9 January 2015
Last updated at 13:19
Sony Pictures chief executive said his firm always intended to release The Interview, despite threats
There was no precedent for how to deal with a hacking attack on the scale of that which hit Sony Pictures, its chief executive has said.
Michael Lynton said his firm had “no playbook” on how to respond.
In a wide-ranging interview with the Associated Press, he also described the scale of the attack, which the US government has blamed on North Korea.
But one security expert said that Sony should have spotted the danger and prepared contingency plans.
Lynton said that, immediately after the attack came to light, his company scrambled to restore communications, digging out old phones and working out how to pay staff with paper cheques.
“We are the canary in the coal mine, that’s for sure,” he told the Associated Press.
“There’s no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions without being able to refer to a lot of experiences you’ve had in the past or other people’s experiences. You’re on completely new ground.”
And he told the agency of the scale of the data loss his company had suffered.
“They came in the house, stole everything, then burned down the house. They destroyed servers, computers, wiped them clean of all the data and took all the data.”
He insisted his firm was “adequately prepared” but “just not for an attack of this nature”, which he said that no firm could have withstood.
After a series of embarrassing leaks, the hackers threatened further attacks over Sony Pictures’ film The Interview, which imagined the assassination of North Korean leader Kim Jong-un.
Several cinemas refused to show it on its planned Christmas day debut and Sony Pictures pulled the film altogether.
Sony Pictures pulled screenings of The Interview, which was later released online
Continue reading the main story
Every time you thought you were going down a path, every time people thought we’ve got this in hand, the next thing you knew we’d have another threatening email come through two days later or another series of events”
Sony Pictures chief executive
But it was later released online. Lynton insisted that the studio always planned some sort of release but did not know how to carry it out.
He said he called Google’s chief executive Eric Schmidt, who told him: “This is what we’ve been waiting for.”
Schmidt agreed to help get the film out on Google Play and YouTube. Sony built its own website and Microsoft’s Xbox and Apple’s iTunes also ultimately agreed to release the film, Lynton said.
“We probably in retrospect should have said we’re exploring other options, because that’s exactly what we were doing.”
But, according to security expert Brian Honan of BH Consulting, his company should have been better prepared and should have detected such a large data loss.
“It is hard to understand how more than 100 terabytes of data would leave someone’s network undetected.”
He pointed out that it was not the first assault on Sony’s systems and said the company could have been better prepared to deal with both the attack and its fallout.
He suggested that, in the light of lawsuits brought by Sony Pictures employees over the loss of their personal data, Lynton’s comments could be “damage control”.
He said the Sony Pictures chief executive could be “trying to use the fact that the FBI has said it was the North Korean state and super cyber-ninjas, that an ordinary company using ordinary defences would not be able to defend itself”.
“If he can say they took reasonable precautions, they cannot be blamed,” he told the BBC.
FBI director James Comey insisted North Korea was behind the attack
Lynton’s comments came after the FBI director James Comey said his agency was sure North Korea was behind the attack because the hackers “got sloppy”.
“In nearly every case, [the hackers] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy.
“Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using… were exclusively used by the North Koreans.”