Growing security concerns over the breach unnerve studios privately hoping the movie will be yanked, while the former hacker behind Sony’s 2011 attack says the studio faces issues for years to come
As it tries to stanch the tide of leaked data from November’s massive cyberattack and quell security concerns over the opening of “The Interview,” Sony Pictures Entertainment is finding a new corner of hostility: other studios.
Once the poster child of identity theft, Sony now finds itself at odds with some industry execs who say that the studio’s reluctance to pull “The Interview” from theaters entirely — combined with the vague threat of a Sept. 11–style attack on theaters showing the comedy — is wreaking havoc with other studios whose movies will be playing side-by-side with the Seth Rogen–James Franco film.
Several studios held closed-door meetings this week to discuss 11th-hour strategies for films that will be out or opening on Christmas Day. The Dec. 25 releases joining “The Interview” are “The Gambler” and “Into the Woods,” while “Annie” and installments of “The Hobbit” and “Night at the Museum” will be out less than a week and looking for strong second-weekend hauls. Contingency plans have included the last-minute winnowing or widening of theater counts, depending on whether the comedy about the assassination of North Korean leader Kim Jong-un ever sees the big screen.
Whether or not it has become the hack-attack story du jour, already the Carmike and Arclight theater chains have announced they won’t show the movie, yanking it from more than 2,900 screens in 41 states. And Sony shuttered publicity events surrounding the movie, while Landmark and the studio canceled the New York premiere.
But short of Sony yanking the film completely — or a nationwide exhibitor boycott — some distribution officials remain anxious as Christmas draws near.
“As for the other studios, what can they do?” asked one distribution exec. “The theaters can step up security, but I don’t really see any other option. The only measure would be Sony pulling the film.”
Sony did not comment on its distribution plan for the R-rated movie, which has sparked the ire of North Korea, suspected of playing a central part in the breach. The Motion Picture Association of America and the National Association of Theater Owners also declined to comment on the controversy, a sore point among studio execs seeking a public advocate.
Washington, meanwhile, has offered studios little more than vagaries.
“This is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government to help companies strengthen cybersecurity,” Senator Diane Feinstein said in a statement to TheWrap on Tuesday night. “We must pass an information sharing bill as quickly as possible next year. Today’s threat against moviegoers is unconscionable and the perpetrators must be brought to justice. Law enforcement is investigating these threats and will do everything possible to keep the public safe.”
But even top studio lieutenants are torn over viable security measures and already expect the controversy to be the death knell for an anemic box office currently down 3 percent from last year and desperate to end 2014 with a flourish. Executives privately wondered whether beefing up security would even serve more deterrent than draw. Already, exhibitors and moviegoers face an unspecified threat from Guardians of Peace, the group claiming responsibility for the assault, which has promised a Sept. 11–style attack on individual theaters carrying the movie.
“This couldn’t come at a worse time,” one studio executive told TheWrap. “Do you really want to drop your kids off at a mall filled with metal detectors and cops? Who wants to take that chance over the holidays — for a movie?”
He and other top-tier managers say tracking already is lagging behind last year for the normally lucrative ChristmastoNew Year time frame. Projections, however, has been wildly off in 2014 and forecasts could quickly rebound, depending on “The Interview’s” distribution fate.
Meanwhile, Hector Monsegur, the former member of Anonymous and founder of LulzSec,the group that claimed responsibility for the May 2011 hack of Sony’s PlayStation network, said the studio was likely breached weeks, if not months, ago — and that the leak could do damage for years to come.
“Sony has been compromised for at least six years that I know of,” said Monsegur, who was arrested in 2011 and became a government informant, leading to the arrest of at least five other hackers and helping foil at least 300 attempted cyberattacks, according to the FBI. Monsegur, who operated under the online pseudonym Sabu, served seven months in prison after his May arrest. Monsegur was given “time served” for cooperating with the feds and given one year of probation.
In an interview this week with tech site CNET, Monsegur said that the GOP likely infiltrated the corporation months ago.
“This is not a new hack,” he said. “Let’s really think about it: If you do a penetration test, and you try to infiltrate a network, the amount of access they were able to obtain would have taken them months, maybe even years.”
The nature of the leaks, which have included personal data, leaked movies, social disclosures and embarrassing internal emails, suggest the hackers have had a long time to pore over information, he said.
“They were able to identify a lot of, for example, password files,” he said. “Clearly, they had to really do a thorough audit of the entire infrastructure. Whoever hacked Sony has been inside there for a very, very long time. And we haven’t seen the end of it.”