The hack attack on Sony Pictures Entertainment that’s been making headlines over the last couple of weeks is just the latest in a line of security breaches at Sony that stretch back to 2011. Many companies get attacked just because they are vulnerable targets, but Sony seems to have raised the special ire of the hacktivist community. Let’s look at how that happened, and go through a timeline of the company’s major security breaches.
Subscribe to my weekly video podcast for this Sony story and much more
Why is Sony such a juicy target for hackers?
In 2005, Sony began producing audio CDs with intrusive digital rights management (DRM) software included on the disc. If someone loaded the disc into their computer, it automatically installed a rootkit that made changes to the computer’s operating system and prevented it from copying the CD. The disc also installed software that would track the user’s listening habits and made the computer vulnerable to hackers. Worst of all, there was no easy way to uninstall it.
Another event that ticked off the hacking community occurred in 2010, when a well-known hacker named George Hotz broke the copy-protection on the PlayStation 3 and made it possible for users to play pirated games. Sony took the hacker to court, and even got a judge to order the company hosting the hacker’s web site to turn over server logs that would allow them to identify the IP addresses of people who accessed his site. The same month Sony settled with Hotz out of court, the first major attack occurred.
APRIL 2011 Attack
- Attack on PlayStation Network (PSN).
- Perpetrated by the hactivist group Anonymous.
- Personal details of 77 million PSN users stolen.
- PSN service knocked offline for 23 days.
- Cost to the company: A minimum of $171 million.
MAY 2011 Attack
- Attack on Sony Online Entertainment.
- Unknown perpetrators.
- Personal details and credit card information of 24.6 million customers stolen
JUNE 2011 Attack
- Attack on Sony Pictures Entertainment.
- Perpetrated by the hactivist group LulzSec.
- Personal details of over a million accounts stolen.
- The hackers claimed passwords were stored in plain text, unencrypted and were easy to find.
AUGUST 2014 Attack
- Distributed Denial of Service (DDoS) attack on PSN (along with other online gaming networks).
- Perpetrated by hactivist group Lizard Squad.
- No customer data compromised.
- Lizard Squad called in a bomb threat against American Airlines to force a jet carrying a Sony executive out of the sky.
NOVEMBER 2014 Attack
- Another attack on Sony Pictures Entertainment.
- Perpetrated by Guardians of Peace (GoP).
- Possible North Korean government involvement.
- Widespread knockdown of Sony’s internal network.
- So far the hackers have concentrated on releasing embarrassing and damaging information about the company and its executives.
- Details still coming to light, including executive emails, pay disparities, and personal feuds with actors, actresses and employees.