as freelancers and celebrities such as Sylvester Stallone. Salaries and home addresses of former employees and celebrities — including Hollywood bigwigs Tom Hanks, Brad Pitt and Julia Roberts —were leaked. Also leaked were the names stars use when they want to go incognito, popularity ratings of some stars broken down by country and how much certain films netted for Sony.

Other information leaked includes contracts, termination dates and even the reason for the termination.