September 22, 2020

Did a downsized employee help hack Sony?


Pin It

WhiteCollarCoverBy Sue Reisinger, From Corporate Counsel

As Sony Pictures Entertainment Inc. battles a raft of class action suits filed after a massive cyberattack exposed confidential employee data, some experts are suggesting the hacking looks more like an inside job involving an ousted worker.

Exactly who attacked Sony could have a significant bearing on how general counsel advise their companies to defend themselves from cyberattacks. Do they need to gear up more to catch in-house data thieves or to repel outside attackers?

After Sony was hacked on Nov. 24, the U.S. government publicly blamed North Korea, but has refused to release details of why. Then experts started analyzing data and pointing the finger at ex-Sony employees, according to various news reports.

Sony has not returned messages seeking comment.

The Security Ledger blog reported over the holidays that Kurt Stammberger, a senior vice president at security firm Norse Corp., said his company identified six individuals with direct involvement in the hack, including two based in the U.S., one in Canada, one in Singapore and one in Thailand.

“The six include one former Sony employee, a 10-year veteran of the company who was laid off in May as part of a company-wide restructuring,” the article stated.

The Los Angeles Times reported that one cybersecurity firm linguistically analyzed the hackers’ messages, which suggested that the attackers were Russian rather than Korean.

Shlomo Argamon, chief scientist at Seattle cybersecurity consulting firm Taia Global, told the newspaper he and other researchers examined 20 phrases not normally used in English. Of those, 15 matched Russian phrases and nine matched Korean phrases.

“I don’t think we have a clear picture, but there’s certainly reason to doubt the total attribution of this to North Korea,” Argamon told the Times. But the federal government stands by its account that North Korea was responsible, the newspaper added.

Regardless of the answer to that puzzle, at least one executive believes it’s time for boards of directors to establish a separate cybercommittee. Betsy Atkins wrote in Forbes that each corporate board needs to work with the general counsel and other executives to better understand cyberrisks and to provide more oversight. Atkins is a three-time chief executive and a director at Darden, HD Supply and Schneider Electric.

“I think the time has come for boards to create a dedicated cybersecurity technology committee,” Atkins wrote.

Atkins added: “Given the risk exposure, the board should work with the general counsel to determine the extent to which existing directors and officer’s insurance coverage provides protection.”

And given the lawsuits Sony is fighting, the company’s in-house counsel, along with its lawyers at Wilmer Cutler Pickering Hale and Dorr, undoubtedly are looking at such details right now.

For more on this story go to:


Print Friendly, PDF & Email
About ieyenews

Speak Your Mind