Sony cancels "The Interview"; Wise or Foolish?

Surprised there is no thread about this. There are a few threads in IMHO, but none specifically addressing this issue.

Long story short, Sony had produced a comedy (Seth Rogan and James Franco) in which those two play reporters who score an interview with Kim Jong-un. The CIA then try to get them to assassinate him in the process. Sony’s computers get hacked, lots of embarrassing emails are released, and the government concludes that it was most likely NK doing the hacking. Link.

Then, the hackers make threats about “another 9/11” if the film is released, and Sony caves in, canceling the release.

Now, does anyone really think NK has a cadre of agents lying in wain in the US who could pull of a “9/11 type attack”? And even if they did, would they? That seems so far fetched as to be laughable. But… the precedent is now set that if you hack into someone’s network, you can blackmail them out the yin yang (sorry about the pun), hence encouraging more malicious hacking and blackmailing.

Seems very foolish to me.

I understand that Sony US’s parent company is in Japan, and they have more legitimate fears of NK than the IUS does, but I still think giving in to this type of empty blackmail is very foolish.

ISTM the real issue isn’t the threat of physical violence but Sony’s vulnerability to further hacking. I assume NK could cause major commercial mayhem for them (leaking all sorts of intellectual property) not to mention further embarrassment.

Sony is backing down in the face of intimidation by an unaccountable actor.

Sony’s move was forced in part by major theatre chains refusing to show the film:

That doesn’t stop Sony from using smaller theatres or on-demand to distribute, but I suspect Sony will make an insurance claim to recoup costs on the film, and that insurance will only pay on a total loss.

BTW, there’s been a lot of chatter criticizing “liberal” Hollywood for caving in to terrorist demands. IMO that criticism is misplaced; Sony the multinational corporation functions to put profits first, without regard to patriotism, free-speech principles, or setting a precedent for future bullies. This is exactly what it is supposed to do. If you don’t like it, blame capitalism.

I’m leaning ‘foolish’, myself. There’s two main reasons for Sony to cave. Either they think the hackers have damaging information about them that they haven’t released, or they’re afraid of actual physical attacks.

To the first, unless they have evidence that Sony has been running a prostitution ring and having rival executives shot and fed to pigs, I can’t see there being anything more damaging than what has already been released, and given that the attackers already destroyed all the data they could, threats of further digital intrusion seem pretty pointless. As threats go, “Do as we say, or we’ll erase all your data a second time!” doesn’t carry a lot of weight.

To the second, in the (extremely unlikely, according to the DHS) event of some sort of terroristic attack on a theater, I don’t think the public would blame Sony, because they’re a movie company, and preventing terror attacks is not their job. Whereas by giving in, they get a lot of people upset at them.

All that being the case, they had the chance to take a mediocre-at-best movie (and it really does sound like utter crap) and turn it into a huge success on the strength of the PR from the hack. Instead, they decided that, life having handed them lemons, they were going to squirt themselves in the eyes with lemon juice.

I think you meant “you can blackmail them out the Pyongyang”, eh. :stuck_out_tongue:

[nitpick]
Sony did not make this film nor finance it; they were just distributing it. The film was actually made by Columbia Pictures & LStar Capital in association with Point Grey Pictures.
[/nitpick]

I don’t think Sony set any kind of precedent here except “if no theater will show your film, there’s no actual ‘release’ happening”.

And I doubt that any possible NK agents are waiting in downtown Cleveland to bomb a multiplex. Maybe LA or NYC has agents, but I doubt if they have much capability of carrying out a threat like the GOP* made.

*Can I just say that I think it’s awesome that a hacker group chose a name knowing lots of bad shit will be said about them and everyone will refer to them by an acronym that is already associated with a large group of people. I suspect the next hacker group will spend hours coming up with a name that makes awesome headlines like “NRA destroys 3 largest banks” or “UNICEF deletes everybody’s mortgage” or something like that. Hilarious!

You guys raise a good point, but I think that shifts some of the blame to the theaters, and I think I still think it was a bad decision.

Now, I heard second hand that Bill O’Reilly (yeah, I know) suggested that Sony release the film for download and request people donate $5 to Ebola relief. Should they do something like that? Seems like a better strategy to me, even if they asked for a voluntary payment to Sony instead of the charity donation.

I really don’t like the idea that some hacker group can scare us with a toothless threat like this.

Touche!

It’s too bad that Sony couldn’t use the fact that the Norkies are afraid of the film as a major marketing coup. “See the film Kim Jong-un doesn’t want you to see! Ripped from tomorrow’s headlines!” Of course it might work better if they recast the potential assassin with Dennis Rodman.

Assuming that NK and Dear Leader are really the ones behind this, and that the hackers are not acting on their own outside of direct control from Pyongyang.

I think backing down is a bad idea, but it isn’t my money or my company at stake.

Regards,
Shodan

(post shortened)

From a tactical viewpoint, until the U.S. has a better understanding of how NK hacked SONY, and how many other companies, especially power companies, that NK has hacked, it’s best to pull back - for now - regroup, and hit NK at a later date. IMHO, of course.

(I’m assuming that someone in the U.S. government will actually make the decision to retaliate.)

Seems inevitable to me. If they show the film now and anything happens in the theater that could be construed as an attack in any way, shape or form then Sony will get a lot of heat for it in the press. Their business is publicity. It’s just a movie and a few months from now the storm will have blown over and we’ll all get to see it. It will no doubt be funny but not earth shaking.

