LOS ANGELES - Just as Sony Pictures Entertainment appeared to be recovering from a crippling online attack last month, the studio found itself confronting new perils on Tuesday.
The FBI warned U.S. businesses of a similar threat, and additional Sony secrets were leaked online.
Sony, the studio behind “The Amazing Spider-Man” films and the “Breaking Bad” television series, restarted many of its computer systems on Monday after a Nov. 24 breach by a group calling itself #GOP, for Guardians of Peace. Executives at the entertainment company said they were also making progress in fighting the apparently related Internet pirating of five complete films, including the unreleased “Annie.”
But Sony was newly rattled by the leak of internal documents, one of which contained the pre-bonus annual salaries of senior executives, showing 17 who earn more than $1 million a year. The documents were published late Monday on Pastebin, the anonymous Internet posting site.
The breach exposed two things the secretive movie industry is extremely sensitive about - the piracy of films and details about executive compensation - and sent a ripple of dread across Hollywood to Washington.
Although large attacks on companies are increasingly common, this one has played out like one of Sony’s own thrillers, with macabre images on computer screens of studio executives’ severed heads and theories that the attack could be retribution from North Korea for a coming Sony comedy about an assassination attempt on that country’s leader, Kim Jong Un.
Tom Kellermann, chief cybersecurity officer at Trend Micro, the private security firm, said that unlike stealth attacks from China and Russia, Sony’s hackers not only aimed to steal data, but also to send a clear message. “This was like a home invasion where after taking the family jewels the hackers set the house ablaze,” he said.
The attack at Sony comes as major American companies and government agencies are still reeling from online security threats. Breaches at major retailers like Target, Home Depot and Staples were only the beginning. Over the last year, the White House, the State Department, the nation’s largest bank, energy companies, even the Postal Service, were all breached by attackers who have yet to be identified or apprehended.
But the Sony attack, and new details about a spate of coordinated cyberattacks from Iran that emerged on Tuesday, have security experts and law enforcement authorities rattled, worried that Sony’s difficulties may be a harbinger of many more to come.
“In 2015 hackers will destroy systems not just for activism, but also for counter-incident response,” said Kellermann, suggesting that it would be more difficult for security firms and companies to investigate, respond and recover from cyberattacks.