It’s too bad that Sony feels like they have to back down in the face of a terrorist attack. I would have probably done the same thing. Let governments deal with hostile governments.

I’d posit a third option: Sony (and now Paramount, which has put the kibosh on screenings of Team America) are afraid that too much of the holiday-movie-going public will stay home. Yes, the chances of a NK-directed terrorist incident are astoundingly, vanishingly slim…but if enough people in the US and Asia believe that it could happen, they won’t go to any movies at all over the next couple weeks.

I think Sony feels that the chances of losing revenue on their other films, and across the industry as a whole, are substantial enough that it’s worth scuttling this one to be safe.

Also, there’s some reason to think that Sony was already concerned about how well a moderately funny Rogen/Franco stoner comedy would play overseas anyway.

Utility companies get hacked reportedly every week, but they have all mostly designed their SCADA systems (the systems that matter in terms of being hacked) to operate totally disconnected from the corporate intranet. I know guys who work on SCADA systems and they all have two PCs, one a desktop that sits on their desk and is connected to the SCADA system and another normal corporate laptop that they use for emailing, using the internet, and most day-to-day computing tasks. They might work on SCADA code development on their laptop, but it doesn’t connect directly to the production SCADA system.

Not saying that means SCADA systems can’t be hacked (they have been before, and there’s limited evidence the United States has been the culprit of hacking foreign government SCADA systems that control pipelines in the past), but in general utility companies in the United States are one of the most common hacking targets by foreign governments and many intrusions happen every year without a SCADA system being taken over.

Not really because of the Sony hack, but just my following technology/security in general I’ve come to the conclusion it’s almost impossible to protect any IT system. It isn’t that the hackers are so zomg amazing, it’s just these systems are intrinsically insecurable. I think there are things you can do broadly that insulate you from “attacks of opportunity”, which for probably most companies and organizations is all you ever need. But for high value targets that hackers want to go at specifically, I think in the long run that target’s security will be compromised.

If all else fails, organizations with means can usually get someone inside physically, which opens up a lot of doors.

It feels a tad like paying the dane-geld to me, but at the same time, I can see how Sony and the theaters, as business ventures are doing what’s best for their bottom lines and if anyone’s going to be drawing lines in the sand, the feds should.

The problem is that setting a precedent for future bullies does risk their profits, since they risk someone else to trying blackmailing them again…and again…and again. Pretty much anything that an entertainment company makes is going to offend someone; if them caving in inspires imitators they’ll have to stand up to the threats at some point, or be driven out of business by an endless succession of copycats.

I see this whole situation as a bit like a mugger pointing a gun at a victim, and others telling the victim that he should try to wrest the gun away from his assailant lest we be the next victim. “Stand up for yourself! So we don’t have to…”

I think the whole theater bombing threat is totally beside the point. Not that North Korea is totally beyond such a thing: in their illustrious, peace-loving history they’ve managed to send an assassination team to Seoul’s Blue House (the presidential mansion), torpedoed a South Korea ship for no reason at all, and hacked to death an American soldier for the offense of trying to cut down a tree in South Korea. Mounting an attack on an American cinema is a fucking crazy thing to do, but is it impossible to think that they would?

No, my WAG is that AMC and the other theater companies are worried about really, really serious cyber attacks. And so if Sony went forward and pushed the release of this movie, which is probably a turd, well, there’s bound to be backlash against Sony. For example, it’s one thing to fight for free speech when the Last Temptation of Christ or Rosewater is involved. It’s less compelling a fight when Jackass 4 is the matter at hand. So, in this case, it’s easier for Sony to pull the plug and save relations with theaters over a crappy movie and the threat of cyber devastation, rather than Sony being the one urging the mugging victim to make a play for the weapon.

The reviews I’ve seen for this movie are mostly favorable. However, I will say that it was a foolish thing to do to portray the assassination of a living head of state. But it’s hardly Jackass 4.

It would, I think, be more accurate to say that it’s extremely difficult to protect an IT system, especially one that needs to be accessible to a large group of people in lots of different places (company networks for any multinational, for instance). Real, good security is difficult (and thus, expensive), and it makes life harder for everyone involved. For some organizations (the military and the paranoid, mostly), it’s worth the cost and annoyance. For most, though, they make do without.

Foolish. Dangerous. I really wish people would take cybersecurity more seriously.

Not impossible, but actual direct violence against US civilians on US soil is qualitatively different than cyber attacks. And Kim might have a quick look at the history of Afghanistan for insights on what happens when that happens. Maybe the current government of Afghanistan is a bunch of a-holes - but they aren’t the a-holes who gave refuge to bin Laden.

Maybe that’s true, but it cuts both ways - if they are (possibly) crazy enough to threaten violence, they are probably too crazy to spare AMC from cyber-attacks because AMC tamely submitted to threats.

You have a point there, however.

I would have put The Interview into the widest possible release, coupled with a bunch of patriotic marketing (“See The Interview! Don’t let the terrorists win!!!” Then take out a $100,000 insurance policy on anyone who can be shown to be attacked by North Koreans as a result of seeing the film.

There aren’t going to really be any attacks. Pasty faced Koreans with mad cyberhack skillz aren’t going to step out of WoW long enough to actually shoot anything.

But, as I say, I am not a movie exec.

Regards,
Shodan
PS - Darn those hackers - where were they when they were gonna release Hugo or Mars Needs Moms?